boot eye
In Telegram you can find bots with detailed profiles of messenger users. Such profiles contain the user’s user ID (a unique identifier assigned to the account when registering with Telegram – ed.), the person’s current and previous usernames (for example, @ivanpetrov), first and last name, as well as a list of chats and channels in which he is. In closed chats, only the link is published. These bots include, for example, TeleSINT, TgScanRobot and Insight. Some even save information about chats and channels that the user has unsubscribed from.
Other bots allow you to find out the ID and username and then reveal the phone number from this data even if the user has hidden them in the settings. There are also those who identify the authors of invitation links in the t.me/joinchat format and even anonymize the authors of Telegram stickers. To do this, you need to send the selected image to the chat with the bot, and in response the service will send the ID of the user who uploaded it to the messenger.
In addition to bots, Telegram supports alternative clients (computer programs and mobile applications that receive and visualize information from the messenger’s servers – ed.). One of the most popular alternative clients for smartphones is TelegramX. All of them are legally created based on API (a software interface for connecting bots and alternative clients to the Telegram network – ed.) and Telegram open source code.
Some enthusiasts create alternative clients that interpret information from messaging servers in a non-standard way. Some of these services are also used to anonymize and spy on people.
For example, there is a Geogramint client to determine the approximate location of a user. Visually, it is an OpenStreetMap mapping service with an authorization system via Telegram.
There is also Telegram OSINT, a client created by the notorious Chechen IT company Postuf, which in 2021 is heavily advertised on social networks and media with reports of “technical tricks” and serious vulnerabilities, for example, “Gosuslug”. . It is a “combination” of discovery tools – in particular, it allows you to find out the exact duration of a user’s online and offline sessions during the day by ID, receive messages from a specific user in public chats, as well as within a radius of 1 km of the user’s location.
Who needs it?
According to Igor Bederov, head of T.Hunter’s information and analytical research department, Telegram is used by security guards at large companies, marketers, journalists, private detectives and more to gather information about people. According to him, even the police or housewives can spy on Telegram users due to the locality and usability of the tools listed above.
“An investigative journalist can gather evidence about authorities’ corruption, security guards can check on employees and contractors, police officers can spot cybercriminals, and cybercriminals can gather information about their victims. Finally, housewives control the social accounts of the spouses.
IT specialist Artem Irgebaev, author of the OSINT Club Telegram channel, shares a similar view. According to him, the audience of such tools is diverse, but, as a rule, they are used only for business purposes.
“Someone checks employees and counterparties for credibility, someone uncovers cybercrime, someone seeks information for personal reasons… But most of the users I know use these tools in some way to perform their professional duties,” said Irgebaev.
Bederov’s company is particularly engaged in open source intelligence (OSINT). T.Hunter pays special attention to Telegram’s analysis, as cybercriminal communities have been actively working on this platform in recent years.
“We started building tools for research in the Telegram ecosystem in 2018, when the messenger was officially blocked in Russia. In the past 2022 alone, my colleagues and I were able to successfully identify the owners of more than 700 Telegram channels,” Bederov said.
T.Hunter, as part of his activities, repeatedly interacted with the law enforcement agencies of the Russian Federation to suppress the activities of criminal groups. As an example, he cited a story from early 2022 when Russia was faced with numerous false reports of bombings of schools and other government institutions.
“At the peak of this wave, we watched the activity of 36 conversations in which the ‘mining’ efforts were coordinated. The mining wave has been suppressed as a result of our new methods of detecting and investigating crimes on Telegram.” According to him, Russian and Belarus law enforcement officers detained 24 administrators who, with the help of T. Hunter, were engaged in “fake mining” chats on Telegram.