How to deanonymize a user of a Telegram account.

Telegram is one of the most popular instant messengers in the world. Why?

Pavel Durov built the marketing strategy of his project on the idea of ​​”security”. Under the slogan “Taking back our right to privacy”, users were assured that no special services would be able to read their messages. And it worked!

But the question is: is Telegram really anonymous or is Durov just a good salesman? All you need to know about the “privacy” of this messenger is when registering here you need to specify your cell number. There is simply no better solution! Is it difficult to find out who is the owner of a Telegram account? Not at all. You just need to know where to poke, and then the messenger itself will give out all the necessary information.

OK! What do we have? The account itself, or rather its numerical identifier (ID), username (symbolic alias), nickname (sometimes it is the first and last name, sometimes it is a pseudonym), avatar and, finally, messages that are sent from the account. Thumbs up! Behind all this lies an almost complete package of data about a Telegram user.

Let’s start with ID. What can be learned from it? Phone number (@QuickOSINT_bot or “Eye of God”), approximate account creation date (@creationdatebot), nickname change history (@SangMataInfo_bot), chats and groups with target account membership (@telesint_bot).

“This is all, of course, wonderful, but how can you find out the ID itself?” – you ask. A very pertinent question! This can be done, firstly, through a third-party Telegram client – for example, Graph Messenger. There you can find out the ID of any profile, you just need to press the button in the form of three dots in the upper right corner of the screen. Conveniently! But there is another way (in case the first one is prohibited by religion or did not fit for another reason) – bots. This is @getmyid_bot (you need to forward the victim’s message) or @telesint_bot (you need to send username).

Next – nickname and username. Everything is simple here: users often use the same nickname for all their accounts. If we find the victim’s accounts on other services, this may complement the virtual portrait of the target. Let’s use the tools to search by nickname! These are, for example, @maigret_osint_bot, Sherlock utility, namechk.com, knowem.com, etc.

It would also be nice to check which aliases the victim used before (@SangMataInfo_bot, @telesint_bot). This will give us even more information! Those. the current nickname may be new, and therefore not “highlighted” anywhere. But here are the old ones… There is a chance here, and not a small one.

The next step is the avatar. Download it, then look for exact copies of the photo (exact (using quotes) search in Yandex and Google). If there is a face in the photo, you can and should use advanced search tools – Eye of God, findclone.ru, primeyes.com, tineye.com, search4faces.com.

Now – messages of the victim in public chats. @telesint_bot is responsible for this. There may be useful clues – audio, photo or video – to which the methods already listed can be applied. In addition, this can be used to determine the linguistic behavior of the victim – writing style, types of emoji used, expressiveness of speech, etc. This can help when we find another account of the target (for example, on a cinephile forum) and want to make sure that the profile really belongs to her.

BONUS! Psst, boy, would you like some social engineering? Let’s not forget about the human factor – people will hand themselves over with giblets if a professional is engaged in “processing”. Get to know the person, gain confidence, embed a logger (iplogger.ru, grabify.link) into a harmless link and convince the account owner to follow it. Everyone knows what happens next – we will have the IP address of the victim at our disposal.

REFERENCE: https://medium.com/@ibederov_en

Subscribe to our channel and do not miss new collections of tools in various areas of Information Security.

  Posted by: @ESPYER

Facebook
Twitter
LinkedIn