How to deanonymize a user of a Telegram account.

Telegram is one of the most popular instant messengers in the world. Why?

Pavel Durov built the marketing strategy of his project on the idea of ​​”security”. Under the slogan “Taking back our right to privacy”, users were assured that no special services would be able to read their messages. And it worked!

But the question is: is Telegram really anonymous or is Durov just a good salesman? All you need to know about the “privacy” of this messenger is when registering here you need to specify your cell number. There is simply no better solution! Is it difficult to find out who is the owner of a Telegram account? Not at all. You just need to know where to poke, and then the messenger itself will give out all the necessary information.

OK! What do we have? The account itself, or rather its numerical identifier (ID), username (symbolic alias), nickname (sometimes it is the first and last name, sometimes it is a pseudonym), avatar and, finally, messages that are sent from the account. Thumbs up! Behind all this lies an almost complete package of data about a Telegram user.

Let’s start with ID. What can be learned from it? Phone number (@QuickOSINT_bot or “Eye of God”), approximate account creation date (@creationdatebot), nickname change history (@SangMataInfo_bot), chats and groups with target account membership (@telesint_bot).

“This is all, of course, wonderful, but how can you find out the ID itself?” – you ask. A very pertinent question! This can be done, firstly, through a third-party Telegram client – for example, Graph Messenger. There you can find out the ID of any profile, you just need to press the button in the form of three dots in the upper right corner of the screen. Conveniently! But there is another way (in case the first one is prohibited by religion or did not fit for another reason) – bots. This is @getmyid_bot (you need to forward the victim’s message) or @telesint_bot (you need to send username).

Next – nickname and username. Everything is simple here: users often use the same nickname for all their accounts. If we find the victim’s accounts on other services, this may complement the virtual portrait of the target. Let’s use the tools to search by nickname! These are, for example, @maigret_osint_bot, Sherlock utility, namechk.com, knowem.com, etc.

It would also be nice to check which aliases the victim used before (@SangMataInfo_bot, @telesint_bot). This will give us even more information! Those. the current nickname may be new, and therefore not “highlighted” anywhere. But here are the old ones… There is a chance here, and not a small one.

The next step is the avatar. Download it, then look for exact copies of the photo (exact (using quotes) search in Yandex and Google). If there is a face in the photo, you can and should use advanced search tools – Eye of God, findclone.ru, primeyes.com, tineye.com, search4faces.com.

Now – messages of the victim in public chats. @telesint_bot is responsible for this. There may be useful clues – audio, photo or video – to which the methods already listed can be applied. In addition, this can be used to determine the linguistic behavior of the victim – writing style, types of emoji used, expressiveness of speech, etc. This can help when we find another account of the target (for example, on a cinephile forum) and want to make sure that the profile really belongs to her.

BONUS! Psst, boy, would you like some social engineering? Let’s not forget about the human factor – people will hand themselves over with giblets if a professional is engaged in “processing”. Get to know the person, gain confidence, embed a logger (iplogger.ru, grabify.link) into a harmless link and convince the account owner to follow it. Everyone knows what happens next – we will have the IP address of the victim at our disposal.

REFERENCE: https://medium.com/@ibederov_en

Subscribe to our channel and do not miss new collections of tools in various areas of Information Security.

  Posted by: @ESPYER

Facebook
Twitter
LinkedIn
5 social monitoring tools great for OSINT

5 Social Media Monitoring Tools

In this article we’ll talk about the following social monitoring tools:
Hootsuite, Brand24, Mention, Sprout Social, Synthesio.
For each of these we’ll know the main benefits of using it, as well as reason to chose another tool, based on your needs! Here goes 🙂

Read More »
OSINT Investigating questions

OSINT for Businesses: A Guide to Conducting Due Diligence and Intelligence Investigations

In this article, we’ll explore how businesses can use OSINT techniques to gather information and conduct due diligence and intelligence investigations.

Open-source intelligence (OSINT) is the process of gathering information from publicly available sources to support decision-making and informed action.

For businesses, OSINT can be a valuable tool for conducting due diligence and intelligence investigations, providing a wealth of information on potential partners, competitors, and threats.
However, with the increasing use of artificial intelligence (AI) in online investigations, it’s important to know how to gather information while avoiding detection.

Read More »

ProfileNINJA

A Revolutionary API to Check If Your Personal Information is Compromised.
Are you tired of constantly worrying about your personal information being compromised? Well, let me introduce you to ProfileNINJA, a one-of-a-kind API service listed on the RapidAPI marketplace.

ProfileNINJA takes the hassle out of checking if your personal information has been leaked by searching through databases linked to popular social media platforms like Twitter, Facebook, VK, Instagram, Telegram, and LinkedIn.

Read More »

People Data Lookup API

People Data Lookup API on RapidAPI is a service that allows users to search and retrieve information about individuals using phone number, email address, password, or full name. The API offers accurate and updated information that can be used for various purposes such as fraud detection, verification, and customer engagement. The service is accessible through RapidAPI, a platform that connects developers with over 16,000 APIs.

Read More »

SCAN FOR WEBCAMS WORLDWIDE

With Shodan Exploit, you will have all your calls on your terminal. It also allows you to make detailed searches.
All you have to do without running Shodansploiti is to add shodan api.

Read More »