Skopenow Resource Center / Post

June 09, 2022

Browser-Based Instant Messaging Apps OSINT Tips & Techniques

Telegram is a free cloud-based instant messaging service with over 550 million monthly active users. Telegram is available via web browser, mobile application, and desktop application.

Telegram is utilized by criminals to facilitate a range of crime types, with Channels like https://t.me/s/cash6 and https://t.me/s/legittom that are used for:

  • Selling stolen bank account credentials, hijacked accounts, or pre-KYC verified crypto exchange accounts.
  • Selling breached data.
  • Selling access to accounts, like streaming services and VPNs.
  • Selling fake IDs and vaccination certificates.
  • Selling tutorials for committing cyber-crimes.
  • Extremist Propaganda

This article will show you how to conduct OSINT investigations using Telegram. We’ll discuss locating content to get the most value from Telegram for your OSINT investigations.

This is an introduction to OSINT Investigations on Telegram. To view the full webinar, click here. To download the guide, which includes advanced techniques and analysis, click here.

 

Telegram content can appear in several forms, which can be useful to an investigator when available.

Users

Each Telegram user has a User Account, which is registered to a cell phone number, and a User ID. User’s can also create an optional username, which must be at least 5-characters long, and may consist only of a-z, 0–9, and underscores.

 

Group Chats

Telegram Groups are group messages that enable up to 200,000 members to correspond. Within Groups, users can share text, media, and links. 

Normal Groups are private and can hold up to 200 members. Members are added by administrators or invite links.

Super Groups can have up to 200,000 members and can either be private or public. If public, any Telegram user can join the Group and in many cases, non-telegram users can access the messages within the Group.

When messages are sent within Group Chats, the name and profile photo of the sender are detailed.

 

Channels

Channels enable Telegram users to broadcast their public messages to large audiences. Through Channels, users can reach out to a broad network of people directly, sending a notification to their phones with each post.

Within Telegram Channels, only admins can post, so messages are essentially a one-way broadcast. There can be an unlimited amount of subscribers to receive the messages, however, non-admin members of Channels cannot reply or send messages within the Channel at any time.

Unlike Groups, Channels display the name and photo of the channel next to messages, rather than the person who posted them. 

When viewing or subscribing to a Telegram Channel, users can see the entire message history back to the inception of the Channel. This is also the case with most Groups, however, this feature can be disabled by admins.

 

Bots

Bots are telegram tools that enable automation to be carried out within the Telegram platform. Like Users, Bots have a username, however, they need not be registered to a phone number. Bots carry out specific actions which have been configured by the bot builder via API. 

There are 3 versions of the web browser application clients for Telegram; K version, Z Version, and Legacy version. The Z version and K version were built by different developers as part of a contest but are very similar in appearance with only minor differences, whilst the Legacy version is a previous Javascript model of the application that is very different in appearance.

 

Telegram K - https://web.telegram.org/k/ 

 

Telegram Z - https://web.telegram.org/z/

 

Legacy Version - https://web.telegram.org/?legacy=1#/im 

 

Locating Content

Telegram has inbuilt search functionality to search for users, group chats, and channels. When searching for profiles within the Telegram platform, you can search for a user’s or a group’s name. Profiles with close name matches containing your search term will appear as suggestions. 

Searching for a person’s name will bring back users, group chats, and channels.

Searching for a topic or name will bring relevant groups chats and channels.

 

Alternatively, group chats and channels can be found within Telegram using search engines. Using a Google search index, you can easily identify Telegram results within Google. Here’s how to get started:

site:t.me

By entering this simple command into a search engine, such as Google, you’ll tell the search engine to only show you web pages that come from the website www.t.me, the domain for Telegrams web application. The ‘site:’ operator removes pages from any other website from the search results. Whilst many pages are indexed, the results show only 2 results from t.me in Google’s index that load within the search window. Any search within the t.me domain currently returns only 2 results, so further operators must be specific.

By appending a topic in quotation marks to the end of our first query, we are narrowing down the search results to only those containing the required keywords. Again, only 2 results will populate, so the topic in quotation marks should be as specific as possible. An example of this would be:

site:t.me "bank login"

 

BOsintBlanc’s Telegram CSE - https://cse.google.com/cse?cx=f22644e7cf7c34e97

An alternative to searching for Telegram webpages in Google’s core search capability is to utilize a Google Programmable Search Engine designed for Telegram. When using this search engine, more than 2 results will populate.

 

Telegago - https://cse.google.com/cse?q=+&cx=006368593537057042503:efxu7xprihg

Telegago is another Google Custom Search Engine tool, which enables users to search Telegram and Telegram data aggregator sites for Users, Channels, and Groups.

 

Commentgram - https://cse.google.com/cse?cx=006368593537057042503:ig4r3rz35qi 

Commentgram is a third Google Custom Search tool for Telegram, which searches comments in Telegram threads.

Having conducted a search, you will be able to discover relevant channels and group chats for investigation.

Channels with the t.me URL may show published messages without the need to be logged in to Telegram, such as https://t.me/s/Bankloadersofficial

Within the Telegram application, the same group’s URL would appear as https://web.telegram.org/z/#-1397124044.

Public Group Chats with the t.me URL will not show published messages without the need to be logged in to Telegram and will show a page asking you to access the Group in Telegram, such as https://t.me/fraudnetworkcc

Within the Telegram application, the same group’s URL would appear as https://web.telegram.org/z/#-1397124044, where the messages would appear.

 

This is an introduction to OSINT Investigations on Telegram. To view the full webinar, click here. To download the guide, which includes advanced techniques and analysis, click here.

 

Automating your Investigations on Telegram

Using a tool like Skopenow, you can automate the processes outlined in this guide to extract and analyze content from Telegram. Skopenow instantly and anonymously locates and archives social media accounts and posts, plots location history, flags actionable behaviors, and reveals hidden connections between individuals. Skopenow’s automatic report builder will save you time organizing the analyzed intelligence into a court-ready report. Please reach out to sales@skopenow.com or visit www.skopenow.com/demo to schedule a demo and activate a 7-day free trial for qualified businesses.

Unlock the Power of Skopenow

See for yourself how Skopenow can modernize your investigations.
To get started, request a demo and an expert will get in touch with you shortly.

Book a Demo