www.cqcore.uk Open in urlscan Pro
5.77.32.165  Public Scan

Form analysis
2 forms found in the DOM

GET https://www.cqcore.uk/

<form method="get" class="searchform" action="https://www.cqcore.uk/" role="search" style="width: 1080px;">
  <label for="search-form" class="screen-reader-text">Search for:</label>
  <input type="search" name="s" class="field" id="search-form" value="" placeholder="Search">
</form>

GET https://www.cqcore.uk/

<form method="get" class="searchform" action="https://www.cqcore.uk/" role="search">
  <label for="search-form" class="screen-reader-text">Search for:</label>
  <input type="search" name="s" class="field" id="search-form" value="" placeholder="Search">
</form>

Text Content

Skip to content

OSINT, OPSEC, Privacy & Hostile Profiling

Innovate & Secure


TWITTER

 * Home Page
 * About
 * Blog Posts
 * Top Tips
 * Profiling
 * OSINT Links
   * OSINT Blogs
   * OSINT Resources & Tools
   * OSINT Training
 * Privacy Links
   * Privacy & OPSEC Resources
   * Browsers
   * Communication
   * Email Providers
   * Operating Systems
   * Search Engines
   * VPN Providers
   * Privacy & OPSEC Training


 * Menu

Search for:


TELEGRAM FUNDAMENTALS

Posted on January 27, 2022February 13, 2022 by Ginger T

It is 2 years since I did my first blog relating to messenger apps and what from
an OSINT perspective we could find from them. In OSINT you will hear a lot said
about false, positives, well what about false negatives.

I have decided to do a short follow up blog on Telegram and how it has changed
over time just like Twitter and Facebook have done to embrace privacy and how
this may affect OSINT research. I have used Telegram 8.4, an I-Phone iOS 15 and
an Android 9 device  for this blog.

Telegram has divided opinion within the privacy community as to its merits, most
hardcore privacy enthusiasts I believe would not recommend it. From an OSINT
perspective it has been a rich source of intelligence but times have moved
towards a more privacy focused platform now.

Telegram originated in St Petersburg, Russia, the development team is now based
in Dubai. The servers are apparently based in different locations around the
globe. You can chose to store your data locally or on Telegram’s servers. It had
an uplift in popularity last year when there was the furore over WhatsApp’s new
ToS.

Personally I wouldn’t use it just as a means of communication but I can see its
appeal. It does offer a kind of end to end encryption (E2EE) through its secret
chat facility but there has to be user interaction as opposed to enabled by
default and there has been some debate as to whether Telegram have the back door
encryption keys and how secure the encryption actually is.

But even Telegram in these new times of the privacy conscious user, has had to
adapt to the times and this will have an effect on how Telegram is used and also
researched from OSINT perspective. Certainly since I wrote my previous blog on
messenger apps in Jan 2020, Telegram has changed. Telegram has very flexible,
privacy and security options which I will outline later in more details.

How to Access Telegram

Telegram is very practical to use and has three ways in which to access it, app,
desktop or if you do not want to download any software direct to your computer,
you can use the web access through a browser; which can be achieved by either
the mobile number you used to sign up or by scanning the QR code using the
Telegram app. I have noticed that the desktop client can record the fact that is
in a VM if you chose to use one.



OPSEC alert, if you chose to use the above method to see if a number is on
Telegram, it will send a code or SMS to the  user of the account and in any case
even if you input a number not linked to a Telegram account it will still tell
you that it has sent a code, so you would be none the wiser as to whether the
number was linked to an account.

A Telegram user cannot have multiple numbers on one Telegram account. Each
number will represent a different account. On Signal you can lock a number to an
account, there does not appear to be this option on Telegram however If you try
to use a number already assigned to a Telegram account, you cannot use the
number until that other account is deleted.



The above may well be an alternative way to see if a number is linked to a
Telegram account where  a POI has locked down their privacy and security
settings. I haven’t seen any indications that the other account is notified that
an attempt has been made to use their number on a new account.

Most of what I discuss below is based on the Privacy & Security option within
Telegram’s Settings menu.

Once over a user was automatically discoverable to everyone by their mobile
number however this is now disabled by default. For the OSINT investigator this
may lead them to think that the subject of interest is not using Telegram, if
they have chosen to use a mobile number as a search operator, as in syncing
contacts for example.

The methodology now may dictate that you try and find a username or display name
linked to another platform where the subject mobile has been used and then
search Telegram that way.

The Basics

I will cover first what steps you have to take once you have downloaded Telegram
from the Google Play Store.

A new user will need a mobile number to enable them to create an account, as
they will be sent a verification code. The mobile number does not have to be the
users real number. I have had success with VOIP numbers but remember some VOIP
numbers are not able to process short codes, so you have to wait for the SMS
verification to time out and Telegram will then ring you with the verification
code.

The next screen takes you through to where to input a name, a first name is
mandatory, a last name is optional. Needless to say a person can use whatever
name or random characters they like.

Then the user has to accept the ToS. The next screen will then show them which
of their contacts are also on Telegram. This is why it is important from an
OPSEC perspective that you use a clean phone for the install, using a personal
phone will create OPSEC issues for you. You are able to stop Telegram syncing
your contacts.

You can follow the steps below but turn off the Contact sync.

Sometimes contact sync does not work on Android, so if this does occur you can
follow the below steps: –
•    Reinstall the app (do not open yet)
•    Go into Android Settings > Accounts > Telegram and enabled Contact sync
•    Open the app and check Contacts

If the above does not work for turning off contact sync on your particular
flavour of Android or on Apple then you can deny Telegram access to your
contacts via the permission manager before you open the app. For those who are
researching Telegram and do not have the luxury of a fresh phone and clean
install the above maybe advisable as you do not want Telegram telling all your
contacts, who are there that you are now on the platform.

Default Settings

I am not sure how many people rush to the settings as soon as they have
downloaded an app, but it is one for the first things I do, especially the
privacy and security settings. Below is the default privacy settings from the
Android.



By opening the settings the user can create a username, bio and upload a profile
photo. The display name will be the name that was provided at the above
activation stage.

A username is not mandatory to be able to use Telegram however if they do chose
one then they are public and they cannot be hidden. The advantage however for a
user by setting up a username is that they can share this with other users on
Telegram and avoid having to share their telephone number.

Usernames are also searchable on the web, https://t.me/USERNAME.

A display name does not have to be unique but a username does.

Some of the ways to search Telegram are by display name or username in the
search bar. You can see a user’s profile photo, and bio along with their last
seen, depending on their privacy and security settings.

Being able to, ‘See’ a number is not the same as searching for that telephone
number. The only way you could, ‘See,’ a number of a POI, is if they have
altered their privacy settings, or if you were mutual contacts, syncing a number
will not necessarily allow you to see who that number belongs to.

You will also be notified if a contact joins Telegram, although this can be
disabled in the settings.

When I did my original blog, when you deleted a number from your contacts that
you had synced with Telegram, you would be able to see the name the person had
provided when they created their account that was held on Telegram server, this
is no longer possible.

I will now take you through various settings that will effect not only your
OPSEC but your ability to find subjects on Telegram.

A user can restrict who can see their phone number. By default it is now set to,
“My Contacts,” you can restrict it even from your contacts. Once over it was set
to, “Everybody.” A POI would have to change the default setting to, ‘Everyone,’
for the phone sync to work.

They can choose one of the following, Everyone, Contacts or Nobody. If you
wanted however you can added exceptions from your contacts, so you can choose
which of your contacts can see your number.

If they choose, Nobody, even their contacts will only be able to see their
Telegram username and not their phone number. If they choose, ‘Nobody,’ they are
then presented with a further option of who can find their number, Everybody or
Contacts.

So their number is not exactly 100% not searchable but it is limited as you need
to be mutual contacts and this is where from an OSINT perspective you mustn’t
think just because you cannot find a number that you are interested in, that it
does not necessarily mean that user of the number is not on Telegram.



There are other privacy settings that may make your OSINT research less
fruitful. Telegram users can also restrict, last seen online, profile picture,
voice calls and who can add then to a group or channel.

A Telegram user can restrict who can see their profile photo to their contacts
and even then they can add exceptions as to who can and cannot see it.



Online Monitoring

Last seen has always been an interesting OSINT consideration and from an OPSEC
perspective we wouldn’t want to be seen online, however if you want to see
whether a POI is online then you must not change your settings to disable it, as
this will stop you from seeing your POI’s online status.

If your POI has altered their online privacy settings this is what you may see:
–

•    Last seen recently — covers anything between 1 second and 2-3 days
•    Last seen within a week — between 2-3 and seven days
•    Last seen within a month — between 6-7 days and a month
•    Last seen a long time ago — more than a month (this is also always shown to
blocked users)

As an OSINT investigator if we see any of the above behavior all is not lost,
yes we haven’t been able to find what we expected but It does potentially tell
something about the POI that we are researching in that they may be OPSEC aware
themselves, so therefore we have to adjust our methodology accordingly. Don’t
think just because you cannot find someone or information about someone that
they are not on Telegram.

A Telegram user can also restrict who can phone them on Telegram, the choices
being, Everyone, Contacts & Nobody. Again they are able to add exceptions. A
user has a choice of whether to use peer-to-peer to route their calls through
Telegrams servers too. They may also disable iOS call integration as this will
stop their call history from being shared with Apple, this facility did not
appear to be available on the Android version I was using.

Built-in OSINT Tools

A nice little OSINT tool within Telegram that will assist you with translations
in app when you are reading a message. Go to Settings – Language, you can then
add a Translate Button to the context menu when selecting a message. Translation
is available on all Android devices and iOS 15+. When you press and hold in a
message the below box will present itself, click Translate.



The below example is from an I-Phone, where you can choose to translate off-line
by going to Apple Settings – Translate – (toggle on) – On-Device Mode. If you
don’t chose this method then the data is sent to Apple to translate online.



It appears that Telegram is also rolling out its own OCR for iPhone & Mac that
allows you to strip out text from an image, say a copy of a letter for instance
and then Telegram will re format it as text for you.

Dutch OSINT Guy has an excellent video, which explains how Telegram works and
how to investigate it: –
https://www.youtube.com/watch?v=e_aXQYq2l6U

One of my favorite specialist OSINT teams Aware-Online have a good article on
how to use the, ‘Nearby’ facility on Telegram: –
https://www.aware-online.com/en/search-for-telegram-groups-based-on-location/

The article is based on the use of a emulator, you can achieve the same results
on a regular mobile phone by using a location spoofer app.

Finally, Telegram users can also enable further privacy and security features,
that may be of interest to LE: –

•    In the device settings they can terminate sessions based on inactivity from
1 week through to 6 months.
•    They can set up the account to be deleted after a certain amount of
inactivity, from 1 month up until 12 months.
•    Two step verification is by way of a password that you must use in addition
to a SMS verification code if they want to set up a new device. This may be not
be as good as a random generated software token or hardware device tokens but it
is better than nothing at all. They can also set a recovery email address too if
they wish. Telegram will notify them in app if any logon attempts are made on
the account.
•    They can set up a six digit passcode to access the app. Once this is done
they can then use the touch id or facial id to unlock the account. They can
chose to lock the account after certain amount of inactivity too.

I hope the above goes someway to explaining how Telegram’s privacy and security
settings may potentially limit your ability to research a POI and how we as
OSINT researchers may need to adapt. I am a firm believer that an OSINT
practitioner needs to understand the privacy & security settings of the platform
they are investigating to avoid false, negatives.

Posted in Mobile Phones, OPSEC, OSINT, Privacy and tagged Android, I-Phone,
Messenger Apps, OPSEC, Privacy Settings, Telegram, Tutorials & Guides.


POST NAVIGATION

← The World of Wigle
Search for:


ALL POSTS


 * THE WORLD OF WIGLE


 * ARE YOU LINKED IN?


 * EFFECTIVE USE OF A VPN IN OSINT


 * EMAIL TO USERNAME


 * DEEP DIVE INTO OPERATIONAL SECURITY


 * INVESTIGATIVE MINDSET


 * FREE WI-FI, IS IT FREE?


 * WHAT’S UP, WITH WHATSAPP


 * UNDERSTANDING THE LINKS


 * DO NOT FORWARD OR COPY!


 * SOMETHING A LITTLE DIFFERENT


CATEGORIES

 * Hostile Profiling
 * Mobile Phones
 * OPSEC
 * OSINT
 * Privacy
 * Social Media


RECENT POSTS

 * Telegram Fundamentals
 * The World of Wigle
 * Free Wi-fi, is it free?
 * What’s Up, with WhatsApp
 * Are You Linked In?


TAGS

Android Apple Apps Email Emulator Epieos Facebook Facetime GHunt Google
Haveibeenpwned Holehe I-Phone ICQ IMO Investigative Mindset Investigator
Messenger Apps Nearby Locations Online Outlook PDF Privacy Settings Security
Settings Signal Skype Social Engineering Strategy Strava Telegram Tutorials &
Guides Tutorials & Guides Investigative Mindset Unique Identifier Username Viber
Virtual Machines VOIP VPN Vysor WeChat WhatsApp whatsmyname.app Wi-FI Wickr Wire


ARCHIVES

 * January 2022
 * December 2021
 * August 2021
 * July 2021
 * May 2021
 * April 2021
 * September 2020
 * March 2020
 * February 2020
 * January 2020

© 2022 cqcore
A SiteOrigin Theme