<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Contact us
German website

How criminals are tracked down on Telegram

by Sebastiaan Bosman News 18 Feb 2021

Our OSINT researcher Rosa Jong was invited to the NOS for a special about Telegram. The Dutch national broadcast channel created a special about the use of messenger app Telegram in the criminal underworld. What information is shared in the chat groups? And are the users truly anonymous? Rosa explains what she discovered.

Click the video to watch the full NOS Story special. It is in Dutch, but auto-translated English subtitles are available in the YouTube player. 

Seemingly anonymous

Telegram is used much like Whatsapp is: to chat with a single contact, or in a public group. But Telegram gathers less user data, and offers the option to hide your telephone number and select a random user name. Those features make the app popular among criminals and threat actors, whose ‘business’ runs better with a higher level of anonymity.

"You do see that people in groups for illegal merchandise are more conscious about their identity," Rosa explains. They make use of the feature to hide their phone numbers and don't use their real (account) names. 

However, complete anonymity on the internet doesn't exist. "There is always some sort of trace left behind," Rosa concludes. 

Hard to track, hard to catch

The information shared in Telegram is encrypted and only accessible to people in the chat. There is even a feature to completely delete messages after a certain time. 

That makes it harder for law enforcement to track down illegal activity and the people behind it. What's more, there are strict privacy laws to adhere by, meaning the police can't simply bait people into something illegal. 


So how does Rosa navigate this maze to track down people on Telegram? She gathers small pieces of publicly available information called Open Source INTelligence (OSINT). Alone, these snippets might not say much, but one piece of the puzzle might contain a clue to the next. If you know where to look, there is more to be found than you might think. 

In the video, Rosa talks us through the process of how she was able to identify a Telegram user in a chat used for dealing weapons. Though she initially only saw half a photo and three numbers in their user name, it eventually lead to a positive ID via their Minecraft  and Instagram account. 


Are you interested to see how External Threat Intelligence can help you reduce threats to your organisation? Read our ETI page here

Cybersprint nominated as one of the 10 best cybersecurity providers at Computable

Our team is proud to announce that Cybersprint is nominated for the Computable Awards 2021 in the category Security & Forensics! With our Attack Surface Management platform, we help organisations monitor their attack surface and mitigate the associated risks within. We are pleased that Computable recognises our approach to help make organisations become more digitally secure.

read more

Hoe websites onopgemerkt voor kwetsbaarheden kunnen zorgen

Trouw heeft onderzoek gedaan naar de digitale veiligheid van een groot aantal Nederlandse overheidswebsites. Hierin komt naar voren dat tientallen sites risico’s vertonen, waarbij je met brute forcing binnen zou kunnen komen. Een gemeenschappelijke factor hierin is dat deze sites gebruik maken van WordPress. Maar in hoeverre is dat doorslaggevend voor de risico’s, en waar moet je op letten bij het beveiligen van dergelijke websites?  

read more

Microsoft Exchange CVE: Ransomware attacks incoming

A new wave of ransomware attacks is incoming. The Microsoft Exchange CVEs have already been extensively leveraged by criminals, resulting in secret access paths into organisations. Now, these attacks are waiting to be weaponised. 

read more

Do you have a question?

Our experts have the answers

Contact us