Telegram: OSINT Opportunities and Limitations
Shortly after the outbreak of war in Ukraine, it was possible to map almost precise locations of Telegram users that had enabled their ‘Find Nearby Users’ feature on their respective mobile devices. Using this data, it was also possible the trilaterate the position of Telegram users within a specific area. We at OS2INT wrote extensively about this feature in an OSINT Workflow article that can be viewed here. This Telegram feature was undoubtedly an instrumental capability for many OSINT’ers. Sadly, Telegram caught onto this and subsequently lowered the accuracy of the “People Nearby” function – as written by jkctech here. Instead, it is now only possible to identify the approximate range of Telegram users within between 500 to 3000 metres. Adding to this, Telegram has in recent months applied greater due diligence to identify users applying programmatic searches and scraping.
That said, Telegram remains a key source of information concerning key events that take place on the ground in Ukraine; to the extent that many friendly government organisations have acknowledged that traditional classified sources are merely being used to corroborate events being first reported on Telegram. In addition, Telegram remains the centre stage for information operations being orchestrated by pro-invasion and pro-Russian disinformation actors.
Telepathy, the ‘Swiss Army Knife’ of Telegram-OSINT tools
This is not the first time we have written extensively about Telepathy and the huge amount of time and effort that Jordan Wildon has dedicated towards this tool. In July this year, we detailed the highly effective capabilities that Telepathy provides such as scraping interaction and media data from Telegram channels and groups as well as scanning messages that have been forwarded from other channels and groups. In our article, we went even further to show how data scraped using Telepathy could be effectively analysed using Paliscope YOSE.
However, in this latest OSINT Tool Review article, we will show our readers the new features that Jordan has added to Telepathy, including one that enables users to broadly geolocate Telegram users.
New features, and how they can be used
Building on the initial release of Telepathy v2, several key features have been very nicely implemented into the utility including:
- Location-based searches: As we pointed out above, users can now produce a comma-separated value (CSV) file showing users located near specified coordinates and their approximate distance from the same coordinates.
- Alternative numbers: Jordan has clearly identified efforts by Telegram to clamp down on programmatic searches and scraping. To address this, it is now possible for users to add an alternative phone number. This feature can also allow users to run multiple scans at the same time.
- Export: This feature enables users to export all channels and groups that you are a member of to a CSV file.
- Reply: Undoubtedly, this is another key feature as it enables users to scrape replies to Telegram posts. To put it quite plainly, other Telegram scrapers do not offer this capability, meaning that replies to posts made on Telegram channels and groups are not collected. At the same time, it is impossible to view Telegram channel subscribers; with this function, it is possible to aggregate a partial list of subscribers.
Visualising geo-located Telegram users
Building on our last OSINT Tool Review article for Telepathy, we went even further by taking full advantage of the tool’s capability to do location-based searches. What we set out to achieve was to geo-locate members of Telegram groups involved in the distribution of disinformation.
With Telepathy installed and updated by invoking
pip3 install --upgrade telepathy in our command-line interface, we conducted numerous location scans across several cities located in occupied eastern Ukraine and occupied Crimea. This was done by invoking
pip3 -t [LATTITUDE, LONGITUDE] -l.
Straight away. Telepathy went to work and obtained the location of Telegram users located in close proximity to our search point; the out of which was stored in CSV files. After some slight adjustments to our CSVs, we drag and dropped them into YOSE and visualised our data.
Using YOSE’s ‘Trace’ function, we were able to draw links between scraped Telegram groups and identified locations. Specifically, we identified three members of a Telegram group located in occupied Crimea.
Taking these findings even further, we used YOSE’s own Geo-Analytics module to visualise the activity of the three geo-tagged Telegram users by creating several overlays for each user. Recognising that at least two of the aforementioned users were attributed to geo-location activity consistent with movement, we applied the timeline feature in YOSE Geo-Analytics to visualise this activity. The results of which indicated that two of the geo-tagged Telegram users were possibly located in Simferopol around the same time.
Why every OSINT’er should use Telepathy
We believe that it goes without saying that Telepathy is quite obviously the ‘Swiss Army Knife’ of Telegram-focused OSINT utilities. The term ‘Swiss Army Knife’ is clearly overused, and we accept fault for this. However, Telepathy is most certainly an OSINT utility that is in a league of its own. We could give our followers a million and one reasons as to why they should use Telepathy, but we generally believe that Jordan’s roadmap for Telepathy speaks volumes. Not only does the OSINT community have a reliable scraping utility, but it also has a tool created by a developer who has a clear vision of how the tool should further evolve. As we speak, atrocities and crimes against the Ukrainian people are taking place, and there is undoubtedly a clear requirement for organisations to use a reliable utility that can not only help with the documentation of war crimes but also enable the development of tactical intelligence. So, we will be keeping a very close eye on the evolution of Telepathy and looking forward to future developments.