OSINT Toolbox Talk: Extracting TikTok user data, Instagram user information and Dark Web URLs

OSINT Toolbox Talk

Geo-monitoring Telegram user activity with 'Telegram Nearby Map'

Geo-monitoring Telegram user activity with 'Telegram Nearby Map' Geo-monitoring Telegram user activity with 'Telegram Nearby Map' https://github.com/tejado/telegram-nearby-map

While we often discover OSINT tools and utilities through our own research, credit for this OSINT Tool Review article should be given to multiple experts within the OSINT field who brought this tool to our attention. Additionally, it isn’t every day where we are overly impressed with various OSINT utilities, though we can confidently say that Telegram Nearby Map is in a league of its very own.

So, what is Telegram Nearby Map? It is a NodeJS-based application that has been developed by a very talented Github user. The application uses the Telegram API to query the Telegram library and extract the position of nearby users and plot them onto an OpenStreetMap interface. The application allows Digital Investigators to query users positioned within a specified distance of a given position. Once the application is set to run, it will initiate a search every 25 seconds and plot new and existing users onto the map and provide Digital Investigators with the distance of the user in relation to the specified position. One very important note to mention here is that the application can only discover Telegram users that have activated the ‘nearby’ feature within their Telegram app – by default, this feature is deactivated.

Installing the application is not so straightforward, users will first need to create an API key for their own Telegram account and then input the necessary keys within the tool’s config.js file. Once downloaded, the application can be installed via the NodeJS command-line interface by invoking npm install. Once all the required dependencies are now installed and configured, the application can be deployed by invoking the command npm start within the same NodeJS command-line interface. At first run, the command-line interface will request the user to input the phone number associated with their Telegram account in addition to the login code used by Telegram to authenticate logins. With the application now running, it can be accessed through the browser via the address http://localhost:3000.

So, with the application fully functioning, we put it to the test by setting the tool to visually show us active Telegram users located within a 3km radius of the Poland-Belarus border – specifically within the vicinity of the Polish border town of Ku┼║nica. After running the application to search over this area for a period of several hours, the results showed us a flurry of likely migrant activity taking place on the Belarus side of the border in addition to the movements of other users taking place within the 3km radius of the border. All-in-all, the results were simply fantastic!

However, we know that the geolocations of the extracted data is not 100% accurate based on a wide variety of factors including whether the Telegram users’ devices are connected to the internet via local WiFi or via their mobile service providers. Additionally, elevation and local conditions (whether the location is positioned within a rural or built-up area) can also determine the accuracy (or lack thereof) in this regard. However, with three or more geolocations of a single user identified within close proximity to each other, this information can be used to determine the location of that user to a greater degree of accuracy.

Our test of Telegram Nearby Map to monitor the developing situation on the Belarus – Poland border is just one of many examples where this application can prove to be valuable. For example, it can be used to monitor activity within the immediate area of a terrorist incident or track users within a location associated with organised criminal activity. However, as great as the tool is, it does have limitations. For example, it can only locate up to 100 users per search and Telegram applies a rate-limit with regards to the number of searches undertaken, this means that long-term monitoring cannot be achieved. Additionally, we also felt that tool would greatly benefit from providing users with the option to download extracted geolocation data across several file types including CSV and GeoJSON. On the same note, it would also be beneficial to allow users to create a Google Earth-compatible file such as a KML or KMZ that will allow Digital Investigators to visualise collected data on Google Earth and apply various techniques to obtain a more accurate location for extracted user locations.

All that said, Telegram Nearby Map is a very powerful application that has great potential use cases for Digital Investigators. Although the application may very well be difficult to install for any novice NodeJS user, deploying the application and running it to search for users over any given area is incredibly straightforward. Most certainly, this application deserves a five-star based on its capability and should also be a key utility within every Digital Investigator’s toolbox.

Let's talk today Are you ready to begin discussing our range of training and capability development solutions?