Telegram is an instant messaging, voice, and video messaging service, often compared to Whatsapp.
Since its inception in 2013, it has been made available on a wide range of operating systems such as IOS, Android, Windows, Mac, and Linux.
Telegram prides itself on its focus on security and speed. Although not immune to its share of security related controversy, it is widely considered to be one of the most secure messaging apps for several reasons.
- Chats can be destroyed when the conversation ends, or be automatically deleted with a self destruct timer.
- Telegram boasts three layers of encryption, as opposed to the typical two layers touted by other messaging apps.
- Telegram uses a custom protocol called MTProto protocol to encrypt their user data.
Why People Like Telegram
Telegram allows groups to be created with up to 200,000 members each. Groups can be public or private. Groups differ slightly from channels, which have no limit on the number of users in them. When users post in a channel, their identities aren’t shown. Only the name and avatar of the channel is revealed in this public format.
Because Telegram is cloud-based, users can access their accounts on any of the available operating systems and get all of their messages, regardless of what device the message was originally sent from. In Telegram, anyone can join groups where they can send images, video files, and more; providing a simple, fast, instant messaging service for its users. Telegram also offers access to their public API, which opens up endless possibilities for individuals to create games, get alerts, create data visualizations, build custom tools, and even exchange payments between users.
The table below shows a variety of bots Telegram users have created on the platform.
|Instant Sound||Allows you to send a range of sounds to other users.|
|BTCxBot||Displays the price of Bitcoin in a range of currencies.|
|Poker||Enables you to play classic poker against other users.|
|Image Translate||Takes an image with text in and translates it into your preferred language.|
Telegram’s public API also provides a rich set of open source data for security analysts and public safety teams. Which brings us to:
Why Should You Care?
API access to Telegram means that many of the conversations being had, meaning those taking place in public channels, are largely discoverable to organizations gathering open source intelligence from online sources.
The types of conversations taking place on Telegram vary from discussions around banana milkshakes to instructions on how to make homemade fireworks. With over 200 million active users, it is no surprise that Telegram is a popular place to hold discussions about illegal activity.
There have been many reports of phishing scammers using Telegram as their method of contact with victims as well.
Due to the increasingly social reality we live in, online criminals are everywhere and phishing scams are only going to increase. Having instant visibility into your organization’s online status is becoming more and more important. Read our article about the different types of phishing, and how to mitigate attacks here.
Telegram in Echosec
When using open source intelligence for public safety and organizational security, Telegram is a data provider that is not to be overlooked. With visualization tools like Echosec, users can identify and extract critical data including Telegram data in real time by performing keyword and username searches in both the core Echosec platform, as well as Beacon, Echosec’s dark web search tool.
The example below shows someone posting credit card numbers and other personal information, all associated with that person’s username. (All personal information has been obscured.)
The following is another piece of Telegram data accessed with Echosec. It is an example of individuals sharing bundles of hacking tools that can be used to attack people and organizations all over the world.
With Echosec and Beacon, security teams and public safety organizations can build a complete online picture of conversations happening online. These data tools help users extract key information from all corners of the internet.
Echosec is a web based data discovery platform that helps organizations detect online data for threat intelligence. Aggregating and mapping content from hundreds of sources including social media, blogs, news, and the Dark Web, Echosec gives users instant visibility into any place on earth through a digital window. Echosec uses machine learning technology to recognize Images and keywords so users get notified when specific content is posted.
To learn more about Telegram data in Echosec, and for any other inquiries, please book a consultation with our team.