Making a Telegram HoneyBot to identify anonymous users of the “most secure” messenger


Telegram is increasingly becoming a thorn in the ass of law enforcement officers in different countries. According to analysts at KELA, for example, the messenger app has become “a thriving ecosystem for cybercriminals and will likely continue to be a serious problem for law enforcement.”

Classic methods of identifying messenger users, based on checking the number capacity of mobile operators for the presence of Telegram accounts, practically no longer work. On the one hand, it is strangled by the limitations of the messenger itself, and on the other, by the ability to register an account with a virtual phone number.

The only method for identifying anonymous Telegram users within the framework of active OSINT remains the use of the so-called. Trap bots, or as we call them, Telegram HoneyBots. We will talk about them and how to create them in this article.

DISCLAIMER: This article is written for informational purposes and is not a guide to illegal actions or training material for concealing offenses. Let me remind you that active activities within the framework of OSINT can be qualified as illegal conduct of operational-search activities and an invasion of privacy.

What is Telegram HoneyBot? This is a morph of the words Honeypot and Telegram Bot. Honeypot (from English - a pot of honey) is a resource that is a bait for attackers. Telegram Bot is an account in the messenger that is programmed to automatically perform specified actions.

The functionality of Telegram Bot involves the ability to request from its users a mobile phone number linked to the account, as well as obtain the current geolocation. For obvious reasons, most users are not eager to transfer this data to anyone. Therefore, it is necessary to disguise their transmission. The easiest way to do this is to disguise our HoneyBot as a bot for checking information. There are so many such bots in the messenger that a new one will not cause any other reaction than the desire to automatically check its functionality. Let's play on this...

To start constructing HoneyBot, we should go to BotFather and enter the [/newbot] command in it, which will launch the functionality for registering a new bot. Select a name and nickname for the bot you are creating, then copy its API key.


Now we need to assemble the functional part of HoneyBot using one of the popular chatbot builders in Telegram: Livegram, Manybot or FleepBot to keep HoneyBot running. Personally, I choose FleepBot because it has a free trial for full functionality.

The following description is for FleepBot. We launch the chatbot designer and enter into it the API key obtained earlier in BotFather. The bot has been created. Now we need to configure its ability to request the user's phone number or geolocation. To do this, go to [Bot Management] - [Menu] - [Main Menu] - [+] - where we select the [Contact] or [Location] function, depending on what information about the user we expect to collect. We write a name for the button that will request this information from HoneyBot users. Nobody limits us here. The simplest option for the button name is [Check number].

Return to BotFather, where we enter the command [/mybots]. We select the HoneyBot we created, click [Edit Bot], after which we edit the avatar and description of the bot so that it looks like one of the bots for punching information. Our task is for the HoneyBot user to safely enter any phone number into it, and then click on the [Check number] button, or whatever we called it there.


That's it, HoneyBot is ready to use. After the user confirms with Telegram sending his phone number to the bot, we will receive it by message to the HoneyBot administrator account. This works similarly for obtaining geolocation. Only the HoneyBot description may differ.

At the beginning of the article, we talked about the fact that Telegram users are increasingly using disposable SIM cards and virtual phone numbers to register accounts in the messenger. This means that an identified mobile phone number cannot always lead us to the real owner of a particular account. Therefore, HoneyBot functionality needs to be supplemented with the ability to obtain a digital fingerprint (connection and device data) of the user. Go...

We should prepare several html files. This could be, for example, a blank web page and a pre-created beautiful phone number verification report. We go to one of the services for creating loggers: CanaryTokens or IPlogger, where we create a transparent tracking pixel. We place a link to this pixel in each of the html files. The trap is ready.


Now we have one beautiful report in the form of an html file. From your work Telegram account, contact your HoneyBot with a verification request. In response, we send ourselves the same html file. Now we have a bot response containing a completed report. We forward this response to the chat or personal message of the user we want to identify.

If he doesn’t open the attached file, he will probably want to test the work of our HoneyBot, where he can either reveal his phone number, or grab a second html file loaded with a logger, which will supposedly be at his request to HoneyBot. As soon as this or that html file is opened on the user’s device, we will be able to obtain data about his connection and device in the logger administrator’s personal account.

Igor S. Bederov

Comments

Popular posts from this blog

OSINT by nickname…

Top of my free OSINT tools in 2023

Military intelligence using OSINT methods