Russian Experts Develop Tool to De-Anonymize Telegram Users

Russian specialists have developed software that allows authorities to obtain a Telegram user’s phone number using only their username. This means that law enforcement and security agencies in Russia can now access the phone number of any Telegram user by simply knowing their username. With the phone number, authorities can then identify the user through their mobile service provider.

According to the news outlet “Izvestia,” experts from the Center for the Study of Legitimacy and Political Protest discovered a vulnerability in the popular messenger’s API that enables the de-anonymization of users. The researchers even created a special software tool called “Cryptoscan” to determine a user’s phone number based on the username provided during account registration.

How Does “Cryptoscan” Work?

The exact workings of “Cryptoscan” have not been disclosed by the specialists. It is known, however, that the software sends a request to Telegram with the username and receives a response containing the user’s ID, phone number, first name, and last name.

Journalists decided to test “Cryptoscan” by requesting the data of one of their editors. The phone number returned was accurate, but the first and last names were not. This is likely because Telegram users often use pseudonyms, so the names may not match. Nevertheless, authorities can still identify a user by their phone number alone.

Requests from Law Enforcement

Representatives from the Center for the Study of Legitimacy and Political Protest stated that they have already received requests for de-anonymization from the Ministry of Internal Affairs (MVD) and the Federal Security Service (FSB). It is expected that “Cryptoscan” will assist law enforcement in tracking down criminals.