Can police hack your telegram?
Traced admin of "Punishers of Belarus"
Security officials are finding other ways to de-anonymize admins. Not to get burned, admins should follow simple rules
Internet users are trolling the administrator of the "Punishers of Belarus" telegram channel, who suspects that the provider helped to track him down using Google requests. He believes no one except the user can know the request text, since the HTTPS connection is encrypted. Yes, it's true, nobody can know.
But the internet is tricky. An IT expert told Euroradio how to track down anonymous person by search queries. He also shared tips on digital security.
To trace admin
Let's say after entering a query like "currency and bitcoin rates" our admin gets to nbrb.by, myfin.by and somewhere else. This is predictable. Consequently, the ISP (and other people who need it) monitor the IP addresses of these sites in a short amount of time for connections. It's not very difficult to do at night.
Most likely, they already have some information that allows them to narrow down their search. For example, the city where the admin lives. Thus, we get a set of IPs for verification. You can repeat this trick a couple of times to further narrow the search. There will be five addresses left. That's it, the police are off to get them.
Would a VPN help in this situation?
If the admin has already visited the nbrb.by and left his cookies there, then no.
It's even easier to trace the admin if you convince him to open a link to a fully controlled site. However, it is unlikely that among the people capable of administering a large Telegram channel, there are still those who will open a link to some obscure site. Or not...
The algorithm in the case of the "Punishers of Belarus" admin could have been different. There are thousands of such methods and schemes. I am not opening up on them, but believe me - every admin has either already left a trail, which is enough to trace them, or sooner or later will fall for a provocation.
Data flows here and there. And if both sites and mobile operators and providers are controlled by the same people, it is very difficult not to get burned. Yes, it's like with the branches of government.
If you want to stay anonymous on Telegram
0. For the name / username / avatar, use something that is not associated with you in any way (including search by username on the Internet).
1. Use a new account with a phone number from another country. Better do it with the VPN.
2. Use a separate physical phone number for the account. It must not show any personal activity: the browser should stay virgin, the cookies are to be cleared regularly.
3. Never turn off VPN on it.
4. You shouldn't keep any SIM card in it.
5. Do not get burnt in connection with this account / phone (including the history of correspondence - delete everything).
6. All privacy settings in the telegram should be put to the maximum (including search by location "people nearby").
7. Do not add anyone to your contacts on it.
8. Use two-factor authentication.
9. If you need an account for 20 minutes, use VPN + one-time sms service. Do not forget to clean everything in history that can burn you.
If you don't have a lot of work contacts and your own channels, it's a good idea to delete your account and re-create it to the same number. This will "unhook" from it those who managed to add it to contacts in some ancient chat, control of which was gained even before it became mainstream.