๐ De-anonymizing a PEDOPHILE from an anonymous chat
Hello. This is an independent editor speaking! Today, I will tell you how I managed to de-anonymize a pedophile using Social Engineering and the tools of the Project bot.
๐ก๏ธ Disclaimer: This material is provided solely for informational purposes and is a fictional example created by an independent editor. The information is not intended for use in privacy violation, illegal activities, or any other unethical actions. We strongly recommend respecting the privacy of others and using the acquired skills and tools responsibly and in accordance with the laws of your country.
There are numerous online chat platforms that claim to be "supposedly anonymous." They exist in both Telegram and VK, but today we will discuss another independent one. It is hosted on its own domain as a web resource:
When using such chat platforms, people often forget about the human factor that can let them down. While the chat itself might be technically well-protected, as they say, the most dangerous vulnerability is the person in front of the monitor.
We select conversation partners based on categories and start communication:
Alright, our target user. Let's continue the conversation and gather as much information as possible. The interlocutor seems to be "smart," and they are willing to share about themselves:
So, the first step - their name:
He provided his name - Alexey.
The second step - social engineering:
Now let's talk about the link from a technical point of view.
/menu => Social Engineering => Deanonymization via Link
This is a social engineering tool that allows using JavaScript to obtain:
- An image from the user's camera on the website.
- Precise location (if the user is on a smartphone, accuracy is around ~30 meters).
- IP address.
- Device version.
And so, if the pedophile clicks on the link, we will obtain the following data (as you've understood, he clicked on it):
We have the IP, device information, a photo with a face, and... GEO.
If there are doubts about the device (why "Linux aarch64" is indicated as the platform), let me explain:
Android is based on the Linux kernel, which is why we are seeing this value. To confirm that it's a smartphone, we can look at two parameters. The first is the screen resolution (in our case, 360 by 804), and the second is the OS (in our case, arm_64), which indicates ARM processors used in mobile devices. We can also determine this from the processor.
These data are sufficient for de-anonymization, but shall we try to gather more?
So, we've now discovered his Telegram account.
What can we do with this information?
Firstly, the most obvious step is to continue profiling. Using the photo, we could potentially find his profiles on VKontakte (VK) and Odnoklassniki (OK). If his Telegram account has been exposed in databases, we might even trace back to his phone number. From there, the next step could involve attempting to crack his passwords.
We also know his name and that he has a 12-year-old niece, along with her interests (which I decided not to include in the article, as she's a child and not involved in this matter).
I even managed to find out the groups he's subscribed to:
In general, now we move on to OSINT (Open Source Intelligence), but we won't delve into personal matters. Just for fun, you could send his own photo back to him on Telegram:
