In the early days of the internet, skepticism was rife, as many critics dismissed startup concepts as foolish and impractical. The capabilities of the internet appeared redundant to some; traditional methods, such as tuning into a radio or visiting a physical store, seemed to suffice for the tasks at hand.

However, the internet introduced unprecedented functionalities, enabling interoperability among disparate systems and enhancing efficiency in ways that were previously unattainable.

Similarly, Web3 boasts a set of powerful, groundbreaking properties that were once thought impossible. A well-implemented smart contract operates autonomously; it cannot be disabled, and anyone with internet access can engage with it without restriction.

This technology is characterized by its borderless, permissionless, and trustless nature. Interested and knowledgeable parties can independently verify that a smart contract will honor its commitments, eliminating the need for ongoing trust in the entity that created it. Moreover, these systems facilitate transactions using on-chain currencies, assets, and cryptographic proofs in diverse and innovative ways.

In an era where corporations and governments increasingly reveal their untrustworthiness and, at times, malevolence in managing the systems we depend on, these advancements represent a significant leap forward.

They offer a genuine opportunity to address the complex and enduring challenges of human cooperation that our civilization has historically grappled with. However, it is essential to note that this potential does not equate to a straightforward path for individuals to amass wealth through investment.

Consequently, those who are primarily motivated by the prospect of financial gain may find themselves disillusioned if they perceive that such opportunities are not forthcoming.

OSINT in Web3

Open Source Intelligence (OSINT) involves the methodical gathering and examination of publicly available information to extract actionable insights. These insights are invaluable for various objectives, such as identifying patterns and constructing accurate timelines of events. This is particularly important when discussing events such as wars, conflicts or crime.

In the context of the Web3 ecosystem—characterized by its decentralized nature and dependence on blockchain technology—OSINT has gained prominence for its ability to uncover patterns and trends within open networks which helps researchers and investigators.

Some of the key applications in Web3 are:

Fraud Detection

Through the analysis of blockchain transactions via Blockchain explorers like Blockfolio, OnChain Industries and Etherscan you can track crypto movement and investigate fraudulent activities on the blockchain such as rug pulls.

Open Source Intelligence (OSINT) tools such as OnChain Industries are capable of detecting suspicious activities, including but not limited to money laundering and fraudulent schemes which are present on the blockchain.

OnChain Industries | Web3 Investigation Tools

Add web3 to your OSINT investigations with onchain.industries interface and API

onchain.industries

Hackers often employ Open Source Intelligence (OSINT) techniques to identify vulnerabilities within an organization's web applications and infrastructure. This information can potentially be exploited to breach these weaknesses and access sensitive data residing within the network.

It is important to note that the reliability of data obtained online is not reliable at times. Consequently, hackers typically gather information from a multitude of sources prior to executing an attack. OSINT simplifies the process of data acquisition for these malicious actors, providing them with access to an extensive repository of information that can significantly enhance the likelihood of a successful attack.

To explore such, let's check an example below.

I took my email and I searched it on the tool.

After the tool was done, it produced an impressive report, which I verified to be accurate. (I used my second email which is for professional stuff, I have my main email for crypto stuff)

I also decided to do another search for Logan Paul's wallet address to see what would turn up and find out what he is up to.

The tool was able to find all the Web 3.0 information associated with Logan Paul's wallet address and verified his status in the Web 3.0 ecosystem as shown below.

Regulatory compliance

Tools that utilize Open Source Intelligence (OSINT), such as Onchain Industries, play a crucial role in fulfilling Anti-Money Laundering (AML) and Know Your Customer (KYC) obligations that are required in various jurisdictions. They do so while maintaining the principles of decentralization, thereby contributing to the security and integrity of the Web 3 ecosystem.

To demonstrate that, you can actually do a search on OnChain Industries on a username, email or address to get more information if you have suspicions.

Transparency

In the Web 3 space, transparency is a crucial aspect that helps protect users. Open Source Intelligence (OSINT) tools like self-sovereign identity, Decentralized Identifiers and Verifiable Credentials empowers researchers and investigators to conduct thorough audits of decisions and operations within decentralized organizations, which in turn improves transparency and trust among users.

A good example is auditing an altcoin or meme project to ascertain if it is a scam or not. This is achieved by auditing their wallet, doxxing the developers and ensuring there are no backdoors on their infrastructure.

Ethical considerations

We have witnessed remarkable technological advancements, such as Wikipedia, a self-sustaining and continuously updated repository of information, made possible by the dedicated individuals who invest countless hours correcting inaccuracies online without compensation.

On the other hand, we are also confronted with the unsettling reality of AI-generated content on platforms like YouTube, where disturbing and perplexing videos are tailored to captivate young viewers, leading them to spend excessive amounts of time consuming algorithmically curated autoplay lists filled with low-quality material.

Additionally, platforms like TikTok have taken the concept of "endless short attention span content" to an even more refined and engaging level.

Transparency and surveillance

The inherent public nature of blockchain technology allows for easy access to data; however, this transparency can veer into the realm of surveillance if not handled properly.

In the context of Web3, this transparency poses significant challenges to established privacy norms and may even clash with privacy focused regions like EU. In the EU, even basic identifiers like names and pictures are often censored from the public. If a researcher is able to figure out such, he/she may risk running into problems with law enforcement.

Data misuse

Malicious individuals, including hackers, stalkers, and activist groups with harmful intentions, can leverage Open Source Intelligence (OSINT) to engage in doxxing, harassment, or to specifically target individuals who may be vulnerable. This may pose a challenge to law enforcement officers and put Web 3 users in a dilemma.

Hackers often employ Open Source Intelligence (OSINT) to gather comprehensive information about their intended targets. This practice serves as a crucial preparatory step prior to executing an attack.

The intelligence derived from OSINT enables hackers to search for sensitive data, which may encompass various details such as the types of technology utilized by an organization, existing vulnerabilities within that technology, and potential weaknesses in the organization's security policies that could be exploited to gain unauthorized access to their network.

To illustrate this concept in a simplified manner, consider the act of researching an individual's LinkedIn profile. The information obtained from this platform can facilitate connections with employees within a target company. Subsequently, the hacker may craft and dispatch phishing emails that prompt these individuals to visit a counterfeit website.

This fraudulent site might solicit login credentials, which the attacker can then use to compromise the victim's email account, thereby enabling further infiltration into the organization's network.

Access and inclusion

Decentralization can be viewed both as a beneficial feature and a potential flaw. It is plausible that the drawbacks may overshadow the advantages. Any trend that arises within this framework is likely to have far-reaching global implications that surpass the influence of any individual, collective movement, industry, or governmental entity.

Consequently, addressing these issues will necessitate international collaboration; this is the current reality we face. Both the benefits and challenges we encounter are inherently global in nature.

Furthermore, it appears that large corporations and substantial financial entities will dominate the market, rendering them largely unconcerned about the authority of any single government.

Privacy challenges in Web 3.0

Currently, users possess minimal options regarding the storage of their data and the protection of their privacy. However, Web3 introduces a paradigm shift, empowering individuals with choices that were previously unavailable.

While it is likely that many users will opt for convenient solutions that replicate their existing user experience—potentially even finding free, ad-supported alternatives—Web3 also offers the flexibility to select different paths. For those who prioritize enhanced privacy, security, and resilience beyond what is typically available, these options will be accessible.

Moreover, it is important to note that many Web2 companies are actively opposing the emergence of Web3, recognizing it as a significant threat to their monopolistic practices.

Major players such as Google, Apple, and Facebook heavily depend on rent-seeking strategies facilitated by centralization and the imposition of high switching costs on users. Microsoft may present a partial exception to this pattern, but for those who are not deeply engaged in the evolving landscape, this nuance may not be readily apparent.

Loss of anonymity

While blockchain users are represented by pseudonymous addresses, Open Source Intelligence (OSINT) tools possess the capability to cross-reference various data sources, potentially uncovering their true identities. This happens via cross-referencing through images, social media accounts or even public profiles. Several people have been doxxed this way.

Google as a search engine undoubtedly serves as a crucial resource for Open Source Intelligence (OSINT). However, malicious actors often go beyond mere basic searches when unearthing private information. They employ what are known as "Google Dorks," which utilize advanced search operators to uncover information that standard searches may overlook. This method can reveal data that organizations or individuals may not even realize is accessible to the public.

Data collection and aggregation

The aggregation of publicly available data has the potential to create comprehensive profiles, which raises concerns about the violation of user sovereignty. Such profiles may be exploited by law enforcement agencies or malicious individuals, thereby compromising the personal safety of individuals, particularly those in the public eye.

Engaging in Open Source Intelligence (OSINT) research may appear harmless at first glance; however, hackers perceive it through a different lens. They leverage OSINT to uncover both personal and professional details about individuals, which they can subsequently catalog for future exploitation.

To facilitate this process, hackers employ specialized software and tailored search engines designed to scour the internet and social media platforms. While some of these tools are accessible to the public, others necessitate a purchase and require a level of technical proficiency to operate effectively.

A commonality among these tools is their ability to consolidate vast amounts of information, enabling users to retrieve and analyze data efficiently, as exemplified by platforms such as Searx and Kali Tools.

Blockchain immutable transparency

Blockchain transactions possess an inherent immutability, signifying that once sensitive information is made public, it cannot be retracted. The censorship-resistant nature of Web3 introduces a wide array of ethical dilemmas.

While the technique of Open Source Intelligence (OSINT) is gaining traction in discussions in Web 3.0, it remains an area that many individuals overlook. To effectively incorporate OSINT into employee training on cybersecurity, it is essential to first cultivate an awareness of the digital footprints we leave behind and recognize the vast amount of information readily accessible online and such information is permanent.

Social media platforms have conditioned users to share a plethora of personal content, including selfies, screenshots, and a myriad of other details that could potentially be exploited by cybercriminals. It is crucial to understand that not all information is appropriate for public dissemination.

A notable instance occurred in 2020 when the Dutch Minister of Defense posted a tweet that inadvertently revealed the Zoom access code for a confidential conference. This oversight enabled a journalist to join the otherwise private call. Although the situation may have seemed innocuous, it serves as a stark reminder of the risks associated with indiscriminate sharing.

Conclusion

Open Source Intelligence (OSINT) serves as an invaluable resource for cybercriminals aiming to design convincing phishing and spear-phishing attacks on Web 3.0.

However, it is essential that OSINT is not exclusively utilized by malicious actors. The ingenuity displayed by hackers knows no bounds; therefore, incorporating their OSINT-based techniques into cybersecurity awareness and training programs is crucial in Web 3. This integration will empower you by familiarizing you with the tactics employed by attackers.

Merely raising awareness is insufficient to effectively shield your teams from the sophisticated phishing attacks orchestrated by hackers who seek to deprive you of your assets.

It is vital to include OSINT in phishing simulations in your Web 3 applications, as this training will prepare your teams to confront potential threats and cultivate the necessary analytical skills when evaluating the emails they encounter. By doing so, organizations can enhance their resilience against these persistent cyber threats.