Usenet - a summary for OSINT

Question 1

What is usenet?

Answer 1

Usenet is a world wide distributed discussion system that predates the internet. It allows users to read and post messages on various topics in dedicated newsgroups

Question 2

How does usenet work?

Answer 2

Usenet operates a client server model.

Servers host newsgroups (essentially discussion forums) focused on different topics. The .alt thread relates to alternative groups - where criminal material often found

Unlike modern social media it is decentralised - no central authority or organisation control it. Messages are distribued accross mulitple servers globally.

Every user can post articles to newsgroups that every other usenet user can read

Servers periodically connect with each other to exchange missing messages from groups.

A message sent to a newsgroup by a user will be distributed to all other servers that carry that newsgroup.

In order to access usenet you need to download a newsreader client.

Any files whatsoever can be uploaded and downloaded, images, films, books etc.

Question 3

How can we use use net in OSINT?

Answer 3

Google used archives usenet posts via Google Groups which is searchable. Only text based binary postings are archived not files shared.

Can avoid it being archived by Google by instructing it not to be archived in the post.

Question 4

What is IRC?

Answer 4

Internet Relay Chat.
A multi user chat system.

Real time chat - when threat is closed it is gone

Like usenet it is a client-server model
Except direct messages between users which are peer to peer (no server)

Users meet in channels
Each channel has its own subject
Can file share
Endless number of channels

There are 4 main networks but many smaller ones.

Each network has several servers

Question 5

How do you use IRC?

Answer 5

IRC networks have IRC servers

Users connect to an IRC server with an IRC client

Users can chat when they are on the same IRC Network. They don’t have to be on the same IRC server

All IRC servers in an IRC network have the same channels, users and bots

Question 6

Different types of IRC Channels?

Answer 6

Public
Private
Invite-only
Secret
Invisible

Question 7

What is a netsplit and why might it occur?

Answer 7

When servers on a network lose communication and cannot exchange information and text.

Usually takes a few minutes to reconnect

Can be caused by dDos attacks by rival networkd

Question 8

User Information

Answer 8

An @ before a username means OP
You are automatically OP when you create one, but you can make more people them. They are like admin, king of channel, can change channels subject, modes and title. Can kick and ban users.

IrcOps or Operators are responsible for network maintenance, registers channels, answer questions, repair netsplit found in network oper channel

Bots
Run off scripts run from a client or a separate program
Application to keep channel open (egg drop), can execute commands, react to certain events. Used to control botnets

‘user’@host is your username. The host part is determined by your ISP - can be your IP address or name of your machine!

To access the info right click on the username. Can use VPN but some don’t allow.

Question 9

How to find users on IRC

Answer 9

When you know the nickname
Type /who is <nickname></nickname>

To see a list of users in a channel
Type /who <channel></channel>

Type /notify <nickname> when you want to be notified when someone comes online</nickname>

To know who someone was that left IRC type /whowas <nickname></nickname>

Do NOT use the query function this notifies them so is not listed here