Investigating the Blockchain using OSINT

OSINT investigations are starting to get interesting.  I love to see how many different applications OSINT has in the realm of investigations.  I’ve recently read all the articles posted by Benjamin Strick on Medium.  He uses OSINT to investigate people, groups, or events by tracking them through the blockchain.  Bitcoin is the most popular cryptocurrency and it is notoriously used by criminals of all stripes. Due to the supposedly anonymous nature of Bitcoin, despite it having a public ledger, it’s obvious why it attracts people who don’t want their money traced.  This post will discuss how you can get started investigating the blockchain using OSINT.  I’ll go over the tools and tactics current investigators are using as well as a few Bitcoin wallet addresses you can use to practice.

Examples of OSINT Investigations of the Blockchain

As mentioned before, Benjamin Strick is one of the foremost members of the OSINT community who is focusing on the blockchain in his OSINT investigations.  Here are a few of his articles demonstrating his process.

Tracing an offshore bank and a dark web service using the blockchain — an OSINT investigation

This article not only demonstrates how you can trace criminal activity through the blockchain, it also gives a pretty good introduction to the dark web and how to use it during your OSINT research.  What you find through this research is a lot of relationships and mapped networks, leading to very useful intelligence.  However, as Benjamin explains, there’s not much you can do with it unless parties with authority are willing to consider the evidence as credible.

Source

Tracing a Jihadi cell, kidnappers and a scammer using the blockchain — an open source investigation

This article talks about the discovery of an odd relationship between a Jihadi cell and kidnappers in South Africa that are connected by the same bitcoin wallet address.  This article is probably my favorite of the three that Strick writes due to the explanation of the tools he uses and his emphasis on using free tools. It’s a good place to start to not only understand the blockchain, but to learn more about OSINT and its applications.

Source

Meet The World’s First Jihadi Cryptocurrency Crowdsource Site On The Dark Web: SadaqaCoins

This article talks about a crowdsourced website called SadaqaCoins, hosted on the dark web, that openly solicits funding for jihadist activity.  Though none of these crowdsourced projects have been funding, you can use the bitcoin wallet addresses to practice the methods Benjamin uses and collect very useful intelligence.

Source

Other than Strick, the only other active member of the OSINT community who has looked at the blockchain with an emphasis on OSINT is Justin Seitz.  He primarily writes about Python and how you can use it to rapidly increase your OSINT capability.  He also writes about Python and how you can use it to collect OSINT from the blockchain.

Follow the Bitcoin With Python, BlockExplorer and Webhose.io

This article shows you how you can build a tool that takes a currently known Bitcoin address, though it’s owner may be anonymous, and searches the dark web for any other instances of that Bitcoin address.  If you have a baseline technical ability, I recommend building this tool and going through Strick’s process to find if any other useful information can be found that he may have missed!

Source

Honorable Mentions

Bitcoin Forensics – A Journey into the Dark Web – Source

Bitcoin Forensics Part II: The Secret Web Strikes Back – Source

Tools and Tactics for Blockchain Investigations Using OSINT

Bitcoin Who’s Who

Bitcoin Who’s Who is a great way to start your Bitcoin investigation.  It’ll provide you information such as if a bitcoin address has been affiliated with a scam or not.  It’ll also provide you information that blockchain.info will not. It’ll also tell you how many times that bitcoin wallet has appeared on other websites.  In my experience, this feature isn’t very accurate.

Wallet Explorer

Wallet Explorer is probably the best way to visualize a Bitcoin address for analysis if you prefer a csv format.  You can punch in a Bitcoin wallet, get the results, export the results to a csv and manipulate the data in whatever way you want.

OXT

OXT is a tool I found after searching for any tool that would visualize bitcoin transactions and networks.  I haven’t seen it listed on any other OSINT related article, so I hope it will be a solid contribution to the OSINT community.  This tool will visualize all of the transactions a Bitcoin wallet has into graphs and charts that are very handy for trend analysis.

There have been plenty of other paid solutions out there including Crystal and Chainanalysis.  I haven’t used any of them, but they seem credible.  I like the UX for Crystal the most.

Bitcoin Addresses Worth Following and Practicing OSINT on

Daily Stormer (alt-right publication)

19m9yEChBSPuzCzEMmg1dNbPvdLdWA59rS

Wikileaks

36EEHh9ME3kU7AZ3rUxBCyKR5FhR3RbqVo

A Very Rich, Mysterious Person or Persons (largest bitcoin wallet)

1EBHA1ckUWzNKN7BMfDwGTx6GKEbADUozX

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s