OSINT on Usenet

This document is a work in progress.


The purpose of this guide is to give a general introduction to what is Usenet, why is it important, and how to perform OSINT on it.

What is Usenet?

Usenet is a decentralized, worldwide, peer-to-peer system for circulating messages between users.

A little terminology:

  • Usenet: A worldwide distributed discussion system that operates on a purely peer-to-peer basis.
  • Newsgroups: Discussions forums on Usenet. Newsgroups can either be moderated or unmoderated. An example of a newsgroup would be the alt.fan.usenetnewsgroup.
  • Binary Newsgroups Many newsgroups in the alt.* hierarchy are binary groups and are very active for filesharing. In the past, this caused a major disruption to Usenet as many providers dropped Usenet as a service. Not onlywere copyrighted materials being shared but so was child pornography. ManyUsenet servers will not carry binary newsgroups, though most paid servicesstill do.
  • Text Newsgroups The overwhelming majority of discussions take place on text newsgroups. Text newsgroups are just plain text. If you download a news article from a text newsgroup, it will only contain plain text which makes it very useful for searching and organizing.
  • Articles: Messages or posts on newsgroups are known as articles.
  • Hierarchies: Groups of newsgroups. These may be unmanaged such as the alt.* and free.* hierarchies or they may be managed by volunteer organizations. Many hierarchies are geographically specific. In the past, many hierarchies were run by corporations such as Microsoft and Novell, but those have become disused over time.
  • The Big-8: The Big-8 is a collection of hierarchies that are the decedents of the original hierarchies that have been with Usenet since the very beginning. Many newsgroups still have active communities.
  • Servers: Usenet servers are what make up the Usenet. They are run by hobbyists and non-profit organizations or by companies that sell access. Hobbyists and non-profits typically do not carry binary newsgroups. While they do not outwardly advertise this fact, Usenet access companies focus on providing access as a means for filesharing.

Why is Usenet Important?

While Usenet was originally developed in the late 1970s and early 1980s,it is still an active network with hundreds of servers worldwide that operate in a purely peer-to-peer manner. Usenet does not have any kind of top-down structure. Server administrators decide for themselves what newsgroups they want to carry on their servers. Many newsgroups and entire hierarchieshave been dormant for years. That doesn’t mean that there isn’t any activity there, it just means that it is far less than it was in its heyday.

One of the purposes of this guide is to demonstrate how to perform historical research on Usenet. What was said 20 years ago on a Usenet newsgroup may have real value to investigations today.

A little history:

Usenet began as a project between the University of North Carolina and Duke University in 1979. The grad students who began the project presented it the following year at the annual USENIX conference and after that, it exploded in popularity at universities and corporations that did not have access to the predecessor of the Internet, the ARPAnet.

In the late 1980s, Usenet servers starting being available on the new Internet. In the 1990’s, Usenet was the message board of the Internet. Early online services like AOL and Compuserv had their own message boardsand chat rooms, but many of the best conversations were happening on Usenet. Much of today’s online culture originated on Usenet. This where we get concepts such as trolling and spam. It is where Linux and IMDB had their starts. Activists like Julian Assange got their start on Usenet and the seeds for Bitcoin were discussed years before it was originally published. In the 90s and early 2000s, Usenet was the 4chan, Reddit, Twitter, and Slashdot, of the Internet.

Usenet today:

Usenet isn’t what it used to be, but that doesn’t mean that it is completely dead. For the OSINT investigator, it is probably not atop-tier location for investigations today. However, due to its historic importance and the fact that it is still alive, albeit much smaller, it should not be ignored.

Because Usenet is based on sending plain text messages, much if it has been archived to this day and can be continually archives easily. That isn’t something that can be said about the proprietary systems of the online services or even about modern services like Reddit or Twitter where messages must be manually archived and are subject to deletion by moderators at any time.

How to perform OSINT on Usenet