Telegram Investigations, their Relevance in the Russia-Ukraine War, and the Decentralised Web 3.0


This is a transcript of the first episode of the Intelligence Podcast: OSINT and its application, a podcast about the various broad applications of open-source intelligence. Visit our podcast page to find out more.

Anne-Lynn Dudenhöfer, Intel Desk Lead at HENSOLDT Analytics, spoke to Loránd Bodó, an OSINT expert and the founder of OSINT Jobs, a job portal dedicated to open positions in the field of open-source intelligence. 

In this interview, Loránd shares his predictions on the future of OSINT in the context of decentralised technologies, blockchain, and the Internet of Things (IoT). He also talks about the use of social media ecosystems by extremist networks, and Telegram investigations of the Russia-Ukraine war.

Some sentences were shortened and edited for clarity.

Q: My guest today is Loránd Bodó, who is an open-source intelligence consultant, founder of OSINT jobs and the former open-source intelligence producer for NBC News. Let’s dive right in. Could you provide some information about your professional background and career? I believe that you hold three Master’s degrees and speak several languages.

Loránd Bodó: Happy to walk you through it. It basically started 13-14 years ago when I graduated or when I did my, so-called Hochschulreife. This was the kind of qualification you need in Germany to progress and go to university at that time. After I graduated, I went to the German military and joined them for service. I extended it later on, so in total, I was there for almost two years. Throughout this experience, I developed an interest in international politics and security in particular.

After the Bundeswehr (the armed forces of the Federal Republic of Germany), I decided to do a Bachelor’s degree and I studied Political Science and also Oriental Studies because, during that time, I got really interested in international terrorism. So I chose Oriental Studies to better understand why people would do such horrible things and throughout the years I realized that this is what I’m passionate about. Then one thing led to another, and I completed three Master’s degrees. It wasn’t that I wanted to collect degrees, it just happened.

The first was a double Master, where you study for two years and you end up with two degrees. I didn’t say no to that. Then I wanted to do a PhD after this and it happened that they said you have to do another Master’s degree before you do the actual PhD. That’s about it, a quick summary of how I got these degrees.

About the languages…I speak English. German and Hungarian, which both are my native languages because of my parents. During my Bachelor’s, I also studied Arabic for three and a half years.

I am sure your language skills come in handy with your career and your job, and it is indeed a very impressive career so thanks for taking the time to speak with me today.

OSINT is an insanely fast-paced environment and an intelligence method that has rapidly gained significance in the defence and security sector but also in the private sector over the past, I’d say five but maybe also 10 years. In terms of tools or investigation methods, what are some of the more recent OSINT trends that you have been seeing?

This is a very good question and, as you said, OSINT is nothing new. It has been around for decades, primarily in the form of translating news and radio broadcasts around the world. But around the mid-2000s I would say, this explosion of information started. When you had different things overlapping. One was the availability of mobile phones and then also the mobile networks in lots of countries. Then also specifically the social media apps that allow anyone to record and share information.

And then, in terms of recent trends, there’s one big trend which is that OSINT has become massive now. As you rightly said, over the past five years it has been growing exponentially but with the cover article in the Economist in August 2021 called “The Promise of Open-source Intelligence” by now, everyone should know about OSINT or at least the big organizations, executives, who read the Economist. It was a really good article showcasing the power of OSINT and this also leads me now to the trends.

The first trend, which I see, what we are observing right now in current Russia’s invasion of Ukraine is the explosion of this army of investigators or crowdsourced investigations. You have established entities that have been doing this for a long time but you can also see and observe, especially on Twitter, many other people, who come out of nowhere and start publishing analyses and sharing information, which makes it quite difficult for analysts. Because you have to verify everything. This is what I can see as a trend, which will also continue to grow especially around established organizations, that try and utilize this army of armchair investigators. I’ve also read in an article, which was pretty interesting and cool, that anyone with internet access and a desktop, who’s passionate about doing something, can contribute to this.

What we are observing right now in current Russia's invasion of Ukraine is the explosion of this army of investigators or crowdsourced investigations. You have established entities that have been doing this for a long time but you can also see and observe, especially on Twitter, many other people, who come out of nowhere and start publishing analyses and sharing information, which makes it quite difficult for analysts. Because you have to verify everything.

Another trend which is very interesting, I read about it just the other day, was that intelligence was also shared for the first time in the UK. This is something new. Usually, intelligence is something secret but that it gets shared was very interesting. Because now open-source intelligence is becoming so important many people realize this, I think this will continue to happen because of the so-called information disorder. So you’re going to have lots of information coming from everywhere and countries or parties could use this as well to their advantage. In order to make sure that the information is trusted and verified, this could explain why intelligence agencies would do that to make sure that you can’t weaponize certain pieces of information. That I would say is trend two.

Trend three: increased artificial intelligence algorithms or better AI-based algorithms as a lot of information needs to be processed. Also, another trend, maybe we talk about this later, is the IoT, the Internet of Things, which will lead to even more information. And also information in a way that we can’t maybe understand now but later on when we combine it with data science techniques, we could maybe make really interesting predictions based on different datasets.

Lastly, also blockchain technology. How we could use this, especially in the age of mis- and disinformation?

You mentioned a few really big ones there. I think one that is still under-discussed in addition to, for example, the Internet of Things which is also under-discussed at this stage, is the combination of AI technology and big data processing for the benefit of open-source intelligence investigations. I have a vested interest in saying this but obviously, this is to be used in combination with an analyst or several analysts for that matter. I think that big data processing is an incredibly powerful tool for OSINT investigations and in particular, as you mentioned, in terms of detecting misand/or disinformation. Or for detecting certain patterns, pattern identification, such as hate speech patterns.

Your academic background, if I understood correctly, is predominantly then in terrorism studies and Oriental studies. In terms of jihadist extremist groups, which media or messengers do you see them use most these days?

The first thing I would say is that when we talk about extremist groups or terrorist groups using technology or media messengers, we should think about it in terms of ecosystems. I wouldn’t say there’s one platform. Of course, there are certain platforms that are favoured over others but we should see it as an entire ecosystem. I’m coming from the perspective of tackling terrorist use of the internet so I’m talking about not just platforms specifically but also the entire ecosystem around it: hosting providers, the tech infrastructure, and everything that comes with it.

To answer your questions, which one do I see most these days? Telegram is pretty big. It’s still being used by many of these groups. There was, for example, Europol, which has cracked down significantly on some of these groups and they are also doing these internet referral action days when they basically work together with tech companies to do a massive takedown. I think the biggest one specifically targeting so-called Islamic states and supporters on Telegram was in 2019. You could see it, everyone on Twitter was talking about it because it also meant that researchers and everyone looking into these were targeted. Telegram is still an important resource and a platform.

Then we’ve got also Rocket.Chat, Discord when we talk about the wider far-right. And also gaming platforms are very popular among far-right communities, which has to do with the gamification or the gaming element and how it is being exploited. There are also great research institutes, I think the Royal United Services Institute (RUSI) is leading a big research on this very specific issue of understanding how extremists use gaming platforms or the concept of gaming in the context of radicalization.

All in all, when you ask me which one you would look at, I would like to highlight that from an investigator or researcher’s point of view, a cross-platform approach is very important.

As I mentioned, Telegram is very popular. It’s easy to use. There are many factors that determine why one group would use a platform and the ease of use is very important. Also has to be used by many people because otherwise, you won’t reach anyone. It needs to be widely accepted. It needs to have some level of security to some degree, and it also needs to support a wide range of features, such as sharing videos, images, calls and so on.

The next thing I want to highlight is the dark web. Oftentimes you see or read articles in the media. I came occasionally across something but mostly it was also flagged by other researchers, and they shared the report. I can’t see a big demand at the moment in this because it’s challenging to get access to dark web and security, and so on. One thing that I want to highlight is a report by Tech Against Terrorism. I used to work there by the way, and they have published a really good report last year, I think, and it was about looking at the surface web. Surface web means anything that you can find through search engines or you get the link. In this report, they have located 198 websites operated by terrorists and violent extremists. And these sites, based on the analysis, promote violent extremist ideologies such as neo-nazism, also Salafi jihadism, and incel ideology. The analysis is really good, highly recommended.

Coming back to your question, regarding which platform I see being used the most at the moment. This is a really good report for one major reason: from the media and from all the conversations we can see that there’s this focus on certain platforms. Certain platforms have to do more but while we are focusing on social media, on the clear web, nothing is being done on the surface web. Actually, there are lots of sites – I have also done some work on this, especially on the topic of the far-right groups – that are easily found and that contain links to many other sites. In the Tech Against Terrorism report, they also found websites leading to groups such as the so-called Islamic State, Atomwaffen Division, Combat 18, and the Taliban. They also found really interesting results in terms of monthly visits that’s just to highlight here that we shouldn’t be solely focusing on social media platforms even though it’s still important. We shouldn’t forget about the clear web and more has to be done on this end.

I would like to highlight that from an investigator or researcher's point of view, a cross-platform approach is very important.

Absolutely. You already mentioned some of the points regarding my next question, for example, the use of gaming platforms. In terms of the use of technology for the purpose of communication, what are some of the differences and similarities between, for example, right-wing extremists and Salafi jihadist groups? You already mentioned gaming platforms but are there some other differences that stand out to you in your research?

Here I want to stress that I’m going to broadly talk about these issues so I will not contrast and compare specific groups. Broadly speaking, there are similarities and differences. Similarities, ideologically speaking, they both see themselves as belonging to an in-group and see the outgroup as an existential threat. Another similarity is that they also tend to use similar platforms. Telegram is popular among right-wing extremism and Salafi jihadist groups. I also think that they learn from each other because everything is being reported in the news and occasionally you also see references on Telegram talking about, „Hey, this happened, this is bad practice, remember don’t do this…”. So you can see they learn from each other’s experiences.

In terms of differences, it’s more like a broad statement and I haven’t seen a lot of research on this but in terms of the use of technology, I would also say that on the far-right spectrum it has been shown and demonstrated that they were one of the early adopters of cryptocurrencies. This is very interesting and it also implies that you could argue they were more focused on upcoming technologies and how they could be used. One reason why they were early adopters of bitcoin is because of this idea of decentralization. That there’s a blockchain and you don’t need an intermediary, you don’t need a government institute that controls everything. You can just send money back and forth, everything is secure. We aren’t talking about tracing bitcoin transactions but this is kind of the idea.

There were also stories and I think also research papers published on the use of specifically bitcoin with Salafi jihadists, like the so-called Islamic State, for instance. And to my knowledge, there were instances where it was used or even for trying to gather donations to finance terrorism. So there were cases but I haven’t seen anything that it was used to a massive degree. Such as, they could gather millions of dollars to fund an operation – this I haven’t seen.  

What’s also interesting between these two groups is the operational security that they both emphasize. On both sides, you can find specialized groups that research operational security and provide advice on how to stay under the radar, how to evade surveillance, etc.

They probably learn from each other, which you can see through references they share or even through conversations. And that’s very interesting about similarities and differences.

What's also interesting between these two groups is the operational security that they both emphasize. On both sides, you can find specialized groups that research operational security and provide advice on how to stay under the radar, how to evade surveillance, etc.

Back in the day, I did some research with the Psychological University of Berlin about so-called leaking or leakage. That means early warning signs of terrorist attacks and there we actually found some stark differences in leaking behaviour prior to the planning of said attacks or the attacks themselves between the groups. That included also offline behaviour, such as leaking and leakage can also occur offline and doesn’t even have to involve the online sphere.

If I may summarize what you said, it is the case that for several reasons Telegram is still one of the favourite social media networks or messengers used by many extremist groups. Usually, and correct me if I’m wrong, as a first step these groups use web-based apps such as Twitter, Youtube and/or Facebook to attract followership. So in a more general setting that is more freely accessible to the public and then they move to encrypted or at least partially encrypted apps such as Telegram. Is this still the process employed by such groups or are you witnessing other apps being favoured over Telegram for this particular process, such as certain fringe platforms?

Great question! You should look at it as an ecosystem. What I also didn’t mention was that these groups also utilize other services, such as cloud services, where they host videos; Google Drive and all these services to upload content but also other, more decentralized versions of it. All of these platforms are very important in combination so what you’re trying to do – and this is me putting myself into the shoes of, let’s say, someone with a Telegram channel where I want to distribute information. In order to get people onto my channel I have to reach them, how can I do this?

I can go on to other Telegram channels and send links and hopefully people come through that. Or I could go onto big social media platforms like Youtube, Twitter, Facebook and so on, set up accounts or join conversations where I may find people, who might be interested in what I have to say.

These groups are still on these platforms but I also have to say that these big social media platforms have significantly ramped up their efforts compared to years ago in detecting such content. Tech Against Terrorism has been also leading this kind of work with the big companies but also smaller platforms because the smaller ones are always the ones that get exploited. Why? Because oftentimes they don’t have the resources to tackle this problem. Unlike the big platforms, which can hire teams of data scientists for this reason.

So yes, you use these platforms in combination and, as I also said, the clear web is also a very important node in the network. Just to give you examples, this was on Wikipedia. You go to the Islamic State’s page on Wikipedia and then you change the language from English to Arabic and then suddenly you have additional content, which was very interesting because through this I could then find actual links to clear websites. And from there I could then see archiving services – also very popular – and links to archiving services for all the content. This is also one of the techniques, but they always adapt. Whenever you come up with some counter-strategy, there will be a counter-response.

What I also wanted to say about this is some decentralized versions. The InterPlanetary File System, for instance, is a peer-to-peer so-called hypermedia protocol designed, as they say on the website, to preserve and grow humanity’s knowledge. The way it is working is that you save a file in the system’s network, and you become part of a wider network. When someone tries to access that file or look it up, that person will ask in the network about this file and they will point you to the nodes. When you’re downloading the content, you automatically become another node and serve it to someone else. This is pretty similar to the BitTorrent network – in order to download a torrent you also become a host at the same time. And then you create this distributed network, which makes it impossible for you and anyone else to take this content down because it’s stored on thousands of machines rather than one single server. That’s also very interesting.

As we said earlier, OSINT is a rapidly developing field on all ends. Not only are there further technologies that we have to keep up with but we obviously also have to keep up with, let’s call them bad actors. Or bad intent behind certain actions of people that are broadening their horizons as we speak and are using all sorts of different technologies to communicate with one another without being intercepted.

I want to speak a bit more about Telegram at this stage. Regarding the situation in Ukraine and specifically the Russia-Ukraine war, that is currently going on. To give a bit more background for our audience here, Telegram was created in 2013 by Pavel Durov who is a Russia-born tech entrepreneur. The messenger platform has a much larger user base in Russia than, for example, Facebook or Twitter. To put things into perspective, according to a Deloitte study from 2021, 61 per cent of polled Russians at the time were using Telegram. However, the platform is independent of the Russian government and in the current situation with many major news outlets shutting down in Russia and access to some social media networks such as Facebook, for example, being blocked, it is argued that Telegram has become a critical source in the Russia-Ukraine war for both Ukrainian and Russian communication alike. What is your take on this?

You mentioned a lot of interesting points. The first one is the study by Deloitte if I understood correctly that so many people rely and use Telegram as a source or a way to communicate, which is, by the way, a really good technique. Whenever you do research in specific countries to understand what social media platforms they use, one thing I want to highlight is that even though you have lots of information, the critical task of verification is so important. There are great outlets such as the Center for Information Resilience, that have been doing excellent work in this regard. They have this map and on this map, they document everything that has to do with the invasion of Ukraine. Before something goes onto the map, they have a rigorous process of verification to make sure that nothing goes on to the map that shouldn’t be on there. And when you talk about the world of Telegram, you can – once you’ve identified one channel – usually find more channels and then you end up with hundreds of Telegram channels and chats. Then the problem, from an analyst’s point of view, is to make sense of this kind of messy data. You will probably see a lot of things pop up, same themes, same people making the same claims, that, “an advancement was spotted here in this area or artillery strike in this area”, but still it needs to be verified. This is what I just wanted to highlight.

Whenever you do research in specific countries to understand what social media platforms they use, one thing I want to highlight is that even though you have lots of information, the critical task of verification is so important.

Talking about Telegram in general, what I usually do when I do OSINT training is to explain the different levels of techniques that one can use for Telegram. One of the obvious ways is of course using search engines such as Google and then using it in combination with site operators to find index content from Twitter, for instance. When you just go onto Twitter, you will find also accounts that link actually to these sources so you can easily identify these and through that particular Telegram channel, you would then go through the list and find similar links to other channels. Then you gradually build up your database. However, as I said it’s extremely challenging to verify the accuracy and also the veracity of this kind of content. Also to verify who’s behind the channel because we shouldn’t forget that this information can be also shared for various purposes or reasons.

What I also want to say in this regard is that I see Twitter as the kind of end-station of this information. This is why I also created a Twitter list to help analysts follow the current invasion minute-by-minute. How I did this? I identified analysts and really good people, who have been working constantly 24/7 on just documenting everything. By putting them into a list, I can now follow everything and see all the content that is also shared on Telegram.

These people are content aggregators. They go on to Telegram and also other sources, find the videos, and upload them on Twitter. Through the list that I created, I can monitor it. This kind of approach can be used but not for someone, who has to make critical decisions and every minute counts. You would have to go to the primary sources directly. As you said, Telegram in this current war is one of the main sources definitely.

It is definitely used by both sides, Ukrainian and Russian at this stage, who communicate about the ongoing conflict and share insights about troop movements, attacks, and even potential war crimes being committed. For governments, the defence and security sector, and journalists alike Telegram allows for a window into the war on the ground. And, if verifiable there may even be a potential for such content to eventually serve as a basis for holding war criminals accountable, which would be a very vital aspect of such content. If it can be verified.

As you said, the problem of the dissemination of mis- and disinformation remains and source verification is absolutely vital.

In terms of open-source intelligence investigation, what do you think the future holds? Can you summarize some of the future ways OSINT may be utilized?

What we are seeing now, allowing anyone to follow the war minute by minute is unbelievable. It’s not the first time, there were other wars as well where people were following all events. But for some reason, it just now exploded somehow and this is maybe due to so many people using Telegram. They upload videos from everywhere, which makes it challenging to document as well. I would see this as the future of OSINT. And that established organizations, such as bellingcat or Center for Information Resilience, will utilize this army of volunteers that oftentimes dedicate hours and hours in their spare time to just document, geolocate, verify, and add everything into a database to then document war crimes as well. I can see this as very important work as well but this is challenging at the same time, especially if you want to manage hundreds of people. I think crowdsourced investigations will take off.

Here I have to say this can be good and also bad. Good in the sense that… How long does it take one person to geolocate? First of all, collect relevant videos, then verify them including geolocation, analyse them, and then write everything up. How long will it take one analyst? But if you have hundreds, it’s a quick job but someone needs to also make sure everything is correct. At the same time, it can be also bad. It can go wrong and we also see this right now when you even have news organizations taking a video and then retweeting it and trying to make some headlines with an under-verified video or not even verified video. Then people have to point out that this video is not from the current war, this is from Syria.

[...] we also see this right now when you even have news organizations taking a video and then retweeting it and trying to make some headlines with an under-verified video or not even verified video. Then people have to point out that this video is not from the current war, this is from Syria.

I also think for the future, combining data science and other technologies will also be super helpful. And another thing that I mentioned earlier when we talked about trends. The use of new technologies, ground-breaking technologies such as blockchains, especially for this work. The idea is, to explain in simple terms, that we have a public ledger that keeps track of everything and it’s impossible to change this so we have the ground truth recorded on the blockchain. When I think about crowdsourced investigations, can we utilize the blockchain to make sure that whatever video gets documented is recorded in this blockchain? And when you check the blockchain it will tell you that this video is not there yet, which tells you that this hasn’t been recorded yet, it’s likely that the video is new or it tells you that this video has been recorded, it’s from this conflict, etc.

Utilizing this technology to counter mis- and disinformation might also be possible. I’m sure there must be companies already thinking about how they could use this technology. Also in terms of incentivizing because there are some blockchains, such as Ethereum, where you give them an incentive with a native token on that blockchain. When you contribute, you get also a reward so those, who geolocate will get the token and the more you geolocate the more tokens you can get. If the value of the tokens is, I don’t know, a couple of hundred dollars maybe you can make a living out of this as well while doing something good.  I’m just thinking out loud but something along these lines of having the incentive to do something in the OSINT realm but also making sure that everything is recorded.

I could also be wrong and nothing like this will happen. This is just me speculating.

Earlier you mentioned the internet of things. I would like us to talk about some future developments such as the decentralized Web 3.0 and that’s where I want to dive in a bit deeper into this topic. Most of our listeners would obviously know the web in its current version namely the Web 2.0, at least for the most part, which allows users to share their thoughts with the world through pre-designed apps. Most user data is then tracked and/or stored in various ways by such applications and platforms. Web 3.0 applications on the other hand are built on blockchains and decent decentralized networks, as you said, of numerous peer-to-peer nodes. What are some of the advantages of Web 3.0 and what may be some of the disadvantages?

I also want to say that I’m currently writing a research paper with a friend of mine specifically looking at these technologies and how they could be exploited. But first and foremost, it’s also about explaining in simple terms the basics of decentralization and Web 3.0 because oftentimes they get used interchangeably.

When we talk about Web 3.0, the term was coined by one of the co-founders of Ethereum, Gavin Wood. In this context, it refers to decentralized apps that run on the blockchain. I mean, we could talk about this for hours but the cool thing that I like about this technology is that anything is possible. There are so many organizations and startups that are trying to figure out what they could build and how this could work. Web 3.0 is also distinct from or different from what Tim Berners-Lee, inventor of the World Wide Web, refers to as “the Semantic Web”. The Semantic Web is about making the internet data machine-readable but we already see this kind of Semantic Web for instance when we go to Google and when we try typing in something. For example, where’s the nearest cafe and then Google understands what we want and then shows us the information. And this is just the beginning. I’m also at the stage of going through all of this and trying to make sense because there are so many different things and concepts.

What I want to talk about specifically in the context of violent extremists and terrorists is the decentralized web or decentralized applications and why they could be exploited.

One important thing I want to say as well is that I don’t want to say this shouldn’t happen and that this is dangerous. The major reason is that I believe that this technology will also lead to a lot of advancements in society. It will allow people to do crazy things and it’s really good.

The problem we have is that as with any technology, it’s a double-edged sword. You’re going to have people; millions, billions of people using it for something good, making use of it. Then you have a few, who exploit it for whatever reason.

Should we ban decentralization? No. But the basic concept of what I’m looking at is the so-called decentralized web, which is different from the web we know.  When we open up the decentralized web, let’s say, there will be not much difference between what we are seeing now and what the decentralized version has. The interesting part is in the backend, which most people won’t see when they just look at the front end. Which is how the content is stored and this is what I’m focusing on.

The problem we have is that as with any technology, it's a double-edged sword. You're going to have people; millions, billions of people using it for something good, making use of it. Then you have a few, who exploit it for whatever reason.

There are lots of advantages and disadvantages, and I will talk about that shortly but the main thing is that the content is not hosted on a central server. What we have at the moment is that large organizations such as Google, let’s say, have crawlers and they scan the web, crawl the web, save it and whenever we use Google, we are not searching the web. What we are actually searching is a copy of what they think they have from the web. The web is much bigger than what they have so by having this knowledge and information in a centralized place, they can show you or they can decide which content they want you to see. So that’s why, from an OSINT point of view, the best practice is to use different search engines because they have different algorithms that show you the content, which they want you to see or click on so they can profit from it. There are also many other search engines that have different archives of what they think is the web.

But coming back to decentralization. Now, imagine that you have a terrorist group scattered worldwide, operating on the clear web. You, as a search engine, do not want to show it. So you can easily delete the group’s sites from the index so you won’t find them through Google, or the search engine. This is a monopoly – and this is what many people argue that social media do not have, that they can decide what content they want to have on their site and which content they don’t want. Obviously, violent extremist and terrorist propaganda shouldn’t be there but then you come into grey areas and then you come also into areas where you wouldn’t want to allow anyone to have this power. And this is where decentralization or the concept of it comes into play because one of the things this movement advocates is that no one should have the ability to censor information or be able to remove it. So rather than putting it on one server – and technically speaking it’s not just one server – but you know rather than one entity having control over all the data, let’s distribute it and have it decentralized. If something happens to this central entity the information is gone.

Let’s assume Google loses all the servers, which probably will never happen. But then you couldn’t access Google. With the decentralized web, you will have it stored on different machines. But the problem with terrorist content is that if you use decentralized web or technology behind it, from law enforcement or Europol’s point of view, you can’t take it down because you can’t just email this person and say, “Hey, can you please remove this from the network?”. Even if the person says yes, you still have thousands of other nodes and technically you can’t even know who’s part of the nodes or reach to someone out because it’s not a company. This is what I wanted to stress about the decentralized web – it’s impossible to remove content from decentralized web apps because it’s not stored on one single server by one entity that has control over it. It’s controlled by the entire network.

There are numerous examples of how certain entities and groups have already exploited it but not to a very high level because, at the end of the day, this technology is being developed at the moment. There are so many projects, very interesting projects, but the decentralized web also has limitations. It shouldn’t scare anyone. As I said this shouldn’t be stopped, this is really cool technology and it will happen eventually and it’s very interesting to see what kind of projects there are at the moment.

You mentioned some of the challenges the decentralized web may hold for, for example, law enforcement agencies or intergovernmental agencies. I think in that context, it would be very interesting to hear how this might play out in the future. Let’s talk about that for a second. In your opinion, what methodologies and or technologies would be required to facilitate the investigation or the open-source investigation of the decentralized Web 3.0?

First of all, it’s about being able to monitor these groups. We talked about the ecosystem so understanding where these groups operate and finding established websites on the surface web, Telegram channels, Facebook, etc. What I also want to stress is that even though they use certain technologies – I mentioned the InterPlanetary File System – it doesn’t mean that IPFS and such are bad companies. They’re just getting exploited. I don’t want to brand any company or anything that I mentioned here as bad but again, as I said, they can be exploited.

From an OSINT point of view, if you identify these kinds of services and understand the group as a whole, understand where they operate online because obviously, they will have some sort of homepage or website where they interact with many people… I don’t think there is a group unless they really want you not to know about them, that will not be present on Telegram and start a channel and invite you. They will use other apps and not even have any of their branding or name in there. They want to be undetectable.  I’m talking about those groups that are about recruiting and sharing all this information on websites so from those websites you can then find them.

Let me get back to Telegram and what you can do is. Once you identified the kind of channel that you’re looking at and you want to understand if they are using Web 3.0 or decentralized technologies – you can look for, in the context of IPFS (InterPlanetary File System), whenever you share a link, how does the URL domain look like. What you do then, you go into Telegram. What I didn’t mention but one of the things that I always tell in training sessions is that Telegram desktop client is extremely powerful. I think, also on the web version you can search within chats and channels. Once you identify the domain or the specific name of this technology just put it in and see what you can find. If you can’t find any information, then it wasn’t shared but this doesn’t mean that they are not using it. It just means that it wasn’t shared. When I did this with my Telegram account and I searched all the channels and chats for “IPFS”, I find a lot of links to guides and all kinds of stuff, very nasty things as well. This is how one would go about finding this kind of technology.

There are also other technologies that you would have to download in order to participate in this kind of network. Then there are also the legal and ethical aspects. If you want to do research, you also have to verify the content. By downloading it you act as a node and then you are also indirectly distributing such content. Is this ethical, is this legal?

I wanted to share some insights on finding content online, which is to exploit or use search engines. And then, as I said, whenever you look for, for instance, Telegram channels or in invite links, when you look at the channel, the URL that is shared is usually something like  So you can use this and go on to different search engines and then search specifically for “” in quotation marks, which means the exact phrase. And you can use certain keywords. When you look for far-right stuff, you can use certain terms that are widely utilised to then find websites that have somewhere Telegram links and then also mention your terms. For the decentralized web, I would use something similar. I would use my specific keywords, even in different languages, and then also search for this specific URL. This is how I would think because these groups want to reach out to as many people as possible. This means they will also have to share the link to these websites.

The Intelligence Brief Podcast: OSINT and its Application

Telegram Investigations, their Relevance in the Russia-Ukraine War and the Decentralised Web 3.0

OSINT expert Loránd Bodó shares a glimpse into the future of OSINT. Together with Anne-Lynn Dudenhöfer, our podcast host and analyst, he discusses the use of social media ecosystems by extremist networksTelegram investigations in the context of the Russia-Ukraine war, and the Decentralised Web 3.0

Why has Telegram become – and will most likely remain – a critical source in the Russia-Ukraine war? Can blockchain technology benefit OSINT? What advantages or challenges does the decentralised web hold for future investigations?

HENSOLDT Analytics
HENSOLDT Analytics

HENSOLDT Analytics is a global leading provider of Open Source Intelligence (OSINT) systems and Natural Language Processing technologies, such as Automatic Speech Recognition, which are key elements for media monitoring and analysis.