Discord OSINT: An Empathic Banana and a Data Scraper Walk into a Search Bar

Open-source intelligence in Discord may seem surface level. Some techniques include searching through chat history using search operators similar to Google dorking and reviewing a user’s profile to look for any linked accounts tied to their Discord account. Going beyond this and analyze the servers that a user is a part of, more assumptions and inferences can be made based on those servers. I applied what I saw and experienced with Student Hubs and applied it to cybersecurity within Discord. The information from knowing what cybersecurity servers a person is in informed me of what their experience level was, the type of field they were interested / worked in, and potentially even where they lived.

However, you can only reach a certain point by joining servers within Discord. This type of approach can only be done at scale and this presents its own set of problems. Scaling this seemed unlikely to happen until a service known as Spy.pet was publicly disclosed in April 2024. Spy.pet was marketed as a data broker that was inadvertently a very capable OSINT tool that could be used for Discord. Knowing that it would be available for a short time before it got shut down, I was able to access Spy.pet to use and document what capabilities it had. Since then, there have been more data scrapers that have appeared with their own reasons. These include third-parties (malicious or not), academic researchers, and cybercrime groups. I will cover the capabilities and OPSEC failures from some of the data scrapers in the past year as well as how it could possibly be approached in the future. Most importantly, I will go over protections at the user and server level.