How To Nail Good OPSEC (Part 1)

▼Fundamentals of Staying Under The Radar, Layered Defense & Why VPNs Aren't Safe▼

Privacy vs. Spy Cameras: Winning The Surveillance Battle II  ⬆  Images Hyperlinked

If not committed to sophisticated paranoia — always in learning mode — plugging holes in your

Self Defense, Situational Awareness, Physical, Digital/Social Media Security, you could find, as

one hacker found (click/tap bottom images) that taking OPSEC lightly can, at times be tragic.

Context: The original edition of this blog was first released in 10/2013, during National Cyber

Security Awareness Month as part of a 3-Part training program. Security, to some of us is like

religion. Strategic thinking and enhanced anonymization baked into the DNA, But the Grugq

(above) is respected among hacktivists and cyber criminals. They depend on him to perfect

their ability to evade law enforcement or avoid jail. And those like Alexandre Cazes below

who disregard OPSEC (Operations Security) and Threat Smart basics, ultimately don't fare

well. Because human beings are the weakest link in the security chain. And professional

hackers who ignore cyber security fundamentals as we've seen time & gain open them-

selves to enemy exploits, law enforcement traps, Phishing/Spearphishing, SMiShing or

Catfishing as well as costly malicious sophisticated BEC (Business Email Compromise)

scams and fraud, that gets CEOs fired. Bad Compartmentation meanwhile, exposed

FBI Director James Comey.  By contrast, Good OPSEC enabled Russia to weaponize

Social Media in tilting the 2016 U.S. Election. Good OPSEC will prevent you from

communicating with and giving contact details to people with bad judgment or

from doing or saying something dangerously, or irreparably stupid. Encrypted

email, chat, Data Security, Home Security & IoT Security acumen included.

Good OPSEC adapts to this virtual Panopticon we live in. That Anonymity

is like a Chinese counterfeit product: better sold for business gain than

used. As for Tor? Complicated but put simply, don't trust it. If you're a

journalist, activist, lawyer, senior exec, celebrity, company, or just

an average Joe or Jane, don't be naive. Be threat smart. Don't go

slapping your real name especially as it appears on passport or

other official documents/credit cards everywhere. Although

Grugq (above) is right about powerful nation-states having

the resources to get you if really determined, reading up

on Privacy, Security, Digital Forensics; otherwise invest

-ing in your own security will teach how to think and

live like a situationally aware 007 or Jason Bourne

knowing where every camera is upon entering a

place or in real life as elusive as Mayweather,

—evading detection, law enforcement, and

practicing sound Social Media (especially,

Twitter) Security that goes beyond what

my first Responsible Use blogoffered.

In the Age of the Leak, OPSEC is also

about not being on tape, or letting

hacked IoT devices eavesdrop or

data farmers/advertisers track

you. OPSEC is not just about

encrypted communications

but about TNO (Trust No

One), need-based Zero

Trust, Access Gover-

ance & discipline.

Like  anonymity,

disguises  have

limits, —to be

addressed in

subsequent

iterations.

Proceed,

or finish

BELOW

○ ○ ○

Proceed to How To Nail Good OPSEC II

Social Media Security

Cyber Security

(OPSEC)

○ ○ ○

Stay vigilant & smart. There's better security through paranoia!

PEACE

TT

F I N I S