How To Nail Good OPSEC (Part 1)
▼Fundamentals of Staying Under The Radar, Layered Defense & Why VPNs Aren't Safe▼
Privacy vs. Spy Cameras: Winning The Surveillance Battle II ⬆ Images Hyperlinked
If not committed to sophisticated paranoia — always in learning mode — plugging holes in your
Self Defense, Situational Awareness, Physical, Digital/Social Media Security, you could find, as
one hacker found (click/tap bottom images) that taking OPSEC lightly can, at times be tragic.
Context: The original edition of this blog was first released in 10/2013, during National Cyber
Security Awareness Month as part of a 3-Part training program. Security, to some of us is like
religion. Strategic thinking and enhanced anonymization baked into the DNA, But the Grugq
(above) is respected among hacktivists and cyber criminals. They depend on him to perfect
their ability to evade law enforcement or avoid jail. And those like Alexandre Cazes below
who disregard OPSEC (Operations Security) and Threat Smart basics, ultimately don't fare
well. Because human beings are the weakest link in the security chain. And professional
hackers who ignore cyber security fundamentals as we've seen time & gain open them-
selves to enemy exploits, law enforcement traps, Phishing/Spearphishing, SMiShing or
Catfishing as well as costly malicious sophisticated BEC (Business Email Compromise)
scams and fraud, that gets CEOs fired. Bad Compartmentation meanwhile, exposed
FBI Director James Comey. By contrast, Good OPSEC enabled Russia to weaponize
Social Media in tilting the 2016 U.S. Election. Good OPSEC will prevent you from
communicating with and giving contact details to people with bad judgment or
from doing or saying something dangerously, or irreparably stupid. Encrypted
email, chat, Data Security, Home Security & IoT Security acumen included.
Good OPSEC adapts to this virtual Panopticon we live in. That Anonymity
is like a Chinese counterfeit product: better sold for business gain than
used. As for Tor? Complicated but put simply, don't trust it. If you're a
journalist, activist, lawyer, senior exec, celebrity, company, or just
an average Joe or Jane, don't be naive. Be threat smart. Don't go
slapping your real name especially as it appears on passport or
other official documents/credit cards everywhere. Although
Grugq (above) is right about powerful nation-states having
the resources to get you if really determined, reading up
on Privacy, Security, Digital Forensics; otherwise invest
-ing in your own security will teach how to think and
live like a situationally aware 007 or Jason Bourne
knowing where every camera is upon entering a
place or in real life as elusive as Mayweather,
—evading detection, law enforcement, and
practicing sound Social Media (especially,
Twitter) Security that goes beyond what
my first Responsible Use blogoffered.
In the Age of the Leak, OPSEC is also
about not being on tape, or letting
hacked IoT devices eavesdrop or
data farmers/advertisers track
you. OPSEC is not just about
encrypted communications
but about TNO (Trust No
One), need-based Zero
ance & discipline.
Like anonymity,
disguises have
limits, —to be
addressed in
subsequent
iterations.
Proceed,
or finish
BELOW
○ ○ ○
Proceed to How To Nail Good OPSEC II
Social Media Security
Cyber Security
(OPSEC)
○ ○ ○
Stay vigilant & smart. There's better security through paranoia!
PEACE
TT
F I N I S
Comments
Post a Comment