HUGE OPSEC THREAD

it’s a big topic, and I’m simply sharing my **applied** wisdom

The information I’ve shared with individuals I’ve known personally has saved people probably over 100 years of jail time, probably a lot more to be honest
OPSEC, operation security is about stopping critical information from falling into the wrong hands, which would be detrimental to the operation
Who needs it? If you have information that you don’t want to get to certain people, you need it
Criminals of really any kind; people who can be blackmailed; targets of government like whistleblowers; journalists protecting sources; businesses protecting profitable secrets. Also stops cunts robbing you!
5 steps To OPSEC
- what info do I need to hide?
- how can my adversaries get that info?
- how am I vulnerable to their tactics?
- what is risk of adversary exploiting vulnerabilities and getting info?
- apply protective measures
The five step process is important. Honestly a thread is probably not the place for this. It is an extremely broad topic and it can get *deep*
The more you know about networking, computers, and how hackers can get information, you realize it is extremely fucking easy for them

Also people spill the beans so fucking quick and are morons. People are the WEAKEST link by far
Let me go through some general principles
Shut the fuck up. If you’re doing something you want to hide, don’t tell anyone you don’t *NEED* to, don’t put it online anywhere, don’t write it down.
Compartmentalisation. This is critical. Keep people apart. Keep devices with bad shit on them unconnected to accounts you own, WiFi connected to you. Keep online identities separate.
Create action and information valves. Comes out but can’t enter. You can act and give information. But it must never find a way back to you.
Keep it low profile. If you’re making money in a questionable way. Don’t show everyone you’re making money. Or have a way you can explain your income and spending.
Create aliases, rock solid cover stories, pseudonymous emails/SIM cards/social media/phone app accounts. Keep them separate.
Multiple phones with dedicated functions. I remember about 3 years ago I had 7 iPhones and 3 android phones. And I thought I needed more.
Stolen/photocopied identity documents to create prepaid phone accounts. Sign up to accounts in name of that person and create a whole suite of information that could plausibly be linked to them.

Postal lockers with accounts made online from fake IDs are fucking GOLD
Use software to protect yourself. Private messaging software between parties, theeema/wickr for example, do your research. I am not up to date.
*threema
Have multiple VPN accounts paid in crypto linked to emails and devices that are clean, and unlinked to your identity. Do your research
For dangerous browsing, use VPN, TOR + throwaway laptop, don’t use your home WiFi. VPN companies have been known to give away info to governments
Have microSD cards to hold sensitive information. They can be snapped at a moments notice since they are thin. Use Veracrypt to secure drives
Learn how to use Veracrypt hidden partitions on your microSDs and hard drives. This can protect you in case you have a gun to your head and need to hand over a password (1 password for plausible deniability partition, 1 password for hidden partition)
If you are formatting drives which contain sensitive info, format it 7+ times. You’d be surprised what can be recovered by forensics
Keep safe houses for sensitive objects. I prefer safe cars, which are parked in secret locations and you can get into the boot. You can move it around. Careful though, residents may notice random cars Parked for long periods so move them around. Cars/places paid by someone else
If you have to transport sensitive packages, it pays to have regular Indian/Bengali student worker/delivery guy to say you sometimes need packages delivered on short notice for your company. Secure package and send to be dropped off
Keep minimal shit in writing or on your phone. In some countries, police can make you open your devices, and even if they can’t, it is dangerous. Don’t risk it.
Learn how to use dead drops and how to signal location and timing to the receiver.
Surveillance people you trust can keep an eye on streets for you. Surveillance network can be as simple as homeless people you pay off to keep an eye on something/someone
Hidden cameras, and microphones. Learn how to use them. Create secure hidden compartments in vulnerable spaces. Be creative.
GPS tracking devices are handy for monitoring activity of vehicles, people (sew device inside car seats/stick under exteriors). SIM tech GPS trackers I have used extensively, simple small and very long range. Mini A8 I’ve used a LOT
Learn how to tell people to shut the fuck up if they see something or catch on. Sending thugs or giving someone a beating can be a simple response, be careful. Compartmentalise and protect yourself with false info in case someone turns on you
Use cash, monero/BTC

Learn how to use PGP encryption, public/private keys
Look around tweet chain, continues on above level tweet
You can follow @gospodin_rey.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: