Cyber Security

Zack

Cyber Security

Post by Zack » Thu Aug 08, 2019 5:25 am

In the interest of improving security within the National Alliance community, I will be posting information and tips on how to keep yourself safe from (mostly online) threats.

Security is important to:
  • Ensure trust in interactions between the National Alliance and its members;
    Assure the continuity of operations; and
    Protect sensitive information and assets that, if compromised, could cause harm to individuals, Alliance operations, or organizational security.
Today's lesson: OPSEC

What is OPSEC?
Operational Security: "...a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information."

OPSEC includes the use of encryption and other technical countermeasures, but also includes physical security and how to behave to protect yourself and your assets. Example: If you always run a laptop with the battery removed, in an emergency, you can unplug the power supply to defend against some forms of cold boot attacks (when an attacker literally freezes your computer's RAM with liquid nitrogen in order to access your information and passwords, sometimes in less than two minutes).

In other words, OPSEC = silence.

In October of [2011], a user also going by the name of "altoid" made a posting on Bitcoin Talk titled "a venture backed Bitcoin startup company", which directed interested users to "[email protected]". Ross Ulbricht, under the alias "Dread Pirate Roberts" (DPR) was later convicted of being a darknet market creator/operator and money launderer. He is currently serving a double life sentence plus forty years without the possibility of parole, which is unheard of for a first-time offender who committed non-violent crimes.

OPSEC lesson:
when starting your drug-based virtual empire, don’t hop on a public forum and solicit investors to contact you at an email address that contains your full name.

OPSEC: Contamination
When creating an alias, any connection or contact between your alias and your real identity is known as contamination. It sounds bad, because it is. Avoid linking your real identity to your alias, both online and offline.

Ulbricht's Google+ page and YouTube profile both make multiple references to the a website dubbed the "Mises Institute". DPR's signature on the SR forums contained a link to the Mises Institute.

DPR cited the "Austrian Economic theory" along with the works of Ludwig von Mises and Murray Rothbard, all of which are closely associated with the Mises Institute.

Ulbricht left yet another cookie crumb by telling a Silk Road user that he was in the Pacific time zone.

OPSEC lesson:
in order to remain anonymous on the internet, try to not volunteer personal or identifying information like your specific personal politics or the time zone you live in to strangers you meet in chat rooms, and post the same information on your social network profiles.

OPSEC: Information Theory
Anonymity is an inverse function of the number of bits (data) you release into the world. The more bits you generate, the less anonymous you are. The moral of the story is: don’t volunteer unnecessary information.

A quick guide to OPSEC/PERSEC
Online:
1. The less people know, the less you have to worry
2. Compartmentalization is key to safety and privacy
3. Be alert
4. Be cautious
5. Be aware of your surroundings
6. Be aware of the background
7. Be aware of what you post at all times
8. All information is critical information
9. Never use the same e-mail address for an account
10. Never use the same username for an account
11. Never use the same password for an account
12. Never post detailed information (Real name, age, birth date, location, school, marital status…etc)
13. Avoid posting images of yourself and/or your location
14. Scrub any and all meta-data that you can (Pictures, PDFs…etc)
15. Don’t use social media/networking (other than White Biocentrism, of course ;))
16. Be cautious of anyone asking you anything personal (detailed information)
17. Transactions should never be discussed (recent purchases, taxes, bills…etc)
18. Don’t brag about any recent successes or accomplishments, especially concerning recent “operations” or “missions”
19. Avoid discussing your online life offline
20. Avoid discussing your offline life online
21. Avoid using certain words or catchphrases that you’re known for
22. Avoid clicking on links from strangers that you aren’t familiar with
23. Avoid clicking on links that have shortened with a link/URL shortener
24. Avoid using P2P services and programs without a VPN (chats, pirating, torrents, etc)
25. If in doubt, lie

Offline:
1. The less people know, the less you have to worry
2. Compartmentalization is key to safety and privacy
3. Be alert
4. Be cautious
5. Be aware of your surroundings
6. Be aware of the background
7. Be aware of what you post at all times
8. All information is critical information
9. Your desk and rig(s) should ideally be several hallways and doors away from any and all entrances to and from the outside
10. Always ensure unencrypted devices, when not in use, are stored out of sight and aren’t easily found
11. Keep your rig elevated so you can reach it easily and quickly, just in case
12. Any and all mail and packages must be collected ASAP to ensure no theft can happen
13. Any and all documents and papers should be marked with a permanent black marker, shredded and mixed into garbage and waste or burned
14. Credit cards, gift cards, pre-paid cards and similar items should not only be thoroughly cut and shredded, but also microwaved for five to ten seconds to ensure all chips and strips are destroyed
15. All important documents and papers should be organized, stored safely and locked within a vault or safe
16. Never discuss your home security
17. Never discuss your weapons
18. Never discuss your pets’ names
19. Never post detailed information (real name, age, birth date, location, school, marital status, etc)
20. Be cautious of anyone asking you anything personal (detailed information)
21. Transactions should never be discussed (recent purchases, taxes, bills…etc)
22. Don’t brag about any recent successes or accomplishments, especially concerning recent "operations" or "missions"
23. Avoid discussing your online life offline
24. Avoid discussing your offline life online
25. Always make it seem as if someone is home
26. Always carry your wallet in your front pocket
27. Ensure you always unplug and lock up before leaving

These tips won't apply for everyone, but it provides a good idea of what to look out for. I will be going more in-depth later.

---

Tune in next time for tips on establishing your very own Security Plan, where you will determine what your own unique threat model entails.

User avatar
PhuBai68
Posts: 639
Joined: Wed Jul 05, 2017 3:23 pm
Location: South Carolina upstate

Re: Cyber Security

Post by PhuBai68 » Thu Aug 08, 2019 10:52 am

Ha!
Just went on Facebook and deleted a post from a couple days ago.
Too bad this information wasn't posted ½ dozen years or so ago.

It amazes me when people are posting from their phone/laptop while on vacation (come rob our house, we're not home) + some people have hundreds of "friends" which makes me think, do they really have a true offline friendship with these people?
Others allow "friends of friends" to view their page - not good as a few years back I replied to a (true) friend's post only to get verbally attacked and beat up upon online by two of his Jewish "friends" so lesson learned there, keep non-PC comments only to a very few if any at all.
I waited until we got back to post any mention of our recent trip - better safe than sorry.

EDIT:
time to go through all those hundreds of photos on Facebook and delete a bunch
It's not diversity, it's displacement.

User avatar
Will Williams
Posts: 4400
Joined: Sun Jul 28, 2013 9:22 am

Re: Cyber Security

Post by Will Williams » Thu Aug 08, 2019 4:49 pm

Zack wrote:In the interest of improving security within the National Alliance community, I will be posting information and tips on how to keep yourself safe from (mostly online) threats.

Security is important to:
  • Ensure trust in interactions between the National Alliance and its members;
    Assure the continuity of operations; and
    Protect sensitive information and assets that, if compromised, could cause harm to individuals, Alliance operations, or organizational security.
A quick guide to OPSEC/PERSEC
Online:
[...]
15. Don’t use social media/networking (other than White Biocentrism, of course ;))
[...]
Offline:
[...]
9. Your desk and rig(s) should ideally be several hallways and doors away from any and all entrances to and from the outside
[...]
These tips won't apply for everyone, but it provides a good idea of what to look out for. I will be going more in-depth later.
---
Tune in next time for tips on establishing your very own Security Plan, where you will determine what your own unique threat model entails.
Vey good, Zack. You won't catch me on any social media at all, other than White Biocentrism, of course. I try to be conscious of what I put on WB, as should others since it is a public forum and our busybody enemies monitor us for every little tidbit they think they might somehow be able to use against us.

By "rig," I suppose you mean personal protection, right? There's no call to be paranoid at this stage, but we should always be prepared, vigilant and aware of our surroundings.
PhuBai68 wrote:Ha! Just went on Facebook and deleted a post from a couple days ago. Too bad this information wasn't posted ½ dozen years or so ago... [K]eep non-PC comments only to a very few if any at all.
The Internet is a wonderful tool, but unfortunately the large Internet platforms are currently in the enemy's hands, and our enemies use them against us. Faceberg may be the worst. I do not see anything good coming from our members on Faceberg for the reason you give, PB: they can't promote the National Alliance or even say things that are considered PC, for fear of being kicked off. Time wasted to those of us with a sense of urgency about our people's plight!

I use Google, but from what I know now about Google, I'd switch to a different search engine for research if one is available that's as good. I don't really have anything to hide with my search history but do not like that it is in Jewish hands.

I don't use a cell phone so no one can trace where I've been every minute of every day, going back for months and years. That would be giving up too much to me for the convenience of being able to send and receive texts (that are archived) I have regular mail, email, and land lines with answering machines (that are actually set up and don't stay full like some "smart phone" users'), so I'm comfortable with that level of accessibility. I also have a little pocket-sized camera if I need it; never felt the need to take a "selfie" with it to share on the Internet :lol: The number of people I see staring into their "personal devices" everywhere I go is disgusting, but that's just me.
If Whites insist on participating in "social media," do so on ours, not (((theirs))). Like us on WhiteBiocentrism.com; follow us on NationalVanguard.org. ᛉ

Colin

Re: Cyber Security

Post by Colin » Thu Aug 08, 2019 6:06 pm

Will, for privacy and uncensored search results I use duckduckgo.com . It is still a mainstream internet search engine, but they don't censor the search results and never track you.

Zack

Re: Cyber Security

Post by Zack » Thu Aug 08, 2019 10:35 pm

@PhuBai68
If you decide to use social networking platforms like Facebook, it's always a good idea to check with your privacy settings. As you mentioned, it's not a smart idea to post public updates about your whereabouts. But no matter what your settings may be, know that Facebook (and through extension, basically any government/law enforcement agency) archives every post and every photo uploaded -- even text merely typed in the "status" section that was never posted. Deleting your copy of a post does not remove it from Facebook servers.

@Will
Exactly. The less juicy tidbits the enemy can gather the better. "Everything you say can and will be used against you."

By rig, I mean your desktop tower (as opposed to the monitor). This makes it harder for unauthorized personnel from physically gaining control of your computer. In theory this could also allow a quick individual to open their rig, remove their hard drive, and then smash it with a hammer in an attempt to demagnetize it (preventing data recovery) when being raided. In practice, however, this is largely ineffective as forensics has improved greatly over the years. The proper way to properly delete sensitive files would be to perform several overwrites with the proper program. (Not to mention that you could be charged with destroying evidence if the feds kick down your door while you were coincidentally smashing up an old hard drive.)

@Colin
DuckDuckGo is an alternative to Google, and is fairly popular (the 165th most frequented website in the world as of 12 July 2019), however I do want to point out that its creator is (((Gabriel Weinberg))). For those who want to avoid having their Internet history in jewish hands, like Will, I would suggest either Startpage or searX. I will say that I appreciate that DuckDuckGo has an onion website for those using Tor, though.

Colin

Re: Cyber Security

Post by Colin » Fri Aug 09, 2019 7:54 am

Thanks Zack, I haven't had a chance to look into those search engines yet. I will check them out.

User avatar
PhuBai68
Posts: 639
Joined: Wed Jul 05, 2017 3:23 pm
Location: South Carolina upstate

Re: Cyber Security

Post by PhuBai68 » Fri Aug 09, 2019 2:02 pm

I use Google, but from what I know now about Google, I'd switch to a different search engine for research if one is available that's as good. I don't really have anything to hide with my search history but do not like that it is in Jewish hands.
I switched over on my (old Windows 7) desktop to duckduckgo•com for searches.
It doesn't track you.
I found that with google you look up something, say "BF Goodrich tires" and the next thing you know there are tire ads popping up on your Facebook news feed, on your cellphone and as you open google.
Another I use to use (haven't used it in ages) was dogpile•com.
Try duckduckgo Chairman, I think you'll like.
It's not diversity, it's displacement.

User avatar
Will Williams
Posts: 4400
Joined: Sun Jul 28, 2013 9:22 am

Re: Cyber Security

Post by Will Williams » Fri Aug 09, 2019 3:00 pm

PhuBai68 wrote:
I use Google, but from what I know now about Google, I'd switch to a different search engine for research if one is available that's as good. I don't really have anything to hide with my search history but do not like that it is in Jewish hands.
I switched over on my (old Windows 7) desktop to duckduckgo•com for searches.
It doesn't track you.
I found that with google you look up something, say "BF Goodrich tires" and the next thing you know there are tire ads popping up on your Facebook news feed, on your cellphone and as you open google.
Another I use to use (haven't used it in ages) was dogpile•com.
Try duckduckgo Chairman, I think you'll like.

That must be nice, having ads popping up on your cell phone and Faceberg page. :lol: I'll never have that sort of intrusiveness in my life, thanks.

Domestic telephone communication was more efficient in the 1950s than now. Cell phone numbers are not in the phone book. Many youngsters who love and sleep with their cell phones probably have never see a phone book.

Lots of folks don't set up their voice mail feature for some reason, so what good is giving me their phone number? Others who have set up their voice mail keep their voice mail boxes full, so what good is having voice mail? Some of those latter folks with full voice mailboxes have an outgoing messages that says, "Text me." That's a good one. People may assume I'll get a cell phone and start texting, but they are mistaken.

They are giving up their security in a big way to who knows who for a little bit of convenience. Now I hear they can watch movies and bastardball games on their cell phones. :lol: Maybe they'll get pop-up ads for Air Jordan Tennis shoes on their Faceberg page and cell phones during halftime.

As for DuckDuckGo, Zack informed us yesterday that a fellow named (((Gabriel Weinberg))) created it. I'll just stick with Google for searches until I know for certain there is a search engine that is secure.
If Whites insist on participating in "social media," do so on ours, not (((theirs))). Like us on WhiteBiocentrism.com; follow us on NationalVanguard.org. ᛉ

Zack

Re: Cyber Security

Post by Zack » Fri Aug 09, 2019 5:15 pm

As political dissidents, there are many precautions we need to take while using the internet. Everything is being watched and monitored by our adversaries.

Before getting started though, you must establish a security plan.
Your Security Plan
Electronic Frontier Foundation wrote:Trying to protect all your data from everyone all the time is impractical and exhausting. But, have no fear! Security is a process, and through thoughtful planning, you can put together a plan that’s right for you. Security isn’t just about the tools you use or the software you download. It begins with understanding the unique threats you face and how you can counter those threats.

In computer security, a threat is a potential event that could undermine your efforts to defend your data. You can counter the threats you face by determining what you need to protect and from whom you need to protect it. This is the process of security planning, often referred to as “threat modeling.”

This guide will teach you how to make a security plan for your digital information and how to determine what solutions are best for you.

What does a security plan look like? Let’s say you want to keep your house and possessions safe. Here are a few questions you might ask:

What do I have inside my home that is worth protecting?
Assets could include: jewelry, electronics, financial documents, passports, or photos.

Who do I want to protect it from?
Adversaries could include: burglars, roommates, or guests.

How likely is it that I will need to protect it?
Does my neighborhood have a history of burglaries? How trustworthy are my roommates/guests? What are the capabilities of my adversaries? What are the risks I should consider?

How bad are the consequences if I fail?
Do I have anything in my house that I cannot replace? Do I have the time or money to replace these things? Do I have insurance that covers goods stolen from my home?

How much trouble am I willing to go through to prevent these consequences?
Am I willing to buy a safe for sensitive documents? Can I afford to buy a high-quality lock? Do I have time to open a security box at my local bank and keep my valuables there?

Once you have asked yourself these questions, you are in a position to assess what measures to take. If your possessions are valuable, but the probability of a break-in is low, then you may not want to invest too much money in a lock. But, if the probability of a break-in is high, you’ll want to get the best lock on the market, and consider adding a security system.

Making a security plan will help you to understand the threats that are unique to you and to evaluate your assets, your adversaries, and your adversaries’ capabilities, along with the likelihood of risks you face.
How do I make my own security plan? Where do I start?

Security planning helps you to identify what could happen to the things you value and determine from whom you need to protect them. When building a security plan answer these five questions:

1. What do I want to protect?
2. Who do I want to protect it from?
3. How bad are the consequences if I fail?
4. How likely is it that I will need to protect it?
5. How much trouble am I willing to go through to try to prevent potential consequences?

Let’s take a closer look at each of these questions.

What do I want to protect?

An "asset" is something you value and want to protect. In the context of digital security, an asset is usually some kind of information. For example, your emails, contact lists, instant messages, location, and files are all possible assets. Your devices may also be assets.

Make a list of your assets: data that you keep, where it’s kept, who has access to it, and what stops others from accessing it.

Who do I want to protect it from?

To answer this question, it’s important to identify who might want to target you or your information. A person or entity that poses a threat to your assets is an “adversary.” Examples of potential adversaries are your boss, your former partner, your business competition, your government, or a hacker on a public network.

Make a list of your adversaries, or those who might want to get hold of your assets. Your list may include individuals, a government agency, or corporations.

How bad are the consequences if I fail?

There are many ways that an adversary could gain access to your data. For example, an adversary can read your private communications as they pass through the network, or they can delete or corrupt your data.

The motives of adversaries differ widely, as do their tactics. A government trying to prevent the spread of a video showing police violence may be content to simply delete or reduce the availability of that video. In contrast, a political opponent may wish to gain access to secret content and publish that content without you knowing.

Security planning involves understanding how bad the consequences could be if an adversary successfully gains access to one of your assets. To determine this, you should consider the capability of your adversary. For example, your mobile phone provider has access to all your phone records. A hacker on an open Wi-Fi network can access your unencrypted communications. Your government might have stronger capabilities.

Write down what your adversary might want to do with your private data.

How likely is it that I will need to protect it?

Risk is the likelihood that a particular threat against a particular asset will actually occur. It goes hand-in-hand with capability. While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low.

It is important to distinguish between what might happen and the probability it may happen. For instance, there is a threat that your building might collapse, but the risk of this happening is far greater in San Francisco (where earthquakes are common) than in Stockholm (where they are not).

Assessing risks is both a personal and a subjective process. Many people find certain threats unacceptable no matter the likelihood they will occur because the mere presence of the threat at any likelihood is not worth the cost. In other cases, people disregard high risks because they don’t view the threat as a problem.

Write down which threats you are going to take seriously, and which may be too rare or too harmless (or too difficult to combat) to worry about.

How much trouble am I willing to go through to try to prevent potential consequences?

There is no perfect option for security. Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy.

For example, an attorney representing a client in a national security case may be willing to go to greater lengths to protect communications about that case, such as using PGP encrypted email (more on this later), than a mother who regularly emails her daughter funny cat videos.

Write down what options you have available to you to help mitigate your unique threats. Note if you have any financial constraints, technical constraints, or social constraints.

Are you trying to keep your online activities hidden from a nosy roommate? From foreign and/or domestic governments? Or do you lie somewhere in the middle? Obviously, the greater the (perceived) threat, the more precautions that must be in place to safeguard your data.

---

Tune in next time to learn about what software (including Web Browsers, VPNs, and Operating Systems) should be used and what spyware should be avoided.

Waffen

Re: Cyber Security

Post by Waffen » Sun Aug 11, 2019 9:22 am

Will, you actually can advocate for the Alliance on Faceberg as I do it every day with multiple aliases and even my real account. I get banned all of the time and just open a new account and start over.
Most of the country use it and I'm not saying that it's not corrupt, obviously it is but you have to be where the people are if you want them to hear you.
There is a large number of Revisionist history and White advocacy pages and groups in it and if you look hard enough you can find them.
I consider most of these people "half way there" and ripe to hear our message as I once was.
Most of my "online" friends on it cross-platform with other SM sites like Gab, VK etc so that we can stay in touch.
I'm not trying to "Butter my own biscuit" here but I can safely say that I have put the National Alliances name in front of at least hundreds of people.
As far as OPSEC goes my computer security measures are mainly to thwart hacking and Jew advertisers, as Zack mentions,privacy settings,VPN, Nord is excellent, Firefox with appropriate extensions and I too prefer Duck Duck Go.
Let's face it (((they))) own our government and know who we are.
The Bottom line is don't be afraid to use social media it works and that is why they are so desperately trying to censor it.
To fight the battle you have to enter the battlefield, correct?

Post Reply