Security is important to:
- Ensure trust in interactions between the National Alliance and its members;
Assure the continuity of operations; and
Protect sensitive information and assets that, if compromised, could cause harm to individuals, Alliance operations, or organizational security.
What is OPSEC?
Operational Security: "...a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information."
OPSEC includes the use of encryption and other technical countermeasures, but also includes physical security and how to behave to protect yourself and your assets. Example: If you always run a laptop with the battery removed, in an emergency, you can unplug the power supply to defend against some forms of cold boot attacks (when an attacker literally freezes your computer's RAM with liquid nitrogen in order to access your information and passwords, sometimes in less than two minutes).
In other words, OPSEC = silence.
In October of [2011], a user also going by the name of "altoid" made a posting on Bitcoin Talk titled "a venture backed Bitcoin startup company", which directed interested users to "[email protected]". Ross Ulbricht, under the alias "Dread Pirate Roberts" (DPR) was later convicted of being a darknet market creator/operator and money launderer. He is currently serving a double life sentence plus forty years without the possibility of parole, which is unheard of for a first-time offender who committed non-violent crimes.
OPSEC lesson: when starting your drug-based virtual empire, don’t hop on a public forum and solicit investors to contact you at an email address that contains your full name.
OPSEC: Contamination
When creating an alias, any connection or contact between your alias and your real identity is known as contamination. It sounds bad, because it is. Avoid linking your real identity to your alias, both online and offline.
Ulbricht's Google+ page and YouTube profile both make multiple references to the a website dubbed the "Mises Institute". DPR's signature on the SR forums contained a link to the Mises Institute.
DPR cited the "Austrian Economic theory" along with the works of Ludwig von Mises and Murray Rothbard, all of which are closely associated with the Mises Institute.
Ulbricht left yet another cookie crumb by telling a Silk Road user that he was in the Pacific time zone.
OPSEC lesson: in order to remain anonymous on the internet, try to not volunteer personal or identifying information like your specific personal politics or the time zone you live in to strangers you meet in chat rooms, and post the same information on your social network profiles.
OPSEC: Information Theory
Anonymity is an inverse function of the number of bits (data) you release into the world. The more bits you generate, the less anonymous you are. The moral of the story is: don’t volunteer unnecessary information.
A quick guide to OPSEC/PERSEC
Online:
1. The less people know, the less you have to worry
2. Compartmentalization is key to safety and privacy
3. Be alert
4. Be cautious
5. Be aware of your surroundings
6. Be aware of the background
7. Be aware of what you post at all times
8. All information is critical information
9. Never use the same e-mail address for an account
10. Never use the same username for an account
11. Never use the same password for an account
12. Never post detailed information (Real name, age, birth date, location, school, marital status…etc)
13. Avoid posting images of yourself and/or your location
14. Scrub any and all meta-data that you can (Pictures, PDFs…etc)
15. Don’t use social media/networking (other than White Biocentrism, of course )
16. Be cautious of anyone asking you anything personal (detailed information)
17. Transactions should never be discussed (recent purchases, taxes, bills…etc)
18. Don’t brag about any recent successes or accomplishments, especially concerning recent “operations” or “missions”
19. Avoid discussing your online life offline
20. Avoid discussing your offline life online
21. Avoid using certain words or catchphrases that you’re known for
22. Avoid clicking on links from strangers that you aren’t familiar with
23. Avoid clicking on links that have shortened with a link/URL shortener
24. Avoid using P2P services and programs without a VPN (chats, pirating, torrents, etc)
25. If in doubt, lie
Offline:
1. The less people know, the less you have to worry
2. Compartmentalization is key to safety and privacy
3. Be alert
4. Be cautious
5. Be aware of your surroundings
6. Be aware of the background
7. Be aware of what you post at all times
8. All information is critical information
9. Your desk and rig(s) should ideally be several hallways and doors away from any and all entrances to and from the outside
10. Always ensure unencrypted devices, when not in use, are stored out of sight and aren’t easily found
11. Keep your rig elevated so you can reach it easily and quickly, just in case
12. Any and all mail and packages must be collected ASAP to ensure no theft can happen
13. Any and all documents and papers should be marked with a permanent black marker, shredded and mixed into garbage and waste or burned
14. Credit cards, gift cards, pre-paid cards and similar items should not only be thoroughly cut and shredded, but also microwaved for five to ten seconds to ensure all chips and strips are destroyed
15. All important documents and papers should be organized, stored safely and locked within a vault or safe
16. Never discuss your home security
17. Never discuss your weapons
18. Never discuss your pets’ names
19. Never post detailed information (real name, age, birth date, location, school, marital status, etc)
20. Be cautious of anyone asking you anything personal (detailed information)
21. Transactions should never be discussed (recent purchases, taxes, bills…etc)
22. Don’t brag about any recent successes or accomplishments, especially concerning recent "operations" or "missions"
23. Avoid discussing your online life offline
24. Avoid discussing your offline life online
25. Always make it seem as if someone is home
26. Always carry your wallet in your front pocket
27. Ensure you always unplug and lock up before leaving
These tips won't apply for everyone, but it provides a good idea of what to look out for. I will be going more in-depth later.
---
Tune in next time for tips on establishing your very own Security Plan, where you will determine what your own unique threat model entails.