Today I would like to discuss with you such a little discussed point as OpSec mindset, how it can be developed and why it is all needed on the example of ancient English, Greek and ancient Christian folklore and some modern references.
"I can resist everything but temptation." - Oscar Wilde
Since ancient times, people have been concerned about how to protect themselves and their homes, those who were richer could even build special defense structures - castles. People understood that there would always be those who attacked them - and no wonder, because at that time people often chosen weapons to solve problems, and often the castle was needed not only in case of war, but also epidemics, local conflict or, for example, drought.
At that time, the concept of security was formed. The word 'secure' entered the English language in the XVI century, derived from the Latin securus, meaning freedom from anxiety.
Even then there were those who sold plans of castles to potential enemies and at that time architects have come up with an ingenious solution, which we are still using up to this day. They distributed castle plans & schemes in the open on the streets to understand the weaknesses of their system, to know the workarounds, and to see what improvements the architects' followers would achieve. In other words, open source as we know it has been around for centuries.
But back to the topic of our conversation. People understood that even in spite of all the efforts on architecture, plagiarism of castles and so on, human remains the weakest link. So folklore began to emerge on its own to teach the new generation what ancestors lacked.
Today we are going to talk about one folklore fairy-tale and use it as an example to consider one of the most important laws of OpSec. Below I will give the whole tale without abbreviations, it is an old English fairy tale by an author who is unknown. I remind you that you leave all conclusions to yourself. So, let's begin, imagine that you are in the Monty Python, Robin Hood and King Arthur universe at the same time!
«A girl once went to the fair to hire herself as a servant. At last a funny-looking old gentleman engaged her, and took her home to his house. When she got there, he told her that he had something to teach her, for that in his house he had his own names for things.
He said to her: “What will you call me?”
“Master or mister, or whatever you please sir,” says she.
He said: “You must call me ‘master of all masters.’ And what would you call this?” pointing to his bed.
“Bed or couch, or whatever you please, sir.”
“No, that’s my ‘barnacle.’ And what do you call these?” said he pointing to his pantaloons.
“Breeches or trousers, or whatever you please, sir.”
“You must call them ‘squibs and crackers.’ And what would you call her?” pointing to the cat.
“Cat or kit, or whatever you please, sir.”
“You must call her ‘white-faced simminy.’ And this now,” showing the fire, “what would you call this?”
“Fire or flame, or whatever you please, sir.”
“You must call it ‘hot cockalorum,’ and what about this?” he went on, pointing to the water.
“Water or wet, or whatever you please, sir.”
“No, ‘pondalorum’ is its name. And what do you call all this?” asked he, as he pointed to the house.
“House or cottage, or whatever you please, sir.”
“You must call it ‘high topper mountain.'”
That very night the servant woke her master up in a fright and said: “Master of all masters, get out of your barnacle and put on your squibs and crackers. For white-faced simminy has got a spark of hot cockalorum on its tail, and unless you get some pondalorum high topper mountain will be all on hot cockalorum.” …. That’s all».
Source: Joseph Jacobs, English Fairy Tales, 3rd edition, revised (London: David Nutt, 1898), no. 42, pp. 220-21, reference.
We have just read this old story. What can it teach you about? The point is that it hides an obvious idea - if you build a security system, hire reliable people, build a good abstract "house," then don't overcomplicate things for nothing. Remember that a security system that you don't fully understand on an intuitive level will always work against you.
That is why it is impossible to give a clear answer to the question of which operating system to use, which practice to use - all of them to some extent can work, but on one condition - if you understand 100% how your security wall works, why this or that solution is used or removed in it. Think about what to do in emergency and unforeseen situations.
This aspect is firmly tied to human psychology and the fear of the unknown. For example, why do Special Forces personnel always undergo training in which they are strangled, shot from above over them, and so on? So that the situation is no longer unknown to them and in a similar situation the brain will not behave the way it does when it gets its first experience in something. So with us, you have to know what a break-in looks like and how it feels to you personally-it's necessary so that you can react effectively and coherently.
I suggest that you refer to a few rules from my OpSec Guide, namely rules 7, 12, and 21. This is exactly what you should get out of this story, but I would like to add again - do not do what you do not understand, always give preference to familiar solutions:
Never do anything you do not understand. Always check which token you approve, transaction you sign, assets you send, etc - be extremely accurate while making any financial operation. Keep in mind that one of possible attack vectors is to put you in a situation that will encourage you to do smth (login or anything like that).
Identify your sensitive data, including your product research, intellectual property, financial statements, customer information, and employee information. This will be the data you will need to focus your resources on protecting.
Your level of OpSec usually depends on your threat model and which adversary you're up against. So it's hard to define how good your OpSec is.
This is such a simple but important lesson the ancient inhabitants of England, the castle builders, wanted to pass on to the upcoming generations, and we certainly have something to learn from them. Anyway, many of our new are long forgotten and rediscovered old.
If following Dominik Bärlocher, an OpSec & OSINT researcher, presumably the first report of a secret dates back to ancient Grecian times. It is closely associated with the symbol of the rose. As the legend goes, goddess Aphrodite gave her son Eros a rose, who in turn gave it to Harpocrates – the God of Silence – who was to ensure that Aphrodite’s various indiscretions would stay a secret. Some versions of this story claim that Harpocrates was to ensure that all the Gods’ indiscretions would stay a secret. Thus, the rose became a symbol for secrecy.
Christianity knows conversations sub rosa, under the rose, which means that secret information is being exchanged and that all parties involved in the conversation are trusted. Confessions are also treated as sub rosa, which is why confessionals often have roses or floral imagery on or around their doors.
Among the first people to investigate the abstract nature of secrets was German Sociologist, Philosopher and Critic Georg Simmel. In his Propositions, he outlined the nature of secrets and what they do to people involved in them. He concludes that the more secrets are organized and shared, the more likely it is that a centralized command structure needs to be established or establishes itself.
Great references to read on OpSec topic:
This is such a simple but important lesson the ancient inhabitants of England & Greece, as well as ancient Christians, the castle & temple builders wanted to pass on to the upcoming generations, and we certainly have something to learn from them. Anyway, many of our new are long forgotten and rediscovered old. Keep that in mind, I have faith in you! Be careful and check out my other works!
Support is very important to me, with it I can spend less time at work and do what I love - educating DeFi & Crypto users!
Use dangerzone.rocks if you are working with PDFs and please follow OpSec Guide!
• How to store crypto securely - tips from CIA_Officer
• 2 Violent attack vectors in Crypto: a detailed review
If you want to support my work, you can send me a donation to the address:
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — ETH, BSC, Polygon, Optimism, Zk, Fantom, etc
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds - Monero XMR