In today’s digital age, concerns surrounding security and OpSec (Operational Security) are paramount. As we navigate a world filled with cybersecurity threats and information breaches, looking back at ancient stories may seem unconventional.
From the biblical tale of Adam and Eve’s forbidden knowledge to modern-day WikiLeaks, we see the profound impact that can result from the exposure of sensitive information and how it can disrupt the balance of power!
However, the narratives passed down through generations carry lessons that hold relevance even in the present day. Ancient stories, woven into the fabric of human cultures, have long served as a medium for transmitting knowledge and wisdom. By examining these narratives through a modern lens, we can tease out valuable lessons pertaining to security and OpSec!
Plato. Republic, The. Trans. Desmond Lee. London: Penguin Books, 1974.
Throughout history, ancient stories have often revolved around hidden messages, encrypted codes, and secret languages. These stories remind us of the importance of concealing sensitive information from prying eyes. By drawing parallels between ancient characters’ use of hidden messages and modern encryption techniques, we can learn about the significance of safeguarding data in our digital communication channels.
This article looks at the valuable insights that ancient stories can provide, including how they can shape our understanding of security and the critical role that steganography plays in information security.
Finally, using ancient English, Greek, and ancient Christian folklore, as well as some modern references, I’d also like to discuss a little-discussed topic with you today: the OpSec mindset, how it can be developed, and why it’s all necessary! Let’s get started!
“I can resist everything but temptation.” — Oscar Wilde
People have been worried about protecting their homes and themselves since ancient times. The wealthy could even construct specialized defense buildings, such as castles.
Then they realized that there would always be enemies, which made sense given that, in those days, people frequently turned to weapons as a means of problem-solving and that the castle was frequently required not only in times of war but also in the event of epidemics, local conflicts, or other calamities like droughts.
At that time, the concept of security was formed. The word ‘secure’ entered the English language in the XVI century, derived from the Latin securus, meaning freedom from anxiety.
Even back then, there were those who sold castle schemes to potential enemies, and architects devised an ingenious solution that we are still using today. They distributed castle plans and schemes in the streets to understand the system’s flaws, learn about workarounds, and see what improvements the architects’ followers could achieve. In other words, open source in its current form has been around for centuries!
Moreover, one of the most iconic tales, that of the Trojan Horse, even demonstrates the power of social engineering and highlights the need for caution when trusting unknown entities.
This story serves as a reminder that even the most fortified defenses can be compromised through clever manipulation. It teaches us to remain vigilant, question intentions, and verify the authenticity of external sources before granting access to our systems or information.
But let’s get back to the point of our conversation. People realized that, despite all of their efforts in architecture, castle plagiarism, and so on, humans are still the weakest link. As a result, folklore began to emerge on its own to teach the next generation what their forefathers lacked.
Today we will first discuss a folklore fairy-tale and use it as an example to consider one of the most important OpSec laws. I will give the entire story without abbreviations below; it is an old English fairy tale by an unknown author. So, imagine you’re in the Monty Python, Robin Hood, and King Arthur universes all at once!
«A girl once went to the fair to hire herself as a servant. At last a funny-looking old gentleman engaged her, and took her home to his house. When she got there, he told her that he had something to teach her, for that in his house he had his own names for things.
He said to her: “What will you call me?”
“Master or mister, or whatever you please sir,” says she.
He said: “You must call me ‘master of all masters.’ And what would you call this?” pointing to his bed.
“Bed or couch, or whatever you please, sir.”
“No, that’s my ‘barnacle.’ And what do you call these?” said he pointing to his pantaloons.
“Breeches or trousers, or whatever you please, sir.”
“You must call them ‘squibs and crackers.’ And what would you call her?” pointing to the cat.
“Cat or kit, or whatever you please, sir.”
“You must call her ‘white-faced simminy.’ And this now,” showing the fire, “what would you call this?”
“Fire or flame, or whatever you please, sir.”
“You must call it ‘hot cockalorum,’ and what about this?” he went on, pointing to the water.
“Water or wet, or whatever you please, sir.”
“No, ‘pondalorum’ is its name. And what do you call all this?” asked he, as he pointed to the house.
“House or cottage, or whatever you please, sir.”
“You must call it ‘high topper mountain.’”
That very night the servant woke her master up in a fright and said: “Master of all masters, get out of your barnacle and put on your squibs and crackers. For white-faced simminy has got a spark of hot cockalorum on its tail, and unless you get some pondalorum high topper mountain will be all on hot cockalorum.” …. That’s all».
We just finished reading this old story. What will it teach you? The point is that it conceals an obvious idea: if you build a security system, hire trustworthy people, and construct a good abstract “house,” don’t overcomplicate things for nothing. Remember that a security system that you do not intuitively understand will always work against you!
That is why it is impossible to give a clear answer to the question of which operating system to use, which practice to use — all of them to some extent can work, but on one condition — if you understand 100% how your security wall works, why this or that solution is used or removed in it. Think about what to do in emergency and unforeseen situations!
This aspect is firmly tied to human psychology and the fear of the unknown. I think it’s important to think about mind protection as well…
It’s like military Special Forces training — it’s all about experience. If a person hasn’t had that experience (e.g., never been in a situation where mud, water caused by explosions hit your face), they probably won’t be able to deal with the threat. That’s why in training they have firecrackers going off over their heads, shooting, etc. So that there is experience and no unfamiliar new (and therefore frightening or, let’s say, spooky) feelings.
So that the situation is no longer unknown to them and in a similar situation the brain will not behave the way it does when it gets its first experience in something. You have to know what a break-in looks like and how it feels to you personally-it’s necessary so that you can react effectively and coherently.
I suggest that you refer to a few rules from my OpSec Guide, especially rules 7, 12, and 21. This is exactly what you should get out of this story, but I would like to add again — never ever do what you do not fully understand, always give preference to familiar solutions:
Never do anything you do not understand. Always check which token you approve, transaction you sign, assets you send, etc — be extremely accurate while making any financial operation. Keep in mind that one of possible attack vectors is to put you in a situation that will encourage you to do smth (login or anything like that).
Identify your sensitive data, including your product research, intellectual property, financial statements, customer information, and employee information. This will be the data you will need to focus your resources on protecting.
This is such a simple but important lesson the ancient inhabitants of England, the castle builders, wanted to pass on to the upcoming generations, and we certainly have something to learn from them. Anyways, many of our new are long forgotten and rediscovered old!
As the legend goes, Goddess Aphrodite gave her son Eros a rose, who in turn gave it to Harpocrates — the God of Silence — who was to ensure that Aphrodite’s various indiscretions would stay a secret. Some versions of this story claim that Harpocrates was to ensure that all the Gods’ indiscretions would stay a secret. Thus, the rose became a symbol for secrecy.
Christianity knows conversations sub rosa, under the rose, which means that secret information is being exchanged and that all parties involved in the conversation are trusted. Confessions are also treated as sub rosa, which is why confessionals often have roses or floral imagery on or around their doors.
Among the first people to investigate the abstract nature of secrets was German Sociologist, Philosopher and Critic Georg Simmel. In his Propositions, he outlined the nature of secrets and what they do to people involved in them. He also concluded that the more secrets are organized and shared, the more likely it is that a centralized command structure needs to be established or establishes itself.
We can definitely learn something from the ancient inhabitants of England and Greece, as well as the ancient Christians, who built the castles and temples, on this straightforward but crucial lesson. In any case, many of our innovations are ancient and recently rediscovered.
Ancient stories also teach us about the importance of trust and discernment in managing security. The Greek myth of King Midas teaches us that even well-intentioned individuals can make grave mistakes. Midas, who foolishly revealed his secret to wealth, saw his cherished gift turn into a curse.
This serves as a reminder that in today’s interconnected world, trust is a valuable but delicate asset that needs to be handled with care. By exploring the narratives of secrecy, espionage, and the consequences of breached confidence, we uncover valuable lessons that can sharpen our understanding of security and OpSec in the modern world!
Steganography (from Greek. στεγανός — hidden + γράφω — writing; literally “cipher”) — a science that allows you to hide the transmitted data in a certain container, thus hiding the very fact of information transfer.
Unlike cryptography which hides the contents of a secret message, steganography hides the very fact of its existence. Steganography was first introduced in 1499, but the method itself has existed for a very long time. Legends have brought us a method that was used in the Roman Empire: a slave whose head was shaved was chosen to deliver a message, and then text was applied with a tattoo.
After the hair grew back, the slave was sent on the road. The recipient of the message would cut off the slave’s hair and read the message.
Steganography plays a crucial role in modern security frameworks. It allows individuals and organizations to hide sensitive information, offering an added layer of protection against unauthorized access.
But, If following Hew Dawson, a SERM Consultant, throughout the XX century, both steganography and the science of determining the fact of embedded information in a container — steganalysis (in fact, attacks on the stegosystem) — being actively developed. This is, in my opinion, a good thing to keep in mind!
This narrative reminds us of the need to carefully scrutinize external influences and the importance of defense-in-depth strategies. Similarly, during the Cold War, encryption and covert communication played a crucial role in maintaining national security.
I highly encourage you to read the following article. This amazing story highlights the resourcefulness and creativity of young musicians, demonstrating the power of using unconventional methods to bypass surveillance and achieve strategic objectives in clandestine operations. That said, it also highlights the importance of innovative thinking in adopting new approaches to secure communication:
Ancient stories bear witness to the enduring need for security and OpSec practices. From hidden messages to the art of deception, these narratives serve as timeless reminders for modern humans of the ever-present need for vigilance.
By embracing the wisdom embedded in these tales, we can enrich our understanding of security practices and leverage advanced techniques such as steganography to protect valuable information from prying eyes. In an increasingly interconnected world, the lessons from our ancestors provide a solid foundation upon which we can build secure and resilient systems.
Just as our ancestors grappled with security challenges, we too can harness the wisdom of the past to better protect our data, communications, and personal privacy. Keep that in mind, I have faith in you! Be careful and check out my works!