OpSec Going Smart
0xB25C
October 19th, 2022

Greetings, dear readers! I decided to write a rather unusual article in which I want to get away from the accepted concept and talk about various devices and gadgets for OpSec, but with a bias towards the real application and ease of use.

The fact is that everyone's needs for OpSec are different and, as follows from one of the golden rules, it all depends on who you expect the danger to come from and their capabilities. Here our story should turn to the science of Security Awareness, but I've described it in detail in my previous articles, so we will focus on the solutions the average reader can implement.

The thing is that I have no moral right to advise, e.g. an OSINT researcher, what I would advise an active member of the crypto and Web3 community. In other words, in this article I will only advise what will work for absolutely anyone, and not only for Internet survivalists.

At this point, I will divide my narrative into several parts, the first of which will cover the most important and simplest things, before moving on to more complex and specific ones. In thinking about how to divide up the article, I settled on the financial aspect.

So, in Part I I will tell you what everyone can do right now, free and fast, and in Part II I will show you how you can improve your security if you can afford to invest in it up front.

If you already know everything and want to find something new, go straight to part III, in which I have collected my work and interesting references - they certainly will not leave you indifferent! Let's get started!


I - Tiny OpSec Tips For Everyone

The Ring

Surprisingly, few people know that anyone can effectively defend against sim swapping. It works both in the US and worldwide on almost all mobile operators. To lock down your SIM, contact your mobile phone carrier. Ask them to NEVER make changes to your phone number/SIM unless you physically show up to a specific store with at least two forms of identification.

That is a standard that has been tested by telecommunications operators in the United States, the United Kingdom, Poland, and China. You just need to insist on it or visit the head office, and I’m sure that the support manager on the phone mayn’t know about it.

This (should) prevent hackers from calling up AT&T, T-Mobile, or Vodafone, claiming to be you, and asking them to port your phone number to a new phone. You can also ask them to never swap your sims without you revealing a specific secret to them. Naturally, it still comes down to the protocol rigidity of the person taking the hacker's call, but it's nice to do what you can.

In-The-Air

Many of us travel by airplane, and many of us have to deal with carrying luggage. That's a pretty serious threat to your OpSec unless, of course, your iPad, computer, or phone has potentially valuable information on it. And if you don't fly, you probably travel from point A to point B in some other way — by car, train, and so on. Try checking out this awesome thing, or any custom-made or DIY Faraday cage for your cellphone. If possible, put in a good case.

I'll leave it here, just in case, as it's important to everyone. Wills. In case your trip is extremely dangerous:

If you are in possession of rare confidential information, you can use one of the safest methods of conspiracy. For example, you can transfer your passwords to a draft message on Tutanota or Protonmail and use a complex password to log into your mail, or use a physical key like Yubikey or Nitrokey.

Strictly speaking, OpSec rules do not prohibit the use of special devices that do not look suspicious, such as a Nintendo Switch, old-fashioned PSP 1000/2000/3000, or even a disassembled Raspberry PI!

Even if these services, at the request of the authorities, hand over your IP and browser information, which, by the way, can be hidden by Tor or anti-detection systems like Sphere, the content of emails will definitely not be read by anyone.

That said, it's important to have a physical copy as well, but here you can argue with me. It creates, in essence, the very "point of failure" of our security system. But there is a solution to this problem, and its name is steganography.

Transfer all critical information to physical form and store it safely. Keep in mind that steganography and cryptography work better when used together!

When Surfing the Internet

A lot has been said and written about this topic, so I will be brief in this section and hope that you can find information on this subject yourself. I advise you to pay attention to my recent articles, as well as projects such as AnonPlanet.

Operational security professionals work to figure out where their information can be breached. That said, it doesn’t really matter what industry you’re in. If you have any sensitive or proprietary information at all, then you could very well be a target. This is a good thing to always keep in mind!

Take this subreddit and this awesome old and trusted resource as the first step. In our dangerous world, anyone can become a target, especially in crypto or having to deal with private keys. It sounds scary, but it is possible. The main thing is to always think ahead. By the way, if you're interested in tips for just such situations, check out my blog and scroll down to the bottom of my older articles and their HackerNoon versions.

That said, the protection of your device and the fact that they are known to be a serious threat to OpSec, no doubt, remains entirely on your conscience. You have to understand that the basic law of security tells us to first identify threats and only then build a security system, so you have to be sure in advance that your devices are in good order and not compromised.

Last but not least, Partial-Air-Gap is your friend, so check out AirGap_it and similar solutions on market.


II - OpSec Going Smart

I would like to start by saying that, in fact, there is no perfect solution to the problem of security, but mankind is trying to solve it, and in our time it has become available not only to the military or the very rich, but to ordinary people — that is, now you can go to the store, buy a few things, and use them to solve the problem of security in your individual case.

Let's look at what solutions are on the market. I will focus only on devices for OpSec, and I will not mention a lot of existing hacking devices, toys, and backpacks if their purpose is not related to security.

Password Cleanse

The first thing is a collection of tools for manifesting strong pass-phrases while helping you release the toxins of your past security habits. Through a process of focused meditation, dice rolling, and memorization of mantras, you will cleanse your security.

As stated in the description:

kit includes Word List, five red dice, custom brass ring, sealing wax, brass pen, matchbox, and handmade paper. Dice tower is built into the clam shell case, covered in Sierra bookcloth and foil stamped in gold. Word List is printed using digital offset and is a limp paper structure covered in handmade paper from The University of Iowa.

I do think this stylish device does its job well, but you have to learn how to use it quickly and confidently, even with its apparent simplicity. As said before, you have to be familiar with your own security system so it doesn't take up your most valuable asset - your time.

Altoids Survival Kit

Here we will look at several kits at once. The first is the Altoids survival kit — after getting acquainted with the kit, I can say that it is definitely useful for hiking, camping, or everyday carry; this pocket survival kit is a convenient and inexpensive way to provide survival essentials!

There is nothing to add here except that this is a more or less standard balanced survival kit — so let's go straight to the more serious kits.

Digital Resistance Kit

Next in our review would be a Digital Resistance Kit, which provides you with the tools for a true identity detox.

As stated in the description:

kit includes the Manual of Digital Resistance, wax sealed anonymous cash, bitcoin, prepaid gift cards, Starbucks cards, and a TAILS USB stick. A preconfigured anonymous tablet, a preconfigured anonymous smartphone, and a preconfigured anonymous flip phone w/ SIM cards are also included. Interesting that the manual was printed using digital offset and Johannot paper was used for the wax sealed packets. The housing is covered in black Euro Buckram and felt. Cover foil stamped in black.

I can definitely say that the author has quite an interesting vision! At the same time, I believe that there is a sense and an opportunity to collect exactly the same set yourself - the Authors have made a detailed instruction and posted it in the public domain, for which they no doubt get our full respect!

Laptops & Other Devices

First of all, in this section, I would advise you to deal only with vendors you trust. I guess nobody doubts QubesOS is reliable, so use the list from their website, it will save your time when searching for a secure device among dozens of solutions on the market. Many of them do not even meet the minimum security requirements.

It is not important what you use — an iPad or a Laptop — the main thing is how you do it. I can recommend you to look at devices like Nitropad and Privacybeast because I am confident in their reliability, but the rest depends on you and your caution and awareness.


III - OpSec Gallery

Below, I would like to make a gallery of resources that you could explore in your spare time and increase your level of security. The idiom "Forewarned is forearmed" has never yet, in my memory, misfired.

I am not asking you to comply with all of this, but you must remember the main rule in this particular case:

Your level of OpSec usually depends on your threat model and which adversary you're up against. So it's hard to define how good your OpSec is.

Yes, it seems like it is a veritable minefield over there. Keep the faith. Learn the latest attack techniques, white hat cheat sheets, and defenses. Only knowledge can defeat criminals’ knowledge. In this intellectual boxing match, the most prepared wins, and we want that to be you!

  • Much thanks to Telegram Deer for helping me pick goods up - check out his channel!

IV - Support

Support is very important to me, with it I can do what I love - educating users!

If you want to support my work, you can send me a donation to the address:

Subscribe to Officer's Blog
Receive new entries directly to your inbox.
Collectors
View
#1
#2
#3
View collectors
This entry has been permanently stored on-chain and signed by its creator.