Intro: Laymans guide to OpSec

The first blog is always the sweetest.

Q: Why are you doing this blog?
A: Dealing with these situations first hand and having the battle scars, is enough to get this show on the road. If this blog is able to help someone sleep at night, it brings me good karma.
We live in the times where anonymity/abstraction is easily accessible, freedom of information is encouraged along with a strong lack of ownership equates to the mishandling/abuse to what used to be our right to privacy.

Organizations that want to use our personal information, should take steps to protect it.

As individuals, we should/must also be responsible of our personal information just as much as we would be cautious with where we put our cash.

Q: What is OpSec
A: OpSec: Also known as Operational Security: an art used to stop/limit pieces of the target’s information that can be collected by The Enemy. The aim is to make it very very difficult to find, trace, track, etc you.

Q: Why OpSec and not some other things like Anti Virus, etc.
A: OpSec is a *preventative* measure. Once someone knows where you live, unless if you live in a motor home, you can’t just ‘move house’. If there are ways to limit the flow of information, it makes it *harder* for The Enemy to find you. Anti Virus, etc is ‘part’ of a much bigger solution.

Q: How  does OpSec tie in with the bigger picture:
A: You -> information -> disclosure -> enemy -> recon -> target -> old school crime/issue (harassment, theft, etc) -> pain and suffering for target -> loss of sanity. OpSec starts at the information stage.

Q: Care to share some stories?
A: I would but only in person, I’ve had loved ones where in hindsight, could have been spared the pain through communication and awareness about the importance of ‘information management’. Stalking, theft and harassment are some of the cases I’ve worked on.

Q: Information blah, so what, I don’t work for a big company, doesn’t apply to me?
A: hummm…yes it does. Let’s have a (overly simplistic) quick example, if your pet’s name is ‘rocky’ and your password is ‘rocky’ and *everyone* knows that you have a pet named ‘rocky’, it’s not much of a password, is it?
This extends to other things (not just passwords) with online services and mobile apps being the big ones. Now, if you use the same password between a ‘low’ importance (eg: social media) and a ‘high’ importance site (eg: bank), you get the idea.
Takeaway: If you are of any value or have something of value to someone, information becomes a commodity. Don’t take my word for it, just ask the NSA.
Takeaway 2: If you are a big fish, you better get specialist advice.

Q: It’s all too hard?
A: It does depend on how much of a risk you see yourself to be in. Truth be told, if you have no cash, don’t intend to be big and famous, no dependencies, have nothing to lose then you are not at risk. High risk people *may* require more work but there are many ways to deal with it.

Q: I’m young, I can worry about this later…
A: …and if you plan to be big in this world, doing this later will cause you a lot of pain. OpSec is a habit that does not need to become a chore.

Q: I don’t want to shelter myself from the world and live in fear. This is not for me.
A: Actually, OpSec is about managing the flow of information and not suppressing it. In other words, it is about being aware and smart about what information you disclose. Be socialable but be smart.

Advertisements