***There is no delete key on the Internet/Interweb***

I repeat: there is no delete key on the Internet

In fact, when it comes to technology, there is no delete key anywhere.

Technology is designed to remember things for a very, very, very long period of time.

If you put something online, through an app on your phone, etc it’s basically out there forever!

Don’t say/do something you’re going to regret. If it’s going to come back and haunt you in the future, don’t do it.

For example, that incriminating photo of you posted on Facebook, well, one of your friends saved a copy of it and is planning to use it on your wedding day…hummm…

Making a burn e-mail account: OpSec vs Gmail/Hotmail, round 1

NOTE: this is the retail version. If you’re a VIP/.mil/etc, don’t follow this, speak to me or a professional

It’s been discussed, this is how to go it:

Ingredients:

  • One unused prepaid sim card (you should have one as you’re practising good OpSec, right?)
  • Internet access
  • If you’re uber paranoid, you’ll need more (Did I mention that OpSec is not cheap…)

Method:

  1. Think about why you are creating a burn account in the first place, is it for social media, etc, etc, etc.
  2. Create your alias (Names, DOB, address)
  3. Fire up your favourite browser and go to Gmail/Hotmail
  4. Enter your ‘alias’ and note them down somewhere
  5. Enter the number for the prepaid SIM as the telephone number
  6. Verify the account via text
  7. You’re in.

Rules:

  • Don’t use this account for any personal stuff that could reveal your true identity. It is only to be used for the sole purpose it is designed for.
  • Don’t use this to connect with your friends and family.
  • Don’t use this account for multiple social media sites unless if they all share the same alias and you don’t mind being linked.
  • Consider disabling Google+ or locking it down if you are only using the account to receive email/register services
  • Don’t use this account for any personal stuff that could reveal your true identity. It is only to be used for the sole purpose it is designed for.
  • Don’t forward emails from this account. Check into it from time to time to see if anything important has come up.
  • If you get spam, and you followed the rules, it means that you’ve been compromised or your email account was easy to guess, time to consider your backout plan.
  • Don’t click on ads…really, who does that anyway?
  • Did I mention, don’t use this account for any personal stuff that could reveal your true identity. It is only to be used for the sole purpose it is designed for.

Using tech as a tool to accomplish blackmail

OpSec take: If The Enemy can’t find you on Facebook, they probably can’t get to you (unless if he was really desperate, someone with too much free time or has a lot of cash to track you down)

Worthy mentions:

  • Recon: Abrahams tended to target young women whom he knew. He also branched out to other victims after hacking into their Facebook pages.
  • Using tech to gain access: Also, Abrahams asked for advice on getting victims to download it, given that he “[sucks] at social engineering.”
  • Hello social media: After taking over his victims’ email accounts, their social media accounts, and even their webcams, he was able to get nude photos.

http://nakedsecurity.sophos.com/2014/03/19/sextortionist-who-preyed-on-miss-teen-usa-and-150-others-sentenced-to-18-months

Online Aliases

Bruce Wayne did not want to be known as Batman, Clark Kent did not want to be known as Superman.

They have aliases.

So should you!

It’s cool to be called Batman online. If it’s really important, your friends know you’re Batman and Bruce Wayne, they can give you a call on the bat phone.

Other people you meet face to face can address you by your given name.

Don’t make it easy for The Enemy to find you online. Be discreet.