Dead Drops Brushes Rally Points End Notes, Twelve Commandments

Dead Drops Brushes Rally Points End Notes, Twelve Commandments

g23 Op erational Sec urity version 0.1 April 2016 Do not reproduce, copy, publish. 1/23 page intentionally left blank 2/23 Theory Definition Principles Flow OpSec process Need to X – Principle Atomicity Methods Classification, Compartmentalization, Separation, Isolation Accounting Reporting & Alerting Application Prevention Checklist - again General Rules Notes Shut up Baseline Cover & Legend Pocket litter – cars, bikes, bags and trackers. Cleanup Paper destruction Biotraces Deniable physical communication Wifi security Cellphone security Calling and phone concentrators Travel security Be early, leave late Travel to/from meetings Air-travel Secure room (hotel or home) Signals, Alarms, Fallbacks Caches (physical and digital) Temporary caches, lockers Bug-out bag, EDC Payments Air gap computers Dead Drops Brushes Rally Points End notes, Twelve Commandments 3/23 Theory: Definition OpSec is the control of information- and artifact-flow that could endanger operational success or operational capabilities. It is a default position that does not rely on opponent interaction (as does offensive counter-intelligence). Theory: Principles Deterrence by opponent: • Acceptability: Is the behavior unacceptable to the opponent? If yes, the opponent will spend resources to detect, deceive and/or neutralize. • Credibility: Can the opponent gather intelligence that makes the threat credible and demonstrable? Is there evidence or cause for reasonable suspicion. • Perception: Does the opponent see/know information relating to operations, assets, capabilities and persons? Detection by opponent: • Who is involved? Names, aliases, skills, background, identifying marks (biometric, technological, habitual). • What is done? Operation. • How is it done? Methods, resources, technology, tools. • When is it done? Time, date, event relations (eg. after conference, two days after meeting). • Where is it done? Address, place, geolocation, place relation (eg. restaurant within 5 minutes walking distance to hotel). • Where is an asset? Person or resource. Address, place, geolocation, place relation (same city as another asset). • With whom or what is a person/asset related? Ownership / possession of resources, social relationships, affiliations. • Why is something done? Goals, motives, assumptions of effectiveness. • Gaining access: Documents, information, keys, passwords, identifiers, tools, decoration , etc. Opponent will use criminology, forensics and various collection methods. The opponent does not require certainty but usually operates on likelihood/probabilities and alternative explanations. Some opponents have an unlimited and long-time memory. 4/23 Counteraction by opponent: • Deception to direct target action towards opponent's goals. • Implants to stabilize access. Technologies, methods, artifacts, persons, cars, other assets. • Offensive capture to increase information, asset or person outflow. • Neutralization to prevent operative success to the target or dismantle/destroy the target. Destroy assets or permanently undermine trust, reliability or confidentiality. Counteraction by target: • Cover: Increase perceived acceptability by opponent to decrease opponent motivation. • Deception, camouflage, decoy: Decrease credibility in the eyes of opponent or misdirect concerning operational goals. Conceal capabilities, assets and skills. Use of short operations and small organizations. Display intentional error. • Conceal: Reduce perception and detection. • Detection: Identify and insulate implants. Prevent implants of possible. The goal is to prevent neutralization and manipulation by the opponent. Theory: Flow Object type Flow direction Opponent Principle Effect Information T => O Perception Offensive capture, Implants Artifact T => O Credibility Neutralization Person T => O Perception, Credibility Offensive capture, Neutralization Information O => T Deception Neutralization Artifacts O => T Deception Offensive Capture, Neutralization Persons O => T Deception, Credibility, Offensive Capture, Deception, Perception Neutralization, Implants T => O: Target to opponent O => T: Opponent to target 5/23 Theory: OpSec process Prevent, Prepare, Respond, Recover • Prevent: Control asset/artifact/information flows. Limit information content of artifacts/documents/conversations. Limit information lifetime/relevance. Limit predictability. Prevent and/or limit impact of outflow/leak. • Prepare: What happens in case of outflow/leak? How to contain leaks? How to do damage assessment? Fail-over/emergency plans. Emergency/Danger signals. Detection methods. Protocols for containment, reporting. Backups and caches. Savings. Define rally points and side channels. • Respond: Contain leak/implant. Destroy asset/artifact. Destroy ties/relationships/tracebacks. Notify necessary parties. Enact fail-over/emergency plans. • Recover: Replace capabilities, assets, persons. Use side channels. Rally points. Access caches/backups. Theory: Need to X – Principle Need to know, need to be there, need to be known . The best prevention is limitation! Only need justifies sharing, without need it is a critical mistake. • (Who/What) needs to know (who/what)? • (Who/What) needs to be there? • (Who/What) needs to be known by others, at all? Theory: Atomicity Atomicity: By default nobody knows anything, is no where, knows nobody else, has no history or future. Sub Rosa/Secrecy is the default. Cooperation and interaction destroys atomicity. The purpose of “need to X” is to preserve atomicity as much as possible while accomplishing the minimal operational goal. 6/23 Methods: Classification, Compartmentalization, Separation, Isolation • Classification: ◦ Person: Trustworthiness, reliability, integrity, skills, risk environment. ◦ Asset/Artifacts: Security, reliability, usefulness, traceability, identifiability, impact/reach in case of capture. ◦ Information: Impact/reach in case of capture. Necessity. Minimalism. • Compartmentalization: Minimal persons, assets, information to accomplish a goal/task. Only necessity – nothing else. • Separation: Each person has minimal access to play his part – nothing else. No reuse of assets/artifacts/methods if possible. Create minimal, simple viable tasks. • Isolation: Each asset/artifact/information is only related to the absolute minimum number of other persons/assets/artifacts. Places/storage should not share unrelated artifacts/information. Compartmentalization insulates operations. Separation insulates actions. Isolation insulates relationships and persons. Classification enables selection of persons/assets for information sharing, task delegation and artifact possession. Together, Compartmentalization, Separation and Isolation try to preserve atomicity as much as possible while accomplishing the minimal operational goal through the application of the “Need to X” principle. Methods: Accounting Keeping track of: • Who knows what? • Who possesses/has access to what? • Who knows whom? • Who/what is related to each other? • Is involved in which operation/task? • Date of and reason for entry Accounting enables “Need to X” application by being able to determine the operational footprint. 7/23 Strict accounting and planning also increases the efficiency of response and recovery measures like caches, backups, signaling/notification and emergency savings. Without accounting it becomes impossible to assess the impact of compromises, breaches and leaks. The method of accounting and the storage of this data needs special attention. Since the data relates to multiple operational contexts, persons, artifacts etc. accounting itself breaks all the need-to-X principles. This makes accounting data the treasure of any opponent. Extreme measures must be taken whenever accounting data is accessed, manipulated and stored. Use of strong encryption, dead man encryption, multi-party/four-eyes access, concealment/steganography, air-gapped computing and on- person carry at all times is prudent. It is also necessary to develop a quick, always executable and effective destruction method. Methods: Reporting & Alerting Accounting should include feedback so it can be effective in detection of problems, responding to attacks/leaks and recovering from failure. Alerting: Communicate unusual and/or threatening/dangerous activities. Reporting: Contacts, usage of assets/artifacts, shared information, learning. Only with accounting, reporting and alerting can competition turn into adaptive competition. 8/23 Application: Prevention Checklist - again . First order: Persons → Names, aliases, background, identifying marks. Addresses/locations of persons. Second order: Means of access → Keys, passwords, identifiers. Third order: Activities → Operations, Methods. Fourth order: Persons → Social relationships, affiliations, social graph. Fifth order: Places → Addresses, locations, locational relationships. Sixth order: Time → Dates/Time of activities, time relationships. Sevenths order: Goals, motives, ideology. The higher the order, the more protection the item deserves and the more careful should any sharing be considered. Application: General Rules • Atomicity is the default. • Everything (no exception) is a secret. Unless necessity says otherwise. • Everything leaves a trace. • Somebody or something is always watching or collecting. • Need to know / be there / be known. • DO NOT TALK. • Outflow is a problem, inflow as well. • OpSec should expose opponent actions. (Detection and Accounting) • Reduce perception by opponent. • Don't expose your social network. Don't drop names. Don't share contact details.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    23 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us