OPSEC for hackers
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

OPSEC for hackers

on

  • 106,573 views

A gentle introduction to keeping your mouth shut.

A gentle introduction to keeping your mouth shut.
Video of the talk: https://www.youtube.com/watch?v=9XaYdCdwiWU

Statistics

Views

Total Views
106,573
Views on SlideShare
89,976
Embed Views
16,597

Actions

Likes
44
Downloads
565
Comments
8

77 Embeds 16,597

http://www.privacy.li 6680
http://privacy.li 2378
https://twitter.com 1338
http://www.redditmedia.com 1269
http://schoolofprivacy.eu 1247
http://schoolofprivacy.asia 896
http://translate.googleusercontent.com 542
http://www.scoop.it 481
http://st0rmw0rm.blogspot.com 398
http://jetaime.noblogs.org 359
http://floridom.ru 193
http://www.floridom.ru 157
http://heavyartillerytech.blogspot.com 100
https://si0.twimg.com 74
http://tweetedtimes.com 69
http://81.2.199.9 56
http://www.appliedweaponology.com 38
http://twitter.com 36
http://jonahx.tumblr.com 28
http://st0rmw0rm.blogspot.fr 24
http://www.linkedin.com 21
http://local.com.ua 19
http://tunneller.com 18
http://www.roguelynn.com 17
http://appliedweaponology.com 13
http://pinterest.com 12
http://ag3nt47.blogspot.com 11
http://st0rmw0rm.blogspot.co.uk 11
http://wearehidden.tumblr.com 8
https://translate.googleusercontent.com 8
http://yandex.ru 8
http://www.techgig.com 5
http://st0rmw0rm.blogspot.de 5
https://twimg0-a.akamaihd.net 5
http://www.200please.com 4
http://webcache.googleusercontent.com 4
https://tweetdeck.twitter.com 3
https://www.anti-forensics.com 3
http://st0rmw0rm.blogspot.se 3
http://stfueveryone.tumblr.com 3
http://st0rmw0rm.blogspot.pt 2
http://wok.io 2
http://bundlr.com 2
http://www.pinterest.com 2
http://st0rmw0rm.blogspot.in 2
https://web.tweetdeck.com 2
http://st0rmw0rm.blogspot.ca 2
http://htmledit.squarefree.com 2
http://heavyartillerytech.blogspot.co.uk 2
http://st0rmw0rm.blogspot.it 2
More...

Accessibility

Categories

Upload Details

Uploaded via as Apple Keynote

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

15 of 8 Post a comment

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • so basically… first two rules of fight club.
    Are you sure you want to
    Your message goes here
    Processing…
  • Enhance your opsec with a secure android handset. Chamelephon.com
    Are you sure you want to
    Your message goes here
    Processing…
  • I Got The Full File, I Just Wanna Share to You Guyszz.. It's Working You Can The Download The Full File + Instructions Here : http://gg.gg/Setupexe
    Are you sure you want to
    Your message goes here
    Processing…
  • Add something about account greening on the BTC slide! ( Unless you wish people to be fucked over by follow the money. )
    Are you sure you want to
    Your message goes here
    Processing…
  • @edgarriverapr This presentation is in the format of Apple Keynote (.key)
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • \n
  • \n
  • STFU\nNeed to Know\nPlumbing\n
  • The Wire, season 1, episode 5. This show is the most quotable show for OPSEC, evar!\n
  • \n
  • \n
  • “Thwarting enemies at home and abroad” book. Blackmail is basically, don’t allow anyone to have power over you where they can dictate your actions. You ceed control of your actions to someone else, and it will end poorly for you.\n
  • \n
  • I love this guide. It provides general guidelines to committing criminal activities and staying out of jail. These are good OPSEC techniques for one activity (smoking weed), but many can be generalized to all criminal^W freedom fighting activities.\n
  • \n
  • \n
  • \n
  • NOTE: not using code doesn’t mean don’t use cryptonyms (code names). These are very good.\n
  • NOTE: not using code doesn’t mean don’t use cryptonyms (code names). These are very good.\n
  • NOTE: not using code doesn’t mean don’t use cryptonyms (code names). These are very good.\n
  • NOTE: not using code doesn’t mean don’t use cryptonyms (code names). These are very good.\n
  • \n
  • \n
  • \n
  • \n
  • #4 - don’t socialize with your criminal co-conspirators\n
  • #4 - don’t socialize with your criminal co-conspirators\n
  • #4 - don’t socialize with your criminal co-conspirators\n
  • #4 - don’t socialize with your criminal co-conspirators\n
  • #4 - don’t socialize with your criminal co-conspirators\n
  • #4 - don’t socialize with your criminal co-conspirators\n
  • #4 - don’t socialize with your criminal co-conspirators\n
  • #10: control over your actions.\n
  • #10: control over your actions.\n
  • #10: control over your actions.\n
  • #10: control over your actions.\n
  • #10: control over your actions.\n
  • #10: control over your actions.\n
  • #10: control over your actions.\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • This is a violation of the principle of “need to know”. Your lawyer needs to know that you are on probation (for a specific charge). Your criminal co-conspirators do not need to know this!\n
  • note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  • note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  • note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  • note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  • note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  • note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  • note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  • note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  • note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Keep your hacking^W freedom fighting, and family, completely separated\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • directly connecting to the target from your home IP? Are you out of your fucking mind!\n
  • directly connecting to the target from your home IP? Are you out of your fucking mind!\n
  • directly connecting to the target from your home IP? Are you out of your fucking mind!\n
  • directly connecting to the target from your home IP? Are you out of your fucking mind!\n
  • directly connecting to the target from your home IP? Are you out of your fucking mind!\n
  • directly connecting to the target from your home IP? Are you out of your fucking mind!\n
  • colloquially, don’t shit where you eat.\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • They call them warning signs for a reason...\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • They call them warning signs for a reason...\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • self incriminating confession == bad\n
  • \n
  • Interrogation tactic: appeal to pride, ridicule the hacker’s abilities, encouraging him to “correct” your misperception of him... and in the process, confess. DO NOT TALK TO POLICE!\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • credit: ben nagy found this pic, i stole it from him cause my conference talk is first, :D\n
  • \n
  • NOTE: he’s wearing a mask. \ncredit: ben nagy also found this photo. \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • use tor\n
  • \n
  • \n
  • \n
  • \n
  • \n

OPSEC for hackers Presentation Transcript

  • 1. OPSEC for hackers: because jail is for wuftpd the.grugq@gmail.com
  • 2. OPSEC forFREEDOM FIGHTERS hackers: because jail is for wuftpd the.grugq@gmail.com
  • 3. Overview• Intro to OPSEC • Methodology • lulzsec: lessons learned • Techniques • Technology• Conclusion
  • 4. Avon:You only got to fuck up once… Be a little slow, be a little late, just once. How you ain’t gonna never be slow? Never be late? You can’t plan for that. Thats life.
  • 5. IntrotoOPSEC
  • 6. WTF is it?
  • 7. OPSEC in a nutshell• Keep your mouth shut• Guard secrets • Need to know• Never let anyone get into position to blackmail you
  • 8. STFU
  • 9. Methodology
  • 10. • put the plumbing in first • create a cover (new persona) • work on the legend (history, background, supporting evidence for the persona) • Create sub-aliases • NEVER CONTAMINATE
  • 11. The 10 HackCommandments
  • 12. FREEDOM The 10 Hack FIGHTINGCommandments
  • 13. • Rule 1: Never reveal your operational details
  • 14. • Rule 1: Never reveal your operational details• Rule 2: Never reveal your plans
  • 15. • Rule 1: Never reveal your operational details• Rule 2: Never reveal your plans• Rule 3: Never trust anyone
  • 16. • Rule 1: Never reveal your operational details• Rule 2: Never reveal your plans• Rule 3: Never trust anyone• Rule 4: Never confuse recreation and hacking FREEDOM FIGHTING
  • 17. • Rule 1: Never reveal your operational details• Rule 2: Never reveal your plans• Rule 3: Never trust anyone• Rule 4: Never confuse recreation and hacking FREEDOM FIGHTING• Rule 5: Never operate from your own house
  • 18. • Rule 6: Be proactively paranoid, it doesn’t work retroactively
  • 19. • Rule 6: Be proactively paranoid, it doesn’t work retroactively FREEDOM• Rule 7: Keep personal life and hacking FIGHTING separated
  • 20. • Rule 6: Be proactively paranoid, it doesn’t work retroactively FREEDOM• Rule 7: Keep personal life and hacking FIGHTING separated• Rule 8: Keep your personal environment contraband free
  • 21. • Rule 6: Be proactively paranoid, it doesn’t work retroactively FREEDOM• Rule 7: Keep personal life and hacking FIGHTING separated• Rule 8: Keep your personal environment contraband free• Rule 9: Don’t talk to the police
  • 22. • Rule 6: Be proactively paranoid, it doesn’t work retroactively FREEDOM• Rule 7: Keep personal life and hacking FIGHTING separated• Rule 8: Keep your personal environment contraband free• Rule 9: Don’t talk to the police• Rule 10: Dont give anyone power over you
  • 23. Why do you need OPSEC?
  • 24. It hurts to get fucked
  • 25. No one is going to go to jail for you.
  • 26. Your friends will betray you.
  • 27. #lulzsec:lessons learned
  • 28. never ever ever do this
  • 29. ViolationNever trust anyone
  • 30. ProTip: Don’t use your personal Facebook account to send defacement code toFREEDOM FIGHTERS your friends
  • 31. ViolationDon’t contaminate
  • 32. ViolationKeep personal life and hacking separate
  • 33. ViolationKeep personal life and FREEDOM hacking separate FIGHTING
  • 34. ViolationNever operate from your home
  • 35. Violation Don’t revealoperational details
  • 36. Violation Don’t revealoperational details
  • 37. ViolationBe paranoid
  • 38. Virus (10:30:18 PM): dont start accusing me of[being an informant] - especially after youdisappeared and came back offering to pay me forshit - thats fed tactics
  • 39. Virus (10:30:18 PM): dont start accusing me of[being an informant] - especially after youdisappeared and came back offering to pay me forshit - thats fed tacticsVirus (10:30:31 PM): and then your buddy, topiary,who lives in the most random place
  • 40. Virus (10:30:18 PM): dont start accusing me of[being an informant] - especially after youdisappeared and came back offering to pay me forshit - thats fed tacticsVirus (10:30:31 PM): and then your buddy, topiary,who lives in the most random placeVirus (10:30:36 PM): whos docs werent even public
  • 41. Virus (10:30:18 PM): dont start accusing me of[being an informant] - especially after youdisappeared and came back offering to pay me forshit - thats fed tacticsVirus (10:30:31 PM): and then your buddy, topiary,who lives in the most random placeVirus (10:30:36 PM): whos docs werent even publicVirus (10:30:38 PM): gets owned
  • 42. Virus (10:30:18 PM): dont start accusing me of[being an informant] - especially after youdisappeared and came back offering to pay me forshit - thats fed tacticsVirus (10:30:31 PM): and then your buddy, topiary,who lives in the most random placeVirus (10:30:36 PM): whos docs werent even publicVirus (10:30:38 PM): gets ownedSabu (10:32:29 PM): offering to pay you for shit?
  • 43. Virus (10:30:18 PM): dont start accusing me of[being an informant] - especially after youdisappeared and came back offering to pay me forshit - thats fed tacticsVirus (10:30:31 PM): and then your buddy, topiary,who lives in the most random placeVirus (10:30:36 PM): whos docs werent even publicVirus (10:30:38 PM): gets ownedSabu (10:32:29 PM): offering to pay you for shit?Virus (10:32:55 PM): yeah, you offered me money for"dox"
  • 44. Virus (10:30:18 PM): dont start accusing me of[being an informant] - especially after youdisappeared and came back offering to pay me forshit - thats fed tacticsVirus (10:30:31 PM): and then your buddy, topiary,who lives in the most random placeVirus (10:30:36 PM): whos docs werent even publicVirus (10:30:38 PM): gets ownedSabu (10:32:29 PM): offering to pay you for shit?Virus (10:32:55 PM): yeah, you offered me money for"dox"Virus (10:33:39 PM): only informants offer up cashfor shit -- you gave yourself up with that one
  • 45. HAPPY ENDINGVirus is still free
  • 46. ViolationNever contaminate
  • 47. Bonus: w0rmer
  • 48. Techniques
  • 49. Plumbing
  • 50. It is boring.
  • 51. You’ll know it worked if nothing happens.
  • 52. Put it in place first.
  • 53. Paranoia doesn’t work retroactively
  • 54. Personas
  • 55. Spiros: He knows my name, but my name is not my name. And you... to them youre only "The Greek."The Greek: And, of course, Im not even Greek.
  • 56. Problem:You are you.
  • 57. Solution:Be someone else.
  • 58. Personas• Danger to personas is contamination • Contact between personas (covers) contaminates both • Keep cover identities isolated from each other
  • 59. Layered defense
  • 60. • Fail safe technological solution • TOR all the things!• Back stop persona • Primary cover alias as first identity • Secondary cover aliases (eg. handles)
  • 61. Profiling data
  • 62. Pitfalls• Location revealing information • Weather • Time • Political events• Profiling data
  • 63. Practice• Amateurs practice until they get it right, professionals practice until they can’t get it wrong• Practice makes perfect
  • 64. Stringer: What you doing?Shamrock: Roberts Rules says we got to have minutes of the meeting. These the minutes.Stringer: Nigga, is you taking notes on a criminal fucking conspiracy?
  • 65. No logs. No crime.
  • 66. Staying Anonymous
  • 67. Personal info is profiling info
  • 68. Guidelines against profiling• Do not include personal informations in your nick and screen name.• Do not discuss personal informations in the chat, where you are from...• Do not mention your gender, tattoos, piercings or physical capacities.
  • 69. Guidelines, cont.• Do not mention your profession, hobbies or involvement in activist groups• Do not use special characters on your keyboard unique to your language• Do not post informations to the regular internet while you are anonymous in IRC. • Do not use Twitter and Facebook
  • 70. Guidelines, cont.• Do not post links to Facebook images. The image name contains a personal ID.• Do not keep regular hours / habits (this can reveal your timezone, geographic locale)• Do not discuss your environment, e.g. weather, political activities,
  • 71. Hackers are no longer the apex predator
  • 72. Hackers are no longerFREEDOMFIGHTERS the apex predator
  • 73. That position has been ceded to LEO
  • 74. That position has been ceded to LEO * *Law Enforcement Officials
  • 75. Technology
  • 76. VPNs vs. TOR• VPNs provide privacy• TOR provides anonymity• Confuse the two at your peril
  • 77. • TOR connection to a VPN => OK• VPN connection to TOR => GOTO JAIL
  • 78. On VPNs• Only safe currency is Bitcoins • because they come from nothing• Purchase only over TOR • http://torrentfreak.com/which-vpn- providers-really-take-anonymity- seriously-111007/
  • 79. Fail closed
  • 80. PORTAL
  • 81. PORTALPersonal Onion Router To Avoid LEO
  • 82. PORTAL• Router ensuring all traffic is transparently sent over TOR • Reduce the ability to make mistakes• Use mobile uplink • Mobility (go to a coffee shop) • Reduce risk of wifi monitoring
  • 83. PORTAL• Uses tricks to get additional storage space on /
  • 84. Hardware• TP-LINK AR71xx personal routers • MR-11U • MR-3040 • MR-3020 • WR-703N
  • 85. MR-3040 & MR-11U• Battery powered • Approx. 4-5 hrs per charge• USB for 3G modem
  • 86. http://torporfavor.org/ download/portal/
  • 87. Conclusion
  • 88. STFU
  • 89. Questions?
  • 90. If you think, don’t speakIf you speak, don’t writeIf you write, don’t signIf you sign, don’t be surprised