Download as KEY, PPTX
![Virus (10:30:18 PM): don't start accusing me of
[being an informant] - especially after you
disappeared and came back offering to pay me for
shit - that's fed tactics](https://image.slidesharecdn.com/opsecafterlulzsec-120921211846-phpapp02/85/OPSEC-for-hackers-89-320.jpg)
![Virus (10:30:18 PM): don't start accusing me of
[being an informant] - especially after you
disappeared and came back offering to pay me for
shit - that's fed tactics
Virus (10:30:31 PM): and then your buddy, topiary,
who lives in the most random place](https://image.slidesharecdn.com/opsecafterlulzsec-120921211846-phpapp02/85/OPSEC-for-hackers-90-320.jpg)
![Virus (10:30:18 PM): don't start accusing me of
[being an informant] - especially after you
disappeared and came back offering to pay me for
shit - that's fed tactics
Virus (10:30:31 PM): and then your buddy, topiary,
who lives in the most random place
Virus (10:30:36 PM): who's docs weren't even public](https://image.slidesharecdn.com/opsecafterlulzsec-120921211846-phpapp02/85/OPSEC-for-hackers-91-320.jpg)
![Virus (10:30:18 PM): don't start accusing me of
[being an informant] - especially after you
disappeared and came back offering to pay me for
shit - that's fed tactics
Virus (10:30:31 PM): and then your buddy, topiary,
who lives in the most random place
Virus (10:30:36 PM): who's docs weren't even public
Virus (10:30:38 PM): gets owned](https://image.slidesharecdn.com/opsecafterlulzsec-120921211846-phpapp02/85/OPSEC-for-hackers-92-320.jpg)
![Virus (10:30:18 PM): don't start accusing me of
[being an informant] - especially after you
disappeared and came back offering to pay me for
shit - that's fed tactics
Virus (10:30:31 PM): and then your buddy, topiary,
who lives in the most random place
Virus (10:30:36 PM): who's docs weren't even public
Virus (10:30:38 PM): gets owned
Sabu (10:32:29 PM): offering to pay you for shit?](https://image.slidesharecdn.com/opsecafterlulzsec-120921211846-phpapp02/85/OPSEC-for-hackers-93-320.jpg)
![Virus (10:30:18 PM): don't start accusing me of
[being an informant] - especially after you
disappeared and came back offering to pay me for
shit - that's fed tactics
Virus (10:30:31 PM): and then your buddy, topiary,
who lives in the most random place
Virus (10:30:36 PM): who's docs weren't even public
Virus (10:30:38 PM): gets owned
Sabu (10:32:29 PM): offering to pay you for shit?
Virus (10:32:55 PM): yeah, you offered me money for
"dox"](https://image.slidesharecdn.com/opsecafterlulzsec-120921211846-phpapp02/85/OPSEC-for-hackers-94-320.jpg)
![Virus (10:30:18 PM): don't start accusing me of
[being an informant] - especially after you
disappeared and came back offering to pay me for
shit - that's fed tactics
Virus (10:30:31 PM): and then your buddy, topiary,
who lives in the most random place
Virus (10:30:36 PM): who's docs weren't even public
Virus (10:30:38 PM): gets owned
Sabu (10:32:29 PM): offering to pay you for shit?
Virus (10:32:55 PM): yeah, you offered me money for
"dox"
Virus (10:33:39 PM): only informants offer up cash
for shit -- you gave yourself up with that one](https://image.slidesharecdn.com/opsecafterlulzsec-120921211846-phpapp02/85/OPSEC-for-hackers-95-320.jpg)
More Related Content
OPSEC for hackers
- 1. OPSEC for hackers: because jail is for wuftpd the.grugq@gmail.com
- 2. OPSEC forFREEDOM FIGHTERS hackers: because jail is for wuftpd the.grugq@gmail.com
- 3. Overview • Intro toOPSEC • Methodology • lulzsec: lessons learned • Techniques • Technology • Conclusion
- 4. Avon:You only gotto fuck up once… Be a little slow, be a little late, just once. How you ain’t gonna never be slow? Never be late? You can’t plan for that. Thats life.
- 5.
- 6.
- 7. OPSEC in anutshell • Keep your mouth shut • Guard secrets • Need to know • Never let anyone get into position to blackmail you
- 8.
- 19.
- 20. • put theplumbing in first • create a cover (new persona) • work on the legend (history, background, supporting evidence for the persona) • Create sub-aliases • NEVER CONTAMINATE
- 21.
- 22. FREEDOM The 10Hack FIGHTING Commandments
- 24. • Rule 1:Never reveal your operational details
- 25. • Rule 1:Never reveal your operational details • Rule 2: Never reveal your plans
- 26. • Rule 1:Never reveal your operational details • Rule 2: Never reveal your plans • Rule 3: Never trust anyone
- 27. • Rule 1:Never reveal your operational details • Rule 2: Never reveal your plans • Rule 3: Never trust anyone • Rule 4: Never confuse recreation and hacking FREEDOM FIGHTING
- 28. • Rule 1:Never reveal your operational details • Rule 2: Never reveal your plans • Rule 3: Never trust anyone • Rule 4: Never confuse recreation and hacking FREEDOM FIGHTING • Rule 5: Never operate from your own house
- 30. • Rule 6:Be proactively paranoid, it doesn’t work retroactively
- 31. • Rule 6:Be proactively paranoid, it doesn’t work retroactively FREEDOM • Rule 7: Keep personal life and hacking FIGHTING separated
- 32. • Rule 6:Be proactively paranoid, it doesn’t work retroactively FREEDOM • Rule 7: Keep personal life and hacking FIGHTING separated • Rule 8: Keep your personal environment contraband free
- 33. • Rule 6:Be proactively paranoid, it doesn’t work retroactively FREEDOM • Rule 7: Keep personal life and hacking FIGHTING separated • Rule 8: Keep your personal environment contraband free • Rule 9: Don’t talk to the police
- 34. • Rule 6:Be proactively paranoid, it doesn’t work retroactively FREEDOM • Rule 7: Keep personal life and hacking FIGHTING separated • Rule 8: Keep your personal environment contraband free • Rule 9: Don’t talk to the police • Rule 10: Don't give anyone power over you
- 35. Why do youneed OPSEC?
- 36. It hurts toget fucked
- 37. No one isgoing to go to jail for you.
- 41. Your friends willbetray you.
- 42.
- 46. never ever everdo this
- 47.
- 51. ProTip: Don’t useyour personal Facebook account to send defacement code toFREEDOM FIGHTERS your friends
- 59.
- 63. Violation Keep personal lifeand hacking separate
- 64. Violation Keep personal lifeand FREEDOM hacking separate FIGHTING
- 68. Violation Never operate from your home
- 73. Violation Don’treveal operational details
- 82. Violation Don’treveal operational details
- 87.
- 89. Virus (10:30:18 PM):don't start accusing me of [being an informant] - especially after you disappeared and came back offering to pay me for shit - that's fed tactics
- 90. Virus (10:30:18 PM):don't start accusing me of [being an informant] - especially after you disappeared and came back offering to pay me for shit - that's fed tactics Virus (10:30:31 PM): and then your buddy, topiary, who lives in the most random place
- 91. Virus (10:30:18 PM):don't start accusing me of [being an informant] - especially after you disappeared and came back offering to pay me for shit - that's fed tactics Virus (10:30:31 PM): and then your buddy, topiary, who lives in the most random place Virus (10:30:36 PM): who's docs weren't even public
- 92. Virus (10:30:18 PM):don't start accusing me of [being an informant] - especially after you disappeared and came back offering to pay me for shit - that's fed tactics Virus (10:30:31 PM): and then your buddy, topiary, who lives in the most random place Virus (10:30:36 PM): who's docs weren't even public Virus (10:30:38 PM): gets owned
- 93. Virus (10:30:18 PM):don't start accusing me of [being an informant] - especially after you disappeared and came back offering to pay me for shit - that's fed tactics Virus (10:30:31 PM): and then your buddy, topiary, who lives in the most random place Virus (10:30:36 PM): who's docs weren't even public Virus (10:30:38 PM): gets owned Sabu (10:32:29 PM): offering to pay you for shit?
- 94. Virus (10:30:18 PM):don't start accusing me of [being an informant] - especially after you disappeared and came back offering to pay me for shit - that's fed tactics Virus (10:30:31 PM): and then your buddy, topiary, who lives in the most random place Virus (10:30:36 PM): who's docs weren't even public Virus (10:30:38 PM): gets owned Sabu (10:32:29 PM): offering to pay you for shit? Virus (10:32:55 PM): yeah, you offered me money for "dox"
- 95. Virus (10:30:18 PM):don't start accusing me of [being an informant] - especially after you disappeared and came back offering to pay me for shit - that's fed tactics Virus (10:30:31 PM): and then your buddy, topiary, who lives in the most random place Virus (10:30:36 PM): who's docs weren't even public Virus (10:30:38 PM): gets owned Sabu (10:32:29 PM): offering to pay you for shit? Virus (10:32:55 PM): yeah, you offered me money for "dox" Virus (10:33:39 PM): only informants offer up cash for shit -- you gave yourself up with that one
- 96. HAPPY ENDING Virus isstill free
- 99.
- 102.
- 106.
- 107.
- 108.
- 109. You’ll know itworked if nothing happens.
- 110. Put it inplace first.
- 111. Paranoia doesn’t work retroactively
- 112.
- 113. Spiros: He knowsmy name, but my name is not my name. And you... to them you're only "The Greek." The Greek: And, of course, I'm not even Greek.
- 114.
- 116.
- 118. Personas • Danger topersonas is contamination • Contact between personas (covers) contaminates both • Keep cover identities isolated from each other
- 119.
- 120. • Fail safetechnological solution • TOR all the things! • Back stop persona • Primary cover alias as first identity • Secondary cover aliases (eg. handles)
- 121.
- 122. Pitfalls • Location revealinginformation • Weather • Time • Political events • Profiling data
- 123. Practice • Amateurs practiceuntil they get it right, professionals practice until they can’t get it wrong • Practice makes perfect
- 124. Stringer: What youdoing? Shamrock: Robert's Rules says we got to have minutes of the meeting. These the minutes. Stringer: Nigga, is you taking notes on a criminal fucking conspiracy?
- 125. No logs. Nocrime.
- 126.
- 127. Personal info isprofiling info
- 128. Guidelines against profiling • Do not include personal informations in your nick and screen name. • Do not discuss personal informations in the chat, where you are from... • Do not mention your gender, tattoos, piercings or physical capacities.
- 129. Guidelines, cont. • Donot mention your profession, hobbies or involvement in activist groups • Do not use special characters on your keyboard unique to your language • Do not post informations to the regular internet while you are anonymous in IRC. • Do not use Twitter and Facebook
- 130. Guidelines, cont. • Donot post links to Facebook images. The image name contains a personal ID. • Do not keep regular hours / habits (this can reveal your timezone, geographic locale) • Do not discuss your environment, e.g. weather, political activities,
- 132. Hackers are nolonger the apex predator
- 133. Hackers are nolonger FREEDOM FIGHTERS the apex predator
- 134. That position hasbeen ceded to LEO
- 135. That position hasbeen ceded to LEO * *Law Enforcement Officials
- 136.
- 137. VPNs vs. TOR •VPNs provide privacy • TOR provides anonymity • Confuse the two at your peril
- 138. • TOR connectionto a VPN => OK • VPN connection to TOR => GOTO JAIL
- 139. On VPNs • Onlysafe currency is Bitcoins • because they come from nothing • Purchase only over TOR • http://torrentfreak.com/which-vpn- providers-really-take-anonymity- seriously-111007/
- 141.
- 143.
- 144. PORTAL Personal Onion RouterTo Avoid LEO
- 145. PORTAL • Router ensuringall traffic is transparently sent over TOR • Reduce the ability to make mistakes • Use mobile uplink • Mobility (go to a coffee shop) • Reduce risk of wifi monitoring
- 146. PORTAL • Uses tricksto get additional storage space on /
- 147. Hardware • TP-LINK AR71xxpersonal routers • MR-11U • MR-3040 • MR-3020 • WR-703N
- 148. MR-3040 & MR-11U •Battery powered • Approx. 4-5 hrs per charge • USB for 3G modem
- 149.
- 150.
- 151.
- 152.
- 154. If you think,don’t speak If you speak, don’t write If you write, don’t sign If you sign, don’t be surprised
Editor's Notes
- #2 \n
- #3 \n
- #4 STFU\nNeed to Know\nPlumbing\n
- #5 The Wire, season 1, episode 5. This show is the most quotable show for OPSEC, evar!\n
- #6 \n
- #7 \n
- #8 “Thwarting enemies at home and abroad” book. Blackmail is basically, don’t allow anyone to have power over you where they can dictate your actions. You ceed control of your actions to someone else, and it will end poorly for you.\n
- #9 \n
- #10 I love this guide. It provides general guidelines to committing criminal activities and staying out of jail. These are good OPSEC techniques for one activity (smoking weed), but many can be generalized to all criminal^W freedom fighting activities.\n
- #11 \n
- #12 \n
- #13 \n
- #14 NOTE: not using code doesn’t mean don’t use cryptonyms (code names). These are very good.\n
- #15 NOTE: not using code doesn’t mean don’t use cryptonyms (code names). These are very good.\n
- #16 NOTE: not using code doesn’t mean don’t use cryptonyms (code names). These are very good.\n
- #17 NOTE: not using code doesn’t mean don’t use cryptonyms (code names). These are very good.\n
- #18 \n
- #19 \n
- #20 \n
- #21 \n
- #22 #4 - don’t socialize with your criminal co-conspirators\n
- #23 #4 - don’t socialize with your criminal co-conspirators\n
- #24 #4 - don’t socialize with your criminal co-conspirators\n
- #25 #4 - don’t socialize with your criminal co-conspirators\n
- #26 #4 - don’t socialize with your criminal co-conspirators\n
- #27 #4 - don’t socialize with your criminal co-conspirators\n
- #28 #4 - don’t socialize with your criminal co-conspirators\n
- #29 #10: control over your actions.\n
- #30 #10: control over your actions.\n
- #31 #10: control over your actions.\n
- #32 #10: control over your actions.\n
- #33 #10: control over your actions.\n
- #34 #10: control over your actions.\n
- #35 #10: control over your actions.\n
- #36 \n
- #37 \n
- #38 \n
- #39 \n
- #40 \n
- #41 \n
- #42 \n
- #43 \n
- #44 \n
- #45 \n
- #46 \n
- #47 \n
- #48 \n
- #49 \n
- #50 \n
- #51 This is a violation of the principle of “need to know”. Your lawyer needs to know that you are on probation (for a specific charge). Your criminal co-conspirators do not need to know this!\n
- #52 note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
- #53 note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
- #54 note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
- #55 note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
- #56 note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
- #57 note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
- #58 note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
- #59 note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
- #60 note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
- #61 \n
- #62 \n
- #63 \n
- #64 \n
- #65 \n
- #66 \n
- #67 \n
- #68 \n
- #69 \n
- #70 \n
- #71 \n
- #72 \n
- #73 \n
- #74 \n
- #75 \n
- #76 \n
- #77 \n
- #78 \n
- #79 \n
- #80 Keep your hacking^W freedom fighting, and family, completely separated\n
- #81 \n
- #82 \n
- #83 \n
- #84 \n
- #85 \n
- #86 \n
- #87 \n
- #88 directly connecting to the target from your home IP? Are you out of your fucking mind!\n
- #89 directly connecting to the target from your home IP? Are you out of your fucking mind!\n
- #90 directly connecting to the target from your home IP? Are you out of your fucking mind!\n
- #91 directly connecting to the target from your home IP? Are you out of your fucking mind!\n
- #92 directly connecting to the target from your home IP? Are you out of your fucking mind!\n
- #93 directly connecting to the target from your home IP? Are you out of your fucking mind!\n
- #94 colloquially, don’t shit where you eat.\n
- #95 \n
- #96 \n
- #97 \n
- #98 \n
- #99 \n
- #100 \n
- #101 \n
- #102 \n
- #103 \n
- #104 \n
- #105 \n
- #106 \n
- #107 \n
- #108 \n
- #109 \n
- #110 \n
- #111 \n
- #112 \n
- #113 \n
- #114 \n
- #115 \n
- #116 \n
- #117 \n
- #118 \n
- #119 \n
- #120 \n
- #121 \n
- #122 \n
- #123 \n
- #124 \n
- #125 \n
- #126 \n
- #127 \n
- #128 \n
- #129 \n
- #130 \n
- #131 \n
- #132 \n
- #133 \n
- #134 \n
- #135 \n
- #136 \n
- #137 \n
- #138 \n
- #139 \n
- #140 \n
- #141 \n
- #142 They call them warning signs for a reason...\n
- #143 \n
- #144 \n
- #145 \n
- #146 \n
- #147 \n
- #148 \n
- #149 \n
- #150 \n
- #151 \n
- #152 \n
- #153 \n
- #154 \n
- #155 \n
- #156 \n
- #157 \n
- #158 \n
- #159 \n
- #160 \n
- #161 \n
- #162 \n
- #163 They call them warning signs for a reason...\n
- #164 \n
- #165 \n
- #166 \n
- #167 \n
- #168 \n
- #169 \n
- #170 \n
- #171 \n
- #172 \n
- #173 self incriminating confession == bad\n
- #174 \n
- #175 Interrogation tactic: appeal to pride, ridicule the hacker’s abilities, encouraging him to “correct” your misperception of him... and in the process, confess. DO NOT TALK TO POLICE!\n
- #176 \n
- #177 \n
- #178 \n
- #179 \n
- #180 \n
- #181 \n
- #182 \n
- #183 \n
- #184 \n
- #185 credit: ben nagy found this pic, i stole it from him cause my conference talk is first, :D\n
- #186 \n
- #187 NOTE: he’s wearing a mask. \ncredit: ben nagy also found this photo. \n
- #188 \n
- #189 \n
- #190 \n
- #191 \n
- #192 \n
- #193 \n
- #194 \n
- #195 \n
- #196 \n
- #197 \n
- #198 \n
- #199 \n
- #200 \n
- #201 \n
- #202 \n
- #203 \n
- #204 \n
- #205 \n
- #206 \n
- #207 \n
- #208 \n
- #209 \n
- #210 \n
- #211 \n
- #212 \n
- #213 \n
- #214 \n
- #215 \n
- #216 \n
- #217 \n
- #218 \n
- #219 \n
- #220 \n
- #221 \n
- #222 use tor\n
- #223 \n
- #224 \n
- #225 \n
- #226 \n
- #227 \n