OPSEC for hackers

1. OPSEC for hackers: because jail is for wuftpd the.grugq@gmail.com

2. OPSEC forFREEDOM FIGHTERS hackers: because jail is for wuftpd the.grugq@gmail.com

3. Overview• Intro to OPSEC • Methodology • lulzsec: lessons learned • Techniques • Technology• Conclusion

4. Avon:You only got to fuck up once… Be a little slow, be a little late, just once. How you ain’t gonna never be slow? Never be late? You can’t plan for that. Thats life.

5. IntrotoOPSEC

6. WTF is it?

7. OPSEC in a nutshell• Keep your mouth shut• Guard secrets • Need to know• Never let anyone get into position to blackmail you

8. STFU

9. Methodology

10. • put the plumbing in ﬁrst • create a cover (new persona) • work on the legend (history, background, supporting evidence for the persona) • Create sub-aliases • NEVER CONTAMINATE

11. The 10 HackCommandments

12. FREEDOM The 10 Hack FIGHTINGCommandments

13. • Rule 1: Never reveal your operational details

14. • Rule 1: Never reveal your operational details• Rule 2: Never reveal your plans

15. • Rule 1: Never reveal your operational details• Rule 2: Never reveal your plans• Rule 3: Never trust anyone

16. • Rule 1: Never reveal your operational details• Rule 2: Never reveal your plans• Rule 3: Never trust anyone• Rule 4: Never confuse recreation and hacking FREEDOM FIGHTING

17. • Rule 1: Never reveal your operational details• Rule 2: Never reveal your plans• Rule 3: Never trust anyone• Rule 4: Never confuse recreation and hacking FREEDOM FIGHTING• Rule 5: Never operate from your own house

18. • Rule 6: Be proactively paranoid, it doesn’t work retroactively

19. • Rule 6: Be proactively paranoid, it doesn’t work retroactively FREEDOM• Rule 7: Keep personal life and hacking FIGHTING separated

20. • Rule 6: Be proactively paranoid, it doesn’t work retroactively FREEDOM• Rule 7: Keep personal life and hacking FIGHTING separated• Rule 8: Keep your personal environment contraband free

21. • Rule 6: Be proactively paranoid, it doesn’t work retroactively FREEDOM• Rule 7: Keep personal life and hacking FIGHTING separated• Rule 8: Keep your personal environment contraband free• Rule 9: Don’t talk to the police

22. • Rule 6: Be proactively paranoid, it doesn’t work retroactively FREEDOM• Rule 7: Keep personal life and hacking FIGHTING separated• Rule 8: Keep your personal environment contraband free• Rule 9: Don’t talk to the police• Rule 10: Dont give anyone power over you

23. Why do you need OPSEC?

24. It hurts to get fucked

25. No one is going to go to jail for you.

26. Your friends will betray you.

27. #lulzsec:lessons learned

28. never ever ever do this

29. ViolationNever trust anyone

30. ProTip: Don’t use your personal Facebook account to send defacement code toFREEDOM FIGHTERS your friends

31. ViolationDon’t contaminate

32. ViolationKeep personal life and hacking separate

33. ViolationKeep personal life and FREEDOM hacking separate FIGHTING

34. ViolationNever operate from your home

35. Violation Don’t revealoperational details

36. Violation Don’t revealoperational details

37. ViolationBe paranoid

38. Virus (10:30:18 PM): dont start accusing me of[being an informant] - especially after youdisappeared and came back offering to pay me forshit - thats fed tactics

39. Virus (10:30:18 PM): dont start accusing me of[being an informant] - especially after youdisappeared and came back offering to pay me forshit - thats fed tacticsVirus (10:30:31 PM): and then your buddy, topiary,who lives in the most random place

40. Virus (10:30:18 PM): dont start accusing me of[being an informant] - especially after youdisappeared and came back offering to pay me forshit - thats fed tacticsVirus (10:30:31 PM): and then your buddy, topiary,who lives in the most random placeVirus (10:30:36 PM): whos docs werent even public

41. Virus (10:30:18 PM): dont start accusing me of[being an informant] - especially after youdisappeared and came back offering to pay me forshit - thats fed tacticsVirus (10:30:31 PM): and then your buddy, topiary,who lives in the most random placeVirus (10:30:36 PM): whos docs werent even publicVirus (10:30:38 PM): gets owned

42. Virus (10:30:18 PM): dont start accusing me of[being an informant] - especially after youdisappeared and came back offering to pay me forshit - thats fed tacticsVirus (10:30:31 PM): and then your buddy, topiary,who lives in the most random placeVirus (10:30:36 PM): whos docs werent even publicVirus (10:30:38 PM): gets ownedSabu (10:32:29 PM): offering to pay you for shit?

43. Virus (10:30:18 PM): dont start accusing me of[being an informant] - especially after youdisappeared and came back offering to pay me forshit - thats fed tacticsVirus (10:30:31 PM): and then your buddy, topiary,who lives in the most random placeVirus (10:30:36 PM): whos docs werent even publicVirus (10:30:38 PM): gets ownedSabu (10:32:29 PM): offering to pay you for shit?Virus (10:32:55 PM): yeah, you offered me money for"dox"

44. Virus (10:30:18 PM): dont start accusing me of[being an informant] - especially after youdisappeared and came back offering to pay me forshit - thats fed tacticsVirus (10:30:31 PM): and then your buddy, topiary,who lives in the most random placeVirus (10:30:36 PM): whos docs werent even publicVirus (10:30:38 PM): gets ownedSabu (10:32:29 PM): offering to pay you for shit?Virus (10:32:55 PM): yeah, you offered me money for"dox"Virus (10:33:39 PM): only informants offer up cashfor shit -- you gave yourself up with that one

45. HAPPY ENDINGVirus is still free

46. ViolationNever contaminate

47. Bonus: w0rmer

48. Techniques

49. Plumbing

50. It is boring.

51. You’ll know it worked if nothing happens.

52. Put it in place ﬁrst.

53. Paranoia doesn’t work retroactively

54. Personas

55. Spiros: He knows my name, but my name is not my name. And you... to them youre only "The Greek."The Greek: And, of course, Im not even Greek.

56. Problem:You are you.

57. Solution:Be someone else.

58. Personas• Danger to personas is contamination • Contact between personas (covers) contaminates both • Keep cover identities isolated from each other

59. Layered defense

60. • Fail safe technological solution • TOR all the things!• Back stop persona • Primary cover alias as ﬁrst identity • Secondary cover aliases (eg. handles)

61. Proﬁling data

62. Pitfalls• Location revealing information • Weather • Time • Political events• Proﬁling data

63. Practice• Amateurs practice until they get it right, professionals practice until they can’t get it wrong• Practice makes perfect

64. Stringer: What you doing?Shamrock: Roberts Rules says we got to have minutes of the meeting. These the minutes.Stringer: Nigga, is you taking notes on a criminal fucking conspiracy?

65. No logs. No crime.

66. Staying Anonymous

67. Personal info is proﬁling info

68. Guidelines against proﬁling• Do not include personal informations in your nick and screen name.• Do not discuss personal informations in the chat, where you are from...• Do not mention your gender, tattoos, piercings or physical capacities.

69. Guidelines, cont.• Do not mention your profession, hobbies or involvement in activist groups• Do not use special characters on your keyboard unique to your language• Do not post informations to the regular internet while you are anonymous in IRC. • Do not use Twitter and Facebook

70. Guidelines, cont.• Do not post links to Facebook images. The image name contains a personal ID.• Do not keep regular hours / habits (this can reveal your timezone, geographic locale)• Do not discuss your environment, e.g. weather, political activities,

71. Hackers are no longer the apex predator

72. Hackers are no longerFREEDOMFIGHTERS the apex predator

73. That position has been ceded to LEO

74. That position has been ceded to LEO * *Law Enforcement Ofﬁcials

75. Technology

76. VPNs vs. TOR• VPNs provide privacy• TOR provides anonymity• Confuse the two at your peril

77. • TOR connection to a VPN => OK• VPN connection to TOR => GOTO JAIL

78. On VPNs• Only safe currency is Bitcoins • because they come from nothing• Purchase only over TOR • http://torrentfreak.com/which-vpn- providers-really-take-anonymity- seriously-111007/

79. Fail closed

80. PORTAL

81. PORTALPersonal Onion Router To Avoid LEO

82. PORTAL• Router ensuring all trafﬁc is transparently sent over TOR • Reduce the ability to make mistakes• Use mobile uplink • Mobility (go to a coffee shop) • Reduce risk of wiﬁ monitoring

83. PORTAL• Uses tricks to get additional storage space on /

84. Hardware• TP-LINK AR71xx personal routers • MR-11U • MR-3040 • MR-3020 • WR-703N

85. MR-3040 & MR-11U• Battery powered • Approx. 4-5 hrs per charge• USB for 3G modem

86. http://torporfavor.org/ download/portal/

87. Conclusion

88. STFU

89. Questions?

90. If you think, don’t speakIf you speak, don’t writeIf you write, don’t signIf you sign, don’t be surprised