This is a follow-up/continuation to Part One of the series, where I recommend reading to help provide some background into why we should all consider reviewing our OPSEC (Operational Security), not just those with something to hide.

Have you actually thought about how much you are tracked on a daily basis? Think about everything you post on social media, what you search, the apps that are generating metadata (with or without your consent), what your phone knows about you. Not forgetting your “voice assistants,” there is a worrying amount of data we generate every day that builds an impressive digital footprint.Why OPSEC Is For Everyone

All this data is incredibly valuable to an adversary, whether this be an advertiser trying to sell you better, cheaper, faster services through abusing privacy and online tracking or an attacker who’s trying to steal your identity or gain unauthorised access to your systems. The objective of good OPSEC (Operational Security) is to deny the enemy information that can be used to their advantage, the process and methodology of which will be detailed in this article.

Oversharing is a risk, one an adversary will capitalize on.

Even attackers make mistakes. Sometimes these are insignificant but provide a breadcrumb trail for investigators to dismantle criminal operations. In the case of Paige A. Thompson AKA “erratic,” they committed a significant OPSEC fail which led to their immediate arrest.

In July 2019, Paige was arrested by the FBI on suspicion of illegally accessing and downloading data relating to over 100 million credit card applications from Capital One in the US. However, Paige AKA “erratic” made little to no effort to hide her identity boasting about the hack on Twitter. Information about the attack was posted on her Github account. This linked to her Gitlab, which contained her CV and all her (Read more...)