The OPSEC Opportunity

The OPSEC Opportunity
Rick Holland
Read More From Rick Holland
May 31, 2016 | 2 Min Read

Operations Security (OPSEC) has long been a key tactic used by commercial and military organizations to protect their privacy and anonymity. The United States formalized OPSEC in 1988 with President Reagan’s National Operations Security Program. The premise of OPSEC is pretty simple: deny adversaries information that could be used to do harm to an organization or individual.  During my last trip to the United Kingdom, I visited the famous World War II code-breaking site Bletchley Park. I took the following photo that sums up wartime OPSEC well.

Bletchley park opsec

Defenders and attackers both use OPSEC and when it comes to your adversaries, they use OPSEC to:  avoid detection, maintain availability of their attack infrastructure, and to retain access to environments they have compromised. This is done through a combination of people, process and technology.  Figure 1 demonstrates how attackers take advantage of technology services like bullet proof hosting to accomplish their goals. Using a 3rd party for infrastructure places another layer between the attacker and defenders.

bulletproof hosting

Fig 1 

It is critical to note that OPSEC will fail if people and process aren’t taken into account.  There are no technology silver bullets when it comes to OPSEC. Lapses in OPSEC can have significant implications for defenders and attackers alike. All too often organizations unknowingly expose confidential information that significantly increases the risks to their organization. Take Figure 2, for example. An individual, whose LinkedIn profile informs us he is a Software Architect, has published his private RSA key on Github. In the wrong hands, this leaked information can be used to fuel a wide range of attacks against an organization and their staff.

Private RSA key

Fig 2

Adversaries stand to lose from poor OPSEC as well.  Suspected Dridex botnet operator Andrey Ghinkul associated his nickname – “Smilex” – with his real name. This may well have helped law enforcement in their pursuit of Ghinkul.  Sabu is another classic example of an OPSEC failure.; he made the mistake of logging into an IRC chat server without first using TOR for anonymization.

But, amid this, there are opportunities for organizations. As a defender you can capitalize on weak attacker OPSEC to gain insight into the people, process and technology leveraged by your adversaries.

With a strong OPSEC program that is able to evolve with a changing environment you can build a flexible and resilient cyber security program.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Tags:

Related Posts

Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

Digital Risk Reporting Best Practices: Top 10 Ways to Build Killer Reports in SearchLight

June 30, 2020 | 4 Min Read

We all have those days or that time of the...
Multiple vs. Exclusive Sales on the Dark Web: What’s in a sale?

Multiple vs. Exclusive Sales on the Dark Web: What’s in a sale?

June 29, 2020 | 9 Min Read

When going out on a shopping spree, you would...
Introducing Nulledflix – Nulled forum’s own streaming service

Introducing Nulledflix – Nulled forum’s own streaming service

June 23, 2020 | 8 Min Read

Lockdowns implemented during the COVID-19...
Torigon Forum: A sad case of all show and no go

Torigon Forum: A sad case of all show and no go

June 23, 2020 | 11 Min Read

When we review the ideal template for a...