Cybercrime and Dark Web Research / The OPSEC Opportunity

The OPSEC Opportunity

The OPSEC Opportunity
Rick Holland
Read More From Rick Holland
May 31, 2016 | 2 Min Read

Operations Security (OPSEC) has long been a key tactic used by commercial and military organizations to protect their privacy and anonymity. The United States formalized OPSEC in 1988 with President Reagan’s National Operations Security Program. The premise of OPSEC is pretty simple: deny adversaries information that could be used to do harm to an organization or individual.  During my last trip to the United Kingdom, I visited the famous World War II code-breaking site Bletchley Park. I took the following photo that sums up wartime OPSEC well.

Bletchley park opsec

Defenders and attackers both use OPSEC and when it comes to your adversaries, they use OPSEC to:  avoid detection, maintain availability of their attack infrastructure, and to retain access to environments they have compromised. This is done through a combination of people, process and technology.  Figure 1 demonstrates how attackers take advantage of technology services like bullet proof hosting to accomplish their goals. Using a 3rd party for infrastructure places another layer between the attacker and defenders.

bulletproof hosting

Fig 1 

It is critical to note that OPSEC will fail if people and process aren’t taken into account.  There are no technology silver bullets when it comes to OPSEC. Lapses in OPSEC can have significant implications for defenders and attackers alike. All too often organizations unknowingly expose confidential information that significantly increases the risks to their organization. Take Figure 2, for example. An individual, whose LinkedIn profile informs us he is a Software Architect, has published his private RSA key on Github. In the wrong hands, this leaked information can be used to fuel a wide range of attacks against an organization and their staff.

Private RSA key

Fig 2

Adversaries stand to lose from poor OPSEC as well.  Suspected Dridex botnet operator Andrey Ghinkul associated his nickname – “Smilex” – with his real name. This may well have helped law enforcement in their pursuit of Ghinkul.  Sabu is another classic example of an OPSEC failure.; he made the mistake of logging into an IRC chat server without first using TOR for anonymization.

But, amid this, there are opportunities for organizations. As a defender you can capitalize on weak attacker OPSEC to gain insight into the people, process and technology leveraged by your adversaries.

With a strong OPSEC program that is able to evolve with a changing environment you can build a flexible and resilient cyber security program.

Building successful teams on the cybercriminal underground

Building successful teams on the cybercriminal underground

September 15, 2021 | 7 Min Read

We’ve all been socialized since childhood to...
AlphaBay’s Return: SWOT Findings

AlphaBay’s Return: SWOT Findings

September 9, 2021 | 14 Min Read

Hot on the heels of our recent blog titled...
The Never-ending Ransomware Story

The Never-ending Ransomware Story

August 31, 2021 | 10 Min Read

In the Never Ending Story, Bastian is drawn away...
The Eeveelution of ShinyHunters: From Data Leaks to Extortions

The Eeveelution of ShinyHunters: From Data Leaks to Extortions

August 26, 2021 | 7 Min Read

Suppose you were one of the lucky people playing...