OPSEC

Now, this is a REALLY IMPORTANT topic. Bad OPSEC (Operations Security) is probably why most hackers get caught easily by those 3-letter-agencies (*cough* FBI/CIA/NSA). If you're about to hack someone/make malware, you better make sure nobody can trace it back to you or you'll surely be in trouble that's rather nice to avoid. I'll make this section a brief dive into anonymity, but I'll include a very nice collection of stuff in the references section.

The Ten Crack Commandments

Funny as it sounds, these 10 are good material for those practising OPSEC (albeit with some modifications).

  1. Never let anyone know how much money you have.

  2. Never let anyone know your next move.

  3. Never trust anyone.

  4. Never use what you sell.

  5. Never sell where you live.

  6. Never take credit.

  7. Keep your family and business completely separated.

  8. Never keep any crack on you.

  9. If you aren't being arrested, stay away from the police.

  10. Consignment is strictly for live men.

Now, here's an OPSEC version of these commandments (source)

  1. Never reveal your operational details

  2. Never reveal your future plans – silence and violence

  3. Never trust anyone

  4. Never confuse recreation with work

  5. Never operate from your own house

  6. Be proactively paranoid, it doesn’t work retroactively

  7. Keep your life and your freedom activities separate

  8. Keep your personal environment contraband free

  9. Don’t ever talk to the police

  10. Don’t give anyone power over you

These 10 are the golden rules to staying safe as a malware dev. (Just good general advice >.>). Follow these and you'll be grand.

I've decided that it'll be nicer to dedicate an entire space for practical OPSEC. So if you wanna know more about how OPSEC works and how you can practice it effectively, here you go:

Ok I'm not sure this will be modified or added-to anytime soon by me, so PLEASE FEEL FREE TO CONTRIBUTE

Last updated