oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 11:56:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

replace person names and event name

Browse source
This commit is contained in:
urist 2025-01-08 20:15:51 +01:00
parent 21180cbc84
commit 43375b9eb3
1 changed files with 8 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

16
opsec/phonenumbers/index.html
View file

@ -121,21 +121,21 @@ If you keep your phone on, then an adversary with your phone number and the requ
You might think that having stringent SOPS (standard operating procedures) around the use of burner phones in your organization could solve this problem. It does help as this map shows, but it's not enough. An adversary investigating your activities will have access to a lot of data and they will be able to use tools such as PostGIS to query their datasets in order to infer relible position information from scattered datapoints.
<br><br>
<h3> The Z incident </h3>
<h3> The Protest </h3>
On the last day of december 2024, something happened in Los Angeles. This event will be referred to as the <b>Z incident</b>.
On the last day of december 2024, protest happened in Los Angeles. This event will be referred to as the <b>the Protest</b>.
<br>
<h4>From your point of view</h4>
Using burner phones and cash payments, you rented a car under a false identity with several members of your organizations. You have strong OPSEC, you don't know each other's names or faces and keep your burner phones off and in faraday bags when not in use. You took this car to a specific place at a specific time in order to acomplish a goal that goes contrary to the policies and aims of a strong adversary. Your adversary has access to phone data and no meaningful budget limitations, they aim to identify you, physically locate you and then follow their policies.
Using burner phones and cash payments, you rented a car under a false identity with Alice and Bob, both members of your organizations. You have strong OPSEC, you don't know each other's names or faces and keep your burner phones off and in faraday bags when not in use. You took this car to a specific place at a specific time in order to acomplish a goal that goes contrary to the policies and aims of a strong adversary. Your adversary has access to phone data and no meaningful budget limitations, they aim to identify you, physically locate you and then follow their policies.
<h4> From the adversary's point of view</h5>
Starting information:
<ul>
<li>They have identified where the car was rented from</li>
<li>They have identified one suspect: person X who was caught on camera being careless with their cap while renting the car</li>
<li>They have identified one other potential suspect of the three-persons team, a known associate of X, person W</li>
<li>They have identified one suspect: Alice who was caught on camera being careless with their cap while renting the car</li>
<li>They have identified one other potential suspect of the three-persons team, a known associate of Alice, Bob</li>
<li>They need to identify you, the third member</li>
</ul>
@ -146,12 +146,12 @@ You did use your burner phone only when required.
<br><br>
What will the adversary do?
<ul>
<li>Create a set of suspect sim cards based on spatial coordinates and timestamps: was this sim card in the same place and at the same time as X or W?</li>
<li>Refine this set by correlating it with other spatial coordinates and timestamps: when the car was rented, when incident Z took place</li>
<li>Create a set of suspect sim cards based on spatial coordinates and timestamps: was this sim card in the same place and at the same time as Alice or Bob?</li>
<li>Refine this set by correlating it with other spatial coordinates and timestamps: when the car was rented, when the protest took place</li>
<li>Look for behaviourial anomalies: a sim card popping up in one place, disappearing for days and then reappearing later</li>
</ul>
They can quickly reduce their suspect pool from hundreds of thousands of people to a dozen using this method. If you were to make the mistake of reusing the same SIM card for another operation after incident Z you will have dramatically increased your chances of being identified by the adversary.
They can quickly reduce their suspect pool from hundreds of thousands of people to a dozen using this method. If you were to make the mistake of reusing the same SIM card for another operation after the protest you will have dramatically increased your chances of being identified by the adversary.
<br><br><br>