diff --git a/opsec/phonenumbers/map.png b/opsec/phonenumbers/faraday.png
similarity index 100%
rename from opsec/phonenumbers/map.png
rename to opsec/phonenumbers/faraday.png
diff --git a/opsec/phonenumbers/index.html b/opsec/phonenumbers/index.html
index d5b2120..09263fa 100644
--- a/opsec/phonenumbers/index.html
+++ b/opsec/phonenumbers/index.html
@@ -106,9 +106,48 @@
 </br></br>
 
 <center>
-    <img src="map.png" class="imgRz">
+    <img src="faraday.png" class="imgRz">
 </center>
-<p> As shown on the above map, <b>once a Sim card goes on, even if the phone is later shut off it will leave a data trail</b>.<br><br>
+<p> 
+You might think that having stringent SOPS (standard operating procedures) around the use of burner phones in your organization could solve this problem. It does help as this map shows, but it's not enough. An adversary investigating your activities will have access to a lot of data and they will be able to use tools such as PostGIS to query their datasets in order to infer relible position information from scattered datapoints.
+<br><br>
+
+<h3> The Z incident </h3>
+
+On the last day of december 2024, something happened in Los Angeles. This event will be referred to as the <b>Z incident</b>.
+
+<br>
+<h4>From your point of view</h4>
+Using burner phones and cash payments, you rented a car under a false identity with several members of your organizations. You have strong OPSEC, you don't know each other's names or faces and keep your burner phones off and in faraday bags when not in use. You took this car to a specific place at a specific time in order to acomplish a goal that goes contrary to the policies and aims of a strong adversary. Your adversary has access to phone data and no meaningful budget limitations, they aim to identify you, physically locate you and then follow their policies.
+
+<h4> From the adversary's point of view</h5>
+
+Starting information:
+<ul>
+    <li>They have identified where the car was rented from</li>
+    <li>They have identified one suspect: person X who was caught on camera being careless with their cap while renting the car</li>
+    <li>They have identified one other potential suspect of the three-persons team, a known associate of X, person W</li>
+    <li>They need to identify you, the third member</li>
+</ul>
+
+<h4>What happened</h4>
+Luckily, your OPSEC was flawless. Shades, cap, tradecraft, you have managed to stay under the radar. They know you exist from a blurry trafic cam picture but that's all.
+You did use your burner phone only when required.
+
+<br><br>
+What willt the adversary do?
+<ul>
+    <li>Create a set of suspect sim cards based on spatial coordinates and timestamps: was this sim card in the same place and at the same time as X or W?</li>
+    <li>Refine this set by correlating it with other spatial coordinates and timestamps: when the car was rented, when incident Z took place</li>
+    <li>Look for behaviourial anomalies: a sim card popping up in one place, disappearing for days and then reappearing later</li>
+</ul>
+
+They can quickly reduce their suspect pool from hundreds of thousands of people to a dozen using this method. If you were to make the mistake of reusing the same SIM card for another operation after incident Z you will have dramatically increased your chances of being identified by the adversary.
+
+<br><br><br>
+
+
+As shown on the above map, <b>once a Sim card goes on, even if the phone is later shut off it will still leave a data trail</b>.<br><br>
 
 <b>With each datapoint, an adversary will be able to reduce the pool of potential suspects </b> until they have enough certainty to start using active measures.</p>