From 31011284cdec7d358d7708ff42e19b0f7994d8a2 Mon Sep 17 00:00:00 2001 From: MulliganSecurity Date: Sat, 17 May 2025 19:53:06 +0200 Subject: [PATCH] wip opsec neutralization --- opsecmistakes/index.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/opsecmistakes/index.md b/opsecmistakes/index.md index 9f9fba0..ea0105b 100644 --- a/opsecmistakes/index.md +++ b/opsecmistakes/index.md @@ -117,5 +117,16 @@ Your general operations rules should have built-in detection capacities: either - An easy to use counter-itelligence tool is the [baryum meal test](https://en.wikipedia.org/wiki/Canary_trap) or canary trap. By detecting leaks you can use them in anti-surveillance operations or as a warning system. - another one is a simple canary (example: [warrant canary](https://en.wikipedia.org/wiki/Warrant_canary)) where the cessation of an inoccuous action is used to send a message -https://en.wikipedia.org/wiki/Operation_Delego +#### What good OPSEC looks like +Let's talk about [Operation Delego](https://en.wikipedia.org/wiki/Operation_Delego), a major CSAM-sharing and production group was infiltrated in a joint operation conducted by 19 countries. This group counted more than 600 members and had strict operational security: + +- Periodic platform change (new hidden service) +- With each platform change, all users would change pseudonyms and receive new, randomly generated ones +- Required use of GnuPG for encrypting communications +- Never share PII +- Strict metadata scrubbing policy for all shared media +- Only share media over the trusted website channels + +##### The neutralization operation +After infiltrating the group, Leo managed to trick several users into directly sharing media and personal information other unsanctioned channels, without encryption.