wip opsec neutralization

opsecmistakes/index.md

@@ -117,5 +117,16 @@ Your general operations rules should have built-in detection capacities: either
 - An easy to use counter-itelligence tool is the [baryum meal test](https://en.wikipedia.org/wiki/Canary_trap) or canary trap.  By detecting leaks you can use them in anti-surveillance operations or as a warning system.
 - another one is a simple canary (example: [warrant canary](https://en.wikipedia.org/wiki/Warrant_canary)) where the cessation of an inoccuous action is used to send a message
 
-https://en.wikipedia.org/wiki/Operation_Delego
+#### What good OPSEC looks like
 
+Let's talk about [Operation Delego](https://en.wikipedia.org/wiki/Operation_Delego), a major CSAM-sharing and production group was infiltrated in a joint operation conducted by 19 countries. This group counted more than 600 members and had strict operational security:
+
+- Periodic platform change (new hidden service)
+- With each platform change, all users would change pseudonyms and receive new, randomly generated ones
+- Required use of GnuPG for encrypting communications
+- Never share PII
+- Strict metadata scrubbing policy for all shared media
+- Only share media over the trusted website channels
+
+##### The neutralization operation
+After infiltrating the group, Leo managed to trick several users into directly sharing media and personal information other unsanctioned channels, without encryption.