Optimizing opsec

Topic created · 8 Posts · 785 Views
  • gonna be honest & humble: may become a reseller and need to desperately level up my opsec. now I’m not sure how much detail is allowed here, so I’ll ask mostly about data security:

    • I’m considering moving all browsing and data storage to a bootable ubuntu usb stick, is that ideal/sufficient to leave no traces on the computer it’s connected to? can I use my own WLAN with this or is that a security risk, and does a VPN migitate this?

    • using an iphone & the usual chat programmes (wire & wickr) with timed deletion of messages. not sure about whatsapp’s security/encryption, seems debatable

    • is secure transfer of cryptos to source covered in an existent thread already? until now I’ve been using bank > kraken > source

    • how fucked/flagged/monitored could I potentially be already having been very naive with security measures, and what can I do to remedy this?

    Thanks in advance! I’d offer free gear for help but I must abide by the rules :P

  • Well, WhatsApp is owned by Facebook… So go ahead and forget about using their service ever lol. For crypto, just use xmr. All bitcoin that you receive you could just transfer to Xmr via morphtoken, then hold it in xmr. If you need to convert xmr back to btc for “clean btc” (lmao…) Just use xmr.to, free service that does it instantly. Besides that just use a vpn on your phone and a tor browser on your pc. Not really sure how much more is needed, cybersecurity is like the last thing LE wants to deal with in terms of busting steroid businesses.

  • [quote=“appropionate” pid=‘62297’ dateline=‘1564061494’]
    gonna be honest & humble: may become a reseller and need to desperately level up my opsec. now I’m not sure how much detail is allowed here, so I’ll ask mostly about data security:

    • I’m considering moving all browsing and data storage to a bootable ubuntu usb stick, is that ideal/sufficient to leave no traces on the computer it’s connected to? can I use my own WLAN with this or is that a security risk, and does a VPN migitate this?

    • using an iphone & the usual chat programmes (wire & wickr) with timed deletion of messages. not sure about whatsapp’s security/encryption, seems debatable

    • is secure transfer of cryptos to source covered in an existent thread already? until now I’ve been using bank > kraken > source

    • how fucked/flagged/monitored could I potentially be already having been very naive with security measures, and what can I do to remedy this?

    Thanks in advance! I’d offer free gear for help but I must abide by the rules :P
    [/quote]

    Basically what Masterofron said about crypto.

    USB drive - I’m assuming you are going to use linux (TAILS is linux btw). Make sure you a familiar with the OS. If you are going to use TAILS you don’t need TOR. VPN over TOR is an option. You should read on how to configure that and research what it doesn’t protect you from.

    Regarding mobile apps - That’s your choice. Just remember that any company that has any type of affiliation with the US can be subpoenaed. Do your due diligence. For instance, if you decide to use a VPN service that you thought was based overseas has even a single good standing LLC that they started in the US can be subpoenaed (run on sentence).

    “Flagged” - If you are on a “list” you are done. There isn’t any coming off of it. It all depends on IF and when they want to pick you up. Sources have been picked off years after seizing operations.

    Overall thoughts - Many sources have been operating for years. Some have been lasting 5 plus years (they also are private) and pick their own terms when to call it quits. It’s a gamble, resellers tend to get caught faster because they have more points of failure. I certainly wouldn’t expect to quit your day job either.

    Not to be rude, but if you are asking these questions on a rather public forum such as this one, you might want to reconsider.

  • Thanks for all the replies so far, gonna look into it all.

    [quote=“Rcd3t” pid=‘62358’ dateline=‘1564102080’]
    “Flagged” - If you are on a “list” you are done. There isn’t any coming off of it. It all depends on IF and when they want to pick you up. Sources have been picked off years after seizing operations.

    Not to be rude, but if you are asking these questions on a rather public forum such as this one, you might want to reconsider.
    [/quote]

    Tales of such lists have existed forever for every country but I’ve never read a reliable account on the details of them.

    Not living in the US btw if it matters. Are you suggesting LE is reading public forums and tracking down users based on their post content?

  • [quote=“appropionate” pid=‘62297’ dateline=‘1564061494’]
    gonna be honest & humble: may become a reseller and need to desperately level up my opsec. now I’m not sure how much detail is allowed here, so I’ll ask mostly about data security:

    • I’m considering moving all browsing and data storage to a bootable ubuntu usb stick, is that ideal/sufficient to leave no traces on the computer it’s connected to? can I use my own WLAN with this or is that a security risk, and does a VPN migitate this?

    • using an iphone & the usual chat programmes (wire & wickr) with timed deletion of messages. not sure about whatsapp’s security/encryption, seems debatable

    • is secure transfer of cryptos to source covered in an existent thread already? until now I’ve been using bank > kraken > source

    • how fucked/flagged/monitored could I potentially be already having been very naive with security measures, and what can I do to remedy this?

    Thanks in advance! I’d offer free gear for help but I must abide by the rules :P
    [/quote]

    [quote=“appropionate” pid=‘62405’ dateline=‘1564138150’]
    Thanks for all the replies so far, gonna look into it all.

    [quote=“Rcd3t” pid=‘62358’ dateline=‘1564102080’]
    “Flagged” - If you are on a “list” you are done. There isn’t any coming off of it. It all depends on IF and when they want to pick you up. Sources have been picked off years after seizing operations.

    Not to be rude, but if you are asking these questions on a rather public forum such as this one, you might want to reconsider.
    [/quote]

    Tales of such lists have existed forever for every country but I’ve never read a reliable account on the details of them.

    Not living in the US btw if it matters. Are you suggesting LE is reading public forums and tracking down users based on their post content?
    [/quote]

    I’m sure they exist, just depends if they want to use you as an example.

    My post was making the assumption that you lived in the US. Please disregard and look up your country’s own laws.

    I’m not suggesting anything, but it would be foolish to NOT think LE is present on the forums. It’s an open source board.

  • [quote=“Rcd3t” pid=‘62445’ dateline=‘1564160465’]
    I’m not suggesting anything, but it would be foolish to NOT think LE is present on the forums. It’s an open source board.
    [/quote]
    Such thorough surveillance of all open source boards on the open net would take a number of workers/work hours I’m not sure is reasonable - and while I can’t refute your assumption, at least personally I’ve never come across an anecdote of someone working for the department whose responsibility this is (in regards to steroids, not other illegal stuff like sex trafficking etc).

    If anyone has ever heard ‘yea, browsing gear boards and maybe posting and tracking down small time users and going through the entire process of catching them with a vial of test on their body is my job’, I’d love to heard about it

  • [quote=“appropionate” pid=‘62456’ dateline=‘1564165562’]
    [quote=“Rcd3t” pid=‘62445’ dateline=‘1564160465’]
    I’m not suggesting anything, but it would be foolish to NOT think LE is present on the forums. It’s an open source board.
    [/quote]
    Such thorough surveillance of all open source boards on the open net would take a number of workers/work hours I’m not sure is reasonable - and while I can’t refute your assumption, at least personally I’ve never come across an anecdote of someone working for the department whose responsibility this is (in regards to steroids, not other illegal stuff like sex trafficking etc).

    If anyone has ever heard ‘yea, browsing gear boards and maybe posting and tracking down small time users and going through the entire process of catching them with a vial of test on their body is my job’, I’d love to heard about it
    [/quote]

    Dude, I never said anything about end users. You asked your question because you are interested in becoming a reseller.

    Regarding “surveillance of OSB’s” - How do you think ORD happened? What about ORD2? What about OCJ? All 3 operations pertain to resellers and sources.

  • [quote=“Rcd3t” pid=‘62461’ dateline=‘1564166919’]
    Dude, I never said anything about end users. You asked your question because you are interested in becoming a reseller.

    Regarding “surveillance of OSB’s” - How do you think ORD happened? What about ORD2? What about OCJ? All 3 operations pertain to resellers and sources.
    [/quote]

    I misinterpreted the context then - I’m not looking to establish an online presence or ‘shop’ at all, rather the opposite and minimize my presence in the public online & offline

Log in to reply