Emergency preparedness from a Counterintelligence Agent

Two free tools to increase OPSEC

Silence Means SecurityRemember when I said there was a contest to win the Renovo Trio 3-stage Water purifier? Well, I went through the articles I received and here’s the winner: Joe Touchstone.

Joe will be receiving his Renovo Trio – 3 Stage Water Filter & Purifier Straw – Hollow Fiber (UF) Membrane with Activated Carbon (Charcoal) Filter and Sediment Pre-Filter as soon as I get his address and can get the thing wrapped up and off in the mail.

If you’re interested in writing your own article to get some exposure for your writing ability or your blog, please contact me with the link at the top of the page. Please understand that I very rarely accept articles, and I never accept articles that have appeared on other sites because google hates duplicate content. If you’re considering sending me something, you may want to email me first and get an idea of what I accept. Of course, if you take a read through the articles I write, you should already have an idea. I don’t do 500-word fluff pieces here.

Here is the article, with limited formatting adjustments (needed to convert to the wordpress format) and a change of spelling of my name, plus any editor’s comments. Other than that, it’s directly as written, so you can see how well it’s written.

So, without further adieu, here’s the winning article:


 

Two free tools to increase OPSEC

You have holes in your Operations Security (OPSEC). We all do.

But if you spend any time online, then new technologies are compromising your OPSEC in unsettling ways.

Information deviously collected, analyzed, and utilized by big business and our government (without your knowledge or consent) could cost you your preps, your freedom, and your life.

WHAT YOU’LL GET BELOW:

  • 2 Free Tools to exponentially increase your OPSEC
  • An understanding of how behind-the-scenes information about you and your activities are gathered
  • Potential threats from the trail you’re leaving
  • How to maintain OPSEC and protect yourself online

Let’s dig in.

WHAT IS OPSEC?

Operations Security (OPSEC), at first, seems like a pretty simple idea:

lleep your plans secret to hide and protect what you’re doing.

But once you start applying it, you discover that real OPSEC is actually a dense, complex, expanding body of knowledge which I wouldn’t wish on my enemy.

It’s confusing!

Fortunately, we have Graywolf– an OPSEC specialist who has worked in, taught, and consulted on OPSEC for our military, and who knows who else (he could tell you, but then he’d have to k*ll you…). [editor’s note: technically, I’d have to give you a warning and have you sign a nondisclosure agreement]

Scott can take the complex details of OPSEC and boil them down to bits even I can (learn to) love.

You can get an in depth look at REAL OPSEC in his article How To Make A Prepper’s OPSEC Plan.

For this post, and how you can greatly increase your online AND offline security, we’re going to focus on one part of the Operations Security process:

OPSEC Indicators

From Scott’s article:

An example of an OPSEC indicator could be the box in the garbage that came with the pistol you put into the safe.

OPSEC indicators are all the little bits of information we leave behind, that an adversary can piece together to understand what you have/want to protect.

You need to learn how to be a prepper who thinks about not only what you’re doing but how other people see what you’re doing. The need to hide some things is obvious, such as the combination to your safe. Some things, however, are not so obvious.

For this post, we’re focusing on are all those little bits of data that we leave behind as we surf the web, read our email, chat, or do pretty much anything online.

One not-so-fun experiment to see these bits of data in action is to go to the BlueKai Registry

Blue Kai is a “big data platform that enables companies to personalize online, offline and mobile marketing campaigns with richer and more actionable information about targeted audiences”

You can read more about what they do here: http://bluekai.com/about-us.php

WHAT DOES REAL WORLD OPSEC HAVE TO DO WITH WHAT I DO ONLINE??

We all know that some information is captured as we move about the web.

We’ve been told that this information is “anonymous” and has no real world impact.

Nothing could be further from true.

The collection of bits of data, in context, form a pattern, and this pattern paints a very accurate picture of, well,… you.

The context of information, and what you can get from analyzing it, is actually one of the biggest things OPSEC looks to protect.

To show you just how accurate your “profile” from your bits of data can be, let me tell you a story…

HOW TARGET KNEW A GIRL WAS PREGNANT BEFORE HER DAD

Big business makes a LOT of money analyzing our buying patterns.

Statisticians and other “big brained” bean crunchers can tell, from what a woman buys, when she buys them, and in what order she buys them, that a woman is expecting a baby and roughly when she’s due!

This info caused an unexpected hiccup, and hit the national news, when an angry dad complained to Target.

Long story short, Target figured out a young woman was pregnant and then sent her “new mom” coupons at her home.

Her dad, angry and thinking Target was promoting teen pregnancy, complained.

Turns out Target was right. And his daughter had some explaining to do.

From Forbes: How Target Figured Out A Teen Girl Was Pregnant Before Her Father Did

As Pole’s computers crawled through the data, he was able to identify about 25 products that, when analyzed together, allowed him to assign each shopper a “pregnancy prediction” score. More important, he could also estimate her due date to within a small window, so Target could send coupons timed to very specific stages of her pregnancy.

The things we buy, read, and do – when looked at in context – can be used to tell other important things about who we are and what we do.

This analysis isn’t restricted to what we buy though. And you can believe that they’ve got profiles based on web browsing patterns too.

WHY ONLINE OPSEC IS SO IMPORTANT

The information being collected is supposed to be anonymous. Just numbers and website addresses.

We’ve been told this over and over again.

But several years ago DoubleClick, one of the world’s largest collectors of personal data, got into some real trouble for buying a company that could… you guessed it… attach real life offline personal identity to all this “anonymous” user data.

A Wall Street Journal investigation into online privacy has found that the analytical skill of data handlers like [x+1] is transforming the Internet into a place where people are becoming anonymous in name only.

Imagine a private company that makes it’s money by analyzing web surfing patterns.

From that info, they can accurately figure out who’s hoarding stuff, what they’re hoarding, how well protected they are (not just weapons, but security systems, flood lights, bug out vehicle, etc), if they’re part of a larger group, if they have a dog. It goes on and on.

How?

You buy 5 gallon containers – check.
You own a handgun – check.
You bought chicken feed – check.
You read a book on solar power – check.

From these 4 disconnected bits, a picture starts to form.

What if 100, or 1,000 bits are looked at together? We leave that behind in ONE DAY! Is it any surprise what Target figured out?

Rob Richardson, in his article Surveillance States of America: Silicon Valley Creates Robocop that will Start Patrolling Streets this Year points out:

Over the years, Silicon Valley companies have generated a treasure trove of information. These companies control massive databases filled with private information on everyone who has ever spent any time on the internet. Things you would be reluctant to tell even your doctor, are sitting somewhere in a database profile because you searched for it online.

I don’t think people realize how much information these companies, and the government, really have. Between the information you share on social media, to the pictures you upload from your smart phones, they pretty much have it all. Your face, your habits, the things you buy, and anything you’ve ever done online is sitting somewhere inside a massive database just waiting to be abused.

We used to fear the Big Brother surveillance state, but for some reason people looked the other way when these private companies started to build detailed profiles on every person in the world. Now, there’s really no turning back.

Now imagine there’s a global collapse.

Who will make use of all that data? Our own government? Big business? You bet!

The most effective preppers will be targets of the military, for their prep stores.

But worse than this, imagine the private company with this info…

They’d have a highly profitable set of info to share, sell, or use themselves!

Preppers will be getting it from both ends!

WHAT DO WE DO TO FIX IT?

We’ll employ what Scott describes as countermeasures.

The objective of countermeasures is to disrupt the enemy from gathering information on you by changing or camouflaging your indicators.

All of this “data mining” is made possible by two technologies, which we need to “disrupt”:

1. PACKET HEADERS

2. COOKIES

I’ll make this next part as brief and painless as possible.

PACKET HEADERS

When you type a URL into your browser, your browser sends packets of information out to the web.

Each packet has 3 parts: the header, the payload, and the trailer.

The trailer tells the receiver that they’ve received the payload, and this is the End Of File.

The payload is the bulk of whatever you’re sending.

The header, unfortunately, is loaded with OPSEC indicators.

THE HEADER

Has a lot of info, but the bits we’re concerned with include: the destination address, the originating address, and the length of packet.

Piece these bits together along with all the other header bits we generate every day, and Target sends you new baby coupons in the mail.

This snooping is only made easier by the browsers we all use.

Google, one of the biggest “big data” collectors, invented the Chrome browser and owns Mozilla, the company that makes the Firefox browser.

Internet Explorer is owned by Microsoft, one of the biggest and earliest collectors of user information.

Rumors indicate that both of these firms, along with many big Internet Service Providers (the companies that get you online), actively provide this data to the NSA.

It’s as if we’re driving along a highway in a car made by Google, and every few feet there’s a Google “beacon” looking for cars made by Google, jotting down each car’s unique identifier.

Our browsers make it even easier for big data collection.

COOKIES AREN’T YOUR FRIEND

Cookies are little bits of computer code that a website puts on your computer when you browse to it.

These bits of code have useful purposes, like remembering your login at Facebook so you don’t have to re-login every time you visit a new page and come back.

Originally, there were strict limitations on what a cookie could do.

It couldn’t follow all of your online activity, for example. But that time has come and gone.

ENTER THE EVERCOOKIE

Eventually programmers figured out that by using a combination of techniques they could implant code onto your computer that will remain there, active, collecting information, just waiting to return that information back to its home base.

From the Wikipedia page Evercookie

Evercookie is a JavaScript-based application created by Samy Kamkar which produces zombie cookies in a web browser that are intentionally difficult to delete. In 2013, a top-secret NSA document was leaked citing Evercookie as a method of tracking Tor users.

Clearing cookies from your browser doesn’t help.

Evercookie is designed to make persistent data just that, persistent. By storing the same data in several locations that a client can access, if any of the data is ever lost (for example, by clearing cookies), the data can be recovered and then reset and reused.

Simply think of it as cookies that just won’t go away.

Evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they’ve removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

Evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if Evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.

There’s a list of all the methods the evercookie uses to make this happen on the Wikipedia page.

It’s scary stuff.

And turning cookies off won’t stop these Evercookies, but WILL make it impossible to use many of the websites you probably go to – like Facebook.

HOW TO APPLY OPSEC ONLINE (AND OFFLINE)

First off, it’s important to remember that applying OPSEC to your preps isn’t just a fire-and-forget, one-time goal.

To create (and maintain) security requires vigilance and persistence. It’s not easy. But nothing that keeps you truly safe is.

From Scott and OPSEC for Preppers

OPSEC isn’t just a thing or an end-state; it’s a process. It’s basically a process that helps you protect information about who you are, what you’re doing what you have, and what your plans are, among other things.

TWO FREE TOOLS TO SET YOU FREE

Fortunately for all us preppers, there are two free tools that undo most – if not all – of this nastiness.

Free tool #1 is the Tor Browser Pack.

Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others.

Tor is still used by divisions of the Navy today.

It works by using “onion routing,” where your signal is bounced all around the web, changing headers at every bounce, so no bounce point knows both the destination and the origination.

Tor’s own about/overview page:

Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location.

Unfortunately, Tor isn’t perfect. And a quick Google search will show you its limitations (and a few ideas to improve it)

But the HUGE advantage a prepper gets by using Tor is by upping the resources required to get to you VS the average sheeple using Chrome, Firefox, or IE who are literally handing their OPSEC indicators over.

In general, you need to be doing some pretty shady stuff to be worthy of that much “attention.”

Yes, anything online has a certain amount of risk.

But with Tor, “they” have to first be looking for you, and second, use a boatload of resources to connect the dots of in-points and out-points before they can trace all that back to your computer.

So we’ve removed the “header” OPSEC indicator. We’re half way there.

But this doesn’t protect us from the bits of code that websites, beacons, ads, etc. stick on to our computers without us knowing — stuff like the EverCookie.

Free tool #2 is CCleaner

This tool is awesome!

Ccleaner goes in and finds all the little bits of stuff left behind by the web — temp files, cookies, fake images, the parts that make up the evercookie, everything you want gone (and didn’t want in the first place).

It always makes me feel good to see the MEGABYTES of data this little tool finds and erases!

It’s oddly satisfying. 🙂

With these two free tools you’ll go a LONG way to increasing your online and offline operations security.

Hope you enjoyed this article, and it helps increase your OPSEC!


If you want to know more about OPSEC, I have a lot of articles on the subject (just use the search bar at the top) but they’re mostly advanced topics. If you want a basic primer, check out Basic OPSEC for preppers: achieving balance or Keeping your prepping CLASSIFIED. They were written as basic primers. More to follow.

So, what did you think? Please give some feedback on the article if you don’t mind so Joe knows what you thought. Also, if you learned something from it, please share it using the dandy little social icons below.

Thanks all!

.
About Joe Touchstone

Joe "Slightly Irregular" Touchstone was holding his two baby daughters when he saw a panicked mob strip the shelves of his local grocery mart bare two days before a big storm. Everything changed. Now Joe's intense passion for learning drives him to find only the best survival and prep ideas and info to share.

Joe can be found at Survival Prepper Joe.

Comments

  1. jppi_Stu says

    In addition to a cleaner like CCleaner (which appears to be specific to Windows and OS X), it’s good to use a blocker that prevents connections to tracking systems. They can’t write data that they never see. I’ve been using Ghostery, which offers detailed control over what it blocks, shows me constantly what is and is not being blocked based on my configuration, is regularly updated, and works in Linux too. That sounds like an ad but I’m not affiliated with them, just trying to explain concisely why I use it!

  2. Fred K Lawrence says

    I love this article. Seems like a great beginning to clamping down on what is out there just waiting to compromise my OPSEC. I will be looking into this in more depth as I go and trying to develop a action plan for myself.

  3. Also good to use a VPN / Proxy connection, which will obscure your IP address. One option is: privateinternetaccess.com

Speak Your Mind

*

Search this site
Return to top of page

Copyright 2016, All Rights Reserved. All content on this site is subject to copyright law and cannot be reproduced in part or in its entirety without express permission from the original author. In almost all cases, this will be me, Graywolf. Contact me at graywolfsurvival@gmail.com for permission. If you would like to include a short snapshot of my article (the preview paragraph) by way of RSS feed with a link to the rest of the article, please feel free to do so, and I thank you if you do. Disclosure: This is a professional review site that sometimes receives free merchandise from the companies whose products we review and recommend. We are independently owned and the opinions expressed here are our own.

GraywolfSurvival.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to (Amazon.com, or endless.com, MYHABIT.com, SmallParts.com, or AmazonWireless.com).