How to Win at Kung Fu and Hacking

Everybody Was Hack Foo Fighting I’m going to discuss a serious problem with the organisational structure and social dynamics of the hacker community, and why this puts hackers at risk. Hackers operate essentially the same way as the henchmen in a kung fu movie: they attack the adversary one by…

required reading

This is a short list of articles and papers that you absolutely must read if you want to understand OPSEC. Terrorist Group Counterintelligence :: This is the thesis which later became the book Terrorism and Counterintelligence. Read at least one of them (the thesis is free). Allen Dulles’s 73 Rules…

Morris Worm OPSEC lessons

25th Anniversary of STFU about your computer crimes Reading this interview with the prosecutor of Robert Morris Jr about the Morris Worm there are a few cool OPSEC lessons we can learn. How was Morris caught? One way was with computer forensics. Tracing back the source of the worm. The…

A Critique Of Lavabit

In August of this year, Ladar Levison shut down his email service, Lavabit, in an attempt to avoid complying with a US government request for his users’ emails. To defy the US government’s gag order and shut down his service took great courage, and I believe that Ladar deserves our…

OPSEC isn’t security through obscurity

OPSEC revisited The goal of OPSEC is to control information about your capabilities and intentions to keep them from being exploited by your adversary. In typical hacker fashion, the term OPSEC has come to mean more than just information about capabilities and intentions, but also personal information about the yourself.…