OpSec is the process of identifying critical information and protecting it. Hackers don't get caught because their encryption failed. They get caught because they logged into their personal Facebook from the same IP address as their attack server.
Compartmentalization
Rule #1: Never mix identities.
Work Laptop is for Work. Personal Phone is for Personal.
If you are doing research on malware, use a dedicated "Burner" VM. Once the research is done, delete the VM.
1. The Ross Ulbricht Mistake
The founder of Silk Road was caught because years prior, he posted on a coding forum asking for help with Tor PHP code. He used his real username "altoid". Later, he posted a job offering seeking an "IT pro" and asked people to email "rossulbricht at gmail dot com".
Lesson: The internet never forgets. Your past alias can link to your real name.
2. Metadata is Killer
You take a photo of your desk.
EXIF data says: iPhone 13, GPS Latitude: 40.7128, Longitude: -74.0060.
You just doxed your home address.
Always strip metadata before uploading.
3. Sock Puppets
Creating fake personas.
Don't just make a blank account. A blank account looks suspicious.
A good sock puppet has a history, likes generic posts, follows sports, and ages like a fine wine before being used for sensitive investigations.
Tools
- Qubes OS: Operating system that runs everything in isolated VMs.
- Tails: Amnesic OS that forgets everything after reboot.
- ProtonMail / Signal: Encrypted comms.