Practice Good OPSEC [Part 1]

Posted on by admin_fBTr8D3ct
03
Jun
Join Cashoutgod On Telegram

Here is a compilation of things you should know about OPSEC

Stop being a retarded script kiddie and learn to actually stay anonymous so you don’t land yourself in prison

Part 1 covers:

– OPSEC DELUSION
– ALWAYS REMEMBER THIS
– LIE AND KEEP YOUR DOUBLE LIFE A SECRET
– FRIENDS IN REAL LIFE
– ABOUT CLOSED SOURCE SOFTWARE

A lot of people’s reality curtain slips away after committing a few crimes with no safety measures but are still not getting caught

They start assuming they are immortal and uncatchable

So they start getting really comfortable

Flexing their lifestyle on social media, sharing info about their personal life, what they are doing, what possessions they have, how they obtained them, showing video/picture parts of their face or where they stay at

Then they get busted right when they least expect it, because they’ve given enough intel for law enforcement to collect the puzzle pieces together

There are thousands of such examples like vendor or market busts

But the freshest example for a person that’s been busted in the fraud community is John (Lick) Daghita

John (Lick) Daghita is a famous and known fraud com member, who stole over $46,000,000 from the govt in crypto

On March 5th, he was officially arrested

The reason he got caught? Flexing. Lol.

Here’s a video about it:
https://youtube.com/watch?v=1GtNlsXakts
(you can also watch the video with safer front-end instances that are No JS friendly, such as invidious. Learn more here: https://docs.invidious.io/instances/

And here is an article about it:
https://cryptobriefing.com/government-contractor-son-arrested-stealing-crypto-marshals-service/

Play stupid games, win stupid prizes. Should’ve kept his mouth shut.

So, ladies and gentlemen.

Please remember that you are still committing a crime.

If not done properly, crimes lead to consequences.

Whether or not you plan to commit crimes for some cash until you go legit
Whether or not you plan to commit crimes because it’s a fun side hobby for you

Whatever your reason is

If you’re gonna do it, do it fucking properly

Don’t be a retarded script kiddie and learn about OPSEC

Because as you can see, OPSEC isn’t just about hiding your ass with a VPN

There are numerous other ways you can get caught

OPSEC is about knowing what type of information you are giving out from the very beginning of your actions

Do yourself a favor and don’t rush yourself into the fraud world.

Build a strong and solid foundation of knowledge before you dip your toes into it

Stay curious, learn new things, question and research everybody’s beliefs, no matter how reputable they may seem.

Learn how to stay safe and anonymous on the internet before you do sensitive operations

And get a general sense of what OPSEC is about.

Because you don’t want to be in that prison cell for years wondering “what it could’ve been” and a criminal record next to your name for the rest of your life.

A great starting point is reading this OPSEC bible written by /u/nihilist1

OPSEC bible link, written by /u/nihilist1 from Dread:
http://opbible7nans45sg33cbyeiwqmlp5fu7lklu6jd6f3mivrjeqadco5yd.onion/opsec/

In my opinion, the bible is quite extremist but that’s understandable because /u/nihilist1 mentioned he wanted to write a quality knowledge base, not your average Joe Schmo AI slop copy-paste guide, so therefore he is aiming for brilliance

But, your OPSEC will be mediocre at best if you do not read this bible, go read it and come back to /d/FraudNetwork

Done reading? Let’s continue

You should try to stay up-to-date with the latest news and mistakes of other people, so as to not repeat them

Form your own thoughts about how things work, but also let them be challenged

Put your arrogance and ego to the side and ignore it, let yourself be a student

In the criminal world (digitally or IRL), you should aim to leave no trace

It’s not about what information a company or people are trying to get from you

It’s about what information you allow them to collect from you.

Be healthily paranoid, don’t get stuck in analysis paralysis. Very important.

We all have to take risks, it’s important that you analyze what your threat model is, so you can analyze which risks you are willing to take and try your best to mitigate them

Don’t be closed-minded, but also don’t be so open-minded that your brain falls off

And of course, don’t be too much of a pussy, drop your nuts and take a fucking risk

Chances make champions.

Keep on reading and happy defrauding

———————————-

ALWAYS REMEMBER THIS

The goal is to stay anonymous and secure.

With how much tracking is going on in the digital world, it may seem impossible to stay anonymous

There are just too many ways your ass can get deanonymized

Again, what really matters is not what information they are trying to collect from you

But what information you allow them to collect, willingly or unwillingly

So ask yourself this question every time you’re about to do something:

“Before I do this action, would I somehow be revealing sensitive intel that could lead to my deanonymization?”

If the answer is yes, you have 2 options:
– Look for ways to minimize that risk
– Or just stop doing this action (not very applicable if you really have to do it)

Some examples:
– Before I open my mouth and speak about the activities that I’m doing
– Before you visit that app/site which stores your IP and device/browser fingerprint forever in some database
– Before you share that photo/video/file which is full of sensitive metadata
– Before you share that photo/video which subtly reveals your current location
– Before you visit that unheard of site which could be full of JavaScript exploits that try to deanonymize you (if you don’t have a proper setup)
– Before you send that cryptocurrency thinking you’re anonymous but in fact you are sending directly from your KYC exchange which has all your personal info

Don’t worry, in the beginning, you won’t magically know what to do

It’s about asking yourself this question before you take a risk

As you progress, you will learn most of the ways you’re able to be deanonymized and you’ll automatically know what to do so you can stay as safe and as anonymous as possible

———————————-

LIE AND KEEP YOUR DOUBLE LIFE A SECRET

Please, please, PLEASE!

Whatever you do

PLEASE keep your double life to yourself and yourself only

Save your real life reputation and shut your mouth to maintain good OPSEC

If you mention to normal people that you:
– get drugs from the darkweb
– commit credit card scams
– you are a fraudster
– or anything else that sounds illegal and you’re bragging about it

CONGRATULATIONS, YOU HAVE NOW RUINED YOUR REPUTATION FOREVER

Normal & moral people will now FOREVER look at you DIFFERENTLY and treat you WEIRD

Not only that, but normal people like to gossip a lot

So now all of a sudden that “secret” you shared with your “friend” that he promised to never share with anyone is now known by 50 people

And your name is associated with it

I don’t give a shit if it’s your “best friends”, your relatives, your mom, your dad, your family, your kid

DON’T EVEN TRY to show them what the darkweb looks like “just for fun”

Normal people from society already don’t like drug dealers, thiefs or scammers, and don’t want to associate themselves with them

So when they even hear something about the darkweb or something shady or illegal, they get super scared and emotional because they associate the darkweb with:
– hiring hitmans
– drug cartels
– child porn and pedo rings
– ultra skilled hackers
– the illuminati
– red room human torturing
– ordering guns
– getting tracked and kidnapped when using Tor

These fake preconceived notions people have are all thanks to the misinformation and FUD that mainstream media has spread about the darknet

And if your OPSEC gets so bad that to the point where law enforcement has launched an investigation on you

Guess who’s name people are going to call out first when they get questioned and pressured by the police, especially with LE’s scare tactics and lies…

Imagine trying to explain what the darkweb is to someone whose source of information is TV news, facebook posts or he’s a full-on clanker that fully trusts ChatGPT

If you even mention to a normal person that you are somehow a darknet user, this is what is going through his head:
– “why is he on Tor, he must be hiding something”
– “could be a pedophile”
– “he hires people for murder”
– “hes a drug dealer or a gang member”
– “he can hack all my information”
– “i need to let everyone know”
– “yeah no thanks, let me distance myself from this guy”
– “sounds scary and dangerous, let me cut him off”

Reputation nightmare.

So you get the point. Just don’t.

Unfortunately, hiding is not enough

You need to be ready to lie

You NEED to MAKE UP an identity just for people as a cover-up

An identity online and an identity offline

It’s up to you to think of something creative

Write it down, rehearse it often and really thoroughly remember it

Yes, you need to rehearse it and practice it until it becomes second nature, so you don’t get any stories mixed up with different details

If you get asked about who you are or what you do, you NEED to be READY TO ANSWER

Otherwise if you sit there and think for a bit, or try to lie on the spot and look visibly nervous, people will know you are just lying

After you unconvincingly lie, people will start making assumptions:
– “He could be doing something shady”
– “He’s doing something he’s ashamed to admit”
– “Why is he so mysterious, what is he trying to hide”

All of this just attracts unnecessary attention, all of which could’ve been avoided if you were prepared.

What is the best way to lie?

Well first, if you are actually doing something legit or you got something going on that you don’t want to lie about, there’s no need to lie.

But if you don’t have much going on, or even want to keep your legit activities a mystery, here’s how to lie

Most convincing way to lie is to actually believe your own lies as if they were the truth

And you do that by building your confidence.

Your confidence comes from getting good at something

How do you get good at something? By practicing over and over.

So again – practice and rehearse that identity of yours.

If you are interested in human psychology or just similar social engineering in general, you will enjoy reading a lot of social engineering and manipulation books + posts, which you can find by exploring around in forums

You can start by reading Dread’s subdread which is /d/SocialEngineering, there are some resources in their top banner

(you can also suggest / contribute a resource yourself which I can include here)

———————————-

FRIENDS IN REAL LIFE

Anyways

Now that I got the scary part out and you really understand the consequences of sharing too much

Let’s loosen up for a second and take a breather

*take a deep breath, you will be okay*

*3*

*2*

*1*

*0*

Making friends online is safer and easier, since there is no imposed risk with proper OPSEC

And I’ve already given you some advice on how to specifically make online friends in communities and chats from the “Fraud Essentials” inside the ⚠️START HERE Directory⚠️

But sometimes, working alone in real life gets boring and it sucks

Moving in a group of 2, 3 or even more brothers that have the same mindset really keeps you consistently motivated for chasing more

It’s really a hack for having that primal drive to progress further in life, because you are constantly feeding off of each other’s energy and you could never slack or stay in one place, because if one person is trying to slack, the others are keeping him responsible and in-check

Brotherhood is one of the most powerful things you can have.

If you really have it, online or offline, do not take each other for granted.

Of course, that group is only as powerful as the mindset of the people inside and the incentive for hanging out together

It won’t work if the incentive has always been to get fucked up on a Friday, get laid or to “just hangout”

Unfortunately, having real life friends is not the reality for many people, especially if the goal is to do illegal shit together

If you haven’t made any friends in real life, stick to being alone in real life, and run it up by being solo or with friends online

But there is that 20% chance that 1 or more of your real life friends is down to do illegal shit with you

If you have friends that you feel like you can trust and your bond is like a brotherhood in real life, but you also wonder if they would potentially be down to do illegal shit with you, you can subtly test the waters

Do some social experiments and test them

Start occasionally dropping hints about relevant illegal shit

For example, something that has recently occurred in com news, or perhaps running a red light, or some seemingly innocent crimes

Or maybe making some funny negligent jokes that seem silly about doing illegal shit together or jokingly being competitive about it, saying you’ll be better than them or etc

And in those very moments…… pay attention to see how they respond and react

Then, verify if that’s really how they feel like by repeating that experiment 2-3 times and confirming

Of course, if that’s not the type of convos or jokes you would make, do not overdo it.

Spread it throughout weeks/months, it’s a slow process, otherwise you will become suspicious and they’ll start thinking shit like:
“Why is he all of the sudden talking so much about illegal shit”

You know your friends best, so the creative part is up to you on how you will test them

If they seem down, give them positive reinforcement validation by slowly going further with the talk, but still seeming innocent about it

For a basic example, in the 3rd or 4th validation, you could pretend to find some cool basic fraud resource, then share it with them and act surprised, being like “wtf” or some shit, just things that you know will fly under the radar with you

Remember, take it slow, this is not a “find out today” experiment

And of course, just because someone isn’t willing to do something illegal with you, that doesn’t make them a bad friend or a business partner.

That’s just life, some people are more moral than others.

But remember that ⚠️Fraud Can Also Be Moral⚠️ =)

If it works, it works.

If it doesn’t, you don’t lose them, you keep your reputation and keep doing your own thing

———————————-

ABOUT CLOSED SOURCE SOFTWARE

 

WHY IS CLOSED-SOURCE SOFTWARE CONSIDERED A PROBLEM?

Since you can’t exactly see the code an app is executing, you don’t know what exactly it’s doing in the background, so it’s best to assume the worst, which is spying and data harvesting

ABOUT CLOSED-SOURCE OPERATING SYSTEMS

When it comes to closed-source operating systems, you’re as anonymous and secure as your operating system

What that means is:
– you can’t just use secure instant messenger apps like Session or Signal on Windows and think you’re good
– you can’t use PGP encryption thinking your private key is in safe hands

Those tools are of no use if all your keystrokes and files are pre-scanned, stored and sent to Microsoft’s servers for later evidence

Even if that might not be the case, we have no way of proving it, since Windows is closed-source

And we already know Microsoft’s blatant spying and data harvesting reputation

If you watch some YouTube videos or test it yourself by monitoring your internet traffic from a firewall, Windows sends so much data it’s crazy

So you are better off assuming the worst, you get my point.

For storing sensitive info, use free and open-source Linux distros

ABOUT CLOSED-SOURCE APPS / PROGRAMS

When it comes to closed-source apps/programs

Sometimes, you can’t 100% avoid all closed-source software, there are exceptions

Some examples of great closed-sourced apps are:
– Antidetect browsers (like Octo Browser and Linken Sphere)
– Network tools such as Burp Suite
– Spamming tools such as Silverbullet
– iOS / Safari (if properly set-up for fraud operations)
– Other shady useful software you might discover and want to try

So if you really need to use some closed-source program you don’t trust, you have some options:
– set up a VM without any virtual network adapters, so the VM won’t passthrough your internet connection
– fully disable the app’s internet access through firewalls like OpenSnitch or Portmaster
– If it’s a Flatpak app, remove its network permissions from “Flatseal” (Flatseal is a GUI app for Flatpak apps which manage app permissions)

No internet access = No data being sent = No data harvested from user

If the closed-source app requires internet to function, make sure you mitigate the risks of getting deanonmyized and sensitive data stolen by:
– Running it inside of a VM
– Having a VPN router / hotspot (safer) or running a VPN on your host OS
– Optionally monitor it with a properly configured firewall like OpenSnitch on PortMaster

OPEN-SOURCE DOES NOT MEAN INSTANTLY TRUSTWORTHY

Although you should prefer open-source software for your security and anonymity, you should also be wary of a program’s reputation

People think if a program is open-source that means it’s safe or doesn’t have malware

That’s not true, as there are lots of hidden malwares hosted on platforms like GitHub

And if an app is open-source, that doesn’t mean it’s automatically more secure

But since most people are not programmers, how can you trust which open-source programs to use?

It’s a lot less likely an open-source program has malicious intents if
– it’s been long-running
– has a lot of positive talk around reviews and community
– has a lot of contributors
– is actively maintained

I’ve listed some software recommendations in ⚠️Practice Good OPSEC [Part 2]⚠️

Leave a Reply

Your email address will not be published. Required fields are marked *