Cherry popping OPSEC discuss.
142 views
Skip to first unread message
the grugq
Dec 18, 2012, 11:35:30 PM12/18/12
to opsec-...@googlegroups.com
Hi,
Operational independence was one of the major OPSEC strengths of the early
Provisional Irish Republican Army (PIRA). Each unit was free to select targets
and plan missions without oversight from the central command (this applied
particularly to the countryside units). This operational independence
provided strong OPSEC in a number of ways:
* it restricted the number of people with operational intelligence (fewer
people who could leak)
* encouraged/forced each unit to develop unique OPSEC guidelines
and procedures (complicating adversarial analysis)
* encouraged high operational tempo (forcing the adversary to be reactionary)
This independence created a number of OPSEC weaknesses as well, which were
particularly damaging to the PIRA in its early days. These OPSEC weaknesses
where mostly the result of these ad hoc OPSEC guidelines developed by each
unit. Without training to avoid contamination (known PIRA members
fraternizing in public with underground members), and STFU (members singing
IRA songs in pubs), it was easy for the adversary to gather intelligence on
group membership.
I believe the OPSEC strengths of the PIRAs independent units can be applied
well to hacker teams. I think that the problems and failures they faced
can be overcome by a centralized resource providing strong OPSEC training
and information for everyone. It is my hope that this mailing list will help
to create a such a resource.
cheers,
--gq
Operational independence was one of the major OPSEC strengths of the early
Provisional Irish Republican Army (PIRA). Each unit was free to select targets
and plan missions without oversight from the central command (this applied
particularly to the countryside units). This operational independence
provided strong OPSEC in a number of ways:
* it restricted the number of people with operational intelligence (fewer
people who could leak)
* encouraged/forced each unit to develop unique OPSEC guidelines
and procedures (complicating adversarial analysis)
* encouraged high operational tempo (forcing the adversary to be reactionary)
This independence created a number of OPSEC weaknesses as well, which were
particularly damaging to the PIRA in its early days. These OPSEC weaknesses
where mostly the result of these ad hoc OPSEC guidelines developed by each
unit. Without training to avoid contamination (known PIRA members
fraternizing in public with underground members), and STFU (members singing
IRA songs in pubs), it was easy for the adversary to gather intelligence on
group membership.
I believe the OPSEC strengths of the PIRAs independent units can be applied
well to hacker teams. I think that the problems and failures they faced
can be overcome by a centralized resource providing strong OPSEC training
and information for everyone. It is my hope that this mailing list will help
to create a such a resource.
cheers,
--gq
Maxim Kammerer
Dec 19, 2012, 7:29:12 PM12/19/12
to opsec-...@googlegroups.com
Correcting To: field...
---------- Forwarded message ----------
From: Maxim Kammerer <m...@dee.su>
Date: Thu, Dec 20, 2012 at 2:26 AM
Subject: Re: [OPSEC] Cherry popping OPSEC discuss.
To: the grugq <theg...@gmail.com>
On Wed, Dec 19, 2012 at 6:35 AM, the grugq <theg...@gmail.com> wrote:
> I believe the OPSEC strengths of the PIRAs independent units can be applied
> well to hacker teams. I think that the problems and failures they faced
> can be overcome by a centralized resource providing strong OPSEC training
> and information for everyone. It is my hope that this mailing list will help
> to create a such a resource.
A couple of good sources:
1. Swiss Army, “Total Resistance”, Part II, Sec. III: Operations of
the Resistance Movement — some professional OPSEC that PIRA probably
didn't follow.
2. Доронин А.И., <Long textbook title>, Chap. 4 covers performing and
detecting foot and vehicle surveillance,
http://www.agentura.ru/library/doronin/glava4/ (Russian)
--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte
--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte
---------- Forwarded message ----------
From: Maxim Kammerer <m...@dee.su>
Date: Thu, Dec 20, 2012 at 2:26 AM
Subject: Re: [OPSEC] Cherry popping OPSEC discuss.
To: the grugq <theg...@gmail.com>
On Wed, Dec 19, 2012 at 6:35 AM, the grugq <theg...@gmail.com> wrote:
> I believe the OPSEC strengths of the PIRAs independent units can be applied
> well to hacker teams. I think that the problems and failures they faced
> can be overcome by a centralized resource providing strong OPSEC training
> and information for everyone. It is my hope that this mailing list will help
> to create a such a resource.
1. Swiss Army, “Total Resistance”, Part II, Sec. III: Operations of
the Resistance Movement — some professional OPSEC that PIRA probably
didn't follow.
2. Доронин А.И., <Long textbook title>, Chap. 4 covers performing and
detecting foot and vehicle surveillance,
http://www.agentura.ru/library/doronin/glava4/ (Russian)
--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte
--
Maxim Kammerer
Liberté Linux: http://dee.su/liberte
Reply all
Reply to author
Forward
0 new messages