Protected Territory and "the fix"

[the grugq]

Hey,

So, I am pretty sure that I got it wrong last time I discussed my thinking on protected territory for hackers. I likened it to a protected server, but of course this is not really correct. The most accurate version of safe territory for a hacker is, obviously, a safe territory for a hacker. The two most prominent of these are China and Russia, where hackers are basically given free rein provided they play within the rules: the hacking starts where the border ends. (This sort of "blind" eye can be emulated by effective target selection, e.g. Egyptian hackers targeting Israeli computers are effectively immune from Egyptian law and Israeli legal repercussions.)

This provides massive benefits to hackers who can devote more resources to offensive operations, and spend less time and effort worrying about the adversary at their doorstep. There are, of course, also problems with this sort of arrangement. The host country providing the safe haven is free to collect information on the hackers, and should the political climate ever shift the hackers are completely at the mercy of their hosts. This happened to al Qaida in Sudan in the 1990s and was a massive intelligence failure for AQ. Their Sudanese hosts turned over massive amounts of data about the internal workings of AQ to the USA in exchange for better political relations. 

The problem of shifting political winds stripping safe shelter from location was a problem also faced by the professional criminals of yesteryear. Major criminal operations required a corrupted law enforcement apparatus to operate safely. This was called "the fix", and was usually a job handled by specialists called "fixers". They would accept a certain percentage from long running operations (usually 50% of main con man's share, sans expenses), or special one time payoffs for specific cases. The fixers knew everyone who was operating in their territory, because, without the protection of the fixer those other criminals, as persona non grata, were exposed (sometimes deliberately) to the full brunt of the law. On occasion the fix would "curdle", and then the professional thieves would invariably end up "doing a bit" (in jail). 

To bring it back to OPSEC, my point is basically, it never pays to be lazy and rely on a third party (the fixer, a safe country) to provide your protection. If anything happens to alter the environmental parameters that third party is operating in, you earlier poor OPSEC practices will leave you exposed. Good OPSEC is prophylactic. Don't trust in others for your own security. 

cheers,

--gq