Operational Guidelines
OPSEC in a nutshell
- Keep your mouth shut
- Guard your secrets (on need to know basis)
- Never let anyone get in a position that can blackmail you
Cover
- Create a cover (new persona)
- Work on the history, background and supporting stuff for the cover
- Create sub-aliases
- NEVER CONTAMINATE!
Rules
1- Never reveal your operational details
2- Never reveal your plans
3- Never trust anyone
4- Never confuse recreation with work
5- Never operate from your own safe house / HQ
6- Be proactively paranoid, it doesn't work retroactively
7- Keep your personal life and work separated
8- Keep your personal environment free of work related stuff
9- Don't give anyone power over you
10- ALWAYS VERIFY!
The Guidelines
- Keep your cover identities isolated from each other
- Maintain cautious habits, be paranoid.
- Do not keep a regular schedule that can give you away, randomize
- DO NOT KEEP NOTES: not on paper, not on digital form
- Don't use your real name or a version of it as a handle, nickname, etc
- Don't reveal information about atmospherics such as identifying places, weather, political events, etc
- Don't reveal information about your real self: tattoos, identifying marks, your place of origin, age, etc
- Keep a layered defense
- Be tidy, make sure everything is put away
- When using comms, don't be explicit and don't use code
- Use TOR or other anonymizing service for internet, but remember: TOR connection to a VPN or other proxy is OK, VPN or proxy connection to TOR, is not
- Never use the primary cover alias as an internet handle or user, use secondary, tertiary, etc.
- STAY AWAY FROM SOCIAL NETWORKS
- Practice: Amateurs practice until they get it right, professionals practice until they can't get it wrong
To summarize
If you think, don't speak
If you speak, don't write
If you write, don't sign
If you sign, don't be surprised