/d/OpSec icon

/d/OpSec

16,634 subscribers

Must read: https://anonymousplanet-ng.org/guide.html

Discussion of OpSec, Threat Models, Protection, Assessment & Countermeasures.

Vendors, please use /d/vendor_handbook.

While the focus of this community's OpSec discussions may center around Dark Net (DN) activity, all members of this sub are encouraged to think about, discuss, and share ideas relating to OpSec that extend beyond the bounds of the DN.

increasing opsec

by /u/PsychoticT0e · 1 votes · 1 week ago

as the title states im looking to increase my opsec im curently using tails and i sort of have the same setup as the kid who got arrested in Jersey

http://darkzzx4avcsuofgfez5zq75cqc4mprjvfqywo45dfcaxrwqg6qrlfid.onion/post/jersey-teen-sentenced-for-buying-drugs-on-darkweb/

i want to take extra precautions and habve a safer setup to prevent LE from raiding etc any help would be appreciated

Comments (16)
/u/notthathard · 4 votes · 1 week ago · Link

You sort of have the same setup? That is laughable.

In November 2020, customs officers executed a search warrant at the then 16-year-old’s residence.

order domestic

During the search, officers found MDMA pills, amphetamine powder, and LSD.

don't keep your stash at your house

According to the Jersey Evening Post, investigators found the USB drive plugged into the laptop. It was “discovered to have a browser open on a dark web marketplace selling controlled drugs.

be prepared for a raid at all times

A search of the defendant’s phone resulted in the discovery of messages discussing drug dealing, internet searches related to drug use, and cryptocurrency exchange accounts. Investigators found evidence the defendant had purchased marijuana online, “pictures depicting drug use, large amounts of cash, evidence of the purchase of hundreds of clear plastic zip-lock bags, and a suspected Instagram and Snapchat advert for MDMA.” The defendant also had a text document on his phone outlining plans for drug importation and trafficking.

get an IQ over 80

/u/PsychoticT0e OP · 1 votes · 1 week ago · Link

shoudl i add any extentions to tails and the domestic part and all that i get but its more of should i install anything extra and stuff like that

/u/notthathard · 2 votes · 1 week ago · Link

If you plan on vending and have a bunch of reasons to use extra software that isn't on tails by default, and/or if you have a bunch of data to store, consider moving from tails to qubes/whonix. Never forget, always encrypt everything, and never use your phone.

edit: and always remember, encryption without a secure password is the same as no encryption

/u/MajesticBard18 · 1 votes · 6 days ago · Link

Very funny that you say that as the kids lawyer said he has the tism lol

/u/HeadJanitor Moderator · 1 votes · 1 week ago · Link

Stayed connected to /d/OpSec

Learn from the mistakes.

Be fluent with PGP.

Stick to the fundamentals that you're supposed to learn when you get here.

Go through the past posts.

/u/akkarin · 1 votes · 1 week ago · Link

message on phone, stash at home, FAIL TO UNPLUG TAILS USB -> do not pass go, go directly to jail.

/u/MajesticBard18 · 1 votes · 6 days ago · Link

If I have a trap phone that you keep at another location and wipe down after can you use that to message and sell? Obv not linked to me just a burner.

/u/notthathard · 1 votes · 6 days ago · Link

Don't see why you can't just use jabber on a tails laptop, or signal or session on whonix if "user friendlyness" is a factor.

If you MUST use a phone for some reason, make sure it has a removable battery that you take out when not in use, use an encrypted open source messenger like signal or session, set the auto-delete timer to a value of a few hours at most, wipe it with a data deletion tool every week, and preferably switch the phone and sim out for a new one every month or so just to be extra safe.

/u/MajesticBard18 · 1 votes · 6 days ago · Link

Trying to sell to others and most people dont want to go through any other app then snap. I also dont have a sim card on it only using wifi messaging apps. Im new to this so what is the advantage of those extra steps?

/u/notthathard · 1 votes · 6 days ago · Link

Using snap is a major security risk. If you have no other choice but to go that way to gain customers, which I'd argue isn't true, then just do it until they are dependent on you for their drugs. Then make them switch to signal/session afterwards that you set up on another phone than the burner phone you used for your prior snap dealings. Nobody who has a reliable dealer is going to break that relationship over having to install a messenger app on their phone for security reasons.

For your question about the advantages of my suggestions:

Removable battery: Potentially paranoia on my part. Most would say the same could be accomplished with just powering off your phone. However I have seen interviews with the likes of Edward Snowden where he mentions the potential risk, but never read an actual indictment where this was actually used against someone. Personally I follow the 'better safe than sorry' mantra, hence the recommendation.

Encrypted messenger: So that there isn't a permanent record of all your dealings stored somewhere on some random company's server, for LE to later use against you, like there is with unencrypted messengers.

Open source: Can never fully trust closed source applications

Auto-delete function: In case they get your phone somehow and can prove you're the owner

Wiping it weekly: same idea as auto-delete, but as an added precaution

Switch phone and sim out monthly: same idea as wiping it weekly, but as another added precaution

/u/MajesticBard18 · 1 votes · 6 days ago · Link

Thank you so much this was so much great info!

/u/notthathard · 1 votes · 5 days ago · Link

You're welcome.

One more thing I forgot. When you get your customers to install signal/session, every month or so offer them a freebie extra on their order if they show you they have their auto-delete function set to 1 day as well and the rest of their history with you has been cleared. Whether that be through screenshot if you don't deal IRL, or by actually showing you your conversation with them on their phone if you do deal IRL. Minimizes your exposure if they ever get caught and LE gets its hands on their phone.

Doesn't have to be much, like if you sell weed usually per 5 grams, offer them 5% extra, so 5.25gr for the normal price of 5 gram. Almost doesn't cost you anything, most people won't mind, and in my opinion it's a significant risk reduction.

/u/MajesticBard18 · 1 votes · 5 days ago · Link

Very smart! I will be doing that, thank you again this is very helpful!

/u/notthathard · 1 votes · 5 days ago · Link

There's one final crucial thing I forgot. You mentioned already about not keeping the burner phone at your house. That's a good first step, but not good enough. You're also not allowed to bring your normal phone with you when you're going out to use your burner phone.

Let's say you're doing business citywide, chances are you'll be connecting to different celltowers. Every time your burner phone connects to a different tower, your normal phone will also connect to it, making it trivial for LE to find your real phone and thus your identity, once they get their hands on the phone number or IMEI of your burner phone.

Switching off your normal phone is also not an option, because if every time your normal phone switches off and disconnects from all celltowers right before your burner phone switches on and connects to a tower, that correlation can also be used to trivially find your real phone.

/u/MajesticBard18 · 1 votes · 5 days ago · Link

Got it, you are the greatest help ever!!!

/u/asfaleia · 1 votes · 5 days ago · Link

Make an OpSec. What you do now is that you follow some setup. This is not OpSec.