OPSEC — Fundamentos (Overview, Scope, Threat Modeling, Principles)
OPSEC — Fundamentos (Overview, Scope, Threat Modeling, Principles)
Sub-nota atomica del manual maestro manual-paranoid-opsec. Cada capitulo es una nota propia para consulta directa por dominio operativo.
Overview
The Paranoid OPSEC Manual is designed for investigators, journalists, and security practitioners who operate in high-risk or hostile environments. It focuses on no-compromise methods for safeguarding identity, devices, communications, and evidence.
- Audience: Professionals and practitioners who require the strictest levels of anonymity and compartmentalization.
- Scope: Covers devices, networks, personas, communications, travel OPSEC, data handling, and adversary simulations.
- Approach: Layered, paranoid-level security posture; continuous validation; defense-in-depth with zero trust assumptions.
1. Scope & Assumptions
- Audience: OSINT investigators, journalists, DFIR analysts, CTI teams, compliance officers.
- Use cases: OSINT collections, dark web monitoring, covert outreach, digital forensics, source protection.
- Legal/Ethics: All activities must comply with applicable laws, platform ToS, and organizational ethics. This manual is for defensive and legitimate investigative use.
2. Threat Modeling & Risk Assessment
- Adversaries:
- Low: scammers, basic doxers, automated scraping.
- Medium: organized cybercrime, private intel shops, well-resourced harassers.
- High: state/security services, APT, cross-platform data brokers.
- Low: scammers, basic doxers, automated scraping.
- Capabilities: data brokerage, device exploitation, SS7/SIM swap, ML-based deanonymization, cross-modal correlation (voice/face/gait), social graph inference, legal compulsion.
- Assets: identity, device, network location, sources, methods, evidence integrity, operational plans.
- Risk matrix (example):
- Impact (Low/Med/High) × Likelihood (Low/Med/High) → control selection & escalation.
- Impact (Low/Med/High) × Likelihood (Low/Med/High) → control selection & escalation.
- Outputs: written threat model per case; control checklist; escalation triggers.
3. OPSEC Principles & Posture Levels
Goal: Define the foundational mindset and operational tiers that govern all other decisions in an investigation. These principles and posture levels serve as a baseline for tailoring security controls depending on case sensitivity and adversary profile.
3.1 Core Principles
- Least Exposure: Reveal only what is necessary for the task. Every extra data point can become an attack surface.
- Compartmentalization: Keep personas, devices, networks, and evidence completely isolated. Cross-contamination creates attribution risks.
- Defense-in-Depth: Layer multiple controls (technical, procedural, behavioral) so that a single failure does not expose the operation.
- Need-to-Know: Limit knowledge distribution both inside the team and with external stakeholders.
- Minimize Metadata: Strip or neutralize metadata in all shared content (photos, documents, messages).
- Verify, Then Trust: Assume deception by default. Validate identities, sources, and tools before use.
- Continuous Review: OPSEC is never static; it requires ongoing monitoring, audits, and adaptation.
3.2 Posture Levels
A four-tier posture system defines what protections to enforce depending on case sensitivity, adversary capability, and potential consequences.
L0 – Routine Exposure
- Use case: General OSINT browsing, public sources, low adversary risk.
- Controls:
- VPN or hardened proxy; browser with basic fingerprint protections.
- Hardened OS or dedicated VM.
- Routine patching and endpoint hygiene.
- Minimal persona setup, can overlap with semi-public analyst identity.
- VPN or hardened proxy; browser with basic fingerprint protections.
L1 – Sensitive Operations
- Use case: Investigating scams, cybercrime forums, or potentially hostile individuals.
- Controls:
- Strict persona separation (unique email, browser profile, VM).
- Encrypted storage for collected data.
- Tor Browser or multi-hop VPN.
- Metadata scrubbing of all shared content.
- No crossover between personal and operational accounts.
- Strict persona separation (unique email, browser profile, VM).
L2 – High-Risk Operations
- Use case: Dark web infiltration, adversaries with technical sophistication, potential targeting of the analyst.
- Controls:
- Dedicated hardware or Qubes/Tails OS per case.
- Air-gapped storage for sensitive evidence.
- Multi-hop anonymity (VPN→Tor, or chained VPNs).
- Strict logging of all actions for accountability.
- Persona register with lifecycle management.
- Two-person rule for validation of high-risk actions.
- Dedicated hardware or Qubes/Tails OS per case.
L3 – Critical/Hostile Environment
- Use case: Investigating state actors, organized crime, or environments with strong surveillance.
- Controls:
- Clean hardware purchased specifically for the operation.
- No reuse of devices, SIMs, accounts, or networks.
- Travel OPSEC enforced (burner devices, Faraday pouches, no personal phone).
- One-time use personas with no long-term footprint.
- Legal review and organizational approval required before operation.
- All communications via deniable, strongly encrypted channels.
- Clean hardware purchased specifically for the operation.
🔥 Extreme Practices (Optional)
- Treat L3 not as exceptional but as default baseline.
- Rotate between multiple hardware sets in separate jurisdictions.
- Maintain duplicate infrastructures (e.g., two distinct Tor/VPN paths for same task, cross-check results).
- Conduct threat simulation drills (e.g., adversary seizes your device in 5 min – what leaks?).