type: guide
title: "OPSEC — Source protection & HUMINT interactions"
parent: "[[manual-paranoid-opsec]]"
source: "cyber-intelligence-toolkit/manuals/paranoid-opsec-manual.md"
tags:
  - topic/opsec
  - topic/humint
  - method/review
processed: true
status: seedling

OPSEC — Source protection & HUMINT interactions

Sub-nota atomica del manual maestro manual-paranoid-opsec. Cada capitulo es una nota propia para consulta directa por dominio operativo.

12. Source Protection & HUMINT Interactions

12.1 Threat Landscape

Human sources (HUMINT) are among the most vulnerable assets in any operation.

They can be exposed by metadata leaks (calls, chats, location).
Surveillance or interception may compromise meetings.
Mishandling evidence can reveal identities.
Psychological pressure or social engineering can extract information.

Protecting sources requires both digital and physical OPSEC, as well as strong interpersonal tradecraft.

12.2 Digital Protection of Sources

Avoid storing source identities on personal or operational devices.
Use secure communication channels (Signal, Session, Briar, SecureDrop).
Strip metadata from all files before storage or transfer.
Maintain separate digital compartments for each source.
Never reveal one source’s existence to another.

12.3 Physical Meetings

Select safe meeting locations with multiple exits and low surveillance coverage.
Avoid predictable schedules; vary routes and timing.
Pre-establish emergency signals and fallback procedures.
Never bring personal or unnecessary electronic devices to meetings.
Minimize time together to reduce exposure.

12.4 Trust & Relationship Management

Build trust gradually; never overload a source with sensitive tasks early.
Protect their psychological safety: avoid paranoia-inducing practices unless necessary.
Ensure clarity of expectations: what is shared, how, and under what risks.
Use need-to-know principles: sources should not have more context than necessary.

12.5 Handling Information

Always verify source claims with independent evidence.
Keep detailed logs of source interactions, but anonymize identifiers.
Store sensitive notes in encrypted, compartmentalized archives.
Protect against internal leaks: limit who has access to raw source intelligence.

🔥 Extreme Practices (Optional)

Never carry any digital record of a source’s identity — commit identifiers to memory or use deniable physical ciphers (e.g., codes hidden in innocuous notes).
Use non-digital dead drops: physical objects, chalk marks, coded signals.
When digital transfer is unavoidable, use multi-hop anonymization: source → disposable device → one-time relay → analyst.
Conduct pre-meeting counter-surveillance sweeps (RF scanners, thermal cameras, observation detection routes).
Employ psychological decoys: run parallel fake meetings with sacrificial sources to divert adversary attention.
Use air-gapped communication kits: encrypted messages transferred only via offline devices and removable media.
Establish multi-layered deniability: if the source is caught, their digital and physical traces must point to a benign cover.
In hostile regimes: avoid in-person meetings entirely; rely on proxy intermediaries or coded public signals (graffiti, innocuous online posts).

Themes

tema-opsec-completo-analista