Time to get some interesting case studies in OPSEC failures then you'll find that these failures are indeed basic and you'll observe that if you just get basic OPSEC right as I've detailed here you would be an advanced opponent to your adversary who relies on basic OPSEC failures and easy targets.

No other criminal actions.

In these case studies are condone at all.

They are here to demonstrate our OPSEC failures result in a breakdown of security privacy and anonymity which illustrates the point of how important OPSEC is.

The first case study is LulzSec.

Hector Mansour gear known as Sabu normally connected to the LulzSec IRC Channel via tor.

The FBI was monitoring the channel.

On one occasion you logged in using his real IP address and that was it.

Game over.

After being caught he started collaborate one mistake.

Was all it took.

Jeremy Hammond another LulzSec member and Hector spoke with each other on IRC Hammond casually let slip he was on probation where he had been arrested and other groups who were involved with this Narrow down to a small number of possible suspects.

Allowed the FBI to get a court order to monitor his internet access.

This is classic profiling Hammond use tor.

Wish wasn't the anonymize by the FBI because it wasn't even necessary.

Old fashioned police work is the most effective method most often because of OPSEC failures.

The FBI just correlated times the sub_gid was talking to subdue on IRC with when Hammond was at home using his computer.

This is called a correlation attack.

We talk more about counter's to this later LulzSec members talked about their operational activities.

They use Tor.

Apple laptops.

They talked about which VPN they used.

One member used stolen credit cards to buy used car parts and got them shipped to his own house.

These are all basic mistakes.

They failed to apply many of my OPSEC rules.

They didn't keep their mouth shut.

They trusted people who are working for the FBI.

They contaminated their identities.

They allowed themselves to be profiled by giving away personal information and didn't protect their main assets LulzSec is no more the next case study is Silk Road.

This is based on what has been published.

How true it all is is on Ross William Ulbricht is the alleged Dread Pirate Roberts and operator of the original silk road.

Silk road had almost a million user accounts by July 2013 and is alleged to have processed 1.2 billion in transactions over two years.

Probably because of the drugs being sold.

The FBI became very interested in who was running and who was this dread Pirate Roberts.

The FBI started look for references to Silk Road online.

Simply google searches.

An account called aldehyde had posted jobs for Silk Road and related projects on the shoroomre.org forms an account named aldehyde also made a post on BitcoinTalk.org about looking for an I.T. pro in the Bitcoin community

And asked interested parties to contact [email protected] this hide his real identity to Silk Road then Ross Ulbricht Gmail account also posted on Stack Overflow asking for help with PHP code to connect to a tor hidden service the user name was later then changed to something called Frosti So this then connected him to hidden services when he was caught by US Customs receiving 9 fake IDs allegedly told them.

Anyone could have ordered them from Silk Road using Tor and they hadn't even mentioned silk road or tor to him.

So this infected him too.

So I wrote again and to using tor the real IP address of the Silk Road servers was identified by the FBI.

How this was done isn't known but it could have been any number of ways possibly by exploiting a vulnerability on the server and then forcing you to connect not using Tor once located.

The FBI was able to get a copy of one of the servers the server used and SSH public key that ended in frosty frosty and had some of the same code posted on stack overflow.

This is cryptographic attribution.

The FBI located Ross at a library observed him using the laptop at the same time as Dread Pirate Roberts was logged in and grabbed him while his laptop was not locked so description wasn't protecting the data.

And then allegedly more evidence was found in his laptop including a full journal of his activities.

And this seems so stupid that it's hard to even believe it is true.

Personally I question these alleged happenings but based on this information you can see a combination of basic OPSEC failures.

He contaminated his real identity with Dread Pirate Roberts.

So it was doomed from the moment he did that.

He didn't keep his mouth shut and he blabbed about Silk Road and tor without even being asked about them.

It became far too interesting and a target to an extremely well resourced adversary.

He had no plans for the not leaving his laptop unencrypted when caught with evidence on it.

That should never have been there in the first instance.

And the list of his failures goes on.

If they are indeed true.

Silk Road is no more.

And the final case study is the Harvard bomb threat a character called Eldo Kim.

Want to get out of a final exam.

So he's alleged to have made a bomb threat and what we know about this case is using the university network he connected to tor.

Attempting to anonymize himself.

He used a disposable email account from Gorillamail.com to send the bomb threat the email received contained as normal an X originating IP header indicating the IP address of the sender which in this case would show the Tor exit nodes IP address all Tor exit nodes are publicly known except bridges.

So it is possible to know the email was sent via a tor.

Basic policing would look at motives of the person sending in the bomb threat so who would have motives.

Students of course.

So the first obvious step is to look through the logs.

The university network see if any students were accessing tor at the same time eldo was identified as using Tor at the same time as e-mail was received.

Again this is called Traffic correllation and under questioning he confessed pretty basic errors didn't keep his mouth shut contaminate is identity's by not maintaining compartmentalisation.

He could have simply gone off site to a network that wasn't monitored.

The people with good OPSEC you never hear about.

There's no case studies on them.

And finally here's an interesting story of OPSEC failures of spies.

If you want to check out that video that's quite interesting.