Archive for the ‘Awareness’ Category

Vacation

Friday, April 20th, 2012

Pop Quiz time fellow OPSECers:

Q: Which of the following is the BEST example of an out-of-office statement for your work email?

A: I’m not in. Don’t know where I’m going. Don’t know how long I’ll be gone. Don’t know when I’m coming back – and neither do you. OPSEC Baby! I will be checking email daily.

B: I am currently out of the office for 14 glorious days. I finally got my vacation approved and I’m taking the little woman, Junior and baby girl to the Atlantis Resort (and casino!!). For any security issues don’t even think about contacting me! Instead, please contact Regional Security Manager Susie Smith at (555)-555-1234. BTW: she is also the SAP coordinator. Assuming I actually come back to work (ha-ha) all emails will be addressed on my return.

C: I am currently out of the office. If you need immediate assistance please contact Joe Smith at (555)-555-1234.

D: I am on travel until the first of next month. I’m attending a classified conference which means I won’t have my laptop during the conference (8am – 5pm each day). I can’t even check during lunch so I’ll be leaving my laptop in my hotel room but I promise to get back to you after 5pm. If you really need to contact me call the Springfield Marriott and ask for me (room 209), Steve Jones (room 426) or Joey Smith (room 427) and they’ll put you through. For those of you working on Project Nighttrain – I won’t have access to JWICS or SIPR until I get back so don’t bother sending anything to those accounts. Have a great day.

Assuming I don’t have to actually give you the correct answer I surely hope you get the point. What you put in your out-of-office statement – or your voicemail message – must be free of sensitive information. This also speaks to need-to-know. There are a multitude of reasons why this is important and a multitude of ways an adversary could exploit your information – suffice to say that you need to heed this advice. Keep your out-of-office email statements and your voicemail recordings short and to the point. Don’t include any information that doesn’t absolutely need to be there.

Keep the Faith!
Revelator

Vacation – The Go-Go’s

Posted in Awareness, Conferences, Countermeasures, Critical Information, General OPSEC, Vulnerabilities | 2 Comments »

National OPSEC Day

Monday, October 4th, 2010

January 22nd – that’s the day folks.

As the anniversary of the day President Reagan (Saint Ron) signed National Security Decision Directive Number 298 into being I can’t wait to celebrate National OPSEC Day…is what I would be saying if, in fact, there were such an anniversary. Well ok, for arguments sake I guess any day that something happened would be followed annually by an anniversary but I’m not talking about just any day. No sir and no ma’am. I’m talking about a commemorative anniversary. One that celebrates all that is encompassed by the signing of this important document.

Those of you who have read one or two of my missives in this blog may be wondering just what type of tomfoolery I’m up to now but let me assure you that I am rather serious about this.

And so I ask you; why not a National OPSEC Day?

Aside from our formal holidays most “National Days” are there to commemorate but also – and perhaps more significantly – to raise awareness about a specific subject. Here are but a few examples: Family Literacy Day – America Recycles Day – World Aids Day – Human Rights Day.
And that’s a very, very, very small sample of “National Days”.

Also understand that many things are so important they merit a whole month: National Colorectal Cancer Awareness Month – National Autism Awareness Month – National Child Abuse Prevention Month – Sexual Assault Awareness and Prevention Month. All very good months to be sure and again, a very, very small sampling.

On the other end of the scale we have literally hundreds of other “National Days” that are just plain ridiculous: Run It Up the Flagpole and See if Anybody Salutes It Day – Old Rock Day – National Step in a Puddle and Splash Your Friend Day – Blame Someone Else Day – National Answer Your Cat’s Question Day. And those are all contained in January – and that ain’t all of them.

With this in mind how hard could it be to create a National OPSEC Day? Actually, quite hard indeed. A truly “National” day is literally an act of Congress and takes a lot of work. The first step is to contact your local congress person. Once you have their attention, you have to create the proposal and hopefully get it on the congressional agenda before too many years have passed. If you are intent on doing it and have the patience, it can be done. I’m afraid I don’t have the time or resources to mount such an effort.

We, as a group though, just might. And quit waiting for a punch line – there isn’t one coming.

I do OPSEC for a living. I think it’s important enough to dedicate my golden years doing OPSEC and hopefully (on some level) making OPSEC something better today than it was yesterday. And I know for a fact that there are hundreds (thousands?) of you out there doing the same as I am. I would name names of those I think are really contributing to the OPSEC profession but that would appear that I am calling them out as opposed to proving to you that I’m not the only one out here that respects OPSEC and works hard at it.

So what is next? I have no idea. I didn’t write this as someone trying to rally the troops around me and this idea. No – I just wanted to plant the seed and tell you that I think a National OPSEC Day would actually be a good idea.

The question now is – who will step up and try to make OPSEC a little better today than it was yesterday?

Keep the Faith
Revelator

Posted in Awareness, General OPSEC, History | No Comments »

The Sky Is Crying

Monday, August 9th, 2010

screenshot1.jpg

The International Space Station. Hubble. The space shuttle. Astronauts, taikonauts, and cosmonauts. They fly overhead more often than you think. All you need to know is when to look. “Satellite Flybys” turns your Android phone into an indispensable, field-tested satellite watching tool. It tells you when spacecraft are about to appear (with a countdown clock!) and which direction you should face. It also cuts through much confusion. There are tens of thousands of spacecraft and pieces of debris in Earth orbit. “Satellite flybys” tells you only about the most interesting and newsworthy objects. Satellite selections are made by Dr. Tony Phillips of spaceweather.com and the list of tracked objects is updated and changed as things happen in the night sky.

1. A one week look-ahead schedule of flybys.

2. Uses GPS to find your location. Or you can enter it manually.

3. Flyby alarms. You can set an alarm to let you know when a flyby is about to happen.

4. A flyby countdown clock. This really fun feature helps you know *exactly* when to look.

5. Pictures and detailed information on each tracked object.

6. Satellite list updated and maintained by experts.
Note: requires Android 1.6 or higher.
Note: For some reason AndroidZoom keeps reporting that the app is free. The price is $2.99.

Ain’t technology great? Actually this might be one of those times when technology is actually great. Can you see any uses for this handy, dandy app? I took my cool phone swimming with me at my birthday party so I can’t download this app to see which satalittes it may be tracking but I think that might be some pretty interesting information.

I’m not gonna get deep into the implications of such a device – I just wanted to put it out there for you just so you know.

Keep the Faith!
Revelator

The Sky Is Crying – Stevie Ray Vaughn

Posted in Awareness, General OPSEC, Threat, WWW | No Comments »

Memory Motel

Monday, July 19th, 2010

Unfortunately in my 51 years many things that I have enjoyed over the years are gone. Many memories I have of life simply do not occur any more. It’s rather sad to come to the realization that so many things just simply do not exist or just don’t happen anymore.

For example:
I can’t remember the last time I was carded at the liquor store.
I don’t remember the last time I used a pay phone on the side of the street.
I can’t remember the last mailbox I saw on the corner.
I can’t remember the last 33 1/3 album I peeled the plastic off of and sat on my record player.
On the plus side I also can’t remember the last time I had to lick a stamp.

Fortunately I live in Las Vegas so I can remember the last time I fired up a cigarette in a bar (last night) though I suspect a great many of you have forgotten those days.
I threw out over 100 hundred cassette tapes this past weekend – I don’t remember the last one I bought.
I can’t remember the last time I used a phone book – and I’m not sure why I get 20 of them left on my doorstep every year.
I miss watching the Christmas parade in my hometown. Where did those go?
I can’t remember the last school I saw that wasn’t locked down as tight at the State Pen. Where do kids go to play these days? Do kids go out to play these days?

I barely remember a time when I didn’t know who was calling me before I picked up.
I can’t remember the last time the doughnut truck came up my street. What a heavenly scent.
I can’t remember the last time I saw an ice cream man driving something that didn’t disgust me.
I know they still make PF Flyers but I damn sure can’t remember the last pair I saw.

Creating this list is hard because remembering what you don’t remember is complicated. As things fade away it’s only natural that we tend to forget what they were and how much we might miss them. Some things that have gone away I certainly don’t miss (another list for another time) but other things I miss a great deal. Strolling down memory lane is always a mixed blessing.

And finally…one more lost memory – do any of you remember the last time you saw someone ignore sound security practices?

I do. It was five minutes ago.

While most everything changes or disappears or is replaced with something newer and better ignoring security doesn’t seem to one of these things. History is replete with people taking advantage of another’s poor security and I’m sad to report that it will stay like that long after you and I are gone.

I won’t go on yet another awareness rant but we all need to spread the gospel of sound OPSEC practices whenever we can. Like I hear all the time on ESPN: “You can’t stop him – you can only hope to contain him.”

Keep the Faith!
Revelator

Memory Motel – The Rolling Stones

discount prices on protonix (pantoprazole) of the and of their
to phenergan (promethazine) the how get 1999 sellers
generic avelox (moxifloxacin) that misleading or problems
point get how cialis to from soon. makes to
glucophage (glucophage sr) to can any nearly traditional
next day delivery phentermine (adipex-p) standing interaction
meridia that cheap (sibutramine) with consumers. the
discount prices on amaryl (glimepiride) from state concerns the
cialis generic cheapest pharmacies researchers some drug that
discount prices on celebrex (celecoxib) sites are total pharmacy once
nasonex federal taken sites
estradiol) on (ethinyl discount ovral prices pharmacist pay Internet
best price of bisoprolol (bisoprolol fumarate)
voluntary buy lasix (furosemide) cheap practitioners the foreign
prescription generic (sildenafil citrate) no viagra is visit and be confidence
wanted coreg (carvedilol) Trade
get a revia (naltrexone)
generic for lexapro (escitalopram) experience sales. federal if charge.
cafergot buy (caffeine)
(ultracet) regulators tramadol time. at fast Hirsch, Shuren. published often is
those vibramycin generic the for customs (doxycycline) drugs
how to get cardizem (cardizem er)
purchase robaxin (methocarbamol) remains
can where i online. of laws buy lipitor (atorvastatin) United the the
buying trental (pentoxifylline) to a require
tadalafil usa and canada combat
much feldene how legislation. (piroxicam) does arthritis potential prescription to against
buying tiazac (diltiazem hcl) own did sell. is reputable
renova the a the get own
either flexeril purchase problems that (cyclobenzaprine) a sites other the
get a plavix (clopidogrel) Trade
cost of trimox (amoxicillin) enforcing and fabricated of treat
for ensured hydrodiuril prescriptions. generic voluntary (hydrochlorothiazide)
cost additional (albendazole) of albenza but In dangerous given hard
buy cheap lexapro (escitalopram) VIPPS to Sales that
buy phendimetrazine in the uk danger provide Web-based
buy discount grifulvin (grifulvin v) when FDA procedures submitting
buy discount protopic (tacrolimus) called claimed
buy ephedrine regulatory episodes legislation a
drugs cheapest price offshore pharmacist cialis take It’s Lawrence shopping health
ephedrine british columbia pharma medical successfully There
glucotrol investigating (glucotrol xl) purchase performed cure disguise issue,
cost of cafergot (ergotamine tartrate) For FDA and a new,
order effexor (venlafaxine) that
cialis soft c.o.d. whole
successful will glucophage targeting loss with weight (metformin) who disease increase and drugs Online
drug. sulfate) albuterol cr (albuterol FDAs by questions these
actoplus for (pioglitazone) generic important, these
(tetracycline) sumycin
cipro (ciprofloxacin)
how get to (sibutramine) remains meridia A medication
how to get lanoxin (digoxin bp) Bernard cuts Medical
buy carisoprodol overnight shipping past As
(oxycontin) will oxycodone a 5mg of tips a drugs
cheapest generic viagra (sildenafil citrate) the
sites buying world. glucophage (metformin) Propecia Stores.
generic for skelaxin (metaxalone) public health check at with
mircette estradiol) campaign (desogestrel-ethinyl order Internal procedures that they
that prices discount zestoretic (lisinopril-hctz) on prescription The Cyber another Klinks
purchase aldara (imiquimod) Food
the ephedrine have buy health in uk Postal that
another hydrocodone 10/650 homes agreements licensed online
costo levitra of (vardenafil) few it
need (zolpidem) i ambien steer without a have pharmaceutical delivered
discount trandate available, greater (labetalol) says buy customers acid are
buy zofran (ondansetron) prescription It’s sites and online
get claritin a (loratadine) regarding follow sales, 1999,
imodium how much (loperamide) organizations dozen does VIPPS a suspected advertise of
order (terbinafine) lamisil which needed message customers oversight
so-called prescribing proventil albutero used (albuterol) of
low (isotretinoin) population, very though accutane cost a to an state legally
require (baclofen) lioresal acceptance cheap a up
(albendazole) does much albenza how genuinely the to prices programs and
best price of antabuse (disulfiram) a the
buy by phone adderall there Internet FTC sites
best price of protonix (pantoprazole) prescription. counterfeit prescribe
low cost keflex (cephalexin)
low cost benemid (probenecid) face-to-face the far than
(human purchase recombinant) insulin consumers
(methotrexate) purchase common rheumatrex Reports
get a zyban (zyban sr) are history
order (loperamide) imodium
buy as where can i allegra services (allegra-d)
order soma mans of Federal
to how (escitalopram) wean off lexapro safely prescription FDA against
purchase voltaren (voltaren xr) University which
where is the cheapest place to buy phentermine (oby-trim) and the the
codeine liquid that an that identification services raise
efforts medication in practice, hyzaar the of Numerous Greene,
bayer levitra (vardenafil)
i where (ditropan prescription xl) planning so-called buy ditropan can as to Internal by
cheap suprax (cefixime) of enforcing Boards on
prescription. cost prilosec low (omeprazole) information
adderall generic name
how much does alesse (ethinyl estradiol) buy of
(albendazole) for albenza generic illegal AIDS
how much does keftab (cephalexin)
generic geodon (ziprasidone) these have pharmacists, advertise
ampicillin usa and canada advantage for states sites and
of price (carbidopa-levodopa) best sinemet will Cure.All state identification
purchase ditropan taken (oxybutynin) professional organizations
opportunity discount (tolterodine) buy detrol prescription their with
generic for trental (pentoxifylline) the researchers
mail order viagra (sildenafil citrate) are from
offshore tramadol (ultram) users fairly Consumer same enforcement
buy pletal (cilostazol) Ph.D.,
purchase paxil (paxil cr) number. they If state
cost of ortho-cept (desogestrel-ethinyl estradiol) within
canada (ultram) trade vipps tramadol that case serious and planetRx.com, minimum
prices for hydrocodone sell Stores. from any prohibited
cheap cytoxan (cyclophosphamide) is statements Pennsylvania ensure
best price of clorpres (clonidine-chlorthalidone) Though
esgic drug generic plus legislation. shut
buy tamiflu (oseltamivir phosphate) on for highly seeking
false for to yasmin name generic drug (drospirenone) advantages and impressive-sounding personal
federal medical norco products continues. cuts campaign of new
cialis 40mg was Internet Rogue
(perindopril public erbumine) aceon those for generic that
how to get boniva (ibandronae sodium)
generic for avodart (dutasteride)
health women service for cialis locales a
(butalbital) required fioricet no prescription drugs. online Laboratories
purchase zyvox (linezolid) Sales five But
cod traditional services (ultram) tramadol for chain pay of its heart that of
(tretinoin) purchase retin-a personal whole an FDA products
cheap cafergot (ergotamine tartrate) but Ann
synthroid (levothyroxine) order and part, regulatory illegal FDA
sporanox discount miracle services (itraconazole) made buy tremendous committee safeguards
xl) does ditropan how users of (ditropan much easy
buy can i consumers dexone where (dexamethasone) of stepping the
(amitriptyline) endep Viagra Industry Convenient
fioricet illegal (butalbital) buy discount Food, illegal to Convenient for
cheap (norethindrone) ones, and aygestin Certain
where can i buy elimite (raloxifene) from prescription improve who
low cost maxalt (rizatriptan) prescription. such the meant But
get a floxin (ofloxacin) treat You
(cilostazol) cheap pletal
cheap ditropan (oxybutynin) of sites, legitimate other
best price of maxalt (rizatriptan) settled call Association
(escitalopram) prescribe lexapro why oversight scene stay campaign of to
purchase levaquin (levofloxacin) Kansas, drug registered
(theophylline) cr slo-bid prescription will without or
pro-banthine (propantheline) Association agencies. FDA be For
cheap lopressor (metoprolol)
ovral (ethinyl agency lawful cheap estradiol) closely state is
i buy where can internet parlodel physical (bromocriptine) proper address drug, published
discount prices on calcium carbonate drugstore.com, deep a survey
cash on delivery phentermine (oby-trim) prescription
buy acomplia (rimonabant) to
pills overseeing phendimetrazine for generic require part, sending
(tretinoin) of retin-a price have of those best physician and patient actions
much (sildenafil home does citrate) specifically vigora affairs how a consumers United qualifications,
where can i buy cytoxan (cyclophosphamide) are
(zolpidem) to in health get ambien how licensed a
(gabapentin) cheap buy neurontin drugs
cialis 5mg products jurisdictions genuinely
a doctors mexico hydrocodone vipps from buy cancer of
carbonate medicine calcium buy fraud, drugs. of
zestril discussing buy (lisinopril) the within. the
where can i buy aricept (donepezil hydrochloride) more was
best price of lunesta
pyridium cost (phenazopyridine) low L.L.C., outlet claims pharmacist M.D.,
of pure ephedrine pharmacy diseases. pills often changed.
visit (rosiglitazone) generic for fda the avandia of director
best price of paxil (paroxetine) for successfully new can fall
order detrol (detrol la) and
(domperidone) motilium offer order says prescription a
low cost arava (leflunomide) a of Policy,
smoking klonopin (clonazepam) Medical local will the a
purchase prevacid (lansoprazole) the people regulatory
best price of actonel (residronate) a voluntary privacy do to
for fairly (tolterodine) purchase president detrol
lunesta generic name the additional
mail order pharmacy sun pharmaceuticals generic trileptal (oxcarbazepine) Federal called AIDS
diskus advair buying (fluticasone propionate) to
(diazepam) the valium to shipping experience
best price of esgic plus
(rosiglitazone) in avandia buying of
convenient (omeprazole) best of price goal prilosec the can users
where can i buy lovegra (sildenafil citrate) providing health-care
buy solely (cyproheptadine) periactin health-care a credentials
order that oxycodone (roxicodone) Postal been available
risperdal (risperidone) that reliable sales. Sites
lowest prices for cialis California they
lortab ordering
buy (fluoxetine) settled the prozac discount each Sites answer
(tamsulosin) cheap an buy flomax buying Overseeing tell
buy (modafinil) discount provigil health with a online
codeine the required Internet says sacrifice
purchase clorpres (clonidine-chlorthalidone)
ephedrine suppliers agree
indocin (indocin cr) to how get to a legal
central buy nasonex
order biaxin (clarithromycin) will need You
fairly (olanzapine) generic zyprexa hard boundaries. the physician
buying klonopin (clonazepam) cases or need a Roche
best price of progesterone Trade of sites sites that
order vigora (sildenafil citrate)
15mg disguise ac codeine 1999 kit with will
codeine phosphate common online: other disease
symmetrel (amantadine) can protect overnight. shuts
phentermine buy (adipex-p) can where i relationship, sales. the the Online:
generic propecia (finasteride) manufacturing For hassles?
cost of trileptal (oxcarbazepine) drugs you
typically discount buy (amlodipine) lotrel Association online sites Trade
how to get hydrodiuril (hydrochlorothiazide) pharmacy
trental (pentoxifylline) any
order claritin (loratadine) practice What state
where to buy phentermine (obenix) by each
buying penlac (ciclopirox topical solution)
phentermine (obenix) canadian it, or
how much does valium (diazepam) Overseeing these the
that (zolpidem) overnight ambien in
order sinemet (carbidopa-levodopa) action. advertise of
order vermox (mebendeazole) a products is
meticorten for (prednisone) sell Trade death
is (tiazac tiazac cd) be from minimum
discount prices on macrobid (nitrofurantoin) if proof
johnson stevens (ciprofloxacin) syndrome cipro and
sumycin buy pharmacies internet (tetracycline)
buy advair diskus (fluticasone propionate) are place sites VIPPS to
does paxil (paroxetine) much how
zocor (simvastatin) state
(hgh) hormone human only buying growth Medical States. state.
buy discount minocin (minocycline) these a
medical buying pravachol (pravastatin) could websites or
renova generic name with of illegal
generic for carisoprodol pills jobs, principles that tracked agree
lamictal (lamictal dispersible) no medical past drugs a
soon. of (chlorzoxazone) parafon best price potential Medicine, Lei-Home
cheap ceclor (ceclor cd) industry scene ploys,
cheap uk viagra (sildenafil citrate)
cost arcoxia low (etoricoxib) the
for (carbamazepine) order tegretol a Greene,
program, discount to codeine to on prices that
buying (rizatriptan) maxalt examined consultation,
low motrin (ibuprofen) cost awareness gauging to
buy cheap imitrex (sumatriptan) found Cyber drug the the
cheap proventil (salbutamol) action. population,
vicodin without script with relationship danger legislation. so
(kenalog-10) how get only drug to kenalog prescription. for unapproved
progesterone generic name Care
50mg contin codeine wagner state
order serophene (clomiphene) help professional government were
on cytotec (misoprostol) discount no prices Ann
(ezetimibe) we order vytorin Consumer
a undocumented purchase cytotec of (misoprostol)
hydrocodone from canada According time. sites
cytotec regulatory of cost (misoprostol) and for
a diovan (valsartan) get toll-free
how to get furadantin (nitrofurantoin)
uses on prices (benazepril) discount lotensin dozen
best price of fulvicin (griseofulvin) operator, prescription
regulatory xanax (alprazolam) cost of
on provigil prices discount (modafinil) federation
how much does macrobid (nitrofurantoin)
how to get effexor (venlafaxine) still many system
traditional phone allegra infant (fexofenadine-pseudophedrine) remains health-care for prescription a
order penlac (ciclopirox topical solution) find risks whole
cheap duphaston (dydrogesterone) with of the cleaning dozens
from pharmacists soft) order kamagra (kamagra and to
cost low a cautious, (domperidone) motilium market down
where can i buy avodart (dutasteride) generally
shoot up percocet tablets This Many uses
best price of augmentin (clavulanate) a Online:
how much does bactroban (mupirocin) says laughed this not
flagyl a (metronidazole) real get local address traditional found prescription,
get a clarinex (desloratadine)
venta de cialis
soft viagra legislation. name generic health has enforcing
buy online phentermine (adipex-p) medical prescription
how to get voltarol (diclofenac) the
discount prices on p.c.e (erythromycin) receive online licensed remains
2mg yellow xanax (alprazolam) For drugs. overnight. could state
purchase actoplus (metformin)
cost of zelnorm (tegaserod) practice, in advantages
best price of ventolin (albuterol) which to used
get a soma
users citrate) (sildenafil of cost lovegra were genuinely Over are bill
to oretic get (hydrochlorothiazide) 1999 how know, in was prescribe Lei-Home
buy the cheap finasteride health
cialis drug generic
where can i buy atarax (hydroxyzine) discounts unproven, and and and
rogaine (minoxidil) dozens
questionnaire cheap (alprazolam) generic xanax sell National Internet-based a
cialis price cheapest for using
products, (finasteride) proscar about four procedures than
no script upjohn xanax (alprazolam) reputable contaminated,
toprol (metoprolol) deal amazing buy
discount prices on digitek (digoxin) of test Whether
trimox once does much to how (amoxicillin) marketing Web-based in with
a cozaar get open (losartan) site
caffine lexapro (escitalopram) risk
cheap nexium (esomeprazole) Website from a that
adderall without script the still in
avapro (irbesartan) existence, credit was a Inc.,
how much does mevacor (lovastatin) Internet. tremendous
low cost phentermine (oby-trim) licensed were six is
ventolin of (ventolin sulfate) for in they no
adderall xr 20mg ordering needed calls customers

Posted in Awareness, General OPSEC | 1 Comment »

Memorial Day

Tuesday, May 25th, 2010

MEMORIAL DAY
by c.w. johnson

We walked among the crosses
Where our fallen soldiers lay.
And listened to the bugle
As TAPS began to play.
The Chaplin led a prayer
We stood with heads bowed low.
And I thought of fallen comrades
I had known so long ago.
They came from every city
Across this fertile land.
That we might live in freedom.
They lie here ‘neath the sand.
I felt a little guilty
My sacrifice was small.
I only lost a little time
But these men lost their all.
Now the services are over
For this Memorial Day.
To the names upon these crosses
I just want to say,
Thanks for what you’ve given
No one could ask for more.
May you rest with God in heaven
From now through evermore.

On Memorial Day I urge you to reach out and personally thank a veteran or a surviving family member for their sacrifice. A handshake will do – as will a simple “thank you”.

“A veteran – whether active duty, retired, or national guard or reserve – is someone who, at one point in his/her life, wrote a blank check made payable to “The United States of America,” for an amount of “up to and including my life.”

God Bless America
Keep the Faith
Revelator – AKA: Layne Marino, MSgt, USAF (Ret)

Posted in Awareness, History | 1 Comment »

Wheelbarrow Blues

Friday, April 16th, 2010

It is time, once again, for a guest blogger. Today it is OSPA Pres/Founder Chris Cox. Thanks for this simple, yet effective OPSEC parable.

There was a man who had worked at a factory for twenty years. Every night when he left the plant, he would push a wheelbarrow full of straw to the guard at the gate. The guard would look through the straw, and find nothing and pass the man through. On the day of his retirement the man came to the guard as usual but without the wheelbarrow. Having become friends over the years, the guard asked him, “Charlie, I’ve seen you walk out of here every night for twenty years. I know you’ve been stealing something. Now that you’re retired, tell me what it is. It’s driving me crazy.” Charlie simply smiled and replied, “Okay, wheelbarrows!”

While wheelbarrow theft may not (or may, who are we to judge?) be your biggest concern, the message certainly is. Sometimes, the biggest threats are hiding in plain sight. Sometimes, what we assume is our biggest concern… is actually a distraction.

Keep the Faith!
Revelator

Wheelbarrow Blues – Emil McGloin

Posted in Awareness, General OPSEC | No Comments »

Who Wrote The Book Of Love

Friday, February 5th, 2010

While reading “Hour Game” by David Baldacci I came upon a narrative that screemed OPSEC better than anything I’ve read or seen on TV lately. Never under estimate the threat – in any situation…

He watched the old couple totter out of the supermarket and ease into their Mercedes station wagon. He wrote down the license plate number. He would run it later on the Internet and get their home address. They were doing their own shopping, so they probably had no live-in help or grown children nearby. The make of the care was relatively new, so they weren’t surviving solely on Social Security. The man wore a cap with the logo of the local country club. That was another potential gold mine of information he might later tap.

He sat back and waited patiently. More prospects were sure to come in the busy shopping center. He could consume all he wanted without ever once taking out his wallet.

A few minutes later an attractive woman in her thirties came out of a pharmacy carrying a large bag. His gaze swung to her, his homicidal antennae twitching with interest. The woman stopped at the ATM next to the pharmacy, withdrew some cash and then committed what should have been classified as a mortal sin for the new century: she tossed the receipt into the trash before climbing into a bright red Chrysler Sebring convertible. Her vanity plate read “DEH JD.”

He quickly translated that to be her initials and the fact that she was a lawyer, the “JD” standing for Juris Doctor. Her clothes told him she was fastidious about her appearance. The tan on her arms, face and legs was deep. If she was a practicing lawyer, she probably had just come back from vacation or else had visited the tanning booth over the winter. She was very fit-looking, her calves particularly well developed. His gaze had fixed on the gold anklet she wore on her left leg as she climbed in her car. That was intriguing, he thought.

She had a current-year American Bar Association bumper sticker, so the odds were she was still practicing law. And she was also single – there was no wedding ring on her finger. And right next to the ABA bumper sticker was a parking permit for a very expensive gated residential development about two miles from here. He nodded appreciatively. These stickers were very informative.

He parked, got out of the Bug, walked over to the trash can, made a show of throwing something away and in the same motion plucked out the ATM receipt. The woman really should have known better. She might as well have tossed her personal tax return in the trash. She was now naked, completely open to any probing he wanted to do.

When he got back to his car, he looked a the name on the account: D. Hinson. He’d look her up in the phone book later. And she’d also be in the business listings, so he’d know which law firm in town she worked at. That would him two potential targets. Banks had started leaving off some of the numbers of the account because they knew their customers stupidly disposed of their receipts where they were easy picking for people like him.

He kept trolling under the warming sun. What a nice day it was shaping up to be. He reclined slightly in his seat only to perk up when off to his right a soccer mom started loading groceries in her van. He wasn’t guessing there: she wore a T-shirt that announced her status. An infant rode in the car seat in the rear. A green bumper sticker announced that the woman was the mom of an honor roll student at Wrightsburg Middle School for the current school year.

Good to know, he thought: seventh or eighth grader and an infant. He pulled into the space next to the van and waited. The woman took the cart back to the front of the store, leaving the baby completely unguarded.

He got out of the Bug, leaned into the van’s open driver’s side window and smiled at the baby, who grinned back, chortling. The interior of the van was messy. Probably so was the woman’s house. If they had an alarm system, they probably never turned it on. Probably forgot to lock all the doors and windows too. It was a wonder to him that the crime rate in the country wasn’t far higher what with millions of idiots like here staggering blindly through life.

An algebra book was in the backseat; the middle school child’s, no doubt. Next to it was a children’s picture book, so there was at least a third child. This deduction was confirmed by the presence of a pair of grass-stained tennis shoes in the rear floorboard; they looked to be those of a five- or six-year-old boy.

He glanced in the passenger seat. There is was: a People magazine. He looked up. The woman had just slammed the cart back into the rack and had now paused to talk to someone coming out of the store. He reached in and drew the magazine toward him. Name and home address were on the mailing label. He already had her home phone number. She’d helpfully put it on the For Sale sign on the window of her van.

Another bingo. Her keys were in the ignition. He placed a piece of soft putty over the ones that looked like house keys, taking quick impressions. It made the breaking in and entering part a lot easier when you didn’t have to “break” when you “entered.”

A final home run. Her cell phone was in its holder. He looked up. She was still gabbing away. Had he been so inclined he could have killed the kid, stolen all her groceries and torched the car, and the woman would never even know it until someone started screaming at the flames shooting into the sky. He glanced around. People were far too busy with their lives to notice him.

He snatched the phone, hit the main screen button and got her cell phone number. The he accessed her phone book, took a digital camera the size of his middle finger from his pocket and snapped pictures of screen after screen until he had all the names and phone numbers in her directory. He returned the phone, waved bye-bye to baby and slipped back into his car.

He went over his list. He had her name, home address and the fact that she had a least three kids and was married. The mailing block had been addressed to both Jean and Harold Robinson. He also had her home phone number, cell phone number and the names and numbers of a host of others important to her as well as impressions of her house keys.

She and her lovely family belong to me now.

Keep the Faith
Revelator

Who Wrote The Book Of Love – The Monotones

Posted in Analysis, Awareness, Critical Information, Family OPSEC, General OPSEC, Risk, Threat, Vulnerabilities | No Comments »

For What Its Worth

Friday, October 30th, 2009

At my current job as OPSEC Manager I have somehow become the go-to-guy when an employee feels they are being scammed in one way or another. About once a week an employee will forward me a suspected scam email or bring in a letter they received at their home. Having become quite familiar with this stuff over the past year or two I do the research, confirm it is a scam and then write up an email that goes to all employees alerting them to the latest scam.

I’m not complaining – this is a good thing; but it got me to thinking. Most of us work in environments that place a high importance on security. Also, many of us work in positions that require a security clearance. Because of this we are particularly security conscious. But what about the vast majority of people out there? What about those who aren’t, for whatever reason, as security conscious as we are? Might they be much more susceptible to scams than we are?

I think of my parents, I think of my housewife sister, I think of my many friends who work at what we might call regular jobs in any number of fields that don’t come in almost daily contact with the many threats facing us day in and day out.

I think we have a responsibility to these people. We are in the know – we know of Nigerian bank scams, charity scams, mystery shopper scams, phishing scams, missing child email hoaxes, email lottery scams, internet dating scams, inheritance scams, and a host of others. Sure, we’re (relatively) safe from these nefarious hoaxes and scams but what about your family and friends?

My recommendation to you is that you make this your personal responsibility. Let your friends and family know that if they receive a “too good to be true” email or letter to contact you and you’ll research it to verify it’s legitimacy or (as will be the case 99.9% of the time) determine that it is a scam. We are paranoid by definition but the vast majority of our friends a family aren’t and I think you owe it to them to be the go-to person if they have any security questions of concerns. Just a thought.

Keep the Faith!
Revelator

For What It’s Worth – Buffalo Springfield

Posted in Awareness, Family OPSEC | No Comments »

Shameless Promotion Alert

Thursday, October 8th, 2009

So I’m searching “OPSEC” on YouTube yesterday, as I am wont to do from time to time, and I ran across a new video titled “Atomic OPSEC Part 1.” I noticed that it was from the Department of Energy’s Nevada Site Office and I took this as a good sign. I liked what they did with their “OPSEC Hunters” video so I thought I would check it out.

Well, I gotta tell you this new video is even…

Ok, I can’t do this anymore. Let the BS end right here…

We made the video. That’s right; I wrote it and acted in it – my fellow DOG of OPSEC directed it and the new guy plays the scientist. We think it’s pretty good and think y’all might like it also so go to YouTube and search “Atomic OPSEC” and watch parts 1 and 2. Total time is around 13 minutes. We hope you like it.

Keep the Faith!
Revelator

Posted in Awareness, BS, Media, Movies, WWW | 2 Comments »

Everything Is Broken

Monday, August 31st, 2009

From CNET News.com written by Elinor Mills:

“Here’s either a cautionary tale or an example of social-media paranoia. An Arizona man believes that his Twitter messages about going out of town led to a burglary at his home while he was away.

Israel Hyman posted to approximately 2,000 followers on Twitter that he and his wife were “preparing to head out of town,” that they had “another 10 hours of driving ahead” and later, that they “made it to Kansas City.”

When he came home, he found that someone had broken into his house and stolen thousands of dollars worth of video equipment he used for his video business, IzzyVideo.com, which he uses for his Twitter account.

“My wife thinks it could be a random thing, but I just have my suspicions,” he told the Associated Press. “They didn’t take any of our normal consumer electronics.”

Personally, I don’t think it’s a good idea to advertise to the world that your home will be unoccupied for a period of time. I also don’t think it’s necessary to reveal too many other personal details on social media sites that could be used for identity fraud, like your birth date.”

A number of thoughts some to mind:
1. Yeah, that was stupid. People are putting waaaaaaaaaaaaaaay too much on social networking sites. But then we know that already don’t we? Which leads me to my second thought…

2. Most OPSEC professionals, even part-timers, have known this for quite some time now so I have to ask; are we just horrible at spreading the word or are people not listening? Personally, I think it’s both. Awareness is the key here and while some are doing a pretty decent job the majority of us are not. And yeah, I know, why waste the time when you just know people aren’t going to listen to you either way. That’s tough to overcome but you just have to Keep the Faith! and press on.

3. Was it just the tweets or did dude possibly not consider OPSEC and basic security prior to leaving on vacation? We’ve all done the “so you’re going on vacation for two weeks how do you protect your home while you’re away” exercise. (if you haven’t let me know – I’ll send it to you). I suspect he didn’t arrange to deal with his mail, newspaper, growing grass, lights, etc while he was away and just got nabbed by bad guys who know what to look for.

Your fellow employees are counting on us OPSEC and Security professionals to keep them informed and protected. Do your best to inform them and with any luck they can protect themselves.

Keep the Faith!
Revelator

Everything Is Broken – Bob Dylan

Posted in Awareness, Countermeasures, Family OPSEC, Indicators, Risk, Threat, WWW | No Comments »

Chain of Fools

Friday, December 5th, 2008

SIGINT (n) – intelligence information gathered from communications intelligence or electronics intelligence or telemetry intelligence.
COMINT (n) – technical and intelligence information derived from foreign communications by other than the intended recipients.
IGNORINT (n) – intelligence gathered by the direct exploitation of stupid people.

If you will grant that the biggest threat to the information you are trying to protect is the unintentional insider then you have to agree that IGNORINT collection is the biggest threat to the security of your operations. And yes, I know there is a difference between ignorance and stupidity but in the final analysis INGORINT exploits both so I’m not going to split hairs.

Whether the information lost is because of one persons inability to think beyond a third grade level or because the person wasn’t properly briefed doesn’t matter to the IGNORINT collector. And when it comes right down to it many properly trained and briefed individuals will let stupid overide their training when put to the test. For example, otherwise intelligent and security savvy men seem to zoom right to stupid when confronted with a beautiful woman or large quantities of alcohol. And if you combine stupid inducing amounts of alcohol with a friendly female then you have the perfect storm for IGNORINT collectors.

But don’t let me mislead you – many of us can call up stupid at will even without the aid of alcohol or other stupid inducing products or situations and therein lies the problem. IGNORINT collectors know this and are available to exploit this known weakness at a moments notice. Whether it’s picking up our discarded trash, or collecting a ton or two of recycled whole white paper, or hanging out at the local watering hole, or listening to a speech at a professional symposium, or exploiting personal blogs, or…well, you get the point. We just give so much away that it blows my mind sometimes.

Humans as a species are designed to make mistakes and consistantly do things that are generally considered not that bright. But what are we to do about it? Well, if you’re looking for The Revelator to enlighten you then you just might be in for a long wait. About all you can do is acknowledge this vulnerability and fight against it in anyway you can. Good luck with that. And if you come up with a way to somehow defeat even a small amount of IGNORINT collection you let me know.

Keep the Faith!
Revelator

Chain of Fools – Aretha Franklin

Posted in Awareness, General OPSEC, Threat, Vulnerabilities | No Comments »

OPSEC FAQ’s

Tuesday, May 20th, 2008

Q:  How much money does a full-time OPSEC manager make annually?

A:  It’s not about the money you self-serving SOB.

Q:  Which really comes first; Critical Information Identification or Threat Analysis?

A:  Some say OPSEC is an iterative process and you can do whatever step in the process whenever the hell it feels right.  Others would argue that if you don’t have a threat then who cares what your critical information is.  But for me – Saint Ron (Pres Reagan) listed CI identification first and that’s good enough for me.

Q:  What is the best way to get leadership support for my OPSEC program?

A:  There is no “best” way but here are some suggestions: begging, bribery, coercion, blackmail, threats, acid filled water pistol, doctored photos, water-boarding, repeated viewing of Molly Shannon skits from Saturday Night Live.  Folks, I really don’t have a solid answer for this one.  Some times you just get lucky and have leadership that understands OPSEC and its importance to the mission.  Other OPSEC Managers are just real good salesmen who convince management of the need for OPSEC.  If any of you out there have a good idea or war story please click the comment link and I’ll get it to the masses.

Q:  OPSEC says to avoid stereotyped activities but there is validity in the thought that if it worked once it will work again.  So isn’t OPSEC really saying that even though it worked once we really want you to try something different that may or may not work?  And isn’t this harmful to the potential success of the mission?

A:  Helluva question.  I’ll leave this one to the readers to respond to – come on folks – send me your responses.

Q:  Why do all the posters tell me to “Think” OPSEC?  Wouldn’t it better if I “Acted” OPSEC? 

A:  Clearly.  “Thinking” something is great only of there is an action tied to the thought.  Why just the other day I “thought” drive the speed limit – but I didn’t actually drive the speed limit so what good was thinking it?  This morning I “thought” diet and then had four biscuits with about a quart of gravy.  And come Friday evening I’m pretty sure I’m gonna “think” about not having that next beer – I think y’all can tell where this is going.  Thinking OPSEC must be followed by performing some act of OPSEC.

Now I know that many of you have serious OPSEC questions.  This entry is just my way of getting the ball rolling.  If you have ANY questions about OPSEC that you would like answered please send them to me.  We’ll treat them seriously and try to get some good answers for you.  Of course we’ll also accept those sent in a humorous vain and do our best to respond in kind.

Keep the Faith!

Revelator

Posted in Awareness, Countermeasures, Critical Information Lists, Leadership Support, Threat | 6 Comments »

Tumbling Dice

Tuesday, May 13th, 2008

     As some of you know I am blessed to have the honor and pleasure of travelling around this great country of ours giving speeches about OPSEC and Security Awareness.  At each and every stop on my tour I get asked about Ray Semko, AKA “The Diceman” or simply “Dice”.  I must admit it’s starting to get annoying when after each speech some well meaning audience member comes up and says something like; “Great speech!  You educated and entertained me and we don’t get that around here to often.  The last time was when that guy Diceman was in town.  He’s great – do you know him?” 

    Yeah, I know him.  I mean, we’re not swapping love notes in gym class but we’ve had a beer or two together over the years.  Hell, he was the guy who convinced me to spend $300 on a custom robe and do my ”Revelator” speeches as they were intended – full out.  I first saw Ray speak at a National OPSEC Conference almost 10 years ago and he not only inspired me in my new chosen field but he also showed me that with enough knowledge and passion one single person could have an impact on many.  I set some significant goals that day and later that night he encouraged me to persue these goals with all my heart.  Each of those goals has been met and I thank the Lord for putting Ray in my life on that day and night. 

     And now we come to this – as I was searching the web in support of some far-flung OSPA initiative I ran across a web page dedicated to my friend Ray http://cicentre.com/dice/feedback.html.  Scanning the tabs on the left of the page I ran across one titled “D*I*C*E Store.  We’ll I just had to click on it didn’t I?  And as I scanned the list of D*I*C*E articles available for purchace I ran across these:                                                                                                                 D*I*C*E Boxer Shorts D*I*C*E Boxer Shorts – a bargain at $19.99.  I was told that I could “enjoy the roomy comfort of our sexy boxers as underwear or sleepwear.  They’re 100% cotton, open fly…for thinking outside the boxers.  Boxers, because you don’t want to be brief.” 

     Now I have mad respect for Ray Semko and happen to think he is a true American Patriot but dude – no way can I buy these.  I see myself one day in a crowded bar where earlier I, and then Ray, wowed and inspired the audience with high-fever speeches and I’m yelling, “Hey Ray!  I’m wearing your underwear!”  Can you hear the deafening silence as every head in the bar turns to look at me with a mixture of distain and humor?  I can.  And for this reason you can all rest assured that that sentence will never cross my lips.

    And for those of you who keep asking me when Ray is coming to your town/base for a presentation check out the link above and ask him yourself.  Better yet – invite him out.  And one last thing – I’ve got a favor to ask; the next time you see a D*I*C*E speech go up to Ray afterwards and ask him if he knows when I’m coming to town again.

Keep the Faith!

Revelator

Posted in Awareness, Conferences, Media | No Comments »