You are currently browsing the archives for the Awareness category.
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| « Feb | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 | |||
- Analysis (1)
- Assessments/Surveys (1)
- Awareness (7)
- BS (16)
- Computer Intrusions (3)
- Conferences (7)
- Countermeasures (4)
- Critical Information (9)
- Critical Information Lists (2)
- Family OPSEC (9)
- General OPSEC (23)
- History (4)
- Indicators (3)
- Leadership Support (2)
- Media (7)
- Movies (4)
- OPSEC Plans (2)
- OSPA (9)
- Planning (3)
- Program Management (11)
- Risk (7)
- Threat (7)
- Uncategorized (8)
- Vulnerabilities (6)
- WWW (10)
- 5. February 2010: Who Wrote The Book Of Love
- 3. February 2010: Heartbeat (It's A Love Beat)
- 29. December 2009: Lies
- 24. December 2009: Merry Christmas, Baby
- 24. December 2009: 'Zat You, Santa Claus?
- 18. December 2009: Tell It Like It Is
- 18. December 2009: The Inteview - Part I
- 17. December 2009: All Shook Up
- 30. October 2009: For What Its Worth
- 16. October 2009: Puff The Magic Dragon
Archive for the Awareness Category
Who Wrote The Book Of Love
5. February 2010 by Revelator.
While reading “Hour Game” by David Baldacci I came upon a narrative that screemed OPSEC better than anything I’ve read or seen on TV lately. Never under estimate the threat - in any situation…
He watched the old couple totter out of the supermarket and ease into their Mercedes station wagon. He wrote down the license plate number. He would run it later on the Internet and get their home address. They were doing their own shopping, so they probably had no live-in help or grown children nearby. The make of the care was relatively new, so they weren’t surviving solely on Social Security. The man wore a cap with the logo of the local country club. That was another potential gold mine of information he might later tap.
He sat back and waited patiently. More prospects were sure to come in the busy shopping center. He could consume all he wanted without ever once taking out his wallet.
A few minutes later an attractive woman in her thirties came out of a pharmacy carrying a large bag. His gaze swung to her, his homicidal antennae twitching with interest. The woman stopped at the ATM next to the pharmacy, withdrew some cash and then committed what should have been classified as a mortal sin for the new century: she tossed the receipt into the trash before climbing into a bright red Chrysler Sebring convertible. Her vanity plate read “DEH JD.”
He quickly translated that to be her initials and the fact that she was a lawyer, the “JD” standing for Juris Doctor. Her clothes told him she was fastidious about her appearance. The tan on her arms, face and legs was deep. If she was a practicing lawyer, she probably had just come back from vacation or else had visited the tanning booth over the winter. She was very fit-looking, her calves particularly well developed. His gaze had fixed on the gold anklet she wore on her left leg as she climbed in her car. That was intriguing, he thought.
She had a current-year American Bar Association bumper sticker, so the odds were she was still practicing law. And she was also single - there was no wedding ring on her finger. And right next to the ABA bumper sticker was a parking permit for a very expensive gated residential development about two miles from here. He nodded appreciatively. These stickers were very informative.
He parked, got out of the Bug, walked over to the trash can, made a show of throwing something away and in the same motion plucked out the ATM receipt. The woman really should have known better. She might as well have tossed her personal tax return in the trash. She was now naked, completely open to any probing he wanted to do.
When he got back to his car, he looked a the name on the account: D. Hinson. He’d look her up in the phone book later. And she’d also be in the business listings, so he’d know which law firm in town she worked at. That would him two potential targets. Banks had started leaving off some of the numbers of the account because they knew their customers stupidly disposed of their receipts where they were easy picking for people like him.
He kept trolling under the warming sun. What a nice day it was shaping up to be. He reclined slightly in his seat only to perk up when off to his right a soccer mom started loading groceries in her van. He wasn’t guessing there: she wore a T-shirt that announced her status. An infant rode in the car seat in the rear. A green bumper sticker announced that the woman was the mom of an honor roll student at Wrightsburg Middle School for the current school year.
Good to know, he thought: seventh or eighth grader and an infant. He pulled into the space next to the van and waited. The woman took the cart back to the front of the store, leaving the baby completely unguarded.
He got out of the Bug, leaned into the van’s open driver’s side window and smiled at the baby, who grinned back, chortling. The interior of the van was messy. Probably so was the woman’s house. If they had an alarm system, they probably never turned it on. Probably forgot to lock all the doors and windows too. It was a wonder to him that the crime rate in the country wasn’t far higher what with millions of idiots like here staggering blindly through life.
An algebra book was in the backseat; the middle school child’s, no doubt. Next to it was a children’s picture book, so there was at least a third child. This deduction was confirmed by the presence of a pair of grass-stained tennis shoes in the rear floorboard; they looked to be those of a five- or six-year-old boy.
He glanced in the passenger seat. There is was: a People magazine. He looked up. The woman had just slammed the cart back into the rack and had now paused to talk to someone coming out of the store. He reached in and drew the magazine toward him. Name and home address were on the mailing label. He already had her home phone number. She’d helpfully put it on the For Sale sign on the window of her van.
Another bingo. Her keys were in the ignition. He placed a piece of soft putty over the ones that looked like house keys, taking quick impressions. It made the breaking in and entering part a lot easier when you didn’t have to “break” when you “entered.”
A final home run. Her cell phone was in its holder. He looked up. She was still gabbing away. Had he been so inclined he could have killed the kid, stolen all her groceries and torched the car, and the woman would never even know it until someone started screaming at the flames shooting into the sky. He glanced around. People were far too busy with their lives to notice him.
He snatched the phone, hit the main screen button and got her cell phone number. The he accessed her phone book, took a digital camera the size of his middle finger from his pocket and snapped pictures of screen after screen until he had all the names and phone numbers in her directory. He returned the phone, waved bye-bye to baby and slipped back into his car.
He went over his list. He had her name, home address and the fact that she had a least three kids and was married. The mailing block had been addressed to both Jean and Harold Robinson. He also had her home phone number, cell phone number and the names and numbers of a host of others important to her as well as impressions of her house keys.
She and her lovely family belong to me now.
Keep the Faith
Revelator
Who Wrote The Book Of Love - The Monotones
Posted in Risk, Critical Information, Awareness, Vulnerabilities, Threat, Family OPSEC, Analysis, General OPSEC | Print | No Comments »
For What Its Worth
30. October 2009 by Revelator.
At my current job as OPSEC Manager I have somehow become the go-to-guy when an employee feels they are being scammed in one way or another. About once a week an employee will forward me a suspected scam email or bring in a letter they received at their home. Having become quite familiar with this stuff over the past year or two I do the research, confirm it is a scam and then write up an email that goes to all employees alerting them to the latest scam.
I’m not complaining - this is a good thing; but it got me to thinking. Most of us work in environments that place a high importance on security. Also, many of us work in positions that require a security clearance. Because of this we are particularly security conscious. But what about the vast majority of people out there? What about those who aren’t, for whatever reason, as security conscious as we are? Might they be much more susceptible to scams than we are?
I think of my parents, I think of my housewife sister, I think of my many friends who work at what we might call regular jobs in any number of fields that don’t come in almost daily contact with the many threats facing us day in and day out.
I think we have a responsibility to these people. We are in the know - we know of Nigerian bank scams, charity scams, mystery shopper scams, phishing scams, missing child email hoaxes, email lottery scams, internet dating scams, inheritance scams, and a host of others. Sure, we’re (relatively) safe from these nefarious hoaxes and scams but what about your family and friends?
My recommendation to you is that you make this your personal responsibility. Let your friends and family know that if they receive a “too good to be true” email or letter to contact you and you’ll research it to verify it’s legitimacy or (as will be the case 99.9% of the time) determine that it is a scam. We are paranoid by definition but the vast majority of our friends a family aren’t and I think you owe it to them to be the go-to person if they have any security questions of concerns. Just a thought.
Keep the Faith!
Revelator
For What It’s Worth - Buffalo Springfield
Posted in Awareness, Family OPSEC | Print | No Comments »
Shameless Promotion Alert
8. October 2009 by Revelator.
So I’m searching “OPSEC” on YouTube yesterday, as I am wont to do from time to time, and I ran across a new video titled “Atomic OPSEC Part 1.” I noticed that it was from the Department of Energy’s Nevada Site Office and I took this as a good sign. I liked what they did with their “OPSEC Hunters” video so I thought I would check it out.
Well, I gotta tell you this new video is even…
Ok, I can’t do this anymore. Let the BS end right here…
We made the video. That’s right; I wrote it and acted in it - my fellow DOG of OPSEC directed it and the new guy plays the scientist. We think it’s pretty good and think y’all might like it also so go to YouTube and search “Atomic OPSEC” and watch parts 1 and 2. Total time is around 13 minutes. We hope you like it.
Keep the Faith!
Revelator
Posted in BS, Awareness, WWW, Media, Movies | Print | 1 Comment »
Everything Is Broken
31. August 2009 by Revelator.
From CNET News.com written by Elinor Mills:
“Here’s either a cautionary tale or an example of social-media paranoia. An Arizona man believes that his Twitter messages about going out of town led to a burglary at his home while he was away.
Israel Hyman posted to approximately 2,000 followers on Twitter that he and his wife were “preparing to head out of town,” that they had “another 10 hours of driving ahead” and later, that they “made it to Kansas City.”
When he came home, he found that someone had broken into his house and stolen thousands of dollars worth of video equipment he used for his video business, IzzyVideo.com, which he uses for his Twitter account.
“My wife thinks it could be a random thing, but I just have my suspicions,” he told the Associated Press. “They didn’t take any of our normal consumer electronics.”
Personally, I don’t think it’s a good idea to advertise to the world that your home will be unoccupied for a period of time. I also don’t think it’s necessary to reveal too many other personal details on social media sites that could be used for identity fraud, like your birth date.”
A number of thoughts some to mind:
1. Yeah, that was stupid. People are putting waaaaaaaaaaaaaaay too much on social networking sites. But then we know that already don’t we? Which leads me to my second thought…
2. Most OPSEC professionals, even part-timers, have known this for quite some time now so I have to ask; are we just horrible at spreading the word or are people not listening? Personally, I think it’s both. Awareness is the key here and while some are doing a pretty decent job the majority of us are not. And yeah, I know, why waste the time when you just know people aren’t going to listen to you either way. That’s tough to overcome but you just have to Keep the Faith! and press on.
3. Was it just the tweets or did dude possibly not consider OPSEC and basic security prior to leaving on vacation? We’ve all done the “so you’re going on vacation for two weeks how do you protect your home while you’re away” exercise. (if you haven’t let me know - I’ll send it to you). I suspect he didn’t arrange to deal with his mail, newspaper, growing grass, lights, etc while he was away and just got nabbed by bad guys who know what to look for.
Your fellow employees are counting on us OPSEC and Security professionals to keep them informed and protected. Do your best to inform them and with any luck they can protect themselves.
Keep the Faith!
Revelator
Everything Is Broken - Bob Dylan
Posted in Awareness, Indicators, Countermeasures, Risk, WWW, Threat, Family OPSEC | Print | No Comments »
Chain of Fools
5. December 2008 by Revelator.
SIGINT (n) - intelligence information gathered from communications intelligence or electronics intelligence or telemetry intelligence.
COMINT (n) - technical and intelligence information derived from foreign communications by other than the intended recipients.
IGNORINT (n) - intelligence gathered by the direct exploitation of stupid people.
If you will grant that the biggest threat to the information you are trying to protect is the unintentional insider then you have to agree that IGNORINT collection is the biggest threat to the security of your operations. And yes, I know there is a difference between ignorance and stupidity but in the final analysis INGORINT exploits both so I’m not going to split hairs.
Whether the information lost is because of one persons inability to think beyond a third grade level or because the person wasn’t properly briefed doesn’t matter to the IGNORINT collector. And when it comes right down to it many properly trained and briefed individuals will let stupid overide their training when put to the test. For example, otherwise intelligent and security savvy men seem to zoom right to stupid when confronted with a beautiful woman or large quantities of alcohol. And if you combine stupid inducing amounts of alcohol with a friendly female then you have the perfect storm for IGNORINT collectors.
But don’t let me mislead you - many of us can call up stupid at will even without the aid of alcohol or other stupid inducing products or situations and therein lies the problem. IGNORINT collectors know this and are available to exploit this known weakness at a moments notice. Whether it’s picking up our discarded trash, or collecting a ton or two of recycled whole white paper, or hanging out at the local watering hole, or listening to a speech at a professional symposium, or exploiting personal blogs, or…well, you get the point. We just give so much away that it blows my mind sometimes.
Humans as a species are designed to make mistakes and consistantly do things that are generally considered not that bright. But what are we to do about it? Well, if you’re looking for The Revelator to enlighten you then you just might be in for a long wait. About all you can do is acknowledge this vulnerability and fight against it in anyway you can. Good luck with that. And if you come up with a way to somehow defeat even a small amount of IGNORINT collection you let me know.
Keep the Faith!
Revelator
Chain of Fools - Aretha Franklin
Posted in Awareness, Vulnerabilities, Threat, General OPSEC | Print | No Comments »
OPSEC FAQ’s
20. May 2008 by Revelator.
Q: How much money does a full-time OPSEC manager make annually?
A: It’s not about the money you self-serving SOB.
Q: Which really comes first; Critical Information Identification or Threat Analysis?
A: Some say OPSEC is an iterative process and you can do whatever step in the process whenever the hell it feels right. Others would argue that if you don’t have a threat then who cares what your critical information is. But for me - Saint Ron (Pres Reagan) listed CI identification first and that’s good enough for me.
Q: What is the best way to get leadership support for my OPSEC program?
A: There is no “best” way but here are some suggestions: begging, bribery, coercion, blackmail, threats, acid filled water pistol, doctored photos, water-boarding, repeated viewing of Molly Shannon skits from Saturday Night Live. Folks, I really don’t have a solid answer for this one. Some times you just get lucky and have leadership that understands OPSEC and its importance to the mission. Other OPSEC Managers are just real good salesmen who convince management of the need for OPSEC. If any of you out there have a good idea or war story please click the comment link and I’ll get it to the masses.
Q: OPSEC says to avoid stereotyped activities but there is validity in the thought that if it worked once it will work again. So isn’t OPSEC really saying that even though it worked once we really want you to try something different that may or may not work? And isn’t this harmful to the potential success of the mission?
A: Helluva question. I’ll leave this one to the readers to respond to - come on folks - send me your responses.
Q: Why do all the posters tell me to “Think” OPSEC? Wouldn’t it better if I “Acted” OPSEC?
A: Clearly. “Thinking” something is great only of there is an action tied to the thought. Why just the other day I “thought” drive the speed limit - but I didn’t actually drive the speed limit so what good was thinking it? This morning I “thought” diet and then had four biscuits with about a quart of gravy. And come Friday evening I’m pretty sure I’m gonna “think” about not having that next beer - I think y’all can tell where this is going. Thinking OPSEC must be followed by performing some act of OPSEC.
Now I know that many of you have serious OPSEC questions. This entry is just my way of getting the ball rolling. If you have ANY questions about OPSEC that you would like answered please send them to me. We’ll treat them seriously and try to get some good answers for you. Of course we’ll also accept those sent in a humorous vain and do our best to respond in kind.
Keep the Faith!
Revelator
Posted in Awareness, Leadership Support, Countermeasures, Threat, Critical Information Lists | Print | 2 Comments »
Tumbling Dice
13. May 2008 by Revelator.
As some of you know I am blessed to have the honor and pleasure of travelling around this great country of ours giving speeches about OPSEC and Security Awareness. At each and every stop on my tour I get asked about Ray Semko, AKA “The Diceman” or simply “Dice”. I must admit it’s starting to get annoying when after each speech some well meaning audience member comes up and says something like; “Great speech! You educated and entertained me and we don’t get that around here to often. The last time was when that guy Diceman was in town. He’s great - do you know him?”
Yeah, I know him. I mean, we’re not swapping love notes in gym class but we’ve had a beer or two together over the years. Hell, he was the guy who convinced me to spend $300 on a custom robe and do my ”Revelator” speeches as they were intended - full out. I first saw Ray speak at a National OPSEC Conference almost 10 years ago and he not only inspired me in my new chosen field but he also showed me that with enough knowledge and passion one single person could have an impact on many. I set some significant goals that day and later that night he encouraged me to persue these goals with all my heart. Each of those goals has been met and I thank the Lord for putting Ray in my life on that day and night.
And now we come to this - as I was searching the web in support of some far-flung OSPA initiative I ran across a web page dedicated to my friend Ray http://cicentre.com/dice/feedback.html. Scanning the tabs on the left of the page I ran across one titled “D*I*C*E Store. We’ll I just had to click on it didn’t I? And as I scanned the list of D*I*C*E articles available for purchace I ran across these: 
D*I*C*E Boxer Shorts - a bargain at $19.99. I was told that I could “enjoy the roomy comfort of our sexy boxers as underwear or sleepwear. They’re 100% cotton, open fly…for thinking outside the boxers. Boxers, because you don’t want to be brief.”
Now I have mad respect for Ray Semko and happen to think he is a true American Patriot but dude - no way can I buy these. I see myself one day in a crowded bar where earlier I, and then Ray, wowed and inspired the audience with high-fever speeches and I’m yelling, “Hey Ray! I’m wearing your underwear!” Can you hear the deafening silence as every head in the bar turns to look at me with a mixture of distain and humor? I can. And for this reason you can all rest assured that that sentence will never cross my lips.
And for those of you who keep asking me when Ray is coming to your town/base for a presentation check out the link above and ask him yourself. Better yet - invite him out. And one last thing - I’ve got a favor to ask; the next time you see a D*I*C*E speech go up to Ray afterwards and ask him if he knows when I’m coming to town again.
Keep the Faith!
Revelator
Posted in Awareness, Conferences, Media | Print | No Comments »