Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,570 --> 00:00:09,120
Get some interesting case studies in OPSEC failures then you'll find that these failures are indeed
2
00:00:09,210 --> 00:00:16,830
basic and you'll observe that if you just get basic OPSEC right as I've detailed here you would be an
3
00:00:16,830 --> 00:00:24,400
advanced opponent to your adversary who relies on basic OPSEC failures and easy targets.
4
00:00:24,450 --> 00:00:25,710
The criminal actions.
5
00:00:25,710 --> 00:00:28,570
In these case studies are condone at all.
6
00:00:28,590 --> 00:00:35,970
They are here to demonstrate our OPSEC failures result in a breakdown of security privacy and anonymity
7
00:00:36,510 --> 00:00:40,430
which illustrates the point of how important OPSEC is.
8
00:00:40,440 --> 00:00:43,260
The first case study is low sec.
9
00:00:43,620 --> 00:00:50,070
Hector Monsour gear known as Sabu normally connected to the little sec I'll see Channel Wajir tour.
10
00:00:50,070 --> 00:00:52,200
The FBI was monitoring the channel.
11
00:00:52,260 --> 00:00:56,760
On one occasion you logged in using his real IP address and that was it.
12
00:00:56,790 --> 00:00:57,720
Game over.
13
00:00:57,810 --> 00:01:01,110
After being caught he started collaborate on this day.
14
00:01:01,170 --> 00:01:02,750
Was all that talk.
15
00:01:02,760 --> 00:01:10,470
Jeremy Hammond another sex member and Hector spoke with each other on I'll say HAMOND casually let slip
16
00:01:10,650 --> 00:01:16,830
he was on probation where he had been arrested and other groups who were involved with this Nerine down
17
00:01:16,830 --> 00:01:19,990
to a small number of possible suspects.
18
00:01:20,010 --> 00:01:24,030
Allowed the FBI to get a court order to monitor his internet access.
19
00:01:24,030 --> 00:01:27,390
This is classic profiling Hamdoon tool.
20
00:01:27,460 --> 00:01:31,890
Wish wasn't the anonymize by the FBI because it wasn't even necessary.
21
00:01:31,890 --> 00:01:38,630
Old fashioned police work is the most effective method most often because of OPSEC failures.
22
00:01:38,790 --> 00:01:42,710
The FBI just correlated times the soap on the.
23
00:01:42,870 --> 00:01:49,650
ID was talking to subdue on I.R.S. with when Hammond was at home using his computer.
24
00:01:49,650 --> 00:01:52,020
This is called a correlation attack.
25
00:01:52,020 --> 00:01:58,290
We talk more about counter's to this later little sect members talked about their operational activities
26
00:01:58,290 --> 00:01:58,440
.
27
00:01:58,440 --> 00:02:00,000
They use Tor.
28
00:02:00,030 --> 00:02:01,130
Apple laptops.
29
00:02:01,140 --> 00:02:03,600
They talked about which VPN they used.
30
00:02:03,600 --> 00:02:10,230
One member used stolen credit cards to buy used car parts and got them shipped to his own house.
31
00:02:10,230 --> 00:02:12,330
These are all basic mistakes.
32
00:02:12,390 --> 00:02:15,010
They failed to apply many of my OPSEC rules.
33
00:02:15,120 --> 00:02:16,790
They didn't keep their mouth shut.
34
00:02:16,830 --> 00:02:19,600
They trusted people who are working for the FBI.
35
00:02:19,620 --> 00:02:21,920
They contaminated their identities.
36
00:02:21,960 --> 00:02:27,330
They allowed themselves to be profiled by giving away personal information and didn't protect their
37
00:02:27,330 --> 00:02:33,030
main assets LASEK is no more the next case study is Silk Road.
38
00:02:33,030 --> 00:02:35,400
This is based on what has been published.
39
00:02:35,400 --> 00:02:44,010
How true it all is is on Ross William Ulbrich is the alleged Dread Pirate Roberts and operator of the
40
00:02:44,010 --> 00:02:52,110
original So road so road had almost a million user accounts by July 2013 and is alleged to have processed
41
00:02:52,110 --> 00:02:55,600
1.2 billion in transactions over two years.
42
00:02:55,680 --> 00:02:57,930
Probably because of the drugs being sold.
43
00:02:57,960 --> 00:03:04,250
The FBI became very interested in who was running and who was this dread Pirate Roberts.
44
00:03:04,290 --> 00:03:08,290
The FBI started look for references to Silk Road on line.
45
00:03:08,310 --> 00:03:10,430
Simply google searches.
46
00:03:10,530 --> 00:03:17,970
An account called out Hoyte had posted jobs for Silk Road and related projects on the showroom re dot
47
00:03:18,000 --> 00:03:23,490
org forms an account named aldehyde also made a post on Bitcoin.
48
00:03:23,490 --> 00:03:31,020
Talk all about looking for an I.T. pro in the Bitcoin community and asked interested parties to contact
49
00:03:31,090 --> 00:03:38,430
Russ Allbery at gmail dot com this tydings real identity to Silk Road then Ross Obrecht Gmail account
50
00:03:38,490 --> 00:03:46,380
also posted on Stack Overflow asking for help with PH p code to connect to a tor hidden service the
51
00:03:46,380 --> 00:03:52,380
user name was later then changed to something called Frosti So this then connected him to hidden services
52
00:03:52,680 --> 00:03:59,010
when he was caught by US Customs receiving 9 fake IDs allegedly told them.
53
00:03:59,040 --> 00:04:04,110
Anyone could have ordered them from Silk Road using Tor and they hadn't even mentioned so road or talked
54
00:04:04,110 --> 00:04:04,890
to him.
55
00:04:04,890 --> 00:04:06,530
So this infected him too.
56
00:04:06,540 --> 00:04:12,930
So I wrote again and to using tor the real IP address of the Silk Road servers was identified by the
57
00:04:12,930 --> 00:04:13,750
FBI.
58
00:04:13,860 --> 00:04:20,340
How this was done isn't known but it could have been any number of ways possibly by exploiting a vulnerability
59
00:04:20,340 --> 00:04:25,920
on the server and then forcing you to connect not using Tor once located.
60
00:04:25,920 --> 00:04:32,280
The FBI was able to get a copy of one of the servers the server used and S-sh public key that ended
61
00:04:32,280 --> 00:04:39,060
in frosty frosty and had some of the same code posted on stack overflow.
62
00:04:39,060 --> 00:04:41,880
This is cryptographic attribution.
63
00:04:41,910 --> 00:04:48,270
The FBI located Ross at a library observed him using the laptop at the same time as Dread Pirate Roberts
64
00:04:48,270 --> 00:04:54,640
was logged in and grabbed him while his laptop was not locked so description wasn't protecting the data
65
00:04:54,650 --> 00:04:54,770
.
66
00:04:54,930 --> 00:05:00,240
And then allegedly more evidence was found in his laptop including a full journal of his activities
67
00:05:00,240 --> 00:05:00,300
.
68
00:05:00,330 --> 00:05:04,290
And this seems so stupid that it's hard to even believe it is true.
69
00:05:04,290 --> 00:05:10,200
Personally I question these alleged happenings but based on this information you can see a combination
70
00:05:10,260 --> 00:05:12,780
of basic OPSEC failures.
71
00:05:12,910 --> 00:05:16,260
He contaminated his real identity with Dread Pirate Roberts.
72
00:05:16,320 --> 00:05:18,580
So it was doomed from the moment he did that.
73
00:05:18,690 --> 00:05:24,210
He didn't keep his mouth shut and he blabbed about Silk Road and tour without even being asked about
74
00:05:24,210 --> 00:05:24,750
them.
75
00:05:24,750 --> 00:05:30,410
It became far too interesting and a target to an extremely well resourced adversary.
76
00:05:30,420 --> 00:05:36,120
He had no plans for the not leaving his laptop on encrypted when caught with evidence on it.
77
00:05:36,120 --> 00:05:38,560
That should never have been there in the first instance.
78
00:05:38,640 --> 00:05:40,770
And the list of his failures goes on.
79
00:05:40,800 --> 00:05:42,760
If they are indeed true.
80
00:05:42,840 --> 00:05:44,780
Silk Road is no more.
81
00:05:45,060 --> 00:05:50,360
And the final case Turi is the Harvard bomb threat a character called Aldo Kim.
82
00:05:50,430 --> 00:05:52,760
Want to get out of a final exam.
83
00:05:52,880 --> 00:05:59,040
So he's alleged to have made a bomb threat and what we know about this case is using the university
84
00:05:59,040 --> 00:06:00,930
network he connected to talk.
85
00:06:00,960 --> 00:06:02,700
Attempting to anonymize himself.
86
00:06:02,700 --> 00:06:09,420
He used a disposable email account from Gorilla mailed home to send the bomb threat the email received
87
00:06:09,420 --> 00:06:17,130
contained as normal an X originating IP header indicating the IP address of the sender which in this
88
00:06:17,130 --> 00:06:25,710
case would show the Tor exit nodes IP address all Tor exit nodes are publicly known except bridges.
89
00:06:25,770 --> 00:06:30,180
So it is possible to know the email was sent via a toll.
90
00:06:30,180 --> 00:06:37,910
Basic policing would look at motives of the person sending in the bomb threat so who would have motives
91
00:06:37,920 --> 00:06:38,140
.
92
00:06:38,220 --> 00:06:39,540
Students of course.
93
00:06:39,630 --> 00:06:42,920
So the first obvious step is to look through the logs.
94
00:06:42,990 --> 00:06:49,140
The university network see if any students were accessing tore at the same time either was identified
95
00:06:49,140 --> 00:06:52,560
as using Tor at the same time as e-mail was received.
96
00:06:52,560 --> 00:06:58,440
Again this is called Traffic correllation and under questioning he confessed pretty basic errors didn't
97
00:06:58,440 --> 00:07:04,180
keep his mouth shall contaminate is identity's by not maintaining compartmentalisation.
98
00:07:04,230 --> 00:07:08,070
He could have simply gone off site to a network that wasn't monitored.
99
00:07:08,130 --> 00:07:10,370
The people with good OPSEC you never hear about.
100
00:07:10,410 --> 00:07:12,390
There's no case studies on them.
101
00:07:12,510 --> 00:07:17,670
And finally here's an interesting story of OPSEC failures of spies.
102
00:07:17,700 --> 00:07:21,550
If you want to check out that video that's quite interesting.
10730
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.