frank one
Regular Member
- Joined
- Feb 26, 2024
- Posts
- 3
- Reaction score
- 0
- Status
- Offline
- Last Seen
Given the typical pattern of: phishing -> intelligence_collection -> official_investigation -> prosecution I would like to make few OpSec related notes. The aim of this article is to educate and start the discussion about OpSec.
From the text in Darknetlive it seems that the Operator allowed grave mistakes in the intelligence collection detection and appropriate counterintelligence activities and so the OpSec itself.
Remember please that publicly available information about the cause are only the ones carefully selected to help the cause and the trial. It is not the full truth. There is much more to it that never leaves the walled gardens of the LE - Intelligence operations.
Given the available information from the article, see the following facts to sum it up:
1. Hernandez was identified already in 2018 as operator of a large-scale dark web drug vendor “opiateconnect”. This clearly shows that there was another intelligence collection operation running on him prior to 2018. Article is not covering the most important part - the prior 2018 intelligence gathering operation. And most importantly, what really brought him to radar.
2. Intelligence gathering operation run on him prior to 2018 brought enough intelligence for adversaries to determine that he was:
a) running large scale drug trafficking operation. Adversaries therefore were able gather enough intelligence not only to identify him as an operator of the drug trafficking operation, but they were able to see the scale of his operation. This includes deep insight into the operation through physical surveillance.
b) operating it with the help of his DNM identity as "opiateconnect". This includes deep insight into his digital activities.
c) on radar, surveilled, investigated for many many years
3. He was targetted and investigated by DDWFT (Detroit’s Dark Web Task Force) that consists from HSI, USSS, IRS, CBP, USPIS and MSP. This is the list of adversaries that should have been in his OpSec adversary list with appropriate measures in place to detect (!) and counter their activities. There was obvious issue with this part.
4. First counter-surveillance activity of Hernandez was recorded by the adversaries on Jan 2022. How much he was aware of the intelligence gathering operation runing on him and how many (if any) counter-intelligence activities were not recorded by the adversaries is questionable.
After the incident with being surveilled he continued with the operation without any significant operational pattern changes while still under active surveillance.
5. Busted July-Aug 2022.
He was under active surveillance and intelligence gathering program for 5 years at least. The others as well. Enough time to detect the intrusion and take care of the rest. Were the appropriate intrusion detection measures in place as well as proper countermeasures and deception techniques, he wouldn't run into an adversary killbox.
For anyone interested in the case, see again how many agencies (officially) cooperated in the case: HSI, USSS, IRS, CBP, USPIS and MSP. All of them are trained in the intelligence gathering techniques and OpSec. If you face such adversaries and you are not trained at least as good as they are, you are over before they even start their operation.
Also take into consideration that while you feel safe and think your OpSec or "OpSec"(more likely) is cool, you can already be under active intelligence gathering program for few years. You just didn't detect it, largely because you simply didn't put any intrusion detection systems in place and appropriate coutermeasures and deception tech.
Your first line of defense is not to get on radar. Remain under radar. Because if you are on radar, you are suddenly in a completely different game you are usually not ready for. On-radar-game is very different for your OpSec and you have to have very well established coutermeasures and deception tech to be able to operate under such conditions. And you have to be trained well to do so.
The most important question of the whole case is this - what trigered the intelligence gathering program prior 2018 and how could it be prevented to be successful.
Throughout my 15+ years in the counterintelligence business I believe that I have seen almost everything. And I can say from the observation of the DN area and public information like this one about opiateconnect it looks like that wast majority of fuckup cases were due to OpSec missing completely.
Fly low, fly safe!
From the text in Darknetlive it seems that the Operator allowed grave mistakes in the intelligence collection detection and appropriate counterintelligence activities and so the OpSec itself.
Remember please that publicly available information about the cause are only the ones carefully selected to help the cause and the trial. It is not the full truth. There is much more to it that never leaves the walled gardens of the LE - Intelligence operations.
Given the available information from the article, see the following facts to sum it up:
1. Hernandez was identified already in 2018 as operator of a large-scale dark web drug vendor “opiateconnect”. This clearly shows that there was another intelligence collection operation running on him prior to 2018. Article is not covering the most important part - the prior 2018 intelligence gathering operation. And most importantly, what really brought him to radar.
2. Intelligence gathering operation run on him prior to 2018 brought enough intelligence for adversaries to determine that he was:
a) running large scale drug trafficking operation. Adversaries therefore were able gather enough intelligence not only to identify him as an operator of the drug trafficking operation, but they were able to see the scale of his operation. This includes deep insight into the operation through physical surveillance.
b) operating it with the help of his DNM identity as "opiateconnect". This includes deep insight into his digital activities.
c) on radar, surveilled, investigated for many many years
3. He was targetted and investigated by DDWFT (Detroit’s Dark Web Task Force) that consists from HSI, USSS, IRS, CBP, USPIS and MSP. This is the list of adversaries that should have been in his OpSec adversary list with appropriate measures in place to detect (!) and counter their activities. There was obvious issue with this part.
4. First counter-surveillance activity of Hernandez was recorded by the adversaries on Jan 2022. How much he was aware of the intelligence gathering operation runing on him and how many (if any) counter-intelligence activities were not recorded by the adversaries is questionable.
After the incident with being surveilled he continued with the operation without any significant operational pattern changes while still under active surveillance.
5. Busted July-Aug 2022.
He was under active surveillance and intelligence gathering program for 5 years at least. The others as well. Enough time to detect the intrusion and take care of the rest. Were the appropriate intrusion detection measures in place as well as proper countermeasures and deception techniques, he wouldn't run into an adversary killbox.
For anyone interested in the case, see again how many agencies (officially) cooperated in the case: HSI, USSS, IRS, CBP, USPIS and MSP. All of them are trained in the intelligence gathering techniques and OpSec. If you face such adversaries and you are not trained at least as good as they are, you are over before they even start their operation.
Also take into consideration that while you feel safe and think your OpSec or "OpSec"(more likely) is cool, you can already be under active intelligence gathering program for few years. You just didn't detect it, largely because you simply didn't put any intrusion detection systems in place and appropriate coutermeasures and deception tech.
Your first line of defense is not to get on radar. Remain under radar. Because if you are on radar, you are suddenly in a completely different game you are usually not ready for. On-radar-game is very different for your OpSec and you have to have very well established coutermeasures and deception tech to be able to operate under such conditions. And you have to be trained well to do so.
The most important question of the whole case is this - what trigered the intelligence gathering program prior 2018 and how could it be prevented to be successful.
Throughout my 15+ years in the counterintelligence business I believe that I have seen almost everything. And I can say from the observation of the DN area and public information like this one about opiateconnect it looks like that wast majority of fuckup cases were due to OpSec missing completely.
Fly low, fly safe!