Category: Adversaries

OPSEC During a Zombie Outbreak

OPSEC applies everywhere, even during a zombie outbreak. The following guidelines just might help you to make it through!

OPSEC for humans

  • If the zombies were created by an evil genius, listen carefully when he captures you. He does not understand OPSEC, and will tell you the whole evil plan, including how to stop it. This will be important when you escape.
  • If anyone in your party has allergies, leave them behind! They will invariably sneeze at the worst time possible, revealing your otherwise perfect hiding spot.
  • Tie a string around your finger; write on your hand; magic marker on your forehead; whatever it takes to remember that if you see someone that you know to be dead, they’re probably a zombie. Don’t try to talk to them.
  • The government does not know how to disguise their operations. If you see a convoy of large, unmarked vehicles, leave the area immediately.
  • Try to remember a zombie’s signature, and don’t copy it. If you get drunk and stagger out into the street, you will be mistaken for a zombie and shot.
  • You can always tell who’s going to be zombie-fied next. It’s always right after they say, “Stay here, I’ll be right back”!
  • Apparently, all humans have failed to conduct open-source research. This is why they always say, “what are those things?”

    OPSEC for Zombies

  • Yes, brains are very tasty. No question about that. However, it is unwise to moan “Braaaaaaaains” as you chase after them. That just lets them know you’re coming
  • It’s not necessary to conduct any form of reconnaissance or observation. You will always manage to shuffle across their group no matter where they are hiding or run. In a stroke of genius rivaling any military maneuver, a massive army of zombies will often simultaneously converge on the exact spot that the hero’s vehicle has broken down.
  • There is a standard uniform for zombies. As soon as you are infected, you must wear torn, bloodstained clothes. This is regardless of what you wore before becoming a zombie.
  • Yes, brains are very tasty.
  • If possible, try to eat the quiet, smart guy that doesn’t do anything through the whole movie. At the end, he will be the one that figures out how to destroy you.
  • Try salting the brains before you eat them. Not so much an OPSEC tip, but that’s good eatin’.

The Zoo

A very small zoo was thrown into chaos when the star attraction- a gorilla named Chuck- unexpectedly died right before they opened for the day.

The owners were worried, because people came from all over just to see Chuck’s antics. Surely, the gorilla’s passing would spell the end of the beloved zoo.

But then, the owner had an idea. He called Jason, one of his employees, and offered him an extra $100 a day if he would wear a gorilla costume and pretend to be chuck- just until they could get a live replacement. Jason agreed, and minutes before opening he was suited up and ready in the enclosure.

Everyone loved Jason’s antics. The children clapped and laughed, and even the adults enjoyed watching the fake Chuck run around and beat his chest. Eventually, however, business started to die down. Chuck was still a popular attraction, but people could only watch an animal do the same tricks so many times. So Jason began changing things up. He would throw a ball out of the enclosure and wait for people to throw it back. He’d dance in a very gorilla-like way. But everyone got the biggest thrill when he would climb over the divider and hang over the lion’s pit. It was truly a death-defying spectacle.

One day, while Jason was hanging over the very hungry lion’s pit, the aging costume gave way and Jason fell hard onto the ground. The lion started circling menacingly, ready to pounce and tear the costumed man to bits.

“Help! Help!” Jason started shouting, scrambling madly to get up and out of the lion’s grasp.

“Quiet you, fool!” the lion whispered. “Are you trying to get us both fired?”

Sometimes, things aren’t what they appear. What we think is a friendly gorilla is a man in a costume. A dangerous lion is a friend. Appearances can be deceiving, so it’s important that we verify that what we’re seeing or hearing is correct.

Much like in this story, sometimes people don’t want you to know who they really are. The man with a clipboard that comes into your facility- are they really an inspector? The woman that shows up from IT saying she needs your computer for maintenance- did IT actually send anyone down?

Sometimes, it only takes a little bit of vigilance to see through someone’s disguise. And we should always be checking.

May the 4th be with you!

Today is May 4th- also known as Star Wars Day. Live long and prosper!

Kidding, kidding.

Whenever I watch the movie, I think about the hardest working person in the galaxy: the Empire’s OPSEC Manager. Probably some part-time Stormtrooper somewhere on Coruscant, who had to worry about military missions light years away. And to top it all off, that poor OPSEC manager is trying to keep information from a group that can literally read minds. Not an easy task.

After the battle of Endor, that person better have gotten a raise. Sure, it wasn’t exactly a military victory for the Empire, seeing as how the death star was destroyed and the elite ground forces were decimated by teddy bears, but that was hardly the OPSEC manager’s fault. From an OPSEC perspective, it was a resounding success.

There will be no spoiler alerts. The movie’s an American classic and it’s over three decades old. If you haven’t see it yet, you really shouldn’t be doing anything else today.

Although the location of the Death Star was known and an attack was expected, the Emperor had a secret: the death star was actually fully operational. His plan was to destroy the unprepared rebel force when they showed up to attack. And much of that fell on our poor OPSEC manager, who was tasked with making sure that secret plan remained a secret. Of the million or so people on the small moon space station, how many could have known that the station was operational? The crews that were on standby to fire it? The technicians that checked out the specs? Everybody with a window when it was tested and confirmed to be operational?

So next time you watch the series, give some thought to those hard working OPSEC managers out there in the far-away, long-ago galaxy. Whether you’re for the Empire or a rebel, you gotta admire their OPSEC game.

Remember: Loose lips destroy starships.

“Criminals don’t wear suits”

Once upon a time, in a land not-so-far-away, a small group of individuals walked to the doors of a multinational corporation, and walked out with millions of dollars worth of company secrets and assets.

Through days of patient research and study, they were well equipped to work their way through the company, obtaining small pieces of information and compiling it into unmitigated access. Could this happen to you?

First, they learned the names of key employees by calling Human Resources and social engineering the information from them. They would have preferred to find a company phone roster in the dumpster, but no one had thrown one away lately. Although the passwords and internal memos that they did find certainly helped cushion the blow.

This company had a very friendly climate, and prided itself on hiring friendly and courteous employees. The friendly employee at the entrance was more than happy to hold the door for one of the individuals when he jogged to catch the closing door. Why not? Criminals don’t wear suits and ties, right? They got inside the moat.

Another friendly employee was more than happy to help out the stressed out intern who lost his access badge on the first day, and just had to get the report to his boss before he gets fired! Why not? Were all on the same team, right?

No matter how strong a castles walls, it does no good once the enemy’s inside.

Inside the secure area, they found a gold mine of unshredded documents both in the trash and piled by the shredder. In a stroke of inspiration, a hastily scrawled note was placed on a busy shredder: Shredder out of order. Put materials in this box to be picked up by security. Also, traditional hacking techniques allowed unrestricted access to key computer systems, which is often superfluous if the password is written down and hidden. (No one would ever know that this is my password, even if they do look in the drawer!)

Lucky for them, the CEO had let them know (through his out of office auto reply) that he would be gone that day. His assistant was very helpful when the new janitor forgot his keys and had to stay on schedule!

Could it get worse than this? It very well could. There’s a good chance that your organization may never suffer a planned, organized intrusion such as this. But basic OPSEC, often at little or no cost to the organization, can help prevent such a disaster. Never forget how important you are!

If it can track a thief…

The Coachella Valley Music and Arts Festival, generally referred to simply as “Coachella” is an annual festival held in Indio, California. People come from all over the country to listen to music on several stages, enjoy art exhibits, camp, and other recreational activities.

During the 2017 event, many festival-goers found that their cell phones were missing. Presumably, they had been stolen. The victims used their “find my phone” function (which are available on iDevices and Android) to locate the devices, eventually centering on attendee Reinaldo De Jesus Henao.

When the police arrived, they searched Henao and found more than 100 phones in his backpack. He was arrested on suspicion of grand theft and possession of stolen property.

This is exactly how the “find my phone” feature is supposed to work. The phones were stolen from the rightful owner, who were then able to locate them using the built-in features. But if those features can be used to track a thief, they may also be used to track you.

Be aware of your phone’s settings and features. Could someone access your Apple or Google account and track you that way? Are your pictures also recording location data? What does your phone tell someone that wants to find you?