Comms – Do you have a Plan B?

When your access to the internet and cell service gets cut, you better have a plan B for Info and Intel.

The goal of this post:  Kick start your Plan B without procrastination excuses like “I have to study and pass first…, I don’t have the money…”

1) Listen:  You can listen without a license. Get a cheap handheld and start listening while you study for the exam. Less than $40 gets you off your ass and on the air.

Later on you can take Sparks or DanMorgan’s fantastic advice on better gear when you know more.


2) Study:  Although you should strive to understand your equipment and the procedures, you can easily memorize answers from published test pools. Again, this is to get you on the air fast where you can gain practical experience. Here are 2 self-study resources:

3) Read:  Start reading these sites:

4) Act: Go to these AmRRON pages for more “get started” advice and learn how to participate in their nets. You don’t necessarily need a ham license to start. AmRRON is unique in that it is oriented towards patriots, partisans and preppers. You will understand the significance of this as you learn more about ham radio.

And they have some great introductory videos. They’re long, but very informative.

5) Connect:  Join AmRRON and connect with patriots in your AO via their secure membership directory. The AmRRON administrator will take your “contact” request and pass it to another member. If that member wants to talk to you, they’ll contact you. Start building your local net, whether that is just new, like-minded friends for mutual aid, or you start a local radio net and become the intel hub in your AO.

Tagged with:
Posted in Comms

Disrupt the Attack Vector

Not exactly Information Operations, but a good way to spend a buck.

From No Lawyers – Only Guns and Money, via MVB @ SipseyStreetIrregulars…

Costing The Anti’s Some Money
I got an email the other day from Mark Kelly (aka Mr. Gabby Giffords) offering me a copy of the new book that he and Giffords just wrote.

Gabby and Mark wrote a new book that’s coming out at the end of this month. It’s called Enough, and it’s about why they are working to keep America safe from gun violence.

We know that some people might contribute less than the book costs, and that’s OK.

I took them at their word. While I tried to contribute what the book was worth – $0.01 – it wouldn’t let me. However, it did let me contribute a mere buck.

The way I figure it the cost of postage using Media Mail is at least $2.69. The book which has a MSRP of $25 and is selling for $18.63 on Amazon must cost them at least $5 a copy.

Thus, for an investment of $1, I’m costing Americans for Responsible Solutions a minimum of  $7.69. That is a net $6.69 that can’t be used to take away my civil rights.

Now I’m not suggesting you do this but if you’d like to take them up on their offer, go here. You’ll end up costing them some money and you’ll be able to keep an eye on what the anti’s are up to.



Posted in News


Your thought for the weekend, from Sam Culper:

3 Laws of OPSEC:

1. If you don’t know the threat, you don’t know what information to protect.

2. If you don’t know what information to protect,  you can’t know how to protect it.

3. If you aren’t protecting it,  they’re taking it.


Follow Sam at and at

Take his free course this weekend:

IA101:  Introduction To Intelligence Analysis

Tagged with: ,
Posted in Intel, OPSEC

Case Study: Drugs, Pirates & Tor – STFU

DPRThis is a short case study on how the FBI brought down Dread Pirate Roberts (DPR).  DPR was the owner of Silk Road, the largest darknet  underground dealer site for drugs, weapons and contract hits.   Silk Road operated on Tor (Hidden Services) and was only reachable via Tor.

To put it in perspective, here are some facts about Silk Road (these numbers vary significantly depending on who is reporting):

  • ~4000 vendor accounts
  • Over 1 million transactions
  • ~ 1 million user accounts
  • $1.2B in revenue
  • Dealing in drugs, hacked bank accounts, counterfeit bills, firearms, hitmen, pirated digital goods, forgeries, hacked social accounts, passports and SSN’s

“Tor is practically impossible to physically locate the computers hosting or accessing websites on the network.”    –   FBI affidavit from the Silk Road case.

No surprise, then, that the Drug Enforcement Administration, the Internal Revenue Service, Homeland Security Investigations, and the FBI all joined forces to track down Roberts and the largest sellers on his marketplace. In November 2011, after coming under pressure from Congress, the agencies began the hunt and quickly found that Roberts had been right—encryption, Tor, and “tumbled” Bitcoins were a potent combination to crack.

But investigations always have many threads to pull. The feds couldn’t initially follow the money to Roberts, nor could they find the physical location of his cloaked servers. In the absence of usual digital clues, the feds fell back on a low-tech approach: keep going back in time until you find the first guy to ever talk about the Silk Road. Find that guy and you probably have a person of interest, if not Roberts himself.


So Patriots, think about that, and about Tenet #0 (Security is rooted in behavior, not technology).  For all the power of the FBI, DEA, DHS, IRS and related agencies, and the huge target of Silk Road, it ultimately wasn’t the tech that was cracked, it was OPSEC.

This is not a unique story.  We’ll be presenting these case studies periodically, and you will see that most of the problem is personal discipline.  Here is a short, well done 14 minute video.

Tenet #5 – Compartmentalize whenever possible.  Separate your business and personal activity.
Tenet #12:  “Shut The Fuck Up” – The Grugq (former hacker turned security consultant).



If you choose not to watch it, here are the highlights of how Dread Pirate Roberts screwed up.  This is the order of events as near as I can tell from the video:

  • Silk Road created in 2011.
  • January 2011:  User “altoid” posted on a website ( asking whether anyone had heard of a site called “Silk Road” and what they thought of it, because he’s thinking of buying something from it.  He also gives the address to get to Silk Road, and signs off with “Let me know what you think…”.  This was the only post by this user, so it seems that it was a self-promotion post.
  • 3 days later, a user called “altoid” posts on forum, asking essentially the same question and again giving the Silk Road address.  He signs off with “Let me know what you guys think…”
  • June 2011:  Silk Road business has taken off.  The Site Administrator posts on the Silk Road site forum that he is only known as Silk Road, SR Admin, and says he needs a name.
  • 10/11/11:  A user “altoid” posted on a tech site looking for a programmer who could help him connect to Tor hidden services. He left personal contact information in post as
  • Feb 2012:  The Silk Road site admin announces that his name is Dread Pirate Roberts.
  • March 2012:  A user created an account on with username “Ross Ulbrict” asking about technical details of Tor Hidden Services.  Hours later he realizes this mistake, and changes his username to “frosty”.  Several weeks later, he also changes the email to
  • As Ulbricht evolves Silk Road and his identity over many months, he begins to post as Dread Pirate Roberts.
  • The FBI begins to investigate whether DPR is Ross Ulbricht.
  • DPR’s posts on Silk Road message boards have links to Ludwig Von Mises Youtube videos.
  • Ross Ulbricht’s Google+ account had links to the exact same site.  At this point, the FBI begin to crawl all over everthing Ulbricht is doing.
  • In July 2013, Customs intercepts a package inbound from Canada as part of a routine search.  A package containing 9 Identifications, all counterfeit, all different names, and all with Ulbricht’s pictures on them.  When questioned by DHS, Ulbricht said “Hypothetically, anyone could have purchased these documents on a website called Silk Road.”

Bad move.  Now DHS has evidence he at least knew about Silk Road

Tenet #12 – STFU – Never ever miss the chance to STFU, NEVER!

  • 7/23/13:  The FBI located “some” of the Silk Road servers, and the computer used to host the website.  They were able to obtain an image of the server. (Not in this video, but it is now presumed that these servers were identified by “Captcha” leaks used on the Silk Road website.  Captcha was configured to go out to the public internet for images…a misconfiguration error)
  • The FBI uncovers records of someone logging into Silk Road servers from a San Francisco internet cafe.  There are records of Ulbricht regularly logging into his own Google account less than 500 feet from the cafe. (Obtained from google subpoena)
  • As the FBI digs further into the Silk Road server image they have, they find public encryption keys that had substring of (they did not break encryption, the email is a visible field in a public key).
  • The FBI now feel they have enough evidence to link DPR to Ross Ulbricht.  He is arrested on October 1, 2013.

So, Ulbricht:
– used his real name during business activity    (Tenets 0, 3, 5, 6, 7, 8, 12)
– did not compartmentalize (names, identities, physical location of activity)  (Tenets 0, 5,7)
– did not understand a weakness in his tech (using Captcha)   (Tenets 3, 4)
– didn’t shut up, was arrogant   (Tenets 0, 3, 4, 7, 8 , 12)
– The Feds caught at least one or two lucky breaks   (Tenets 1, 5, 8)

No one cracked encryption here, no one broke Tor.

Ross was a dumbass who blew his OPSEC and didn’t STFU.




  • Tenet #0 – Security is rooted in Behavior, not Technology.  Technology is not as important as Awareness or Self-Discipline.
  • Tenet #1 – There is no such thing as perfect security, either in the digital world or the physical, operational world.
  • Tenet #2 – Something is better than nothing, as long as you don’t forget Tenet #3.
  • Tenet #3 – Do not get lulled into a false sense of security in either behavior or technology.  You are not bulletproof and neither is Tech.
  • Tenet #4 – Don’t worry about the big things if you are not doing the little things right and with consistent, freakish discipline.
  • Tenet #5 – Compartmentalize whenever possible.  Separate business and personal activity.
  • Tenet #6 – Sam Culper’s Intel SPACE analysis is a useful tool to evaluate your own security posture and weaknesses.
  • Tenet #7 – Do not divulge any more than is necessary for the role you are playing.  When not playing that role, increase your security posture.
  • Tenet #8 – Most hackers get caught by poor OPSEC, good HUMINT, arrogance or hubris, not broken technology.
  • Tenet #9 – Digital Security is necessary for true Operations Security.
  • Tenet #10 – There is no single “best” technology.  You need concentric rings of defense and layered security, just like in the physical world.
  • Tenet #11 – There is always a tradeoff between Speed / Effect and Security, just like the operational world.
  • Tenet #12 – STFU.  – The Grugq, Hacker, Security Consultant
Tagged with:
Posted in Case Study

Secure Browsing, Part 2 – Risks

OK Digital Warriors, this lesson is Secure Browsing Part 2 – Risks.

We’ve already covered Part 1 – Installing Firefox, HTTPS Everywhere, and what HTTPS/SSL is. In this short lesson, we are going to cover the risks you face. In the next lesson, we’ll talk about how to combat the risks with settings, add-ons and OPSEC.

Why is this important? As stated in Part 1, your browsing is probably your largest daily online exposure next to your phone. Your data is collected, correlated, associated with others, and your patterns are analyzed (Culper’s SPACE again). Furthermore, there are ways to use malicious code to penetrate your End Point Security through the browser. You need to be aware these threats so you can eliminate or counter them.

This is Lesson ID=>0021

Read The Rest Here…


Tagged with:
Posted in Level 1 IO

Tabnabbing – a new phishing attack

A perfect find to complement Lesson 0021, Secure Browsing Part 2 – Risks, which we’ll publish this weekend.  Notice this relies on using a Javascript exploit, which we’ll discuss in Lesson 0021, and which Tor Browser helps you disable as a security measure (NoScript Add-On Extension)

Here is the article and the author…

The web is a generative and wild place. Sometimes I think I missed my calling; being devious is so much fun. Too bad my parents brought me up with scruples.

Most phishing attacks depend on an original deception. If you detect that you are at the wrong URL, or that something is amiss on a page, the chase is up. You’ve escaped the attackers. In fact, the time that wary people are most wary is exactly when they first navigate to a site.

What we don’t expect is that a page we’ve been looking at will change behind our backs, when we aren’t looking. That’ll catch us by surprise.

How The Attack Works

  1. A user navigates to your normal looking site.
  2. You detect when the page has lost its focus and hasn’t been interacted with for a while.
  3. Replace the favicon with the Gmail favicon, the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.
  4. As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.
  5. After the user has entered their login information and you’ve sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.

I dub this new type of phishing attack “tabnabbing”.

Tagged with:
Posted in Level 1 IO, Risk

AmRRON Condition 4

AmRRON / Ham folks….this is posted over on the AmRRON site:



Due to increased intelligence reports regarding real-world situation terrorist threats and activity, we are raising the AmCON to Level-4.  Several analysts are assessing an attack (or multiple attacks) is imminent.  Some assessments point to a time frame on or around September 11th. (more in above link)


Government agencies and military intelligence analysts are assessing the threat to be highly credible and ranges from ‘Probable’ to “Imminent.” …(in link above) are some of the supporting documentation and reports.

Posted in News

Cell Phone Kill Switches Mandatory in California

FFIO says:  Alt Comms folks – get your ham licenses and start practicing.

From the Comments Section in Bruce Schneier’s article below:

“What if the NSA accidentally bricks all the phones in a certain area? This is not a theoretical issue anymore.”


Cell Phone Kill Switches Mandatory in California

California passed a kill-switch law, meaning that all cell phones sold in California must have the capability to be remotely turned off. It was sold as an antitheft measure. If the phone company could remotely render a cell phone inoperative, there would be less incentive to steal one.

I worry more about the side effects: once the feature is in place, it can be used by all sorts of people for all sorts of reasons.

The law raises concerns about how the switch might be used or abused, because it also provides law enforcement with the authority to use the feature to kill phones. And any feature accessible to consumers and law enforcement could be accessible to hackers, who might use it to randomly kill phones for kicks or revenge, or to perpetrators of crimes who might — depending on how the kill switch is implemented — be able to use it to prevent someone from calling for help.

“It’s great for the consumer, but it invites a lot of mischief,” says Hanni Fakhoury, staff attorney for the Electronic Frontier Foundation, which opposes the law. “You can imagine a domestic violence situation or a stalking context where someone kills [a victim’s] phone and prevents them from calling the police or reporting abuse. It will not be a surprise when you see it being used this way.”

I wrote about this in 2008, more generally:

The possibilities are endless, and very dangerous. Making this work involves building a nearly flawless hierarchical system of authority. That’s a difficult security problem even in its simplest form. Distributing that system among a variety of different devices — computers, phones, PDAs, cameras, recorders — with different firmware and manufacturers, is even more difficult. Not to mention delegating different levels of authority to various agencies, enterprises, industries and individuals, and then enforcing the necessary safeguards.

Once we go down this path — giving one device authority over other devices — the security problems start piling up. Who has the authority to limit functionality of my devices, and how do they get that authority? What prevents them from abusing that power? Do I get the ability to override their limitations? In what circumstances, and how? Can they override my override?

The law only affects California, but phone manufacturers won’t sell two different phones. So this means that all cell phones will eventually have this capability. And, of course, the procedural controls and limitations written into the California law don’t apply elsewhere.



Posted in News

Encryption 101

Don’t worry, this first encryption lesson will be short and easy. We’re mostly just going to learn the lingo today. We need this to talk about the next lesson, Secure Browsers, and there will be a deeper encryption discussion in a later lesson.

Why is this important? Remember from the Privacy and Anonymity lesson that we need both Privacy and Anonymity. Privacy is driven by encryption. You will learn to secure your browser sessions, encrypt your email, and ensure your chats are secure. It is critical you understand the fundamentals.

Key Terms: Symmetric, Asymmetric, Certificate Authorities, PKI.

Remember, there is nothing magical about the concepts of encryption. It happens all the time when soldiers use One Time Pads. The only difference is that in the digital world, we can leverage complex mathematics (ciphers) to create the encrypted text.

We will discuss two types of encryption – Symmetric and Asymmetric. A minimum encryption system requires plain text, a key, and a process.

Read more here…

Tagged with:
Posted in Level 1 IO

Secure Browsing, Part 1

If this is your first time working on a lesson…

Please read our FreeFor Ops page.  It will explain the site purpose and the overarching concept of FreeFor IO.  It will direct you to also read the Start Here page, and the Lesson Tracker (which are also menu items).  These will show you how to use the lessons effectively to build up your security.

Welcome to Secure Browsing Part 1.

Key Terms: HTTP, HTTPS, SSL, Certificate, Layered Security, End Point Security, Transmission Security

Lesson Goal: Understand the difference between HTTP and HTTPS; Install and Use Firefox

We are going to discuss:

  • Browser tracking / Social Media / Risks
  • Secure Browser install
  • Lesson Recap – A summary of the security you’ve put in place already
  • Transmission Security – HTTP / HTTPS / SSL

Why is browser selection and configuration important? Our cell phones are the worst offender of personal privacy invasion, but our browsing activity is next. Everything you do is tracked, reported and correlated – unless you shut them down by protecting your information.

You must have noticed how in one browser window you are looking at some consumer item, then you hop to a news site, and immediately there is an advertisement in the top or side banner for EXACTLY what you were just looking at. If that Orwellian nightmare doesn’t scare you into action, I’m not sure what will.

When you read Sam Culper’s SPACE Analysis, you will see that poor browsing habits allow our enemies to build signatures, profiles and associations. OpFor can know who you “are” by your profile, and they’re just waiting to assign your name to the profile identity. We’ll talk more about SPACE and Digital Security in a future lesson.

Read more here…

Tagged with:
Posted in Level 1 IO, Uncategorized

Secure Your PC, Lesson 1.4

If this is your first time working on a lesson…

1) Please read our FreeFor Ops page.  It will explain the site purpose and navigation, Lesson Outlines and the overarching concept of FreeFor IO.

2) It will direct you to also read the START HERE page, Tenets page and the first lessons.  There are a few lessons ahead of this one.


Welcome to Secure PC (L1.4, Lesson ID 0018). This quick lesson will arm you with some (free) Windows programs to help keep your PC secure.

There are several layers needed to secure your PC:digital locks

  • Your behavior and discipline
  • Firewalls (in addition to your router)
  • Anti-Virus
  • Anti-Malware / Anti-Spyware
  • Privacy Cleaners / Secure Delete
  • Disk and File Encryption (to be covered in a separate lesson)
  • Regularly:  Scanning, updating virus / malware databases, updating versions


Why is this important? Your PC is where it all begins. It is an end point that needs to be secured. The industry term for this is End Point Security. It is easier to exploit your behaviors and PC than it is to crack encryption or Tor. It is imperative that you keep your PC as secure as possible before we begin the lesson on securing your browser.

Here’s Bruce Schneier commenting on it…(emphasis ours)

TAO (NSA’s Tailored Access Operations) also hacks into computers to recover long-term keys. So if you’re running a VPN that uses a complex shared secret to protect your data and the NSA decides it cares, it might try to steal that secret. This kind of thing is only done against high-value targets.

How do you communicate securely against such an adversary? Snowden said it in an online Q&A soon after he made his first document public: “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.”

Read the rest here…

Tagged with:
Posted in Tools

Privacy & Anonymity Concepts

This is going to be a quick lesson to ensure we all understand the difference between privacy, anonymity and a few other terms.


Why is this important? Certain tools help you achieve certain objectives.VPN’s and encryption help with privacy / security, while Tor helps with anonymity. Just like in the Internet 101 lesson, you have to understand the digital battlefield in order to choose the correct security profile.

We all have an intuitive understanding of what Privacy versus Security means when talking about the physical world. Since 9/11, our right to personal privacy (physical as well as informational) has been under extreme and perverse erosion in the name of providing some fictitious national “security”.


Bruce Schneier, an internationally renowned cryptographer, security and privacy expert, succinctly said:

“The debate isn’t security versus privacy. It’s liberty versus control.”

And there you have it – Liberty v. Control – The People v. The State.


So, what does that mean for FreeFor Information Operations? First, break apart privacy from anonymity. They are not the same.  Privacy is nobody seeing what you do, but potentially knowing who you are. Anonymity is nobody knowing who you are, but potentially seeing what you do.

In military terms, Anonymity is a Covert Operation and Privacy is a Clandestine Operation.

Read the rest here…

Posted in General IO

iWar 101

A related IO interlude before we pick back up with more infosec lessons.  For academic purposes only.

Courtesy of Global Guerrillas…

iWar 101: Kicking the Squirrel

Posted in Projecting IO

QuickTip – Mirror a website locally

In between the regular Security Lessons, we’ll post quick tips or commentary from other authors that we find interesting, useful or relevant.

Here’s something you might like – HTTrack.  This easy to use tool allows you to “mirror”, or copy down an entire website to your local computer.  I’m sure you can see the value of having some of your favorite knowledge websites available offline during “unscheduled” internet outages.


Wirecutter recently posted about  a site,, that has airport data for all airports…could be useful in future sporting events.  Thanks to HTTrack, and about a 15 hour mirror, I now have all that data locally.  The site mirror time depends on how big the site is.  I’ve ranged from 10 minutes to 15 hours.  It runs unattended once you kick it off, so no babysitting.

Get it here, HTTrack…description from the main page…

HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility.

It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site’s relative link-structure. Simply open a page of the “mirrored” website in your browser, and you can browse the site from link to link, as if you were viewing it online. HTTrack can also update an existing mirrored site, and resume interrupted downloads. HTTrack is fully configurable, and has an integrated help system.


Posted in Tools

Next Lesson – Internet 101

If this is your first time here…

1) Please read our FreeFor Ops page.  It will explain the site purpose and navigation, Lesson Outlines and the overarching concept of FreeFor IO.

2) It will direct you to also read the START HERE page, Tenets page and the first lessons.


Good to Go?  Ok, jump into this lesson – Internet 101….

LESSON ID=> 0016

Internet 101

This lesson may be tough to follow for some folks.  Please stick with us on it.  Please post any questions you have and we will do our best to answer them.

We need to cover a few topics on how the internet works. It will make subsequent lessons more understandable.

The more you understand the fundamentals, the more you will understand what is safe, not safe, and how to layer defenses. We’ll keep it as short as possible. We will also begin to introduce terminology and the acronyms. Just like any subject, half the battle to mastering it is learning the language.

There is a diagram of Internet Topology below.  Think of this as your Area of Operations, AO.  It is the map of your digital battlefield.  This lesson is an Intelligence Preparation of the Battlefield, IPB.  There is a “Green Zone” (Your LAN) and there is Outside the Wire.  What you go outside the wire to “do” will dictate your security posture for that activity / mission.  You should never go outside the wire with at least some basic security in place.

Much of this may seem trivial or unimportant, but please take time to read it fully and understand it.

Here is why this is important:

  1. You need to know what an IP Address is and how it identifies you

  2. You use DNS every time you visit a website. You need to know how this lets your ISP see what you are browsing, how to protect against it, and what a DNS Leak is.

  3. You need to know what a MAC address is and why to hide it.

Keep this simple picture in mind as we discuss this.  There is a more comprehensive picture later on in this lesson.




Read the rest HERE…


Tagged with: ,
Posted in Internet Plumbing, Level 1 IO
Current Versions
Looking Glass Secure Email
Version: Latest Beta
Tor Browser: 04.09.15: Version: 4.0.8
Tails : 03.31.15: Version: 1.3.2
Gpg4win: 03.18.15: Version: 2.2.4

We suggest you do NOT follow us with your real email address. Do Lesson #2, get a new anon email, then follow us.

Join 47 other followers