operational security

111 results back to index

Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems by Heather Adkins, Betsy Beyer, Paul Blankinship, Ana Oprea, Piotr Lewandowski, Adam Stubblefield

air gap, anti-pattern, barriers to entry, bash_history, behavioural economics, business continuity plan, business logic, business process, Cass Sunstein, cloud computing, cognitive load, continuous integration, correlation does not imply causation, create, read, update, delete, cryptocurrency, cyber-physical system, database schema, Debian, defense in depth, DevOps, Edward Snowden, end-to-end encryption, exponential backoff, fault tolerance, fear of failure, general-purpose programming language, Google Chrome, if you see hoof prints, think horses—not zebras, information security, Internet of things, Kubernetes, load shedding, margin call, microservices, MITM: man-in-the-middle, NSO Group, nudge theory, operational security, performance metric, pull request, ransomware, reproducible builds, revision control, Richard Thaler, risk tolerance, self-driving car, single source of truth, Skype, slashdot, software as a service, source of truth, SQL injection, Stuxnet, the long tail, Turing test, undersea cable, uranium enrichment, Valgrind, web application, Y2K, zero day

-Compromises Versus Bugs email attack example, The Investigative Process establishing your incident team, Establishing Your Incident Team handovers, Handovers-Handovers, Handover, Handing Back the Incident hypothetical example, Putting It All Together-Closure intersection of security and reliability, Crisis Response investigative process, The Investigative Process-Sharding the investigation keeping control of the incident, Keeping Control of the Incident-Morale keeping the right people informed with the right levels of detail, Keeping the Right People Informed with the Right Levels of Detail operational security, Operational Security-Operational Security, Communications and Operational Security parallelizing the incident, Parallelizing the Incident preparing communications and remediation, Preparing Communications and Remediation reliability/security tradeoffs, Reliability Versus Security: Design Considerations taking command of your incident, Taking Command of Your Incident-Sharding the investigation trading good OpSec for the greater good, Trading Good OpSec for the Greater Good triage, Is It a Crisis or Not?

…

Liberia, Criminal Actors libFuzzer, How Fuzz Engines Work linters, Automated Code Inspection Tools LLVM Clang, How Fuzz Engines Work load balancing, Defendable Architecture load shedding, Load shedding location separation, Location Separation-Isolation of confidentialityaligning physical and logical architecture, Aligning physical and logical architecture isolation of confidentiality, Isolation of confidentiality isolation of trust, Isolation of trust location-based trust, Isolation of trust Lockheed Martin, Intelligence gathering loggingattackers' bypassing of, Small Functional APIs budget for, Budget for Logging collecting appropriate/useful logs, Collect Appropriate and Useful Logs-Budget for Logging designing for immutability, Design Your Logging to Be Immutable determining which security logs to retain, Determine Which Security Logs to Retain-Network-based logging and detection intersection of security and reliability, Investigating Systems and Logging logs as attack target, Reliability Versus Security: Design Considerations privacy issues, Take Privacy into Consideration reliability issues, Reliability Lonestar, Criminal Actors lost causes, value of, Pick Your Battles low-dependency service, Low-dependency components-Low-dependency components M malicious actions, recovery from, Malicious Actions malware reports, Threat Intelligence MASVN (minimum acceptable security version numbers), Minimum Acceptable Security Version Numbers-Minimum Acceptable Security Version Numbers mean time to detection (MTTD), Monitoring and Alerting mean time to repair (MTTR), Monitoring and Alerting meetings, in crisis management situations, Meetings Mehta, Neel, Example: Growing Scope—Heartbleed memory corruption, checksums and, Distinguish horses from zebras memory-safe languages, Use memory-safe languages mental modelsidempotency and, Pay attention to idempotent operations understandability and, Mental Models microservicesdesigning for change with, Use Microservices-Example: Google’s frontend design Google's frontend design, Example: Google’s frontend design Google-internal framework, Example: Microservices and the Google Web Application Framework rate-limiting mechanism as, Design to Go as Quickly as Possible (Guarded by Policy) role separation, Role Separation military, cyber warfare and, Military purposes Miller, Matt, Use memory-safe languages minimum acceptable security version numbers (MASVN), Minimum Acceptable Security Version Numbers-Minimum Acceptable Security Version Numbers Mission Control program, Build Empathy mission, of IR team, Establish a Team Charter mistakes, threat modeling and, Threat modeling insider risk MIT (Massachusetts Institute of Technology), Attacker Profiles mitigation doc, Scoping the Recovery mitigation strategies, advanced (see advanced mitigation strategies) MITRE, Tactics, Techniques, and Procedures morale issuesIC's responsibility for, Morale on incident response teams, Establish a Team Charter motivations, of attacker, Attacker Motivations MTTD (mean time to detection), Monitoring and Alerting MTTR (mean time to repair), Monitoring and Alerting multi-party authorization (MPA), Multi-Party Authorization (MPA)code review as, Require Code Reviews reliability and, Investing in a Widely Used Authorization Framework resilience and, Resilience unilateral insider risk protection, Three-Factor Authorization (3FA) multicomponent failure testing, Multicomponent testing multilevel nesting, Avoid Multilevel Nesting mutation testing, When to Write Unit Tests N NASA, Culture of Inevitably nation-state actors, protecting systems from, Protecting your systems from nation-state actors(see also governments) Netflix, Fuzz Testing network intrusion detection systems (NIDSs), Network-based logging and detection nonfunctional requirements, Nonfunctional Requirements nontechnical risks, Costs and nontechnical risks North Korea, Attacker Motivations notes, keeping during recovery, Recovery Logistics, Postmortems NotPetya ransomware, Risk Assessment Considerations NSA, Risk Assessment Considerations NSO Group, Policing domestic activity O observability, improving, Improve observability OIDC (OpenID Connect), Identities, Example: Identity model for the Google production system OL (operations lead), Establishing Your Incident Team one-time passwords (OTPs), Example: Strong second-factor authentication using FIDO security keys-Example: Strong second-factor authentication using FIDO security keys one-time programmable (OTP) devices, Rolling back firmware and other hardware-centric constraints OODA (observe, orient, decide, act) loop, Parallelizing the Incident open source componentsfor Google custom CA, Securing Third-Party and Open Source Components third-party insider threats, Third-party insiders OpenID Connect (OIDC), Identities, Example: Identity model for the Google production system OpenSSHconfiguration distribution via, POSIX API via OpenSSH custom OpenSSH ForceCommand, Custom OpenSSH ForceCommand OpenSSL library, Evolution, Example: Growing Scope—Heartbleed operating parameters, IR team, Define Operating Parameters for Engaging the IR Team operating system logs, Operating system logs Operation Aurora, Protecting your systems from nation-state actors, After the Recovery operational overload, Set aside time for debugging and investigations, Know what’s normal for your system operational security (OpSec)crisis management, Operational Security-Operational Security hypothetical crisis management example, Communications and Operational Security trading good OpSec for the greater good, Trading Good OpSec for the Greater Good operations lead (OL), Establishing Your Incident Team OSS-Fuzz, Example: ClusterFuzz and OSSFuzz OTP (one-time programmable) devices, Rolling back firmware and other hardware-centric constraints OTPs (one-time passwords), Example: Strong second-factor authentication using FIDO security keys-Example: Strong second-factor authentication using FIDO security keys overcommunication, Example: Increasing HTTPS usage, Misunderstandings, Overcommunicate and Be Transparent overprovisioning, Defender’s Strategy P panic rooms, Graceful Failure and Breakglass Mechanisms parallelizing an incident, Parallelizing the Incident Park Jin Hyok, Attacker Motivations partial restores, Persistent data passwords, On Passwords and Power Drills patch, defined, Short-Term Change: Zero-Day Vulnerability payment processing system design (case study), Example: Payment Processing-Security riskssecurity/reliability considerations, Security and reliability considerations third-party service provider for sensitive data, Using a third-party service provider to handle sensitive data-Security risks Peach Fuzzer, How Fuzz Engines Work penetration testers, Vulnerability Researchers, Special Teams: Blue and Red Teams permissions, Classifying Access Based on Risk persistent data, Persistent data personally identifiable information (PII), Security and reliability considerations Petya ransomware, Risk Assessment Considerations phishing attackcredential rotation and, Credential and Secret Rotation recovery from, Large-Scale Phishing Attack-Large-Scale Phishing Attack two-factor authentication to address risk of, Example: Strong second-factor authentication using FIDO security keys phone bridges, Communications physical location, Location Separation-Isolation of confidentiality PII (personally identifiable information), Security and reliability considerations pivot points, The Investigative Process playbooks, IR team, Create Detailed Playbooks poisoned regions, Dynamic Program Analysis police (see law enforcement agencies) policiesavoiding automated unsupervised changes, A foothold for humans creating unambiguous, Create Unambiguous Policies POSIX API, Small Functional APIs, POSIX API via OpenSSH postmortems, Postmortems-Postmortems, Building a Culture of Security and Reliability, Culture of Inevitably post_install command, Host management prestaging (disaster planning), Prestaging Systems and People Before an Incident-Processes and Proceduresconfiguring systems, Configuring Systems processes and procedures, Processes and Procedures training, Training pre_rm command, Host management priority models, IR teams and, Establish Severity and Priority Models privacy, logging and, Take Privacy into Consideration productionintersection of security and reliability, From Design to Production safe proxies in production environments, Safe Proxies in Production Environments-Safe Proxies in Production Environments single system testing/fault injection, Single system testing/fault injection testing response in production environments, Testing Response in Production Environments productivityincreasing, Increase Productivity and Usability-Increase Productivity and Usability least privilege and, Impact on User Productivity profile, attacker, Attacker Profiles program analysisdynamic, Dynamic Program Analysis-Dynamic Program Analysis static, Static Program Analysis-Formal Methods(see also static analysis) Project Shield, Defendable Architecture provenancebinary, Binary Provenance-What to put in binary provenance, Data Sanitization data sanitization and, Data Sanitization ensuring unambiguous provenance, Ensure Unambiguous Provenance provenance-based deployment policies, Provenance-Based Deployment Policies-Implementing policy decisions proxies, Proxiesbenefits of, Safe Proxies in Production Environments downsides of, Safe Proxies in Production Environments safe (see safe proxies (case study)) pseudonymization, Take Privacy into Consideration publicly trusted certificate authority (CA), Case Study: Designing, Implementing, and Maintaining a Publicly Trusted CA-Conclusion Purple Team, Evaluating Responses, Special Teams: Blue and Red Teams Pwn2Own, Speed Matters Pwnium, Speed Matters Q quality-of-service (QoS) controls, Graceful Degradation quarantine (isolation)assets, Isolating Assets (Quarantine)-Isolating Assets (Quarantine) compartments and, Controlling the Blast Radius R random errors, recovery from, Random Errors ransomware attacks, Criminal ActorsPetya, Risk Assessment Considerations responses based on culture, Triaging the Incident Rapid (software release tool at Google), System Rebuilds and Software Upgrades rate-limiting mechanism, Design to Go as Quickly as Possible (Guarded by Policy) readability, Rollout Strategy recovery, Recovery and Aftermath-Credential and Secret Rotation, Examples-Targeted Attack Requiring Complex Recoveryaftermath of, After the Recovery-Postmortems attacker's response to, How will your attacker respond to your recovery effort?

…

Triaging the Incident Compromises Versus Bugs Taking Command of Your Incident The First Step: Don’t Panic! Beginning Your Response Establishing Your Incident Team Operational Security Trading Good OpSec for the Greater Good The Investigative Process Keeping Control of the Incident Parallelizing the Incident Handovers Morale Communications Misunderstandings Hedging Meetings Keeping the Right People Informed with the Right Levels of Detail Putting It All Together Triage Declaring an Incident Communications and Operational Security Beginning the Incident Handover Handing Back the Incident Preparing Communications and Remediation Closure Conclusion 18.

The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics by Ben Buchanan

active measures, air gap, Bernie Sanders, bitcoin, blockchain, borderless world, Brian Krebs, British Empire, Cass Sunstein, citizen journalism, Citizen Lab, credit crunch, cryptocurrency, cuban missile crisis, data acquisition, disinformation, Donald Trump, drone strike, Edward Snowden, fake news, family office, Hacker News, hive mind, information security, Internet Archive, Jacob Appelbaum, John Markoff, John von Neumann, Julian Assange, Kevin Roose, Kickstarter, kremlinology, Laura Poitras, MITM: man-in-the-middle, Nate Silver, operational security, post-truth, profit motive, RAND corporation, ransomware, risk tolerance, Robert Hanssen: Double agent, rolodex, Ronald Reagan, Russian election interference, seminal paper, Silicon Valley, South China Sea, Steve Jobs, Stuxnet, subscription business, technoutopianism, undersea cable, uranium enrichment, Vladimir Vetrov: Farewell Dossier, Wargames Reagan, WikiLeaks, zero day

For this reason, the NSA calls these documents “technology warning mechanism[s]” and spies on groups like the GSM Association to get them.27 The NSA uses a secretive unit, the Target Technology Trends Center, to do this. The unit’s logo, a giant telescope superimposed on a globe, and its motto—“Predict, Plan, Prevent”—give a sense of its mission: to make sure the agency is not rendered blind by the network operators’ security upgrades and advances. The mobile communications experts and analysts in the unit spy on phone companies all over the world to ensure that future collection remains unimpeded.28 The Target Technology Trends Center builds and maintains a database of mobile phone operators. As of 2012, the database included around seven hundred companies, about 70 percent of the world’s total.29 The group focuses on gathering information that the agency can use to defeat security mechanisms and gain access to cellular calls, messages, and data.30 The NSA maintains a list of around twelve hundred email addresses associated with employees at mobile phone operators around the world.31 Using its signals intelligence methods—almost certainly including passive collection—the NSA makes its own surreptitious copy of some of the information sent to and from these addresses.

…

From this intermediate vantage point, the team at TAO sat back and observed as a wealth of useful information passed by. They watched as the Chinese conducted vulnerability scans and looked for new targets. They spotted Chinese misdirection efforts using email account masquerades and spear-phishing in action. The Chinese hackers were sloppy at times, demonstrating a lack of discipline and operational security. From the same hop points they used for espionage efforts, they sometimes logged into personal email accounts, checked stock portfolios, and watched pornography. TAO quietly kept tabs on them all the while. Once again, the situation highlights the absurd cat-and-cat-and-mouse game endemic to modern cyber operations.

…

Analysts began to develop signatures for the hackers and to track their activities across the internet. To do this, they married the indicators of the group’s activity with the broad net of the Five Eyes’ passive collection apparatus. They were able to see the hop points from which the hackers operated, and, due to the hackers’ poor operational security, log into those systems themselves. This increased collection of information revealed that, in addition to their interest in Iranian targets, the unknown hackers also spied on computers in North Africa, in French-speaking media organizations, in former French colonies, and in European supranational organizations.

Outlaw Platoon: Heroes, Renegades, Infidels, and the Brotherhood of War in Afghanistan by Sean Parnell, John Bruning

clean water, digital map, friendly fire, operational security, traumatic brain injury

On the other end of the chow hall, Yusef sat shooting the breeze with some of Second Platoon’s men. He was always asking us to define words and sayings. He loved jokes, the raunchier, the better. He preferred to hang out with our troops, something that unsettled me at times because of the familiarity it bred. That level of closeness could become an operational security issue, and I made a mental note to talk to the men about it. As I walked past him, Yusef greeted me with all the effusive warmth of a used-car salesman. “Commander Sean, I get an AK-47 today?” he asked. “No,” I said. “But Abdul carried AK,” he said. “No.” “But how will I defend myself?

…

As I checked around for it, somebody mentioned that the ’terps occasionally used them. That surprised me, and I felt a fleeting sense of disquiet over the discovery. A sat phone can be used to call anywhere on the planet. A local national on our base using one could be seen as a breach in operational security. I hustled over to the ’terp hooch, where I found Yusef curled up on his cot, talking quietly into the missing sat phone. He was alone; Bruce Lee and Shaw were out on duty. When he saw me enter, he hung up and said sheepishly, “Just talking to my family, Commander Sean.”

…

On August 16, the mole had made contact with the Iranian team. In coded references, he had revealed the exact location at which Outlaw Platoon planned to establish an observation post that day. Somehow, between the time the platoon had come in from the hilltop in the morning and the time the men had returned to it, the mole had penetrated our operational security and learned exactly what we were going to do. Then he had tipped off the Iranians, who had contacted Galang’s old force. The insurgents had beat us to the hilltop and seeded it with mines. No doubt, the nearby villagers had seen them emplace the devices. When our platoon had arrived a few hours later, they wanted to see what would happen.

Active Measures by Thomas Rid

1960s counterculture, 4chan, active measures, anti-communist, back-to-the-land, Berlin Wall, Bernie Sanders, bitcoin, Black Lives Matter, call centre, Charlie Hebdo massacre, Chelsea Manning, continuation of politics by other means, cryptocurrency, cuban missile crisis, disinformation, Donald Trump, dual-use technology, East Village, Edward Snowden, en.wikipedia.org, end-to-end encryption, facts on the ground, fake news, Fall of the Berlin Wall, false flag, guest worker program, information security, Internet Archive, Jacob Appelbaum, John Markoff, Julian Assange, kremlinology, Mikhail Gorbachev, military-industrial complex, Norman Mailer, nuclear winter, operational security, peer-to-peer, Prenzlauer Berg, public intellectual, Ronald Reagan, Russian election interference, Silicon Valley, Stewart Brand, technoutopianism, We are Anonymous. We are Legion, Whole Earth Catalog, WikiLeaks, zero day

Active measures are contradictory: they are covert operations designed to achieve overt influence, secret devices deployed in public debates, carefully hidden yet visible in plain sight. This inherent tension has operational consequences. Over the decades, dirty tricksters in various intelligence agencies, Western and Eastern, have discovered that tight operational security is neither cost-effective nor desirable, for both partial and delayed exposure may actually serve the interests of the attacker. It is not an accident that disinformation played out in shifting shadows, not in pitch-black darkness. Often, at least since the 1950s, the covert aspect of a given disinformation campaign was only a veneer, imperfect and temporary by design.

…

Just one day after the first documents became public, Lorenzo Franceschi-Bicchierai, one of the best reporters at the technology-focused website Motherboard, was the first journalist to publish an investigative story calling the DNC hack “a disinformation campaign by Russian spies.”11 The same day, June 16, a private intelligence firm named Secureworks published a stunning finding. The firm had discovered what would later be recognized as one of the GRU’s gravest operational security mistakes, one that became clear only when investigators finally figured out the mechanics of the Russian campaign. The remarkable discovery began with an email not unlike the one that tricked John Podesta’s staffers. The link to the fake log-in page was behind the fake CHANGE PASSWORD button.

…

The IRA did not have a cafeteria or canteen, although Prigozhin, known as “Putin’s chef,” owned a sprawling catering business. “People had to bring food boxes from home,” said one former worker to The Washington Post. “Prigozhin did not treat the trolls well. He could at least feed them.” Such poor discipline and operational security contrasts sharply with proper intelligence fronts, such as the CIA’s LCCASSOCK in the 1950S, where only the principal agent and perhaps a treasurer would know about the real source of funding. Yet a division of labor was emerging. The Russian security establishment effectively kept collection and release within the intelligence community, but outsourced the noisy and cheap business of driving wedges through social media to dedicated third-party service providers.

No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State by Glenn Greenwald

air gap, airport security, anti-communist, Cass Sunstein, Chelsea Manning, cognitive dissonance, David Brooks, Edward Snowden, false flag, Gabriella Coleman, Julian Assange, Laura Poitras, Mark Zuckerberg, Occupy movement, off-the-grid, operational security, Panopticon Jeremy Bentham, Rubik’s Cube, Seymour Hersh, Silicon Valley, Skype, Ted Kaczynski, WikiLeaks

He became adept at the most sophisticated methods for safeguarding electronic data from other intelligence agencies and was formally certified as a high-level cyber operative. He was ultimately chosen by the Defense Intelligence Agency’s Joint Counterintelligence Training Academy to teach cyber counterintelligence at their Chinese counterintelligence course. The operational security methods he insisted we follow were ones he learned and even helped design at the CIA and especially the NSA. In July 2013 the New York Times confirmed what Snowden had told me, reporting that “while working for a National Security Agency contractor, Edward J. Snowden learned to be a hacker” and that “he had transformed himself into the kind of cybersecurity expert the N.S.A. is desperate to recruit.”

…

The pattern that I followed my entire time in Hong Kong was thus set: working on stories throughout the night with the Guardian, doing interviews by day with the media, and then joining Laura and Snowden in his hotel room. I frequently took cabs around Hong Kong at 3:00 or 4:00 a.m., going to television studios, always with Snowden’s “operational security” instructions in mind: never to part with my computer or the thumb drives full of documents to prevent tampering or theft. I traveled the desolate streets of Hong Kong with my heavy backpack permanently attached to my shoulders, no matter where or what the hour. I fought paranoia every step of the way and often found myself looking over my shoulder, grabbing my bag just a bit more tightly each time someone approached.

…

“They want to be able to say, ‘We had nothing to do with transporting these documents, it was Glenn and Laura who passed them back and forth.’” She added that using FedEx to send top secret documents across the world—and to send them from her in Berlin to me in Rio, a neon sign to interested parties—was as severe a breach of operational security as she could imagine. “I will never trust them again,” she declared. But I still needed that archive. It contained vital documents related to stories I was working on, as well as many others still to be published. Janine insisted that the problem was a misunderstanding, that the staffer had misinterpreted comments by his supervisor, that some managers in London were now skittish about carrying documents between Laura and me.

This Is How You Lose the Time War by Amal El-Mohtar, Max Gladstone

double helix, lateral thinking, operational security, stem cell

Closing a letter—a physical object without even a ghost in the cloud, all that data on one frail piece of paper—with an even more malleable substance, bearing, of all things, an ideographic signature! Informing any handler of the message’s sender, her role, perhaps even her purpose! Madness—from an operational-security perspective. But, as the prophets say, there ain’t no mountain high enough—so I’ve essayed the work here. I hope you enjoy your whacked seal. I didn’t supply any extra scent, but the medium has a savor all its own. There’s a kind of time travel in letters, isn’t there? I imagine you laughing at my small joke; I imagine you groaning; I imagine you throwing my words away.

…

I should tell you, as Mrs. Leavitt would, that it’s customary to send letters that can be opened without ruining the seal, but I appreciate your innovation more than I can say. What I can say: It was very cold out on the ice. Your letter warmed me. Your talk of ideographic signatures and operational security brought to mind some grooming work I did among a few strands’ worth of Bess of Hardwick’s botanists. While there it was my pleasure to observe correspondence between them and their Lady; just how layered and complex plain speech could be, how many secrets wrapped in the banner of Sincerity (a word commonly invented in sixteenth centuries).

This Machine Kills Secrets: Julian Assange, the Cypherpunks, and Their Fight to Empower Whistleblowers by Andy Greenberg

air gap, Apple II, Ayatollah Khomeini, Berlin Wall, Bill Gates: Altair 8800, Bletchley Park, Burning Man, Chelsea Manning, computerized markets, crowdsourcing, cryptocurrency, disinformation, domain-specific language, driverless car, drone strike, en.wikipedia.org, Evgeny Morozov, Fairchild Semiconductor, fault tolerance, hive mind, information security, Jacob Appelbaum, John Gilmore, John Perry Barlow, Julian Assange, Lewis Mumford, Mahatma Gandhi, military-industrial complex, Mitch Kapor, MITM: man-in-the-middle, Mohammed Bouazizi, Mondo 2000, Neal Stephenson, nuclear winter, offshore financial centre, operational security, PalmPilot, pattern recognition, profit motive, Ralph Nader, real-name policy, reality distortion field, Richard Stallman, Robert Hanssen: Double agent, Silicon Valley, Silicon Valley ideology, Skype, social graph, SQL injection, statistical model, stem cell, Steve Jobs, Steve Wozniak, Steven Levy, Teledyne, three-masted sailing ship, undersea cable, Vernor Vinge, We are Anonymous. We are Legion, We are the 99%, WikiLeaks, X Prize, Zimmermann PGP

He read it. Then he put it in an archive folder and never responded. Why? May says that he had shown that BlackNet could serve its intended purpose. But he argues, a little defensively, that trying to set up a WikiLeaks-like system to distribute or publish black market information required operational security he couldn’t handle. Even if he had kept BlackNet’s source secret, he was clearly the cypherpunks’ prime suspect for enacting such a scheme. And he points out that the message may have also been a honey trap designed to ensnare him and put him in prison. But more frankly, May says, he simply didn’t care.

…

Assange’s first reaction, when Berg told him about meeting Domscheit, was to suggest that Berg dig up “dirt” on her that would be useful when they separated, a piece of advice that deeply wounded Berg. When Berg moved into Domscheit’s apartment shortly after their relationship began, Assange chastised him for putting his full name on the door, a gross display of negligence in Assange’s unspoken rules of operational security. In a written statement Assange would release eighteen months later explaining Domscheit-Berg’s expulsion from WikiLeaks, he would mark that violation as the first sign that Berg couldn’t be trusted with WikiLeaks’ resources and materials. In the same statement, he went on to write that the girlfriend of a Mossad agent attended the Domscheit-Bergs’ wedding, and to accuse Daniel Domscheit-Berg of having given “helpful” information to U.S. intelligence agencies.

…

But to Assange and any other hacker, revealing a password represented a glaring security breach. Those familiar with PGP know that when a file is encrypted to a certain key, the private key will always open a copy of that encrypted file and thus can never be revealed. Secret keys remain secret for life. This was no minor operational security slipup. If someone curious about the archive’s mysterious “xyz” folder—and Web forums of WikiLeaks-watchers were already buzzing about the folder’s mysterious contents—tried testing the printed password out on the four files, one by one, the result would be an incredible and terrible discovery: When he or she reached “z,” the final file would open to reveal the entire, unredacted set of State Department Cables, complete with every sensitive source’s name, from Chinese dissidents to African journalists, every innocent informant to the State Department in every repressive regime around the world.

Glasshouse by Charles Stross

air gap, cognitive dissonance, experimental subject, gravity well, lateral thinking, loose coupling, military-industrial complex, operational security, peer-to-peer, phenotype, prisoner's dilemma, sensible shoes, theory of mind, white picket fence

"I'm all ears," I say. He shudders. "Don't say that." "Well it's"—not literally—"true. Sort of." "Where were you when the war broke out?" he asks. Oops. I didn't expect him to ask that. Revealing that kind of thing would be a big no-no under normal circumstances—a breach of operational security that could allow an opponent to work out exactly who you are and thereby figure out all sorts of useful things about you, enough to endanger you operationally, because virtually everything you ever did in public is stored in a database somewhere. But —we're in the guts of a MASucker, and if I'm not mistaken, there's only one data channel in or out, and Sam isn't part of the cabal, and I reckon the current risk of our being eavesdropped on is low.

…

The setup is designed to encourage resocialization, to help integrate them back into something vaguely resembling postwar society; it's a former MASucker configured as a compact polity with with just one T-gate in or out. Bad guys go in, civilians come out. At least, that was the original theory. "What's going on?" I ask. "I think someone's broken our operational security," says Sanni. I shudder and stare at the muggers. "Yes," he says, seeing the direction of my gaze. "I said we don't have long. A group drawn from several of our operational rivals have infiltrated the Strategic Amnesia Commissariat of the Invisible Republic and taken over the funding and operational control of the glasshouse.

…

Team Yellow, hang around, and I'll brief you. Team Green, eat your lunch, then go back to work—come back to the library individually this afternoon or tomorrow, and Janis will sort you out, back you up, and brief you." There's more muttering from the back. Janis clears her throat. "One more thing. Operational security is paramount. If anyone says anything, we are all . . . not dead. Worse. Dr. Hanta has a full-capability brainfuck clinic running in the hospital. If you give any sign outside of this basement that you're involved in this plan, they'll shut down the shortjump gates, isolating you, and flood us with zombies until we run out of bullets and knives.

Top Secret America: The Rise of the New American Security State by Dana Priest, William M. Arkin

airport security, business intelligence, company town, dark matter, disinformation, drone strike, friendly fire, Google Earth, hiring and firing, illegal immigration, immigration reform, index card, information security, Julian Assange, operational security, profit motive, RAND corporation, Ronald Reagan, Timothy McVeigh, WikiLeaks

IO (Information Operations): Information operations, sometimes called influence operations, are primarily engaged in influencing foreign perceptions and decision making. During armed conflict, they also include efforts to achieve physical and psychological results in support of military operations. Military IO includes psychological operations (PSYOP), military deception, and operations security (OPSEC), which are measures to protect the security of U.S. operations and information and further their goals. JCITA (Joint Counterintelligence Training Academy): Located in Elkridge, Maryland, JCITA is the primary training organization specializing in advanced counterintelligence. Established in 2000, it is a part of the Defense Intelligence Agency.

…

ONI (Office of Naval Intelligence): The navy’s lead intelligence center, it is headquartered at the National Maritime Intelligence Center (NMIC) in Suitland, Maryland. It produces maritime intelligence and analyzes and assesses foreign naval capabilities, trends, operations, and tactics, global civil maritime activity, and an extensive array of all-source analytical products. OPSEC (Operation Security): Measures taken to prevent documents, technology, and plans from being disclosed to unauthorized personnel. OSD (Office of the Secretary of Defense): The OSD formulates general defense policy and policy related to the DoD. It is organized primarily through a set of undersecretaries: undersecretary for acquisition, technology, and logistics; undersecretary for intelligence; undersecretary for personnel and readiness; and undersecretary for policy.

…

Examples are Department of Homeland Security threat assessments. 2 Information operations (IO) are those operations primarily engaged in influencing foreign perceptions and decision making. During armed conflict, they also include efforts made to achieve physical and psychological results in support of military operations. Military IO capabilities include psychological operations (PSYOP), military deception (MILDEC), and operations security (OPSEC), which are measures to protect the security of U.S. operations and information and further their goals. 3 Special Technical Operations (STO) involve “nonkinetic” (for example, nonexplosive) modes of warfare, from classic electronic warfare to the latest cyberwarfare and directed energy techniques.

Attack of the 50 Foot Blockchain: Bitcoin, Blockchain, Ethereum & Smart Contracts by David Gerard

altcoin, Amazon Web Services, augmented reality, Bernie Madoff, bitcoin, Bitcoin Ponzi scheme, blockchain, Blythe Masters, Bretton Woods, Californian Ideology, clean water, cloud computing, collateralized debt obligation, credit crunch, Credit Default Swap, credit default swaps / collateralized debt obligations, cryptocurrency, distributed ledger, Dogecoin, Dr. Strangelove, drug harm reduction, Dunning–Kruger effect, Ethereum, ethereum blockchain, Extropian, fiat currency, financial innovation, Firefox, Flash crash, Fractional reserve banking, functional programming, index fund, information security, initial coin offering, Internet Archive, Internet of things, Kickstarter, litecoin, M-Pesa, margin call, Neal Stephenson, Network effects, operational security, peer-to-peer, Peter Thiel, pets.com, Ponzi scheme, Potemkin village, prediction markets, quantitative easing, RAND corporation, ransomware, Ray Kurzweil, Ross Ulbricht, Ruby on Rails, Satoshi Nakamoto, short selling, Silicon Valley, Silicon Valley ideology, Singularitarianism, slashdot, smart contracts, South Sea Bubble, tulip mania, Turing complete, Turing machine, Vitalik Buterin, WikiLeaks

The Silk Road server had been traced when its real address leaked; they had found the name “Frosty” for the apparent system administrator, an alias Ulbricht had used with forum accounts linked to his GMail account and in many other places. Multiple FBI agents had befriended him on the site and even become administrators. Everyone had assumed that “Dread Pirate Roberts” had the most painstaking operational security imaginable. It turned out Ulbricht was protected by nothing more than an impenetrable shield of narcissism, and an apparent belief that he was too smart and virtuous to be caught. At trial, on charges of money laundering, computer hacking, conspiracy to traffic fraudulent identity documents and conspiracy to traffic narcotics, Ulbricht’s defense amounted to digital identity being ambiguous, with unsubstantiated claims that someone else had set him up.

…

In 2014, darknet markets were estimated to have processed more bitcoins than all legitimate payment processors put together.200 Gwern Branwen has written extensively on the darknet markets and has released 1.6 terabytes of screenshots from darknet sites,201 with analyses.202 The darknet markets fulfil a demand (drugs), but, despite increasingly complex escrow arrangements, they still fall to bad operational security or getting hacked, or just steal all their users’ money – “the constant wearying turmoil of exit-scams and hacks”.203 That said, reliability and quality remain surprisingly good otherwise. However, even drug buyers avoid Bitcoin if they possibly can. Both buyers and sellers frequently complain of Bitcoin’s ridiculously volatile price messing up deals, and transactions taking hours or days to be confirmed with an unpredictable fee.

Spies, Lies, and Algorithms by Amy B. Zegart

2021 United States Capitol attack, 4chan, active measures, air gap, airport security, Apollo 13, Bellingcat, Bernie Sanders, Bletchley Park, Chelsea Manning, classic study, cloud computing, cognitive bias, commoditize, coronavirus, correlation does not imply causation, COVID-19, crowdsourcing, cryptocurrency, cuban missile crisis, Daniel Kahneman / Amos Tversky, deep learning, deepfake, DeepMind, disinformation, Donald Trump, drone strike, dual-use technology, Edward Snowden, Elon Musk, en.wikipedia.org, end-to-end encryption, failed state, feminist movement, framing effect, fundamental attribution error, Gene Kranz, global pandemic, global supply chain, Google Earth, index card, information asymmetry, information security, Internet of things, job automation, John Markoff, lockdown, Lyft, Mark Zuckerberg, Nate Silver, Network effects, off-the-grid, openstreetmap, operational security, Parler "social media", post-truth, power law, principal–agent problem, QAnon, RAND corporation, Richard Feynman, risk tolerance, Robert Hanssen: Double agent, Ronald Reagan, Rubik’s Cube, Russian election interference, Saturday Night Live, selection bias, seminal paper, Seymour Hersh, Silicon Valley, Steve Jobs, Stuxnet, synthetic biology, uber lyft, unit 8200, uranium enrichment, WikiLeaks, zero day, zero-sum game

Desperate for information about British troop strength and plans, Washington instructed Colonel Thomas Knowlton to send a spy behind enemy lines. A twenty-one-year old captain from Connecticut named Nathan Hale courageously volunteered. Hard facts are scant, but evidence suggests the operation was botched from the start. The mission was announced and volunteers solicited in a meeting of several officers—poor operational security.31 Hale used his real name32 and brought his Yale diploma with him, presumably to bolster his cover story that he was an unemployed school teacher looking for work—except that unemployed school teachers didn’t usually hang around British fortifications. In addition to Hale’s flimsy cover, Hale was known to be exceptionally trusting, a poor quality for a spy.

…

During this early period, America’s intelligence system, from collection to analysis to counterintelligence, was largely a do-it-yourself operation. General Washington frequently served as his own spymaster and chief analyst, setting up production for invisible ink,43 advising assets on how to maintain operational security, planting false information for suspected double agents, and assessing the value of the information that came in. Because Washington was enmeshed in running so many intelligence and military operations, he sometimes found it difficult to keep track of everything. In 1777, he wrote to one of his agents, “It runs in my head that I was to corrispond [sic] with you by a fictitious name, if so I have forgotten the name and must be reminded of it again.”44 In 1775, Washington ordered a secret paramilitary mission to seize gunpowder stores in Bermuda.

…

The National Geospatial-Intelligence Agency (NGA) used reference points from the images to estimate his height as well as the genders and heights of others living there.126 NGA used other sensing devices to create 3D models of the compound. The CIA’s open-source center scooped up public information about the city of Abbottabad, but to keep operational security tight, officials requested research on several Pakistani cities.127 The CIA also set up a safe house in Abbottabad with a small team to establish “patterns of life” at the compound.128 Their activities included spying on the laundry hanging outside to determine the number of residents, their genders, and whether they were adults or children.129 All of this does indeed sound like something out of a Jason Bourne film.

Hacker, Hoaxer, Whistleblower, Spy: The Story of Anonymous by Gabriella Coleman

1960s counterculture, 4chan, Aaron Swartz, Amazon Web Services, Bay Area Rapid Transit, bitcoin, Chelsea Manning, citizen journalism, cloud computing, collective bargaining, corporate governance, creative destruction, crowdsourcing, data science, David Graeber, Debian, digital rights, disinformation, do-ocracy, East Village, Eben Moglen, Edward Snowden, false flag, feminist movement, Free Software Foundation, Gabriella Coleman, gentrification, George Santayana, Hacker News, hive mind, impulse control, information security, Jacob Appelbaum, jimmy wales, John Perry Barlow, Julian Assange, Laura Poitras, lolcat, low cost airline, mandatory minimum, Mohammed Bouazizi, Network effects, Occupy movement, Oklahoma City bombing, operational security, pirate software, power law, Richard Stallman, SETI@home, side project, Silicon Valley, Skype, SQL injection, Steven Levy, Streisand effect, TED Talk, Twitter Arab Spring, WikiLeaks, zero day

But as computer security researcher Robert Graham put it, chat logs culled by an informant can be used to “convict you of conspiracy, intent, obstruction of justice [and] racketeering.”34 And the prosecution had an enormous hunk of logs from which to build its case. Still, having Sabu around was not enough to nab everyone—some members of AntiSec and LulzSec remain out of reach of the law. Had others been more careful with their operational security, they may have never been caught. How were mistakes made? Hammond practiced nearly flawless technical operational security, but in chats he revealed personal details. The most important—which I had seen him mention once in public and once in a private channel—was that he had spent time in federal prison. Given one of his main nicknames, “Anarchaos,” his unique status as one of the only bona fide anarchist hackers to have done time in US prison must have placed him pretty high on the list of candidates.

…

They had become so close, in fact, that everyone knew, roughly, where everyone else was logging in from (real names were never shared) Most were headquartered in or around the UK, except Sabu. Some had even foolishly spoken over Skype, which is how Topiary had determined that Cleary’s voice was “annoying”. OpSec, short for Operational Security, is the art of protecting your group’s human and digital interactions. One of the foundations of good OpSec is the knowledge that one’s computer is secure. Depending on proprietary software packages—opaque in both source code and business practices—can compromise that knowledge. The use of free software, such as GNU/Linux, and the avoidance of tools like Skype (commonly understood to have government backdoors) are necessary measures in the never-ending journey of vigilant OpSec.

Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency by Andy Greenberg

2021 United States Capitol attack, Airbnb, augmented reality, bitcoin, Bitcoin Ponzi scheme, Black Lives Matter, blockchain, Brian Krebs, Cody Wilson, commoditize, computerized markets, COVID-19, crowdsourcing, cryptocurrency, Edward Snowden, Elon Musk, Ethereum, ethereum blockchain, forensic accounting, Global Witness, Google Glasses, Higgs boson, hive mind, impulse control, index card, Internet Archive, Jeff Bezos, Julian Assange, Large Hadron Collider, machine readable, market design, operational security, opioid epidemic / opioid crisis, pirate software, Ponzi scheme, ransomware, reserve currency, ride hailing / ride sharing, rolodex, Ross Ulbricht, Satoshi Nakamoto, Skype, slashdot, Social Justice Warrior, the market place, web application, WikiLeaks

For Miller and any other federal agents and prosecutors sniffing around the site, it also suggested that AlphaBay and its mysterious founder were likely based in Russia—an impression cemented by Alpha02’s signature in messages on the site’s user forums: “Будьте в безопасности, братья,” Russian for “Be safe, brothers.” In an interview in April 2015 with the dark-web-focused news site and directory DeepDotWeb, Alpha02 reassured his users that he and his site were beyond the reach of any Silk Road–style seizure. “I am absolutely certain my opsec is secure,” he wrote, using the shorthand for “operational security,” and added, “I live in an offshore country where I am safe.” From the start, Alpha02 declared that AlphaBay’s “goal is to become the largest eBay-style underworld marketplace.” He used almost none of the flowery libertarian rhetoric of the Dread Pirate Roberts and instead seemed to have a steely focus on the bottom line.

…

But by the time he had recruited the DEA’s Robert Miller out of the wiretap room, Rabenn had started to wonder whether they really needed to go to all that effort to achieve their busts. By then they’d done plenty of undercover buys; Rabenn had begun to suspect that many of the dealers they targeted were sloppy enough in their operational security that they could simply purchase their wares and look for clues either in their packaging or in the vendors’ online profiles. Miller, starting his new assignment, assembled the usernames of the top heroin and fentanyl dealers on AlphaBay and began to buy dope from them, one by one. As the packages arrived, triple sealed in silver Mylar and plastic, Miller and the team scrutinized both the shipments and their sellers’ opsec.

…

Years earlier, it seemed, he had written posts there under a username that left little room for doubt: Alpha02. Alpha02 had tried to erase his tracks, deleting messages from the forums and changing his now-notorious username. But the evidence had been preserved by the Internet Archive, a nonprofit project that crawls and copies web pages for posterity. Just as with Ross Ulbricht, Alexandre Cazes’s operational security slipups had been permanently etched into the internet’s long memory. * * * · · · Within days, Rabenn and Miller believed their Alpha02 lead was real. They also knew the case was too big for them to take on alone. They decided to bring their findings to the FBI field office in Sacramento, a much larger outpost just a few hours’ drive north, with significantly more computer crime expertise and resources than their small Fresno office.

Rise of the Machines: A Cybernetic History by Thomas Rid

1960s counterculture, A Declaration of the Independence of Cyberspace, agricultural Revolution, Albert Einstein, Alistair Cooke, Alvin Toffler, Apple II, Apple's 1984 Super Bowl advert, back-to-the-land, Berlin Wall, Bletchley Park, British Empire, Brownian motion, Buckminster Fuller, business intelligence, Charles Babbage, Charles Lindbergh, Claude Shannon: information theory, conceptual framework, connected car, domain-specific language, Douglas Engelbart, Douglas Engelbart, Dr. Strangelove, dumpster diving, Extropian, full employment, game design, global village, Hacker News, Haight Ashbury, Herman Kahn, Howard Rheingold, Ivan Sutherland, Jaron Lanier, job automation, John Gilmore, John Markoff, John Perry Barlow, John von Neumann, Kevin Kelly, Kubernetes, Marshall McLuhan, Menlo Park, military-industrial complex, Mitch Kapor, Mondo 2000, Morris worm, Mother of all demos, Neal Stephenson, new economy, New Journalism, Norbert Wiener, offshore financial centre, oil shale / tar sands, Oklahoma City bombing, operational security, pattern recognition, public intellectual, RAND corporation, Silicon Valley, Simon Singh, Snow Crash, speech recognition, Steve Jobs, Steve Wozniak, Steven Levy, Stewart Brand, systems thinking, technoutopianism, Telecommunications Act of 1996, telepresence, The Hackers Conference, Timothy McVeigh, Vernor Vinge, We are as Gods, Whole Earth Catalog, Whole Earth Review, Y2K, Yom Kippur War, Zimmermann PGP

The air force, by contrast, had a potent intrusion detection system in place. The NSA formed the red team.47 The NSA red team was physically in one large room in the Friendship Annex, at FANX III (pronounced “FAN-ex”), near the Baltimore/Washington International Airport in Maryland, about 10 miles north of the NSA’s main headquarters at Fort Meade. Operational security was tight: the red team needed special access to get into its operations center, packed with computers. The exercise was so intense that the NSA needed to make sure the red team ate and slept properly, because work on the mock attack was so exciting. Before the exercise kicked off, Kenneth Minihan, the NSA director and an air force general, came out to brief his hackers: “We’re shaping history,” he told his team at FANX III.48 The NSA team had no privileged intelligence about the systems it was supposed to bring down, but it did simple reconnaissance for six months.

…

“In light of the press coverage, the consensus among the participating agencies was that we had no real choice but to go directly to Moscow with a request for assistance,” the FBI noted later.97 The intruders were unfazed. The Russians suspected that the machine in London had been watched, and immediately stopped using it. “The publicity stopped it in its tracks,” one of the Met investigators watching the Wimbledon site recalled.98 Then the intruders reviewed their operational security—and continued hacking. “In spite of the ABC story on 3/4/1999, intrusions continued,” the FBI wrote in a memo on April 15.99 One day after the story, the Russian spies broke into Lawrence Berkeley National Laboratory and into Argonne National Laboratory, both passing through the central hop point in Jefferson County, Colorado.

…

Several countries were scanning each other’s networks, probing for vulnerabilities, trying to find things to knock out when the virtual bombs start hissing down. “Think of it as prewar reconnaissance,” Clarke told CBS. Meanwhile, the Russian intelligence operators became more determined not to be caught again. The Moscow-based hackers started improving their operational security. They encrypted files before smuggling them out of their victims’ networks so that a filter at the exit could not spot keywords in cleartext. They started moving more stealthily on their victims’ networks. Later the Russian spies showed even more impressive ingenuity. Intelligence analysts at the NSA and GCHQ suspected that the Moonlight Maze intruders began to hijack satellite downstream links to cover their tracks.

Predator: The Secret Origins of the Drone Revolution by Richard Whittle

Berlin Wall, Charles Lindbergh, cuban missile crisis, Dr. Strangelove, drone strike, Francis Fukuyama: the end of history, gentleman farmer, Google Earth, indoor plumbing, Khyber Pass, Kickstarter, Mikhail Gorbachev, military-industrial complex, Neil Armstrong, no-fly zone, operational security, precision agriculture, Ronald Reagan, Seymour Hersh, Silicon Valley, Strategic Defense Initiative, Teledyne, Yom Kippur War

To stress the importance of secrecy, USAFE commander Martin called a meeting with the unit’s leaders: Boyle, Cooter, Wallace, communications specialist Captain Paul Welch, and Raduenz of Big Safari, who was there to help with logistics and personnel. Martin told them he was going to have the U.S. Air Force Office of Special Investigations test the special Predator unit’s operational security, or, in military parlance, its OPSEC (pronounced “OPP-seck”). “I’m not going to tell them what you’re doing, but I am going to give them access to your phones, your garbage cans, where you’re located, and I’m going to have them try to find out what you’re doing,” the general said. “And if they do, I’m going to kill all of you.

…

With a bit of research, Werner found a company in Catania, Sicily, that was offering for lease a satellite earth terminal with a four-meter antenna that could transmit in the 13.75- to 14-gigahertz range the SESAT required. The company seemed a bit desperate for business, and after negotiating a price Werner thought a bargain, he added an unusual condition. For operational security, he insisted that the Sicilian company deliver the satellite terminal to a location in Germany he would disclose to them at a time of his choosing and hand it over without being told where the equipment was going. The Sicilians agreed, and Werner choreographed a clandestine exchange that unfolded one night a few miles east of the Rhine River.

…

“All we need now is a sofa out front, a broken-down truck on cement blocks, and pink flamingos,” someone said, and though they couldn’t manage the sofa and truck, someone came up with four plastic pink flamingos, which they stuck in the ground around their “redneck flower pot.” CIA officials came out to the Trailer Park from time to time for various reasons, and one or two who saw the pink flamingos and toilet bowl on their grounds suffered shock and awe. Some told Boyle he had to get rid of that junk, if not for operational security then for aesthetic reasons. When CIA Director Tenet saw the hillbilly tableau, he chuckled, then chuckled some more. He also promised to get the toilet fixed, and did. But the flamingos stayed. Tenet, gregarious by nature, occasionally made the fifteen-minute trip from his office to the double-wide on his way home at night to let the Air Force team know how much he appreciated what they were doing.

The Teeth of the Tiger by Tom Clancy

airport security, centralized clearinghouse, complexity theory, false flag, flag carrier, forensic accounting, gentleman farmer, illegal immigration, information security, Occam's razor, operational security, sensible shoes

It is nothing you have not done yourselves, of course. " But not in America, he did not add. Here in Colombia the gloves were all the way off, but they'd been careful to limit themselves in the U.S., their "customer" nation. So much the better. It would be entirely out of character with anything they'd done. Operational security was a concept both sides fully understood. "I see," the senior Cartel man noted. He was no fool. Mohammed could see that in his eyes. The Arab was not going to underestimate these men or their capabilities Nor would he mistake them for friends. They could be as ruthless as his own men, he knew that.

…

I can take care of travel. Arms will be provided by our new friends?" A nod. "Correct " "And how will our warriors enter America?" "That is for our friends to handle. But you will send in a group of three at first, to make sure the arrangements are satisfactorily secure." "Of course." They knew all about operational security. There had been many lessons, none of them gentle. Members of his organization peopled many prisons around the world, those who were unlucky enough to have avoided death. That was a problem, one which his organization had never been able to fix. To die in action, that was noble and courageous.

…

"They think they can strike fear in our hearts by showing us they can attack us anywhere, not just at obvious targets like New York. That was the element of cleverness in this operation. Probably fifteen to twenty total terrorists, plus some support personnel, maybe. That's a fairly large number, but not unprecedented-they maintained good operational security. Their people were well motivated. I would not say that they were particularly well trained, though, they just decided to toss a mad dog in the backyard to bite some of the kids, as it were. They've demonstrated their political willingness to do some very bad things, but that's not a surprise; also to throw dedicated personnel away, but that's not a surprise either.

Dark Mirror: Edward Snowden and the Surveillance State by Barton Gellman

4chan, A Declaration of the Independence of Cyberspace, Aaron Swartz, active measures, air gap, Anton Chekhov, Big Tech, bitcoin, Cass Sunstein, Citizen Lab, cloud computing, corporate governance, crowdsourcing, data acquisition, data science, Debian, desegregation, Donald Trump, Edward Snowden, end-to-end encryption, evil maid attack, financial independence, Firefox, GnuPG, Google Hangouts, housing justice, informal economy, information security, Jacob Appelbaum, job automation, John Perry Barlow, Julian Assange, Ken Thompson, Laura Poitras, MITM: man-in-the-middle, national security letter, off-the-grid, operational security, planetary scale, private military company, ransomware, Reflections on Trusting Trust, Robert Gordon, Robert Hanssen: Double agent, rolodex, Ronald Reagan, Saturday Night Live, seminal paper, Seymour Hersh, Silicon Valley, Skype, social graph, standardized shipping container, Steven Levy, TED Talk, telepresence, the long tail, undersea cable, Wayback Machine, web of trust, WikiLeaks, zero day, Zimmermann PGP

Just as I began to wonder why I bothered, a man who called himself Verax showed up. Using a clever method I had not seen before, he sent me an encryption key, a recognition signal, and a method to verify both. It was like one of those old comic book advertisements: “If U Cn Rd Ths Msg . . .” Delighted, even vindicated, I found that I could. “I appreciate your concern for operational security, particularly in the digital environment,” Verax wrote in his next message. “Many journalists are still exceedingly weak on this topic, which leaves their interests and intentions an open book for sophisticated adversaries. . . . I’m told you’re already quite skilled in this regard.” That was not true, actually.

…

When I confronted a CIA spokesman, he could not give me a categorical answer on whether the agency had made an exception here. The impostor, of course, could have come from anywhere. I built ever-thicker walls of electronic and physical self-defense, and I had access to world-class expertise, but I had not been formally trained in operational security. Put less gently, I was an amateur playing against professionals. Twice I left my keys in the front door overnight. Once I met a source for a drink and agreed to a second round, then a third, a rarity for me. In the morning I could not find my laptop bag anywhere. Frantically I canvassed the possibilities.

…

Its origins, design, and successive tenants are described in “History of NIOC Hawaii,” Navy Information Operations Command, www.public.navy.mil/fltfor/niochi/Pages/AboutUs.aspx; and Donna Miles, “Beneath the Pineapple Fields,” Soldiers, January 1995, 26–27, https://fas.org/irp/news/1995/soldiers_jan95_p26.htm. did not break ground: See Michael A. Lantron, “NSA/CSS Hawaii Breaks Ground for New Operations Security Center,” U.S. Navy news release, September 7, 2007, www.navy.mil/submit/display.asp?story_id=31660. was still “Charlie Foxtrot”: The NSA announced completion of the new Captain Joseph J. Rochefort Building just before Snowden arrived. Sources with firsthand knowledge told me that much confusion accompanied the move, with the usual complaints and growing pains.

Baghdad at Sunrise: A Brigade Commander's War in Iraq by Peter R. Mansoor, Donald Kagan, Frederick Kagan

Apollo 13, Berlin Wall, central bank independence, disinformation, failed state, Fall of the Berlin Wall, friendly fire, HESCO bastion, indoor plumbing, land reform, no-fly zone, open borders, operational security, RAND corporation, rolling blackouts, Saturday Night Live, zero-sum game

Kelly Flynn, however, did not serve in a combat zone. I could not overlook Sergeant Blackwell’s and Corporal Dagen’s serious breach of operational security, but I would not allow the two soldiers to use a court-martial proceeding as a platform on which to disparage the U.S. Army and the antifraternization policy. After consultation with Brigadier General Dempsey, Lieutenant Colonel Hill, and my legal adviser, Captain Dan Sennott, I decided to give each of the soldiers a letter of reprimand. The letters focused squarely on the violation of operational security that put U.S. soldiers at risk and did not mention the violation of General Order no. 1, a subordinate matter that would have clouded the primary issue.

…

I intended for these raids to distract the enemy’s attention from the larger operation that was about to unfold. It was no doubt a forlorn hope. The enemy’s intelligence network was better than ours, and keeping any operation of this magnitude a secret was difficult at best. Despite constant attention to operations security, it is hard to hide the preparations for combat of thirty-five hundred soldiers in seven forward operating bases. At best we could hope that our objective would remain a secret. Even then, because the insurgents knew where their safe houses were located, they could often figure out our intentions.

The Last Punisher: A SEAL Team THREE Sniper's True Account of the Battle of Ramadi by Kevin Lacz, Ethan E. Rocke, Lindsey Lacz

operational security, risk/return, traumatic brain injury

The KYK-13, although mostly outdated now, is a device the National Security Agency developed for the transfer and loading of cryptographic keys for our long-range radios. In enemy hands, the little metal box with its crude knobs and switches could have some pretty hefty implications for our operational security within Ramadi and pretty much all of CENTCOM. The likelihood that the muj would be able to use the KYK was low, but the potential for disaster was still there should it fall into the wrong hands. Our priorities immediately shifted. Without the KYK, we couldn’t launch for the scheduled operation.

…

Our loved ones knew what we told them and understood as much as we could make them, but the rest of the world seemed somehow clueless about the fact that we were at war or that one of my best friends had just given his life for them. It was a hard conclusion to reach, but I began to understand that most people will never understand the brotherhood. * * * “You were in Ramadi?” my mom asked incredulously. Five months in Ramadi, and I’d never told my family where I was. I kept them in the dark for the sake of operational security and for their own peace of mind. My mother’s wide eyes and dropped jaw told me I’d made the right call by not telling them. Ramadi was in the news constantly. Like many Americans with loved ones overseas, she knew the city was the most dangerous place in Iraq. It feels sort of strange to admit that it had never really struck me that what I was doing would have a profound impact on my family.

Chaos Engineering: System Resiliency in Practice by Casey Rosenthal, Nora Jones

Amazon Web Services, Asilomar, autonomous vehicles, barriers to entry, blockchain, business continuity plan, business intelligence, business logic, business process, cloud computing, cognitive load, complexity theory, continuous integration, cyber-physical system, database schema, DevOps, fail fast, fault tolerance, hindsight bias, human-factors engineering, information security, Kanban, Kubernetes, leftpad, linear programming, loose coupling, microservices, MITM: man-in-the-middle, no silver bullet, node package manager, operational security, OSI model, pull request, ransomware, risk tolerance, scientific management, Silicon Valley, six sigma, Skype, software as a service, statistical model, systems thinking, the scientific method, value engineering, WebSocket

Today’s security practices lack the rapid iterative feedback loops that have made modern product delivery successful. The same feedback loops should exist between the changes in product environments and the mechanisms employed to keep them secure. Security measures should be iterative and agile enough to change their behavior as often as the software ecosystem in which they operate. Security controls are typically designed with a particular state in mind (i.e., production release on Day 0). Meanwhile, the system ecosystem that surrounds these controls is changing rapidly every day. Microservices, machines, and other components are spinning up and spinning down. Component changes are occurring multiple times a day through continuous delivery.

…

Benefits of Security Chaos Engineering SCE addresses these problems and offers a number of benefits, including the following: SCE has a more holistic focus on the system. The principal goal is not to trick another human or test alerts; rather, it is to proactively identify system security failures caused by the nature of complex adaptive systems and build confidence in operational security integrity. SCE utilizes simple isolated and controlled experiments instead of complex attack chains involving hundreds or even thousands of changes. It can be difficult to control the blast radius and separate the signal from the noise when you make a large number of simultaneous changes.

Home Maintenance Checklist: Complete DIY Guide for Homeowners: 101 Ways to Save Money and Look After Your Home by Ian Anderson

air gap, clean water, en.wikipedia.org, operational security

Check that each breaker/fuse actually kills the power to that area by double checking that the lights/appliances go off on activation of the breaker or removing the fuse. Remember to keep a torch on, or very close to your consumer unit in a place you can find in total darkness. I like magnetic ones which you can stick to the box itself. Switches and Power Outlets Check each switch and power outlet for correct operation, security (to the wall) and integrity (i.e. not cracked or broken). You can buy a tester which you just plug in and it checks each wire for faults. Make sure that those new appliances added over the years don’t lead to permanent extension leads or multi way plug adapters which may overload an outlet and are a common cause of house fires.

Beautiful security by Andy Oram, John Viega

Albert Einstein, Amazon Web Services, An Inconvenient Truth, Bletchley Park, business intelligence, business process, call centre, cloud computing, corporate governance, credit crunch, crowdsourcing, defense in depth, do well by doing good, Donald Davies, en.wikipedia.org, fault tolerance, Firefox, information security, loose coupling, Marc Andreessen, market design, MITM: man-in-the-middle, Monroe Doctrine, new economy, Nicholas Carr, Nick Leeson, Norbert Wiener, operational security, optical character recognition, packet switching, peer-to-peer, performance metric, pirate software, Robert Bork, Search for Extraterrestrial Intelligence, security theater, SETI@home, Silicon Valley, Skype, software as a service, SQL injection, statistical model, Steven Levy, the long tail, The Wisdom of Crowds, Upton Sinclair, web application, web of trust, zero day, Zimmermann PGP

It’s amazing that a little bit of alcohol can provide enough courage to do this, given the people we were dealing with. Or perhaps I just didn’t know any better at the time. I think this stunned them a bit. Everyone in their group of about five high-level staff looked at one member who had not, up to that point, stood out in our minds as the senior person (nice operational security on their part). He gazed directly back at me and said, “We were just talking about what you have managed to put together here.” “What do you mean?” I pressed. He replied, “All of the briefings we have received state that the sort of setup with the capabilities you have here is not possible without nation-state-type funding.”

…

At this point, I should refer you back to my Upton Sinclair quote earlier in this chapter; but it does leave an interesting thought about the role security will have in the overall landscape of information technology evolution. I was once accused of trivializing the importance of security when I put up a slide at a conference with the text “Security is less important than performance, which is less important than functionality,” followed by a slide with the text “Operational security is a business support function; get over your ego and accept it.” As a security expert, of course, I would never diminish the importance of security; rather, I create better systems by understanding the pressures that other user requirements place on experts and how we have to fit our solutions into place.

Armed Humanitarians by Nathan Hodge

Andrei Shleifer, anti-communist, Berlin Wall, British Empire, clean water, colonial rule, European colonialism, failed state, friendly fire, Golden arches theory, IFF: identification friend or foe, jobless men, Khyber Pass, kremlinology, land reform, Mikhail Gorbachev, no-fly zone, off-the-grid, old-boy network, operational security, Potemkin village, private military company, profit motive, RAND corporation, Ronald Reagan, satellite internet, Silicon Valley, South China Sea, Suez crisis 1956, The Wealth of Nations by Adam Smith, too big to fail, walking around money

As she climbed inside the truck, she found her boots on the top of some odd black box in the passenger compartment. “What’s that?” she asked. One of her colleagues silenced her: their interpreter was in the car. He was a local hire and had no security clearance. You had to be careful not to talk about the equipment in front of them. It was her first encounter with what the military calls OPSEC (operational security): keeping a lid on classified information, keeping operational plans closely held, not revealing sensitive information about equipment or intelligence collection capabilities. OPSEC was not a phrase that was usually employed in aid and development circles. They arrived at Torkham. Sure enough, Parker found herself the lone woman at the meeting with local leaders on the electrification project.

…

The city was also a key trade center, and the division began spending money across the board to keep Mosul stable. In a press briefing shortly after the division’s arrival in Mosul, Petraeus ticked off a laundry list of projects his troops had undertaken: Our soldiers have deployed throughout our area of operation, securing cities and key infrastructure facilities; helping the new interim city and province government get established; conducting joint patrols with Iraqi policemen and manning police stations in the city; helping organize and secure the delivery of fuel and propane; assisting with the organization of the recently begun grain harvest, a huge endeavor in this part of Iraq; building bridges and clearing streets; helping reopen schools and Mosul University; assisting with the reestablishment of the justice system in the area; distributing medical supplies; helping with the distribution of food; guarding archaeological sites; working to restore public utilities, and ninety percent of Mosul now has power and water.7 Petraeus also began paying salaries to government workers.

The Ransomware Hunting Team: A Band of Misfits' Improbable Crusade to Save the World From Cybercrime by Renee Dudley, Daniel Golden

2021 United States Capitol attack, Amazon Web Services, Bellingcat, Berlin Wall, bitcoin, Black Lives Matter, blockchain, Brian Krebs, call centre, centralized clearinghouse, company town, coronavirus, corporate governance, COVID-19, cryptocurrency, data science, disinformation, Donald Trump, fake it until you make it, Hacker News, heat death of the universe, information security, late fees, lockdown, Menlo Park, Minecraft, moral hazard, offshore financial centre, Oklahoma City bombing, operational security, opioid epidemic / opioid crisis, Picturephone, pirate software, publish or perish, ransomware, Richard Feynman, Ross Ulbricht, seminal paper, smart meter, social distancing, strikebreaker, subprime mortgage crisis, tech worker, Timothy McVeigh, union organizing, War on Poverty, Y2K, zero day

The ransom note for one of the variants featured an image of Hitler and a Nazi flag. “You are infected by the Exotic virus,” it said. “Pay or your files will be gone! Have a nice day:)” Daniel was determined to track down the hacker, who went by the name EvilTwin online. EvilTwin had made “dumb mistakes in operational security,” which allowed Daniel to trace his identity. On a beautiful fall Saturday afternoon, before heading outside to enjoy the North Carolina foliage, he reported his progress to the team. “Pretty much have this little kid and his Minecraft buddies all fully identified,” he wrote over Slack. “Names, and towns they live in.

…

After the hacker went dark, Ransomware Hunting Team member Jornt van der Wiel, a Dutch researcher for the Russian cybersecurity company Kaspersky, contacted the French police. “Ok they are interested,” Jornt told the team. “I just need to gather all the info this evening.” The team was ecstatic. “Yes yes and fucking yes to all of this,” Michael wrote. “Hell yeah,” Sarah said. Fabian noted that Wazix’s operational security “has as many holes as his ransomware it seems.” Jornt’s police contact let him know that Wazix could be prosecuted even though he was a juvenile. But the investigator needed a “clear picture” of Wazix’s activities, Jornt said, so that he could convince his boss and the prosecutor to open the case.

Not a Good Day to Die: The Untold Story of Operation Anaconda by Sean Naylor

digital map, friendly fire, Iridium satellite, it's over 9,000, job satisfaction, old-boy network, operational security

Their job was made all the harder by the fact that no one at the Mountain headquarters, including Hagenbeck himself, had access to the most current intelligence about events in Afghanistan. This was a function of the compartmentalized approach to intelligence gathering in the war, in which, for reasons of operational security and bureaucratic turf protection, intelligence gathered by one U.S. agency or command was often not shared with other senior U.S. officials or military commanders in the region. CENTCOM even held back intelligence from Mikolashek’s headquarters. Nevertheless, by the end of December, Wille and Ziemba produced a well-developed concept paper that showed how the Mountain HQ could use conventional and unconventional forces to crush Al Qaida guerrillas in the Shahikot.

…

(The use of the British abbreviation recce, rather than the more American recon, reflected Delta’s roots as an organization modeled along the lines of the British Special Air Service, or SAS, by its founder, Colonel Charlie Beckwith, who had served with the SAS as an exchange officer.) For reasons of operational security and practicality, Delta, now known also by its cover name of Combat Applications Group, was a very self-contained organization. The rest of the unit consisted of superbly trained and equipped mechanics, communications specialists, intelligence analysts, and other support troops, plus a headquarters staff.

…

As soon as the ceremony finished, Ropel, still wearing his Class A dress uniform, jumped in his car at midday and started the long drive to Fort Drum, sleeping for three hours in a truck stop before arriving on post at 4 p.m. the next day. He drove straight to the battalion headquarters, where he ran into the absurd lengths to which the military sometimes goes in order to convince itself that it is dutifully protecting operational security. His own chain of command wouldn’t tell him officially that the unit had deployed to Uzbekistan. “It was a joke,” he recalled. “You could find out more from TV sometimes than from your own commander.” It was an open secret that the battalion had gone to K2, and all Ropel was concerned with was catching up with them as soon as possible.

Tools and Weapons: The Promise and the Peril of the Digital Age by Brad Smith, Carol Ann Browne

"World Economic Forum" Davos, Affordable Care Act / Obamacare, AI winter, air gap, airport security, Alan Greenspan, Albert Einstein, algorithmic bias, augmented reality, autonomous vehicles, barriers to entry, Berlin Wall, Big Tech, Bletchley Park, Blitzscaling, Boeing 737 MAX, business process, call centre, Cambridge Analytica, Celtic Tiger, Charlie Hebdo massacre, chief data officer, cloud computing, computer vision, corporate social responsibility, data science, deep learning, digital divide, disinformation, Donald Trump, Eben Moglen, Edward Snowden, en.wikipedia.org, Hacker News, immigration reform, income inequality, Internet of things, invention of movable type, invention of the telephone, Jeff Bezos, Kevin Roose, Laura Poitras, machine readable, Mark Zuckerberg, minimum viable product, national security letter, natural language processing, Network effects, new economy, Nick Bostrom, off-the-grid, operational security, opioid epidemic / opioid crisis, pattern recognition, precision agriculture, race to the bottom, ransomware, Ronald Reagan, Rubik’s Cube, Salesforce, school vouchers, self-driving car, Sheryl Sandberg, Shoshana Zuboff, Silicon Valley, Skype, speech recognition, Steve Ballmer, Steve Jobs, surveillance capitalism, tech worker, The Rise and Fall of American Growth, Tim Cook: Apple, Wargames Reagan, WikiLeaks, women in the workforce

At Microsoft we were spending more than $1 billion a year developing new security features, an investment that involved more than thirty-five hundred dedicated security professionals and engineers. This work is ongoing as we continually roll out new security features at an accelerating pace, and it’s a huge priority across the tech sector. The second approach, involving what we call operational security, was in some ways more of a priority at Microsoft than at some other tech companies. It includes the work of our threat intelligence teams to detect new threats, the focus of our Cyber Defense Operations Center to share this information with customers, and the work of the Digital Crimes Unit to disrupt and take action against cyberattacks.

…

A second critical need will involve security. Clearly, if data is federated and accessible by more than one organization, the cybersecurity challenges of recent years take on an added dimension. While part of this will require continuing security enhancements, we’ll also need improvements in operational security that enable multiple organizations to manage security together. We’ll also need practical arrangements to address fundamental questions around data ownership. We need to enable groups to share data without giving up their ownership and ongoing control of the data they share. Just as landowners sometimes enter into easements or other arrangements that allow others onto their property without losing their ownership rights, we’ll need to create new approaches to manage access to data.

Rise and Kill First: The Secret History of Israel's Targeted Assassinations by Ronen Bergman

Ayatollah Khomeini, Boycotts of Israel, British Empire, card file, conceptual framework, cuban missile crisis, disinformation, Edward Snowden, facts on the ground, friendly fire, glass ceiling, illegal immigration, Julian Assange, Kickstarter, Marshall McLuhan, operational security, Ronald Reagan, Seymour Hersh, Stuxnet, unit 8200, uranium enrichment, WikiLeaks, Yom Kippur War

The negotiations, however, were kept secret, even from the heads of Israel’s military and intelligence organizations. Rabin instructed Unit 8200, which eavesdropped on Palestinian communications, to report anything they heard about the discussion directly and solely to him. Officially, this was for operational security—any leak that got out to the various Palestinian factions could derail the talks. Unofficially, Rabin wasn’t entirely certain that men who’d spent years trying to kill Arafat and his minions, who ran agencies that had invested enormous effort in the war on Palestinian terrorism, could make the mental adjustment necessary to see a former enemy as a partner in peace.

…

I decided that anything that did not endanger ourselves or our sources could be traded, or otherwise no one would take us seriously. “Three hundred people quit when I came to the Mossad, a massive exodus,” he said. “Incidentally, I’m glad that some of them left.” In light of the demand for more and more operations, Dagan also abolished some of the Mossad’s operational security protocols that had been in place for a long time, some of them for decades. Before he took over, if there weren’t enough passports, credit cards, and secure means of communication for an operation, it was aborted, to stay on the safe side. A large number of operations were canceled due to these security protocols.

…

This time, though, the Israelis knew there was no chance the United States would get involved. Mughniyeh, who had killed hundreds of Americans, was one thing. A Syrian general, the high-ranking official of a sovereign state, was something entirely different. On their own, then, the Israelis began planning a way to dispose of Suleiman. After the Mughniyeh operation, security arrangements in Damascus had been stepped up, and any idea of conducting the operation there was ruled out. Suleiman was closely guarded and constantly escorted by a convoy of armored vehicles, so the possibility of using an explosive device was also rejected. Meir Dagan reached the conclusion that the Mossad would need assistance, and, as it happened, the IDF was eager to take on the job.

Red Rabbit by Tom Clancy, Scott Brick

anti-communist, battle of ideas, disinformation, diversified portfolio, false flag, Ignaz Semmelweis: hand washing, information retrieval, operational security, union organizing, urban renewal

We can use them to formulate the black propaganda, and then use people from the First Chief Directorate to propagate it. This proposed operation is not without risk, of course, but, though complex, it is not all that difficult from a conceptual point of view. The real problems will be in its execution and in operational security. That's why it's critical to eliminate the assassin immediately. The most important thing is the denial of information to the other side. Let them speculate all they wish, but without hard information, they will know nothing. This operation will be very closely held, I presume." "Less than five people at present.

…

He'd have to present it in such a way as to make the urgency of the matter plain and… frightening to them. Would they be frightened? Well, he could help them along that path, couldn't he? Andropov pondered the question for a few more seconds and came to a favorable conclusion. "Anything else, Colonel?" "It hardly needs saying that operational security must be airtight. The Vatican has its own highly effective intelligence service. It would be a mistake to underestimate their capabilities," Bubovoy warned. "Therefore, our Politburo and the Bulgarians must know that this matter cannot be discussed outside of their own number. And for our side, that means no one, even in the Central Committee or the Party Secretariat.

…

"Quite so, Andrey." Every country in the world had a bureaucracy, whose entire purpose was to delay important things from happening. "And we don't want the world to know that our rezident is making a highly important call on the man," the Foreign Minister added, teaching the KGB Chairman a little lesson in operational security, Colonel Rozhdestvenskiy noted. "How long after that, Aleksey Nikolay'ch?" Andropov asked his aide, "Several weeks, at least." He saw annoyance in his boss's eyes and decided to explain. "Comrade Chairman, selecting the right assassin will not be a matter of lifting a phone and dialing a number.

The Market for Force: The Consequences of Privatizing Security by Deborah D. Avant

barriers to entry, continuation of politics by other means, corporate social responsibility, failed state, Global Witness, hiring and firing, independent contractor, information asymmetry, interchangeable parts, Mikhail Gorbachev, military-industrial complex, Nelson Mandela, operational security, Peace of Westphalia, post-Fordism, principal–agent problem, private military company, profit motive, RAND corporation, rent-seeking, rolodex, Seymour Hersh, The Nature of the Firm, trade route, transaction costs

As Terry puts it, “the humanitarian imperative to give aid wherever it was needed clashed with the responsibility to ensure that their aid was not used against those for whom it was intended.”96 Organizations within the relief community 94 95 96 Koenrad Van Brabant has suggested that aid organizations considering hiring PSCs address a checklist of questions including this one. See Koenrad Van Brabant, Operational Security Management in Violent Environments (Washington, DC: Overseas Development Institute, 2000). Shearer, Private Armies and Military Intervention; Correspondence with James Fennell, Managing Director, Defense Systems Africa and Regional Manager (Central Africa), ArmorGroup, April 2000. Terry, Condemned to Repeat, p. 195.

…

., “Private Contractors on United Kingdom Deployed Military Operations: Issues and Prospects,” paper presented at the International Security Studies Section (ISSS) Meeting of the International Studies Association, US Army War College, Carlisle, PA, 1 November 2003. Vallette, Jim and Pratap Chatterjee, “Guarding the Oil Underworld in Iraq,” CorpWatch (5 September 2003). Van Brabant, Koenrad, Operational Security Management in Violent Environments, (Washington, DC: Overseas Development Institute, 2000). Van Creveld, Martin, The Transformation of War (New York: Free Press, 1991). Vandergriff, David, Path to Victory : a Critical Analysis of the Military Personnel System and how it Undermines Readiness (Novato: Presido Press, 2002).

The Death of Money: The Coming Collapse of the International Monetary System by James Rickards

"World Economic Forum" Davos, Affordable Care Act / Obamacare, Alan Greenspan, Asian financial crisis, asset allocation, Ayatollah Khomeini, bank run, banking crisis, Bear Stearns, Ben Bernanke: helicopter money, bitcoin, Black Monday: stock market crash in 1987, Black Swan, Boeing 747, Bretton Woods, BRICs, business climate, business cycle, buy and hold, capital controls, Carmen Reinhart, central bank independence, centre right, collateralized debt obligation, collective bargaining, complexity theory, computer age, credit crunch, currency peg, David Graeber, debt deflation, Deng Xiaoping, diversification, Dr. Strangelove, Edward Snowden, eurozone crisis, fiat currency, financial engineering, financial innovation, financial intermediation, financial repression, fixed income, Flash crash, floating exchange rates, forward guidance, G4S, George Akerlof, global macro, global reserve currency, global supply chain, Goodhart's law, Growth in a Time of Debt, guns versus butter model, Herman Kahn, high-speed rail, income inequality, inflation targeting, information asymmetry, invisible hand, jitney, John Meriwether, junk bonds, Kenneth Rogoff, labor-force participation, Lao Tzu, liquidationism / Banker’s doctrine / the Treasury view, liquidity trap, Long Term Capital Management, low interest rates, mandelbrot fractal, margin call, market bubble, market clearing, market design, megaproject, Modern Monetary Theory, Money creation, money market fund, money: store of value / unit of account / medium of exchange, mutually assured destruction, Nixon triggered the end of the Bretton Woods system, obamacare, offshore financial centre, oil shale / tar sands, open economy, operational security, plutocrats, Ponzi scheme, power law, price stability, public intellectual, quantitative easing, RAND corporation, reserve currency, risk-adjusted returns, Rod Stewart played at Stephen Schwarzman birthday party, Ronald Reagan, Satoshi Nakamoto, Silicon Valley, Silicon Valley startup, Skype, Solyndra, sovereign wealth fund, special drawing rights, Stuxnet, The Market for Lemons, Thomas Kuhn: the structure of scientific revolutions, Thomas L Friedman, too big to fail, trade route, undersea cable, uranium enrichment, Washington Consensus, working-age population, yield curve

A standard rejoinder, by many in the intelligence community, to suggestions of terrorist insider trading is that terrorists would never compromise their own operational security by recklessly engaging in insider trading because of the risks of detection. This reasoning is easily rebutted. No one suggests that terrorist hijacker Mohamed Atta bought put options on AMR through an E*Trade account on his way to hijack American Airlines Flight 11 from Logan Airport, Boston. The insider trading was done not by the terrorists themselves but by parties in their social network. As for operational security, those imperatives are easily overridden by old-fashioned greed. A case in point is home decorating maven Martha Stewart.

The Good, the Bad and the History by Jodi Taylor

friendly fire, global pandemic, if you see hoof prints, think horses—not zebras, index card, Kickstarter, Late Heavy Bombardment, mutually assured destruction, offshore financial centre, operational security, place-making, urban sprawl

Once you are recovered, of course.’ Wow. And he hadn’t finished yet. ‘I intend to promote Mr Markham similarly. He will be Chief Security Officer, presiding over two sections – Internal Security under Captain Hyssop, which will deal with all matters relating to the St Mary’s campus – and Operational Security under Mr Evans, dealing with matters pertaining to jumps.’ ‘Both you and Mr Markham will report to Dr Peterson since, for a short period at least, I shall be spending more time in London and Thirsk, protecting our backs and securing our pos­ition.’ Well, that made sense. And with Mrs Brown by his side, he would be unstoppable.

…

‘In that case – Chief Farrell, I shall require a breakdown of our pod status, together with your maintenance schedule, sometime today, please. ‘Mr Dieter, an inventory of all plant and equipment is to be on my desk by Thursday, please. ‘Mr Markham – a survey and report on both Internal and Operational Security, together with your recommendations, by the end of the week, please.’ He paused. ‘I know things have been a little haphazard recently, but St Mary’s is to be up and fully functioning by next Monday. It’s been a refreshing interlude but it’s time to pick up the reins again. Dismissed.’ Dr Rosemary Salt was not what anyone was expecting.

The Last Astronaut by David Wellington

augmented reality, autonomous vehicles, clean water, crewed spaceflight, gravity well, low earth orbit, megastructure, operational security, orbital mechanics / astrodynamics, overview effect, telepresence

He twisted around—shit, that made his head spin way too much—and saw Parminder Rao lying there on the ground, one arm under her own intact helmet. It couldn’t have been her, she was a good kid. Where was—where was Jansen? He found her curled up in a ball on the unsolid ground. Fast fucking asleep. Everyone was asleep but him. What the hell? Didn’t anybody else ever think about operational security? He reached down and touched a pocket on the front of his suit. A pocket he had kept carefully zipped up since they’d left Orion. If Jansen had stolen what was in that pocket, if she’d figured out his secret and—he would—he didn’t know what he would— Good God. His brain was mush. He couldn’t think straight.

…

We’re very grateful that you saved us from—” “I wasn’t supposed to talk to you before,” the woman said. She didn’t turn around to look at them. “I wasn’t supposed to have any contact with you. I broke the rules to tell you to leave, but you didn’t listen.” She moved, but only to sit in the opening, her legs dangling out over thin air. “I understand,” Hawkins told her. “I’m military. I get operational security. But there are some basic facts we need to resolve.” Channarong shook her head. “Foster’s had a change of heart. He sent me to find Commander Jansen. He has a message for her.” “Foster’s alive?” Jansen asked, sitting up and pushing herself forward, supporting her weight on her hands. “Where is he?

What We Say Goes: Conversations on U.S. Power in a Changing World by Noam Chomsky, David Barsamian

banking crisis, British Empire, Doomsday Clock, failed state, feminist movement, Howard Zinn, informal economy, liberation theology, mass immigration, microcredit, Mikhail Gorbachev, Monroe Doctrine, oil shale / tar sands, operational security, peak oil, RAND corporation, Ronald Reagan, Seymour Hersh, Thomas L Friedman, union organizing, Upton Sinclair, uranium enrichment, Washington Consensus

Frank, “A Health Care Plan So Simple, Even Stephen Colbert Couldn’t Simplify It,” New York Times, 15 February 2007. 44 See Noam Chomsky, 9-11 (New York: Seven Stories, 2001). 45 Charles Forelle, James Bandler, and Mark Maremont, “Executive Pay: The 9/11 Factor,” Wall Street Journal, 15 July 2006; Mark Maremont, Charles Forelle, and James Bandler, “Companies Say Backdating Used in Days After 9/11,” Wall Street Journal, 7 March 2007. 46 “Operations Security Impact on Declassification Management Within the Department of Defense,” 13 February 1998, produced by Booz Allen & Hamilton Inc., Linthicum, Maryland, in response to Executive Order 12958, available online at http://www.fas.org/sgp/othergov/dod_opsec.html. The document recommends a declassification strategy that includes “Diversion: List of interesting declassified material—i.e.

Blockchain: Blueprint for a New Economy by Melanie Swan

23andMe, Airbnb, altcoin, Amazon Web Services, asset allocation, banking crisis, basic income, bioinformatics, bitcoin, blockchain, capital controls, cellular automata, central bank independence, clean water, cloud computing, collaborative editing, Conway's Game of Life, crowdsourcing, cryptocurrency, data science, digital divide, disintermediation, Dogecoin, Edward Snowden, en.wikipedia.org, Ethereum, ethereum blockchain, fault tolerance, fiat currency, financial innovation, Firefox, friendly AI, Hernando de Soto, information security, intangible asset, Internet Archive, Internet of things, Khan Academy, Kickstarter, Large Hadron Collider, lifelogging, litecoin, Lyft, M-Pesa, microbiome, Neal Stephenson, Network effects, new economy, operational security, peer-to-peer, peer-to-peer lending, peer-to-peer model, personalized medicine, post scarcity, power law, prediction markets, QR code, ride hailing / ride sharing, Satoshi Nakamoto, Search for Extraterrestrial Intelligence, SETI@home, sharing economy, Skype, smart cities, smart contracts, smart grid, Snow Crash, software as a service, synthetic biology, technological singularity, the long tail, Turing complete, uber lyft, unbanked and underbanked, underbanked, Vitalik Buterin, Wayback Machine, web application, WikiLeaks

In the case of cryptocurrencies, if they are applied with the principles of neutrality, everyone worldwide might start to have access. Thus, alternative currencies could be a helpful tool for bridging the digital divide. However, there is another tier of digital divide beyond access: know-how. A new digital divide could arise (and arguably already has in some sense) between those who know how to operate securely on the Internet and those who do not. The principles of neutrality should be extended such that appropriate mainstream tools make it possible for anyone to operate anonymously (or rather pseudonymously), privately, and securely in all of their web-based interactions and transactions. Digital Art: Blockchain Attestation Services (Notary, Intellectual Property Protection) Digital art is another arena in which blockchain cryptography can provide a paradigm-shifting improvement (it’s also a good opportunity to discuss hashing and timestamping, important concepts for the rest of the book).

Executive Orders by Tom Clancy

affirmative action, Ayatollah Khomeini, card file, defense in depth, disinformation, Dissolution of the Soviet Union, experimental subject, financial independence, flag carrier, friendly fire, Great Leap Forward, lateral thinking, military-industrial complex, Monroe Doctrine, Neil Armstrong, one-China policy, operational security, out of africa, Own Your Own Home, plutocrats, power law, rolodex, South China Sea, the long tail, trade route

We don't know for sure, and without ID'ing people, we can't find out.” “I can dig it, guys.” Murray grunted, and reached for his beer. “When I was working OC-organized crime-sometimes we ID'd Mafia capi by who held the car door open for whom. Hell of a way to do business.” It was the friendliest thing the Foleys remembered hearing from the FBI about CIA. “Operational security really isn't all that hard if you think about it a little.” “Makes a good case for PLAN BLUE,” Jack said next. “Well, then you might be pleased to know the first fifteen are in the pipeline even as we speak. John should have given them their welcoming speech a few hours ago,” the DCI announced.

…

The British Airways team had the most options of all. One would take Concorde Flight 3 into New York. The only trick was getting them through the first series of flights. After that, the whole massive system of international air travel would handle the dispersal. Still, twenty people, twenty possible mistakes. Operational security was always a worry. He'd spent half his life trying to outfox the Israelis, and while his continued life was some testimony to his success-or lack of total failure, which was somewhat more honest-the hoops he'd had to leap through had nearly driven him mad more than once. Well. At least he had the flights figured out.

…

“Who do you suppose did it?” It was a dumb question, and it generated a dumber reply. “Somebody who doesn't like us a whole hell of a lot,” John answered crossly. “Sorry.” Chavez looked out the window and thought for a few seconds. “It's one hell of a gamble, John.” “If we find out it is and operational security on something like this is a motherfucker.” “Roge-o, Mr. C. The people we've been looking at?” “That's a possibility. Others, too, I suppose.” He checked his watch. Director Foley should be back from Washington by now, and they should head up to his office. It took only a couple of minutes.

My Journey as a Combat Medic: From Desert Storm to Operation Enduring Freedom by Patrick Thibeault

affirmative action, operational security, placebo effect, satellite internet

I remembered listening to Armed Forces Radio in Europe as a kid when we moved around Army bases with my dad’s work, and it was like coming home again, listening to the same radio station that I had heard when I was a child. They didn’t play any radio commercials on these stations, but instead had these military-related snippets about how to watch what you say in front of others including operation security, or OPSEC. Every morning the radio station started the day playing this one song called “Rock the Casbah,” which seemed like it was becoming the theme song of the war. I didn’t know how to rock any Casbah; I had no idea what a Casbah was. However, the song did inspire the troops and I liked it.

Survival of the Richest: Escape Fantasies of the Tech Billionaires by Douglas Rushkoff

"World Economic Forum" Davos, 4chan, A Declaration of the Independence of Cyberspace, agricultural Revolution, Airbnb, Alan Greenspan, Amazon Mechanical Turk, Amazon Web Services, Andrew Keen, AOL-Time Warner, artificial general intelligence, augmented reality, autonomous vehicles, basic income, behavioural economics, Big Tech, biodiversity loss, Biosphere 2, bitcoin, blockchain, Boston Dynamics, Burning Man, buy low sell high, Californian Ideology, carbon credits, carbon footprint, circular economy, clean water, cognitive dissonance, Colonization of Mars, coronavirus, COVID-19, creative destruction, Credit Default Swap, CRISPR, data science, David Graeber, DeepMind, degrowth, Demis Hassabis, deplatforming, digital capitalism, digital map, disinformation, Donald Trump, Elon Musk, en.wikipedia.org, energy transition, Ethereum, ethereum blockchain, European colonialism, Evgeny Morozov, Extinction Rebellion, Fairphone, fake news, Filter Bubble, game design, gamification, gig economy, Gini coefficient, global pandemic, Google bus, green new deal, Greta Thunberg, Haight Ashbury, hockey-stick growth, Howard Rheingold, if you build it, they will come, impact investing, income inequality, independent contractor, Jane Jacobs, Jeff Bezos, Jeffrey Epstein, job automation, John Nash: game theory, John Perry Barlow, Joseph Schumpeter, Just-in-time delivery, liberal capitalism, Mark Zuckerberg, Marshall McLuhan, mass immigration, megaproject, meme stock, mental accounting, Michael Milken, microplastics / micro fibres, military-industrial complex, Minecraft, mirror neurons, move fast and break things, Naomi Klein, New Urbanism, Norbert Wiener, Oculus Rift, One Laptop per Child (OLPC), operational security, Patri Friedman, pattern recognition, Peter Thiel, planetary scale, Plato's cave, Ponzi scheme, profit motive, QAnon, RAND corporation, Ray Kurzweil, rent-seeking, Richard Thaler, ride hailing / ride sharing, Robinhood: mobile stock trading app, Sam Altman, Shoshana Zuboff, Silicon Valley, Silicon Valley billionaire, SimCity, Singularitarianism, Skinner box, Snapchat, sovereign wealth fund, Stephen Hawking, Steve Bannon, Steve Jobs, Steven Levy, Steven Pinker, Stewart Brand, surveillance capitalism, tech billionaire, tech bro, technological solutionism, technoutopianism, Ted Nelson, TED Talk, the medium is the message, theory of mind, TikTok, Torches of Freedom, Tragedy of the Commons, universal basic income, urban renewal, warehouse robotics, We are as Gods, WeWork, Whole Earth Catalog, work culture , working poor

The second one, somewhere in the Poconos, has to remain a secret. “The fewer people who know the locations, the better,” he explained, along with a link to the Twilight Zone episode where panicked neighbors break into a family’s bomb shelter during a nuclear scare. “The primary value of Safe Haven is Operational Security, nicknamed OpSec by the military. If/when the supply chain breaks, the people will have no food delivered. Covid-19 gave us the wake-up call as people started fighting over TP. When it comes to a shortage of food it will be vicious. That is why those intelligent enough to invest have to be stealth.”

Hunting in the Shadows: The Pursuit of Al Qa'ida Since 9/11: The Pursuit of Al Qa'ida Since 9/11 by Seth G. Jones

airport security, battle of ideas, defense in depth, drone strike, Google Earth, index card, it's over 9,000, Khyber Pass, medical residency, Murray Gell-Mann, operational security, RAND corporation, Saturday Night Live, Silicon Valley, Timothy McVeigh, trade route, WikiLeaks

“Sometimes at his apartment, or sometimes in the mosque, like after the prayers and stuff, we’ll just hang out there, just come,” said Sahim Alwan. “He also taught the Qur’an to the kids in the mosque.”85 The location was important. For Derwish, recruitment and incitement were better in private, informal settings where operational security could be maintained, rather than at public mosque services which law enforcement agencies could be monitoring. These clandestine meetings drew as many as twenty regular attendees, most of whom were in their late teens and early twenties. Lackawanna’s young Muslims were captivated by Derwish.

…

Lawrence, better known as Lawrence of Arabia, during a short visit in the 1920s; “no birds or beasts except a jackal concert for five minutes about ten p.m.”33 For Philip Mudd, who had moved from the CIA to the FBI, the ability of terrorists to establish overseas connections had a multiplier effect. “Their operational security capabilities are often better than those of purely homegrown terrorists,” he concluded. Part of the reason was that the individuals they interacted with had developed sophisticated countersurveillance and counterintelligence capabilities just to survive. “In short,” he noted to colleagues, “counterintelligence improves when they go overseas.”34 From 2003 to 2005, when the United States was engrossed by Iraq, the tribal areas were largely ignored.

Why Airplanes Crash: Aviation Safety in a Changing World by Clinton V. Oster, John S. Strong, C. Kurt Zorn

air traffic controllers' union, airline deregulation, airport security, correlation coefficient, flag carrier, operational security, Tenerife airport disaster, trickle-down economics

,p.32. 154 WHY AIRPLANES CRASH: AVIATION SAFETY IN A CHANGING WORLD wage in some cases. High turnover occurs as a result; in some cases, turnover rates have exceeded 100 percent per year.12 The FAA has attempted to help, doubling the number of air marshals and security inspectors since 1985. However, the government role is largely relegated to monitoring security operators. Security services are not required to meet an established set of standards; without such requirements, enforcement actions are quite difficult. As a result, airport security efforts exhibit a strong preference for, and reliance on, technology to provide safety. However, the basic X-ray and metal screening technology widely used in airport detection systems has not changed very much since its introduction in 1973.

Smart Cities, Digital Nations by Caspar Herzberg

Asian financial crisis, barriers to entry, business climate, business cycle, business process, carbon footprint, clean tech, clean water, cloud computing, corporate social responsibility, Dean Kamen, demographic dividend, Edward Glaeser, Edward Snowden, Hacker News, high-speed rail, hive mind, Internet of things, knowledge economy, Masdar, megacity, New Urbanism, operational security, packet switching, QR code, remote working, RFID, rising living standards, risk tolerance, Ronald Reagan, shareholder value, Silicon Valley, Silicon Valley startup, smart cities, Smart Cities: Big Data, Civic Hackers, and the Quest for a New Utopia, smart meter, social software, special economic zone, Stephen Hawking, telepresence, too big to fail, trade route, transcontinental railway, upwardly mobile, urban planning, urban sprawl, women in the workforce, working poor, X Prize

“We regard the IP network as the fourth utility.” Each network is subject to a distinct list of requirements. A casino resort, like any institution that operates constantly and supports huge numbers of financial transactions and interior communications, requires speed, efficiency, and security of data as a baseline for operations. Security against criminal activities is also critical. Cisco’s camera networks and video analytics could fulfill the function of protecting the house and players from criminal activity. No less important was security against unsolicited packets of data embedded deep in the IP network. Cisco was tasked with securing the gates at all layers of this city’s function.

Team Topologies: Organizing Business and Technology Teams for Fast Flow by Matthew Skelton, Manuel Pais

anti-pattern, business logic, business process, call centre, cognitive load, continuous integration, Conway's law, database schema, DevOps, different worldview, Dunbar number, holacracy, information security, Infrastructure as a Service, Internet of things, Jeff Bezos, Kanban, Kickstarter, knowledge worker, Kubernetes, Lean Startup, loose coupling, meta-analysis, microservices, Norbert Wiener, operational security, platform as a service, pull request, remote working, systems thinking, two-pizza team, web application

Figure 4.4: Influence of Size and Engineering Maturity on Choice of Topologies Organization size (or software scale) and engineering discipline influence the effectiveness of team interaction patterns. Low maturity organizations will need time to acquire the engineering and product development capabilities required for autonomous end-to-end teams. Meanwhile, more specialized teams (development, operations, security, and others) are an acceptable trade-off, as long as they collaborate closely to minimize wait times and quickly address issues. For a moderate scale of organization or software, patterns that emphasize close collaboration between teams at speed work well. As the size of the organization or software scale increases, focusing on providing the underlying infrastructure or platform as a service brings important benefits in terms of user-facing service reliability and the ability to meet customer expectations.

Bottoms Up and the Devil Laughs by Kerry Howley

air gap, Bernie Sanders, Chelsea Manning, cognitive bias, disinformation, Donald Trump, drone strike, Edward Snowden, Evgeny Morozov, failed state, fake news, Joan Didion, Julian Assange, Laura Poitras, Nelson Mandela, operational security, pre–internet, QAnon, Russian election interference, security theater, Shoshana Zuboff, social graph, surveillance capitalism, WikiLeaks

A staffer remembers reporters sitting in silence on a couch. Someone had scotch. The TV spots were canceled. There was a time when you could look at a classified document and convince yourself it had been taken without a trace. With the prosecution of Reality Winner, that time period definitively closed. The head of operational security at The Intercept, who had not been consulted at any point from the moment the document arrived to the moment it was posted for all to see, was in Iceland with his wife, en route to Europe at the start of what might otherwise have been a restful vacation. He would find on social media, the morning after the document was posted, a slew of angry strangers blaming him for the failure.

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race by Nicole Perlroth

4chan, active measures, activist lawyer, air gap, Airbnb, Albert Einstein, Apollo 11, barriers to entry, Benchmark Capital, Bernie Sanders, Big Tech, bitcoin, Black Lives Matter, blood diamond, Boeing 737 MAX, Brexit referendum, Brian Krebs, Citizen Lab, cloud computing, commoditize, company town, coronavirus, COVID-19, crony capitalism, crowdsourcing, cryptocurrency, dark matter, David Vincenzetti, defense in depth, digital rights, disinformation, don't be evil, Donald Trump, driverless car, drone strike, dual-use technology, Edward Snowden, end-to-end encryption, failed state, fake news, false flag, Ferguson, Missouri, Firefox, gender pay gap, George Floyd, global pandemic, global supply chain, Hacker News, index card, information security, Internet of things, invisible hand, Jacob Appelbaum, Jeff Bezos, John Markoff, Ken Thompson, Kevin Roose, Laura Poitras, lockdown, Marc Andreessen, Mark Zuckerberg, mass immigration, Menlo Park, MITM: man-in-the-middle, moral hazard, Morris worm, move fast and break things, mutually assured destruction, natural language processing, NSO Group, off-the-grid, offshore financial centre, open borders, operational security, Parler "social media", pirate software, purchasing power parity, race to the bottom, RAND corporation, ransomware, Reflections on Trusting Trust, rolodex, Rubik’s Cube, Russian election interference, Sand Hill Road, Seymour Hersh, Sheryl Sandberg, side project, Silicon Valley, Skype, smart cities, smart grid, South China Sea, Steve Ballmer, Steve Bannon, Steve Jobs, Steven Levy, Stuxnet, supply-chain attack, TED Talk, the long tail, the scientific method, TikTok, Tim Cook: Apple, undersea cable, unit 8200, uranium enrichment, web application, WikiLeaks, zero day, Zimmermann PGP

Attached to the message was a link to 300 megabytes of data—the equivalent of text in three hundred novels—only in this case the files contained hacking tools with code names like Epicbanana, Buzzdirection, Egregiousblunder, and Eligiblebombshell. A few figured that some idiot with way too much time on his hands had simply gone through the Snowden documents and the TAO ANT catalog Der Spiegel posted years earlier, come up with his own silly names, and slapped them onto hacking tools plucked from the dark web. But as NSA operators, security researchers, and hackers all over the world started teasing the file apart, it became clear this was the real deal. The trove contained zero-day exploits that could invisibly break through the firewalls sold by Cisco, Fortinet, and some of the most widely used firewalls in China. I immediately called up every former TAO employee who would pick up their phone.

…

When FBI agents showed up at Winner’s home, she confessed to removing the classified report and mailing it to the Intercept. The report contained dots, denoting a serial number invisible to the naked eye, that allowed the NSA to match the document back to a machine in its offices. This was a tragic lapse in reporters’ “operational security.” In August 23, 2018, Ms. Winner was sentenced to sixty-three months in prison. See Amy B. Wang, “Convicted Leaker Reality Winner Thanks Trump after He Calls Her Sentence So Unfair,” Washington Post, August 30, 2018. For our early reporting on Guccifer 2.0, see Charlie Savage and Nicole Perlroth, “Is DNC Email Hacker a Person or a Russian Front?

Rainbow Six by Tom Clancy

active measures, air freight, airport security, bread and circuses, centre right, clean water, computer age, Exxon Valdez, false flag, flag carrier, Live Aid, old-boy network, operational security, plutocrats, RAND corporation, Recombinant DNA, rent control, rolodex, superconnector, systems thinking, urban sprawl

"You ask us to give up much," Hans Furchtner pointed out. "You will be properly provided for. My sponsor-" "Who is that?" Petra asked. "This you may not know," Popov replied quietly. "You suppose that you take risks here? What about me? As for my sponsor, no, you may not know his identity. Operational security is paramount. You are supposed to know these things," he reminded them. They took the mild rebuke well, as he'd expected. These two fools were true believers, as Ernst Model had been, though they were somewhat brighter and far more vicious, as that luckless American sergeant had learned, probably staring with disbelief into the still-lovely blue eyes of Petra Dortmund as she'd used the hammer on his various body parts.

…

He'd just informed John Brightling of the operational dangers involved in using him, Popov, to set up the terrorist incidents, and especially of the flaws in his communications security. The latter, especially, had frightened the man. Perhaps he ought to have warned him earlier, but somehow the subject had never arisen, and Dmitriy Arkadeyevich now realized that it had been a serious error on his part. Well, perhaps not that great an error. Operational security was not all that bad. Only two people knew what was happening well, probably that Henriksen fellow as well. But Bill Henriksen was former FBI, and if he were an informer, then they'd all be in jail now. The FBI would have all the evidence it needed for a major felony investigation and trial, and would not allow things to proceed any further unless there were some vast criminal conspiracy yet to be uncovered - but how much larger would it have to be than conspiracy to commit murder?

…

We've checked out the objective, and our plan is a thing of beauty, my friend. We will sting them, Iosef Andreyevich," Grady promised. "We will hurt them badly." "I will need to know when, exactly. There are things I must do as well," Popov told him. That stopped him, Dmitriy saw. The issue here was operational security. An outsider wanted to know things that only insiders should have knowledge of. Two sets of eyes stared at each other for a few seconds. But the Irishman relented. Once he verified that the money was in place, then his trust in the Russian was confirmed-and delivery of the ten pounds of white powder was proof of the fact in and of itself-assuming that he wasn't arrested by the Garda later this day.

The Snowden Files: The Inside Story of the World's Most Wanted Man by Luke Harding

affirmative action, air gap, airport security, Anton Chekhov, Apple's 1984 Super Bowl advert, Berlin Wall, Big Tech, Bletchley Park, Chelsea Manning, disinformation, don't be evil, drone strike, Edward Snowden, Etonian, Firefox, Google Earth, information security, Jacob Appelbaum, job-hopping, Julian Assange, Khan Academy, kremlinology, Laura Poitras, Mark Zuckerberg, Maui Hawaii, MITM: man-in-the-middle, national security letter, operational security, Panopticon Jeremy Bentham, pre–internet, Ralph Waldo Emerson, rolodex, Rubik’s Cube, Silicon Valley, Skype, social graph, Steve Jobs, TechCrunch disrupt, undersea cable, web application, WikiLeaks

Snowden flung up his arms in alarm, as if prodded by an electric stick. ‘I might as well have invited the NSA into his bedroom,’ MacAskill says. The young technician explained that the spy agency was capable of turning a mobile phone into a microphone and tracking device; bringing it into the room was an elementary mistake in operational security, or op-sec. MacAskill exited, and dumped the phone outside. Snowden’s own precautions were remarkable. He piled pillows up against the door to stop anyone from eavesdropping from outside in the corridor; the pillows were stacked up in half-columns either side, and across the bottom. When putting passwords into computers, he placed a big red hood over his head and laptop – a sort of giant snood – so the passwords couldn’t be picked up by hidden cameras.

Spam Nation: The Inside Story of Organized Cybercrime-From Global Epidemic to Your Front Door by Brian Krebs

barriers to entry, bitcoin, Brian Krebs, cashless society, defense in depth, Donald Trump, drop ship, employer provided health coverage, independent contractor, information security, John Markoff, mutually assured destruction, offshore financial centre, operational security, payday loans, pirate software, placebo effect, ransomware, seminal paper, Silicon Valley, Stuxnet, the payments system, transaction costs, web application

ChronoPay employees used their MegaPlan accounts to track payment processing issues, customer order volumes, and advertising partnerships for these black programs. In a move straight out of the Quentin Tarantino film Reservoir Dogs, the employees adopted curious aliases such as “Mr. Kink,” “Mr. Stranger,” “Mr. Templar,” and “Ms. Gandalfine.” However, in a classic failure of operational security, many of these employees had their MegaPlan messages and passwords automatically forwarded to their ChronoPay employee email accounts, which ended up in the corpus of emails that were leaked. An organizational chart featured on the ChronoPay MegaPlan homepage showed that the former cop Maltsev (a.k.a.

The (Honest) Truth About Dishonesty: How We Lie to Everyone, Especially Ourselves by Dan Ariely

accounting loophole / creative accounting, Albert Einstein, behavioural economics, Bernie Madoff, Broken windows theory, cashless society, clean water, cognitive dissonance, cognitive load, Credit Default Swap, Donald Trump, fake it until you make it, financial engineering, fudge factor, John Perry Barlow, new economy, operational security, Richard Feynman, Schrödinger's Cat, Shai Danziger, shareholder value, social contagion, Steve Jobs, Tragedy of the Commons, Walter Mischel

It’s more akin to taking several boxes of pens, a stapler, and a ream of printer paper, which is much more difficult to ignore or rationalize. To Catch a Thief Our next experiment looked at what might happen if participants felt that there was a higher probability of getting caught cheating. Basically, we inserted the mental equivalent of a partially operating security camera into the experiment. We asked one group of participants to shred one half of their worksheet—which meant that if they were dishonest, we might find some evidence of it. We asked a second group to shred the whole work sheet, meaning that they could get off scot-free. Finally, we asked a third group to shred the whole worksheet, leave the testing room, and pay themselves from a sizable bowl of money filled with more than $100 in small bills and coins.

Silk Road by Eileen Ormsby

4chan, bitcoin, blockchain, Brian Krebs, corporate governance, cryptocurrency, disinformation, drug harm reduction, Edward Snowden, fiat currency, Firefox, incognito mode, Julian Assange, litecoin, Mark Zuckerberg, Network effects, off-the-grid, operational security, peer-to-peer, Ponzi scheme, power law, profit motive, Right to Buy, Ross Ulbricht, Satoshi Nakamoto, stealth mode startup, Ted Nelson, trade route, Turing test, web application, WikiLeaks

He said he bought other vendors laundering consultations, ‘playing it all quite dumb so I could see the depth of their knowledge which to be frank, wasn’t deep at all’. He claimed most major Silk Road vendors had been in touch with him, he laundered most of the top-ranked sellers’ money and they were all really happy with him. But, of course, he couldn’t provide any details ‘for opsec [operational security] reasons’. It all sounded like the deluded fantasies of a wannabe gangster. Upon checking the forums’ archives to read StExo’s old posts, it was revealed he had deleted all of them – hundreds – a couple of months earlier. This would have been done manually, post by post; it is a job only someone dedicated to hiding something would do.

The Rebel and the Kingdom: The True Story of the Secret Mission to Overthrow the North Korean Regime by Bradley Hope

Airbnb, battle of ideas, bitcoin, blockchain, cognitive dissonance, colonial rule, COVID-19, cryptocurrency, digital map, Donald Trump, Dr. Strangelove, failed state, Francis Fukuyama: the end of history, Great Leap Forward, Jeff Bezos, Kickstarter, moral hazard, Nelson Mandela, off-the-grid, operational security, Potemkin village, restrictive zoning, Ronald Reagan, Saturday Night Live, Silicon Valley, South China Sea, TED Talk, uranium enrichment, WikiLeaks

He’d always been a user of the best-in-practice encrypted apps and careful to make sure that messages were automatically deleted after a short time—so short that it was sometimes hard to keep track of a conversation because the messages would delete after seconds. But this time, he seemed to be operating an even more paranoid level of operational security. We met inside Paddington Station and quickly found a back entrance to the Mercure Hotel, where we sat at a quiet table in the corner of the room. During previous meetings, Adrian had struck me as businessman first and North Korea activist second. He’d show up wearing a suit and tie and have his hair carefully slicked back.

Home Grown by Joan Smith

autism spectrum disorder, Boris Johnson, Charlie Hebdo massacre, Columbine, Donald Trump, drone strike, G4S, ghost gun, Jeremy Corbyn, microaggression, no-fly zone, operational security, post-materialism, Shamima Begum, Skype

His daughter was only days old at the time and his wife, now a widow, had barely had time to recover from the birth before images of her husband’s dead body, lying on the ground, wearing the shirt of his favourite football team, Arsenal, under his dummy suicide vest, began to circulate on the Internet and news sites. David Anderson’s report points out that Butt employed ‘strong operational security’ and that much remains unknown about both his ‘mindset’ and the planning that went into the attack. We know a great deal less about him than the other men who committed terrorist attacks in the UK in 2017 and it is impossible to say definitively whether he was a domestic abuser, although his frank misogyny and callous attitude towards his wife and children suggest he was a controlling husband at the very least.

Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It by Marc Goodman

23andMe, 3D printing, active measures, additive manufacturing, Affordable Care Act / Obamacare, Airbnb, airport security, Albert Einstein, algorithmic trading, Alvin Toffler, Apollo 11, Apollo 13, artificial general intelligence, Asilomar, Asilomar Conference on Recombinant DNA, augmented reality, autonomous vehicles, Baxter: Rethink Robotics, Bill Joy: nanobots, bitcoin, Black Swan, blockchain, borderless world, Boston Dynamics, Brian Krebs, business process, butterfly effect, call centre, Charles Lindbergh, Chelsea Manning, Citizen Lab, cloud computing, Cody Wilson, cognitive dissonance, computer vision, connected car, corporate governance, crowdsourcing, cryptocurrency, data acquisition, data is the new oil, data science, Dean Kamen, deep learning, DeepMind, digital rights, disinformation, disintermediation, Dogecoin, don't be evil, double helix, Downton Abbey, driverless car, drone strike, Edward Snowden, Elon Musk, Erik Brynjolfsson, Evgeny Morozov, Filter Bubble, Firefox, Flash crash, Free Software Foundation, future of work, game design, gamification, global pandemic, Google Chrome, Google Earth, Google Glasses, Gordon Gekko, Hacker News, high net worth, High speed trading, hive mind, Howard Rheingold, hypertext link, illegal immigration, impulse control, industrial robot, information security, Intergovernmental Panel on Climate Change (IPCC), Internet of things, Jaron Lanier, Jeff Bezos, job automation, John Harrison: Longitude, John Markoff, Joi Ito, Jony Ive, Julian Assange, Kevin Kelly, Khan Academy, Kickstarter, Kiva Systems, knowledge worker, Kuwabatake Sanjuro: assassination market, Large Hadron Collider, Larry Ellison, Laura Poitras, Law of Accelerating Returns, Lean Startup, license plate recognition, lifelogging, litecoin, low earth orbit, M-Pesa, machine translation, Mark Zuckerberg, Marshall McLuhan, Menlo Park, Metcalfe’s law, MITM: man-in-the-middle, mobile money, more computing power than Apollo, move fast and break things, Nate Silver, national security letter, natural language processing, Nick Bostrom, obamacare, Occupy movement, Oculus Rift, off grid, off-the-grid, offshore financial centre, operational security, optical character recognition, Parag Khanna, pattern recognition, peer-to-peer, personalized medicine, Peter H. Diamandis: Planetary Resources, Peter Thiel, pre–internet, printed gun, RAND corporation, ransomware, Ray Kurzweil, Recombinant DNA, refrigerator car, RFID, ride hailing / ride sharing, Rodney Brooks, Ross Ulbricht, Russell Brand, Salesforce, Satoshi Nakamoto, Second Machine Age, security theater, self-driving car, shareholder value, Sheryl Sandberg, Silicon Valley, Silicon Valley startup, SimCity, Skype, smart cities, smart grid, smart meter, Snapchat, social graph, SoftBank, software as a service, speech recognition, stealth mode startup, Stephen Hawking, Steve Jobs, Steve Wozniak, strong AI, Stuxnet, subscription business, supply-chain management, synthetic biology, tech worker, technological singularity, TED Talk, telepresence, telepresence robot, Tesla Model S, The future is already here, The Future of Employment, the long tail, The Wisdom of Crowds, Tim Cook: Apple, trade route, uranium enrichment, Virgin Galactic, Wall-E, warehouse robotics, Watson beat the top human players on Jeopardy!, Wave and Pay, We are Anonymous. We are Legion, web application, Westphalian system, WikiLeaks, Y Combinator, you are the product, zero day

The swarms of low-level thugs executing the actual financial frauds would forward any funds received to a mule network, which in turn would collaborate with a money-laundering network to ensure all criminal parties were paid for their services and received their cut of criminal proceeds. In the worlds of both Crime, Inc. and swarm criminal networks, operational security is paramount. Work and communications are carried out remotely, obviating the need to ever meet in person. Work is compartmented and layered to ensure low-level participants don’t know the true identities of other parties to the crime. Underground online hacking forums and communications channels serve as the main introduction, recruitment, and assembly points for the criminal conspiracies and enable coordination for the swarm as necessary to complete work on specific projects.

…

After the former NSA contractor Edward Snowden leaked details of his agency’s vast communications interception capabilities, evidence emerged suggesting that numerous terrorist groups reevaluated their communications strategies and in numerous missives stressed the ongoing importance of online operational security to their members. Organizations such as al-Qaeda in the Arabian Peninsula and Ansar al-Mujahideen have even produced training materials and YouTube videos encouraging their members to use Tor for all online activities. Given Snowden’s revelations, as well as the widespread assaults on privacy previously noted, it is absolutely logical that ordinary citizens would turn to a powerful tool like Tor to maintain their online dignity, freedom, and human rights.

Writing Effective Use Cases by Alistair Cockburn

business process, c2.com, create, read, update, delete, finite state, index card, information retrieval, iterative process, operational security, recommendation engine, Silicon Valley, web application, work culture

What feedback or project visibility do the users and sponsors wish? Q4. What can we buy, what must we build, what is our competition to this system? Q5. What other process requirements are there (testing, installation, etc.)? Q6. What dependencies does the project operate under? 5b. Business rules 5c. Performance 5d. Operations, security, documentation 5e. Use and usability 5f. Maintenance and portability 5g. Unresolved or deferred Chapter 6. Human backup, legal, political, organizational issues Q1. What is the human backup to system operation? Q2. What legal, what political requirements are there? Q3. What are the human consequences of completing this system?

A Theory of the Drone by Gregoire Chamayou

drone strike, failed state, Francis Fukuyama: the end of history, Jeff Hawkins, junk bonds, military-industrial complex, moral hazard, Necker cube, operational security, Panopticon Jeremy Bentham, private military company, RAND corporation, Seymour Hersh, telepresence, Yom Kippur War

Gibson, “Hell-Bent on Force Protection: Confusing Troop Welfare with Mission Accomplishment in Counterinsurgency,” master’s thesis, Marine Corps University, Quantico, VA, 2009, 6. 12. See Mike Davis, Buda’s Wagon: A Brief History of the Car Bomb (London: Verso, 2007), 190. 13. To the principle of the nonexposure of lives at the scene of hostilities is added the principle of making the base of operations secure: “the US homeland must remain a secure base from which the Air Force can globally project power”—which means “ensuring the protection of US facilities and infrastructures used for power projection.” Steven M. Rinaldi, Donald H. Leathem, and Timothy Kaufman, “Protecting the Homeland Air Force: Roles in Homeland Security,” Aerospace Power Journal, Spring 2002, 83. 14.

Suburban Nation by Andres Duany, Elizabeth Plater-Zyberk, Jeff Speck

A Pattern Language, American ideology, back-to-the-city movement, big-box store, car-free, Celebration, Florida, City Beautiful movement, congestion pricing, desegregation, edge city, Frank Gehry, gentrification, housing crisis, if you build it, they will come, income inequality, intermodal, Jane Jacobs, jitney, McMansion, megaproject, New Urbanism, operational security, Peter Calthorpe, place-making, price mechanism, profit motive, Ralph Nader, Seaside, Florida, Silicon Valley, skinny streets, streetcar suburb, the built environment, The Death and Life of Great American Cities, The Great Good Place, transit-oriented development, urban planning, urban renewal, urban sprawl, white flight, working poor, Works Progress Administration

Fortunately, many of the concepts and techniques that mall designers use can be easily adapted for the benefit of the city core:ci Centralized Management: While centralized ownership of real estate may be the ideal, as in a mall, a central management agency can be nearly as effective,cj In its weakest form, this would be nothing more than an interested chamber of commerce. In its strongest form—which may not be necessary—it would be an agency legally empowered to coordinate hours of operation, security, maintenance, landscape, storefront design, and even the location and mix of stores. The following techniques can only be implemented effectively under unified management. Joint Advertising and Merchandizing: Shoppers are attracted to malls by an advertising strategy that emphasizes the variety of merchandise available at a single location—what experts call a “park-once environment.”

The Burning Shore: How Hitler's U-Boats Brought World War II to America by Ed Offley

Bletchley Park, British Empire, en.wikipedia.org, escalation ladder, operational security, trade route

“Its position was approximately 100 miles east of New York.” Even after the release of the statement, Admiral Andrews and the Eastern Sea Frontier continued to refuse to comment. Official navy records are silent on the rescue of Coimbra’s ten survivors. This would not be the last example of the US Navy feigning operational security to mask its incompetence. As the U-boats steadily escalated their attacks during the last half of January, desperate navy officials would resort to outright lies and complete fabrications to cloak the disaster at sea.5 BY THE TIME U-701 REACHED its designated attack area east of the Avalon Peninsula on Newfoundland’s southeastern coast in the twilight dawn hours of Sunday, January 18, the Battle of the Atlantic in Canadian waters was raging with white-hot intensity.

How Music Got Free: The End of an Industry, the Turn of the Century, and the Patient Zero of Piracy by Stephen Witt

4chan, Alan Greenspan, AOL-Time Warner, autism spectrum disorder, barriers to entry, Berlin Wall, big-box store, cloud computing, collaborative economy, company town, crowdsourcing, Eben Moglen, game design, hype cycle, Internet Archive, invention of movable type, inventory management, iterative process, Jason Scott: textfiles.com, job automation, late fees, mental accounting, moral panic, operational security, packet switching, pattern recognition, peer-to-peer, pirate software, reality distortion field, Ronald Reagan, security theater, sharing economy, side project, Silicon Valley, software patent, Stephen Fry, Steve Jobs, Tipper Gore, zero day

His agents began meeting regularly with the antipiracy division at the RIAA to exchange information and intelligence, and to discuss the progress of the case—what little there was. RNS’ chat channels were closed off, and its recruiting strategy was to pull connected players who were already long-standing members of other groups, making infiltration difficult. RNS’ leader, whoever he was, had an excellent understanding of operational security, cultivating high-placed moles in other organizations while preventing his own from being compromised. Vu worked the case for years, and for a long time he got nowhere. CHAPTER 13 By 2001 Brandenburg and Grill had parted ways. The compression ratios of the latest generation of psychoacoustic products were approaching theoretical limits, and the outstanding problems in the field were considered solved.

Gray Day: My Undercover Mission to Expose America's First Cyber Spy by Eric O'Neill

active measures, autonomous vehicles, Berlin Wall, bitcoin, computer age, cryptocurrency, deep learning, disinformation, Dissolution of the Soviet Union, Edward Snowden, Fall of the Berlin Wall, false flag, fear of failure, full text search, index card, information security, Internet of things, Kickstarter, messenger bag, Mikhail Gorbachev, operational security, PalmPilot, ransomware, rent control, Robert Hanssen: Double agent, Ronald Reagan, Skype, thinkpad, Timothy McVeigh, web application, white picket fence, WikiLeaks, young professional

Organizations that combine cybersecurity defense with active threat hunting thwart spies, both from without and within. Even wannabe spies. * * * Gregory Allen Justice worked the graveyard shift as a mechanical engineer for a US defense contractor in California. His job focused on operational security testing for commercial and military satellites deployed by the Air Force, the Navy, and NASA. While he did not have access to information classified by the US government, Justice did work on defense-group systems that help the US military communicate. Not the sort of information you’d like the Russians to get their hands on.

House to House: An Epic Memoir of War by David Bellavia

call centre, defense in depth, operational security

I took the phone and tried to dial with shaking hands. The phone rang back in New York. Deanna answered. She knew it was me. “David! Where are you?” “I’m safe,” I said. I wonder what she’s been doing as all this has gone on. “I’ve been watching the news. Are you in Fallujah?” I couldn’t tell her that without violating operational security. Yet I wanted to tell her everything. I didn’t have time and I didn’t know how. How do you tell the love of your life that you smelled a man’s breath as you drove the life from him? “My heart is killing me,” she exclaimed. “Every time I watch the news, I can’t stand it. Where are you? Tell me!

Lions of Kandahar: The Story of a Fight Against All Odds by Rusty Bradley, Kevin Maurer

digital map, friendly fire, operational security, Ronald Reagan, trade route

It is simply a story of ordinary men who did extraordinary things in the face of overwhelming adversity. Every legal and operational consideration has been exercised in writing this book. I have only used first names and nicknames to protect those persons discussed, unless individuals’ names have been previously released. Some call signs have been changed because of operational security. In writing this, I have made every attempt to abide by the security requirements of the U.S. Army Special Operations Command and old-fashioned common sense. My intent in writing this story was not to gratify any particular rank or ego, or to make any political statements. In portraying events, I adhere strictly to facts, not opinions.

The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data by Kevin Mitnick, Mikko Hypponen, Robert Vamosi

4chan, big-box store, bitcoin, Bletchley Park, blockchain, connected car, crowdsourcing, data science, Edward Snowden, en.wikipedia.org, end-to-end encryption, evil maid attack, Firefox, Google Chrome, Google Earth, incognito mode, information security, Internet of things, Kickstarter, Laura Poitras, license plate recognition, Mark Zuckerberg, MITM: man-in-the-middle, off-the-grid, operational security, pattern recognition, ransomware, Ross Ulbricht, Salesforce, self-driving car, Silicon Valley, Skype, Snapchat, speech recognition, Tesla Model S, web application, WikiLeaks, zero day, Zimmermann PGP

However, there’s also more targeted monitoring: the kind of monitoring done by government agencies, domestic or foreign. Digital communication has made it possible for governments to do bulk surveillance. But it has also enabled us to protect ourselves better. We can protect ourselves with tools like encryption, by storing our data in safe ways, and by following basic principles of operations security (OPSEC). We just need a guide on how to do it right. Well, the guide you need is right here in your hands. I’m really happy Kevin took the time to write down his knowledge on the art of invisibility. After all, he knows a thing or two about staying invisible. This is a great resource. Read it and use the knowledge to your advantage.

The Man Who Broke Capitalism: How Jack Welch Gutted the Heartland and Crushed the Soul of Corporate America—and How to Undo His Legacy by David Gelles

"Friedman doctrine" OR "shareholder theory", "World Economic Forum" Davos, 3D printing, accounting loophole / creative accounting, Adam Neumann (WeWork), air traffic controllers' union, Alan Greenspan, Andrei Shleifer, Bear Stearns, benefit corporation, Bernie Sanders, Big Tech, big-box store, Black Monday: stock market crash in 1987, Boeing 737 MAX, call centre, carbon footprint, Carl Icahn, collateralized debt obligation, Colonization of Mars, company town, coronavirus, corporate governance, corporate raider, corporate social responsibility, COVID-19, Credit Default Swap, credit default swaps / collateralized debt obligations, disinformation, Donald Trump, financial deregulation, financial engineering, fulfillment center, gig economy, global supply chain, Gordon Gekko, greed is good, income inequality, inventory management, It's morning again in America, Jeff Bezos, junk bonds, Kaizen: continuous improvement, Kickstarter, Lean Startup, low interest rates, Lyft, manufacturing employment, Mark Zuckerberg, Michael Milken, Neil Armstrong, new economy, operational security, profit maximization, profit motive, public intellectual, QAnon, race to the bottom, Ralph Nader, remote working, Robert Bork, Ronald Reagan, Rutger Bregman, self-driving car, shareholder value, side hustle, Silicon Valley, six sigma, Social Responsibility of Business Is to Increase Its Profits, Steve Ballmer, stock buybacks, subprime mortgage crisis, TaskRabbit, technoutopianism, Travis Kalanick, Uber and Lyft, uber lyft, warehouse robotics, Watson beat the top human players on Jeopardy!, We are the 99%, WeWork, women in the workforce

Eventually, GE would sell its lighting business, too—again licensing the GE name—completing the nearly wholesale dismantling of the conglomerate that Welch had made the most valuable company on earth. All the while, GE Capital just kept growing. Immelt continued to acquire niche financial businesses, paying $4 billion for a real estate finance operation, Security Capital Group, in December 2001. GE acquired commercial loan portfolios from Boeing, and car loans from South Korea. It gobbled up more private label credit cards and invested in banks from Turkey to New Zealand. And in 2004, GE Capital waded into riskier territory, acquiring Western Asset Mortgage Capital, or WMC, a subprime mortgage lender, for $500 million.

The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities by Justin Schuh

address space layout randomization, Albert Einstein, Any sufficiently advanced technology is indistinguishable from magic, bash_history, business logic, business process, database schema, Debian, defense in depth, en.wikipedia.org, Firefox, information retrieval, information security, iterative process, Ken Thompson, loose coupling, MITM: man-in-the-middle, Multics, MVC pattern, off-by-one error, operational security, OSI model, RFC: Request For Comment, slashdot, SQL injection, web application

This problem occurs when an application is deployed in a manner that’s not secure or when the base platform inherits vulnerabilities from the deployment environment. The responsibility for preventing these vulnerabilities can fall somewhere between the developer and the administrative personnel who deploy and maintain the system. Shrink-wrapped commercial software might place most of the operational security burden on end users. Conversely, you also encounter special-purpose systems, especially embedded devices and turnkey systems, so tightly packaged that developers control every aspect of their configuration. This chapter focuses on identifying several types of operational vulnerabilities and preventive measures.

…

If users browse to the site, they get an error message stating that the certificate isn’t signed by a trusted authority; the only option is to accept the untrusted certificate or terminate the connection. An attacker capable of spoofing the server could exploit this situation to stage man-in-the-middle attacks and then hijack sessions or steal credentials. Network Profiles An application’s network profile is a crucial consideration when you’re reviewing operational security. Protocols such as Network File System (NFS) and Server Message Block (SMB) are acceptable inside the corporate firewall and generally are an absolute necessity. However, these same types of protocols become an unacceptable liability when they are exposed outside the firewall. Application developers often don’t know the exact environment an application might be deployed in, so they need to choose intelligent defaults and provide adequate documentation on security concerns.

…

For example, a Web server module might perform some decoding of request data to make security decisions about that decoded data. The data might then undergo another layer of decoding afterward, thus introducing the possibility for attackers to sneak encoded content through a filter. This example brings up another interesting point: Vulnerabilities of this nature might also be a result of operational security flaws. As you learned in Chapter 3, “Operational Review,” applications don’t operate in a vacuum, especially integrated pieces of software, such as Web applications. The web server and platform modules may provide encoding methods that attackers can use to violate the security of an application.

The Most Human Human: What Talking With Computers Teaches Us About What It Means to Be Alive by Brian Christian

"Friedman doctrine" OR "shareholder theory", 4chan, Ada Lovelace, Alan Turing: On Computable Numbers, with an Application to the Entscheidungsproblem, Bertrand Russell: In Praise of Idleness, Blue Ocean Strategy, carbon footprint, cellular automata, Charles Babbage, Claude Shannon: information theory, cognitive dissonance, commoditize, complexity theory, Computing Machinery and Intelligence, crowdsourcing, David Heinemeier Hansson, Donald Trump, Douglas Hofstadter, George Akerlof, Gödel, Escher, Bach, high net worth, Isaac Newton, Jacques de Vaucanson, Jaron Lanier, job automation, Kaizen: continuous improvement, Ken Thompson, l'esprit de l'escalier, language acquisition, Loebner Prize, machine translation, Menlo Park, operational security, Ray Kurzweil, RFID, Richard Feynman, Ronald Reagan, SimCity, Skype, Social Responsibility of Business Is to Increase Its Profits, starchitect, statistical model, Stephen Hawking, Steve Jobs, Steven Pinker, Thales of Miletus, theory of mind, Thomas Bayes, Turing machine, Turing test, Von Neumann architecture, Watson beat the top human players on Jeopardy!, zero-sum game

In fact, the etymology of “sabotage,” which comes from the French word sabot, meaning a type of wooden clog, is said (perhaps apocryphally) to be rooted in a story of workers destroying mechanical looms by throwing their shoes at, and into, them. 5. See also, for instance, the Army chatbot SGT STAR, who gives very Army-like yet strangely endearing answers like the following: “Brian: What is Delta Force? SGT STAR: Delta Force is rumored to be the Army’s counter-terrorist operations unit. In line with operational security we cannot discuss, nor ponder the unit’s abilities.” He even admonishes you in an Army-like (yet strangely endearing) way: “Brian: Wow, that sounds pretty badass. SGT STAR: OK Private, watch your language or I’ll have to shut you down.” The pathetic fallacy be damned—er, darned—I couldn’t close the window without apologizing.

Superforecasting: The Art and Science of Prediction by Philip Tetlock, Dan Gardner

Affordable Care Act / Obamacare, Any sufficiently advanced technology is indistinguishable from magic, availability heuristic, behavioural economics, Black Swan, butterfly effect, buy and hold, cloud computing, cognitive load, cuban missile crisis, Daniel Kahneman / Amos Tversky, data science, desegregation, drone strike, Edward Lorenz: Chaos theory, forward guidance, Freestyle chess, fundamental attribution error, germ theory of disease, hindsight bias, How many piano tuners are there in Chicago?, index fund, Jane Jacobs, Jeff Bezos, Kenneth Arrow, Laplace demon, longitudinal study, Mikhail Gorbachev, Mohammed Bouazizi, Nash equilibrium, Nate Silver, Nelson Mandela, obamacare, operational security, pattern recognition, performance metric, Pierre-Simon Laplace, place-making, placebo effect, precautionary principle, prediction markets, quantitative easing, random walk, randomized controlled trial, Richard Feynman, Richard Thaler, Robert Shiller, Ronald Reagan, Saturday Night Live, scientific worldview, Silicon Valley, Skype, statistical model, stem cell, Steve Ballmer, Steve Jobs, Steven Pinker, tacit knowledge, tail risk, the scientific method, The Signal and the Noise by Nate Silver, The Wisdom of Crowds, Thomas Bayes, Watson beat the top human players on Jeopardy!

The deputy director answers first. “We don’t deal in certainty,” he says. “We deal in probability. I’d say there’s a sixty percent probability he’s there.” The fictional Panetta points to the next person. “I concur,” he says. “Sixty percent.” “I’m at eighty percent,” the next in line says. “Their OPSEC [operational security] convinces me.” “You guys ever agree on anything?” Panetta asks. So it goes around the table, from one person to the next. Sixty percent, one says. Eighty percent. Sixty percent. Panetta leans back in his chair and sighs. “This is a clusterfuck, isn’t it?” Let’s pause the movie here.

The End of Secrecy: The Rise and Fall of WikiLeaks by The "Guardian", David Leigh, Luke Harding

"World Economic Forum" Davos, 4chan, air gap, banking crisis, centre right, Chelsea Manning, citizen journalism, Climategate, cloud computing, credit crunch, crowdsourcing, Downton Abbey, drone strike, end-to-end encryption, eurozone crisis, Evgeny Morozov, friendly fire, global village, Hacker Ethic, impulse control, Jacob Appelbaum, Julian Assange, knowledge economy, machine readable, military-industrial complex, Mohammed Bouazizi, Nelson Mandela, offshore financial centre, operational security, post-work, rolodex, Seymour Hersh, Silicon Valley, Skype, Steven Levy, sugar pill, uranium enrichment, WikiLeaks

The result of that one was that the Icelandic ambassador to the US was recalled, and fired. That’s just one cable.” “Anything unreleased?” “I’d have to ask Assange. I zerofilled [deleted] the original.” “Why do you answer to him?” “I don’t. I just want the material out there. I don’t want to be a part of it.” “I’ve been considering helping WikiLeaks with Opsec [operational security].” “They have decent Opsec. I’m obviously violating it. I’m a wreck. I’m a total fucking wreck right now.” The transcript edited by Lamo resumes a little while later, with some more confessions: “I’m a source, not quite a volunteer. I mean, I’m a high profile source, and I’ve developed a relationship with Assange, but I don’t know much more than what he tells me, which is very little.

Revolution Business by Stross, Charles

false flag, indoor plumbing, operational security, strikebreaker

"Memo to Duke Angbard Lofstrom, Office of Clan Security. Re: training program for armed couriers. Classification: Clan Confidential. All couriers must attend mandatory Cooking with Rachael Ray video screening and Culinary Skills 101 course prior to commencing overnight missions. Malnutrition a threat to morale, combat-readiness, and operational security." He straightened up, a pizza box in each hand. "Meat lover's feast or four cheese, my lady?" "Oh hell, I'll take the cheese." She forced a smile to take the sting out of her words. "Sorry. It just bugs me." "It'd be good to have a staff, or use a hotel or something," Huw agreed. "But this is less conspicuous, and less conspicuous is good right now."

Messing With the Enemy: Surviving in a Social Media World of Hackers, Terrorists, Russians, and Fake News by Clint Watts

4chan, active measures, Affordable Care Act / Obamacare, barriers to entry, behavioural economics, Bellingcat, Berlin Wall, Bernie Sanders, Black Lives Matter, Cambridge Analytica, Chelsea Manning, Climatic Research Unit, crowdsourcing, Daniel Kahneman / Amos Tversky, disinformation, Donald Trump, drone strike, Edward Snowden, en.wikipedia.org, Erik Brynjolfsson, failed state, fake news, Fall of the Berlin Wall, false flag, Filter Bubble, global pandemic, Google Earth, Hacker News, illegal immigration, information security, Internet of things, Jacob Silverman, Julian Assange, loss aversion, Mark Zuckerberg, Mikhail Gorbachev, mobile money, mutually assured destruction, obamacare, Occupy movement, offshore financial centre, operational security, pre–internet, Russian election interference, Sheryl Sandberg, side project, Silicon Valley, Snapchat, Steve Bannon, the long tail, The Wisdom of Crowds, Turing test, University of East Anglia, Valery Gerasimov, WikiLeaks, Yochai Benkler, zero day

“Yeah, I thought it was a fun dramatic question to ask. I’m a grown up and know who I’m dealing w/. Good answers tho.” I then offered, “funny, u & I r 2 only people I see in these discussions that r actually who we say we r on this thing called Twitter.” Omar, a typical American, confirmed, “I like to keep it real yo. Word.” Our game of operational-security chicken needed to end, though. By tweeting with him, I was revealing a good deal about my own locations and activities and making myself vulnerable to whatever young jihadi boy might decide to knock on my door and behead me. In Omar’s case, he should have been worried, as even his most innocuous revelations provided details of his whereabouts.

Ghost Work: How to Stop Silicon Valley From Building a New Global Underclass by Mary L. Gray, Siddharth Suri

"World Economic Forum" Davos, Affordable Care Act / Obamacare, AlphaGo, Amazon Mechanical Turk, Apollo 13, augmented reality, autonomous vehicles, barriers to entry, basic income, benefit corporation, Big Tech, big-box store, bitcoin, blue-collar work, business process, business process outsourcing, call centre, Capital in the Twenty-First Century by Thomas Piketty, cloud computing, cognitive load, collaborative consumption, collective bargaining, computer vision, corporate social responsibility, cotton gin, crowdsourcing, data is the new oil, data science, deep learning, DeepMind, deindustrialization, deskilling, digital divide, do well by doing good, do what you love, don't be evil, Donald Trump, Elon Musk, employer provided health coverage, en.wikipedia.org, equal pay for equal work, Erik Brynjolfsson, fake news, financial independence, Frank Levy and Richard Murnane: The New Division of Labor, fulfillment center, future of work, gig economy, glass ceiling, global supply chain, hiring and firing, ImageNet competition, independent contractor, industrial robot, informal economy, information asymmetry, Jeff Bezos, job automation, knowledge economy, low skilled workers, low-wage service sector, machine translation, market friction, Mars Rover, natural language processing, new economy, operational security, passive income, pattern recognition, post-materialism, post-work, power law, race to the bottom, Rana Plaza, recommendation engine, ride hailing / ride sharing, Ronald Coase, scientific management, search costs, Second Machine Age, sentiment analysis, sharing economy, Shoshana Zuboff, side project, Silicon Valley, Silicon Valley startup, Skype, software as a service, speech recognition, spinning jenny, Stephen Hawking, TED Talk, The Future of Employment, The Nature of the Firm, Tragedy of the Commons, transaction costs, two-sided market, union organizing, universal basic income, Vilfredo Pareto, Wayback Machine, women in the workforce, work culture , Works Progress Administration, Y Combinator, Yochai Benkler

Jonathan Grossman, “Fair Labor Standards Act of 1938: Maximum Struggle for a Minimum Wage,” Office of the Assistant Secretary for Administration and Management, U.S. Department of Labor website. Originally published in Monthly Labor Review, June 1978, https://www.dol.gov/oasam/programs/history/flsa1938.htm. [back] 25. Young women were hired on contract to operate secure lines for the Coast Guard and Navy yards in the area so that they could call from ship to land. They were all let go after the war and none were paid benefits or severance of any kind. See Jill Frahm, “The Hello Girls: Women Telephone Operators with the American Expeditionary Forces During World War I,” Journal of the Gilded Age and Progressive Era 3, no. 3 (2004): 271–93.

Reaper Force: The Inside Story of Britain’s Drone Wars by Dr Peter Lee

crew resource management, Daniel Kahneman / Amos Tversky, digital map, illegal immigration, job satisfaction, MITM: man-in-the-middle, no-fly zone, operational security, QWERTY keyboard, Skype

Eventually a letter of authority was granted but one final hurdle remained: the RAF, MoD and my university research ethics committees. In theory, ethics committees exist to promote quality research and protect participants. In practice, some of them can seem more like research prevention committees. Ultimately, however, with safeguards in place to ensure personnel and operational security, most notably through anonymity, the final research permissions were granted in June 2016.1 I was committed. All it needed was for the Reaper operators to be committed or all this would have been for nothing. In July 2016, with my final clearances in hand, I travelled to 39 Squadron (RAF) at Creech Air Force Base, Nevada, for a week.

Easy Money: Cryptocurrency, Casino Capitalism, and the Golden Age of Fraud by Ben McKenzie, Jacob Silverman

algorithmic trading, asset allocation, bank run, barriers to entry, Ben McKenzie, Bernie Madoff, Big Tech, bitcoin, Bitcoin "FTX", blockchain, capital controls, citizen journalism, cognitive dissonance, collateralized debt obligation, COVID-19, Credit Default Swap, credit default swaps / collateralized debt obligations, cross-border payments, cryptocurrency, data science, distributed ledger, Dogecoin, Donald Trump, effective altruism, Elon Musk, en.wikipedia.org, Ethereum, ethereum blockchain, experimental economics, financial deregulation, financial engineering, financial innovation, Flash crash, Glass-Steagall Act, high net worth, housing crisis, information asymmetry, initial coin offering, Jacob Silverman, Jane Street, low interest rates, Lyft, margin call, meme stock, money market fund, money: store of value / unit of account / medium of exchange, Network effects, offshore financial centre, operational security, payday loans, Peter Thiel, Ponzi scheme, Potemkin village, prediction markets, proprietary trading, pushing on a string, QR code, quantitative easing, race to the bottom, ransomware, regulatory arbitrage, reserve currency, risk tolerance, Robert Shiller, Robinhood: mobile stock trading app, Ross Ulbricht, Sam Bankman-Fried, Satoshi Nakamoto, Saturday Night Live, short selling, short squeeze, Silicon Valley, Skype, smart contracts, Steve Bannon, systems thinking, TikTok, too big to fail, transaction costs, tulip mania, uber lyft, underbanked, vertical integration, zero-sum game

OTC transactions take place all the time in mainstream finance, and they’re not inherently suspect, but you can see why they might be a favored tool of financial outlaws. What you see on the blockchain is only part of the story, but it is an important part. And plenty of crypto fraudsters have been lazy enough with their operations security that they are regularly tracked and unmasked (or doxed) by online sleuths, who are also known as on-chain investigators. Some of them work for respected security firms and have access to powerful analytic programs and deep stores of data. Others are anonymous and self-taught and rely on free online services like Etherscan, a blockchain explorer tool, but they can be just as consequential in exposing skullduggery, especially when the relevant authorities and the financial and tech press aren’t doing their jobs.

Nation-Building: Beyond Afghanistan and Iraq by Francis Fukuyama

Berlin Wall, business climate, colonial rule, conceptual framework, en.wikipedia.org, failed state, Fall of the Berlin Wall, Francis Fukuyama: the end of history, Future Shock, Gunnar Myrdal, informal economy, land reform, managed futures, microcredit, open economy, operational security, rolling blackouts, Seymour Hersh, unemployed young men

For ease of analysis, I now consider in turn each pillar of America’s nation-building strategy in Afghanistan. Security Both Afghanistan and Iraq (and, indeed, earlier nation-building experiences) suggest that the first priority of nation-builders must be to establish or maintain security for the civilian population (not just operational security or force protection for the troops) and to build on that security to push the postconflict society toward the rule of law. In this regard, the American “light footprint” would prove extremely problematic, producing a situation in which security could not be guaranteed by the American-led coalition, thus allowing a panoply of other actors to affect the security equation.

The Road to Ruin: The Global Elites' Secret Plan for the Next Financial Crisis by James Rickards

"World Economic Forum" Davos, Affordable Care Act / Obamacare, Alan Greenspan, Albert Einstein, asset allocation, asset-backed security, bank run, banking crisis, barriers to entry, Bayesian statistics, Bear Stearns, behavioural economics, Ben Bernanke: helicopter money, Benoit Mandelbrot, Berlin Wall, Bernie Sanders, Big bang: deregulation of the City of London, bitcoin, Black Monday: stock market crash in 1987, Black Swan, blockchain, Boeing 747, Bonfire of the Vanities, Bretton Woods, Brexit referendum, British Empire, business cycle, butterfly effect, buy and hold, capital controls, Capital in the Twenty-First Century by Thomas Piketty, Carmen Reinhart, cellular automata, cognitive bias, cognitive dissonance, complexity theory, Corn Laws, corporate governance, creative destruction, Credit Default Swap, cuban missile crisis, currency manipulation / currency intervention, currency peg, currency risk, Daniel Kahneman / Amos Tversky, David Ricardo: comparative advantage, debt deflation, Deng Xiaoping, disintermediation, distributed ledger, diversification, diversified portfolio, driverless car, Edward Lorenz: Chaos theory, Eugene Fama: efficient market hypothesis, failed state, Fall of the Berlin Wall, fiat currency, financial repression, fixed income, Flash crash, floating exchange rates, forward guidance, Fractional reserve banking, G4S, George Akerlof, Glass-Steagall Act, global macro, global reserve currency, high net worth, Hyman Minsky, income inequality, information asymmetry, interest rate swap, Isaac Newton, jitney, John Meriwether, John von Neumann, Joseph Schumpeter, junk bonds, Kenneth Rogoff, labor-force participation, large denomination, liquidity trap, Long Term Capital Management, low interest rates, machine readable, mandelbrot fractal, margin call, market bubble, Mexican peso crisis / tequila crisis, Minsky moment, Money creation, money market fund, mutually assured destruction, Myron Scholes, Naomi Klein, nuclear winter, obamacare, offshore financial centre, operational security, Paul Samuelson, Peace of Westphalia, Phillips curve, Pierre-Simon Laplace, plutocrats, prediction markets, price anchoring, price stability, proprietary trading, public intellectual, quantitative easing, RAND corporation, random walk, reserve currency, RFID, risk free rate, risk-adjusted returns, Robert Solow, Ronald Reagan, Savings and loan crisis, Silicon Valley, sovereign wealth fund, special drawing rights, stock buybacks, stocks for the long run, tech billionaire, The Bell Curve by Richard Herrnstein and Charles Murray, The Wealth of Nations by Adam Smith, The Wisdom of Crowds, theory of mind, Thomas Bayes, Thomas Kuhn: the structure of scientific revolutions, too big to fail, transfer pricing, value at risk, Washington Consensus, We are all Keynesians now, Westphalian system

Shock doctrine is an ideal tool: Popper, The Open Society and Its Enemies: Volume 1, The Spell of Plato, 157–59. the Open Society Foundations: Ibid. CHAPTER 3: DESERT CITY OF THE MIND “Keynes asked me what I was advising”: Somary, The Raven of Zurich, 146–47. LANL is the crown jewel: Extensive information about Los Alamos National Laboratory, including history, operations, security protocols, and a virtual tour, is available at the laboratory’s website, “Los Alamos National Laboratory,” accessed August 9, 2016, http://lanl.gov. In a seminal 1963 paper, Lorenz: Edward N. Lorenz, “Deterministic Nonperiodic Flow,” Journal of the Atmospheric Sciences, Vol. 20, January 7, 1963, accessed August 8, 2016, http://eaps4.mit.edu/research/Lorenz/Deterministic_63.pdf, 133.

Network Security Through Data Analysis: Building Situational Awareness by Michael S Collins

business process, cloud computing, create, read, update, delete, data science, Firefox, functional programming, general-purpose programming language, index card, information security, Internet Archive, inventory management, iterative process, operational security, OSI model, p-value, Parkinson's law, peer-to-peer, slashdot, statistical model, zero day

Audience Information security analysis is a young discipline and there really is no well-defined body of knowledge I can point to and say “Know this.” This book is intended to provide a snapshot of analytic techniques that I or other people have thrown at the wall over the past 10 years and seen stick. The target audience for this book is network administrators and operational security analysts, the personnel who work on NOC floors or who face an IDS console on a regular basis. My expectation is that you have some familiarity with TCP/IP tools such as netstat, and some basic statistical and mathematical skills. In addition, I expect that you have some familiarity with scripting languages.

Dark Territory: The Secret History of Cyber War by Fred Kaplan

air gap, Big Tech, Cass Sunstein, Charles Babbage, computer age, data acquisition, drone strike, dumpster diving, Edward Snowden, game design, hiring and firing, index card, information security, Internet of things, Jacob Appelbaum, John Markoff, John von Neumann, kremlinology, Laura Poitras, Mikhail Gorbachev, millennium bug, Morris worm, national security letter, Oklahoma City bombing, operational security, packet switching, pre–internet, RAND corporation, Ronald Reagan, seminal paper, Seymour Hersh, Silicon Valley, Skype, Stuxnet, tech worker, Timothy McVeigh, unit 8200, uranium enrichment, Wargames Reagan, Y2K, zero day

First, there were financial concerns: the defense budget was getting slashed in the wake of the Cold War; the NSA’s share was taking still deeper cuts; and he didn’t need other, more narrowly focused entities—novices in a realm that the NSA had invented and mastered—to drain his resources further. Second, some of these aspiring cyber warriors had poor operational security; they were vulnerable to hacking by adversaries, and if an adversary broke into their networks, he might gain access to files that the NSA had shared. Finally, there was an existential concern. When Minihan became NSA director, Bill Perry told him, “Ken, you need to preserve the mystique of Fort Meade.”

The Targeter: My Life in the CIA, Hunting Terrorists and Challenging the White House by Nada Bakos

Chelsea Manning, Edward Snowden, fear of failure, feminist movement, meta-analysis, operational security, performance metric, place-making, pneumatic tube, RAND corporation, WikiLeaks, work culture

And on our team, the targeting side of things was really starting to hum. That was thanks in part to Ginny’s work on the cyber desk, where she spent much of her days sifting through cyber collection. She was as much a code breaker as a cybersleuth. Zarqawi and his men, of course, had been very aware of using operational security in order to not be traced or tracked. Everyone who uses a piece of technology leaves a digital trail; Al Qaida in Iraq was no exception. All the data we collected got funneled into our growing database, which better informed our initial analysis. We could corroborate hunches, and case officers on the ground could sometimes help confirm leads.

Halting State by Charles Stross

augmented reality, book value, Boris Johnson, call centre, forensic accounting, game design, Google Earth, hiring and firing, illegal immigration, impulse control, indoor plumbing, Intergovernmental Panel on Climate Change (IPCC), invention of the steam engine, Ken Thompson, lifelogging, Necker cube, no-fly zone, operational security, Potemkin village, RFID, Schrödinger's Cat, Vernor Vinge, zero day

Red versus Blue, playing for Scotland or Poland. And it’s all happening quietly when Chen and his accomplice…?” “Chen’s over here, being a pair of hands for Team Red. And he’s got access to their key cracker back home, and he thinks, why shouldn’t I make some money on the side? It’s typical, really: Great plan, but the operational security is blown wide open because a team member got greedy and ran a bank robbery in Avalon Four. Which must have netted him, oh, all of about ten thousand euros’ worth of loot, and maybe a death sentence from the Guoanbu when they find out. Which is why he was so desperate to spill his guts when we showed up.”

Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance by Julia Angwin

AltaVista, Ayatollah Khomeini, barriers to entry, bitcoin, Chelsea Manning, Chuck Templeton: OpenTable:, clean water, crowdsourcing, cuban missile crisis, data is the new oil, David Graeber, Debian, disinformation, Edward Snowden, Filter Bubble, Firefox, Free Software Foundation, Garrett Hardin, GnuPG, Google Chrome, Google Glasses, Ida Tarbell, incognito mode, informal economy, Jacob Appelbaum, John Gilmore, John Markoff, Julian Assange, Laura Poitras, Marc Andreessen, market bubble, market design, medical residency, meta-analysis, mutually assured destruction, operational security, Panopticon Jeremy Bentham, prediction markets, price discrimination, randomized controlled trial, RFID, Robert Shiller, Ronald Reagan, security theater, Silicon Valley, Silicon Valley startup, Skype, smart meter, sparse data, Steven Levy, Tragedy of the Commons, Upton Sinclair, WikiLeaks, Y2K, zero-sum game, Zimmermann PGP

(Public places are apparently good places to have private conversations as long as you don’t use trigger words such as “bomb” that cause people to listen carefully, according to John Strauchs.) Perry looked like your basic issue hacker—skinny, slightly pale, and clad in all black. He told me some of the basics of his operational security (although not all, since that would compromise his security). Perry describes himself as a “surveillance vegan”—by which he means that he is as strict about avoiding surveillance as vegans are about avoiding animal products. (His two exceptions: he still books plane tickets and sometimes stays in hotels under his own name.)

Fuller Memorandum by Stross, Charles

Any sufficiently advanced technology is indistinguishable from magic, Beeching cuts, Bletchley Park, British Empire, carbon credits, cognitive dissonance, complexity theory, congestion charging, Crossrail, death from overwork, dumpster diving, escalation ladder, false flag, finite state, Firefox, Herman Kahn, HyperCard, invisible hand, land reform, linear programming, messenger bag, MITM: man-in-the-middle, operational security, peak oil, Plato's cave, post-work, prosperity theology / prosperity gospel / gospel of success, quantum entanglement, reality distortion field, security theater, sensible shoes, side project, Sloane Ranger, telemarketer, Turing machine

Choudhury glares. Neither Shona nor Iris is smiling. "You'd better explain," Iris tells me. "What I said. Here is a hint: Panin knew. He tried to pump me about Teapot, so I played dumb. He knows the rules; left me a calling card. It's downstairs in the Security Office safe. For reasons of operational security I didn't report the contact immediately, but I'm reporting it now. The Plumbers should be able to confirm it from the pub CCTV." I sit up. "Personally, I find the implications highly suggestive." "Why did you not tell Security--" Shona stops, her eyes widening. "We're not as secure as we'd like to be.

Permanent Record by Edward Snowden

A Declaration of the Independence of Cyberspace, Aaron Swartz, air gap, Berlin Wall, call centre, Chelsea Manning, cloud computing, cognitive dissonance, company town, disinformation, drone strike, Edward Snowden, Fall of the Berlin Wall, Free Software Foundation, information security, it's over 9,000, job-hopping, John Perry Barlow, Julian Assange, Laura Poitras, Mark Zuckerberg, McMansion, Neal Stephenson, Occupy movement, off-the-grid, operational security, pattern recognition, peak oil, pre–internet, Rubik’s Cube, Silicon Valley, Skype, Snow Crash, sovereign wealth fund, surveillance capitalism, trade route, WikiLeaks, zero day

This creates a sense of tribalism, which can lead many to believe that their primary allegiance is to the institution and not to the rule of law. I wasn’t thinking any of these thoughts at my Indoc session, of course. Instead, I was just trying to keep myself awake as the presenters proceeded to instruct us on basic operational security practices, part of the wider body of spy techniques the IC collectively describes as “tradecraft.” These are often so obvious as to be mind-numbing: Don’t tell anyone who you work for. Don’t leave sensitive materials unattended. Don’t bring your highly insecure cell phone into the highly secure office—or talk on it about work, ever.

Habeas Data: Privacy vs. The Rise of Surveillance Tech by Cyrus Farivar

Apple's 1984 Super Bowl advert, autonomous vehicles, call centre, citizen journalism, cloud computing, computer age, connected car, do-ocracy, Donald Trump, Edward Snowden, en.wikipedia.org, failed state, Ferguson, Missouri, Frank Gehry, Golden Gate Park, information security, John Markoff, Laura Poitras, license plate recognition, lock screen, Lyft, national security letter, Occupy movement, operational security, optical character recognition, Port of Oakland, RAND corporation, Ronald Reagan, sharing economy, Silicon Valley, Silicon Valley startup, Skype, Steve Jobs, Steven Levy, tech worker, The Hackers Conference, Tim Cook: Apple, transaction costs, uber lyft, WikiLeaks, you are the product, Zimmermann PGP

Moving from place to place required transporting a pair of bulky 25-gallon containers—with snap-on tops—that contained all of his equipment, including a die cutter, an inkjet printer, a hologram printer, a laminator, and more. Rigmaiden was detail oriented and he worked hard to make sure that his own physical and digital protocols were followed to a t. (In military parlance, this is what’s known as good OPSEC, or operational security.) By keeping his operation small, nimble, and constantly moving, it was easy for him to stay ahead of local authorities. He only accepted payment in e-gold, an early electronic payment system that was not particularly scrupulous as to who could open accounts. Money orders and Western Union would have been too risky.

Pegasus: How a Spy in Your Pocket Threatens the End of Privacy, Dignity, and Democracy by Laurent Richard, Sandrine Rigaud

activist lawyer, Airbnb, Amazon Web Services, centre right, Charlie Hebdo massacre, Chelsea Manning, citizen journalism, Citizen Lab, corporate governance, COVID-19, David Vincenzetti, Donald Trump, double helix, Edward Snowden, food desert, Jeff Bezos, Julian Assange, Kevin Kelly, knowledge worker, lockdown, Mohammed Bouazizi, NSO Group, offshore financial centre, operational security, Stuxnet, Tim Cook: Apple, unit 8200, WikiLeaks, Yom Kippur War, zero day

But I don’t use that laptop for personal things, and I don’t bring it with me if I have to do meetings [about Pegasus]. If there are things that are sensitive that I don’t want to leave exposed because I’m afraid of someone breaking into my house, then I make sure to take those things with me. These kinds of measures are the ones that matter. “Ultimately, what really makes a difference is the operational security aspects rather than the digital one. That’s what it boils down to.” * * * BASTIAN WAS ABLE to join us on the secure app a few hours into the meeting in Berlin, and he was very reassuring to Danna. He had experience in large journalistic collaborations where secrecy was paramount, and he told her, in his usual direct and resolute manner, that there was no reason Laurent and I would ever need to share the source of the leak with any of the media partners.

Merchants' War by Stross, Charles

British Empire, disinformation, Dr. Strangelove, dumpster diving, East Village, guns versus butter model, indoor plumbing, military-industrial complex, offshore financial centre, operational security, packet switching, peak oil, stem cell, Timothy McVeigh

And we don't get to go on to a juicy research contract with the Heritage Institute, or a part-time boardroom post with some defense contractor when this is over." "What do you want?" James's intonation was precise and his voice even, but Eric didn't let it fool him. "Something vague, but in writing. The vaguer the better. Something like, 'In the interests of operational security and in view of the threat of enemy intelligence-gathering attempts aimed at compromising our integrity, all investigations are to be restricted to those with a need to know, and normal committee oversight will be suspended until such time as the immediate threat recedes.' Just keep it vague.

The Code Book: The Science of Secrecy From Ancient Egypt to Quantum Cryptography by Simon Singh

Bletchley Park, Charles Babbage, Donald Davies, friendly fire, information security, Leo Hollis, Mikhail Gorbachev, old-boy network, operational security, quantum cryptography, Ronald Reagan, Schrödinger's Cat, Simon Singh, Turing machine, unbiased observer, undersea cable, Zimmermann PGP

His work in this capacity culminated in a visit to the White House, when, as a nine-year-old, Johnston translated for two Navajos who were appealing to President Theodore Roosevelt for fairer treatment for their community. Fully aware of how impenetrable the language was for those outside the tribe, Johnston was struck by the notion that Navajo, or any other Native American language, could act as a virtually unbreakable code. If each battalion in the Pacific employed a pair of Native Americans as radio operators, secure communication could be guaranteed. He took his idea to Lieutenant Colonel James E. Jones, the area signal officer at Camp Elliott, just outside San Diego. Merely by throwing a few Navajo phrases at the bewildered officer, Johnston was able to persuade him that the idea was worthy of serious consideration.

Bank 3.0: Why Banking Is No Longer Somewhere You Go but Something You Do by Brett King

3D printing, Abraham Maslow, additive manufacturing, Airbus A320, Albert Einstein, Amazon Web Services, Any sufficiently advanced technology is indistinguishable from magic, Apollo 11, Apollo 13, Apollo Guidance Computer, asset-backed security, augmented reality, barriers to entry, behavioural economics, bitcoin, bounce rate, business intelligence, business process, business process outsourcing, call centre, capital controls, citizen journalism, Clayton Christensen, cloud computing, credit crunch, crowdsourcing, disintermediation, en.wikipedia.org, fixed income, George Gilder, Google Glasses, high net worth, I think there is a world market for maybe five computers, Infrastructure as a Service, invention of the printing press, Jeff Bezos, jimmy wales, Kickstarter, London Interbank Offered Rate, low interest rates, M-Pesa, Mark Zuckerberg, mass affluent, Metcalfe’s law, microcredit, mobile money, more computing power than Apollo, Northern Rock, Occupy movement, operational security, optical character recognition, peer-to-peer, performance metric, Pingit, platform as a service, QR code, QWERTY keyboard, Ray Kurzweil, recommendation engine, RFID, risk tolerance, Robert Metcalfe, self-driving car, Skype, speech recognition, stem cell, telepresence, the long tail, Tim Cook: Apple, transaction costs, underbanked, US Airways Flight 1549, web application, world market for maybe five computers

However, the reality is that the bank actually needs to find a way to optimise the point-of-sale experience for each individual customer—who would own that? Creating the right precognitive service selling offers requires more than a cards team—it requires a deeper understanding of customer behaviour through analytics. It also requires partnerships with retailers, mobile operators, secure payments providers, perhaps a wallet provider, and others. Without a customer-focused, overarching channel team, you’re screwed. All these challenges cannot simply be met by the current technology platform and organisation structures that most banks employ. How will the platform be optimised to serve a true multichannel services concept?

Waco: David Koresh, the Branch Davidians, and A Legacy of Rage by Jeff Guinn

Black Lives Matter, Donald Trump, no-fly zone, Oklahoma City bombing, operational security, Peoples Temple, QAnon, Ronald Reagan, Timothy McVeigh

Some of the ATF personnel went about their errands wearing jackets emblazoned with the agency name. They wore the jackets because it was chilly, with intermittent rain. Two years later, newly appointed ATF director John Magaw told congressional investigators, “It’s not that they didn’t want to do it, [it’s that] they didn’t think about operational security.” In his 2007 article, “What Really Happened at Waco” for The Huffington Post, James Moore wrote that ATF “booked a room at the [town’s] convention center for a 4 p.m. Sunday news conference,” and a “front page newspaper series, commandeered local hotel rooms, media tips from government officials and law enforcement warnings meant that, if the Branch Davidians did not know that [ATF] was coming, they were the only souls in a five-county region who did not.”

The Windup Girl by Paolo Bacigalupi

air freight, carbon credits, carbon tax, Chuck Templeton: OpenTable:, oil rush, operational security, South China Sea

Anderson shifts in his seat, stifling irritation, wiping away sweat. He's so close. Nightshades have been reborn, and now ngaw. And Gibbons is running loose in Southeast Asia. If it weren't for that illegal windup girl he wouldn't even know about Gibbons. The Kingdom has been singularly successful at maintaining its operational security. If he could just ascertain the seedbank's location, a raid might even be possible. . . They've learned since Finland. Beyond the veranda, nothing with any intelligence is moving. Tantalizing beads of sweat run down Lucy's neck and soak her shirt as she complains about the state of the coal war with the Vietnamese.

Jennifer Morgue by Stross, Charles

Boeing 747, call centre, Carl Icahn, correlation does not imply causation, disinformation, disintermediation, dumpster diving, Dutch auction, Etonian, haute couture, interchangeable parts, Maui Hawaii, messenger bag, MITM: man-in-the-middle, mutually assured destruction, operational security, PalmPilot, planetary scale, RFID, Seymour Hersh, Silicon Valley, Skype, slashdot, stem cell, telepresence, traveling salesman, Turing machine

Grimacing, I tie the shoe laces. Then I reach down and trench the left heel round. Instantly, the shadows in my cabin darken and deepen, taking on an ominous hue. The Tillinghast resonator is running: in this confined space it should give me just enough warning to shit myself before I die, if Billington's entrusted his operational security to daemons, but in the open ... well, it adds a whole new meaning to take to your heels. The corridor outside my door is dark and there's an odd, musty smell in the air. I pause, skulking just inside the doorway as I wait for my eyes to adjust. Ellis Billington and his cronies are aboard the Explorer, but there's no telling who's still here, is there?

The Intelligence War Against the IRA by Thomas Leahy

disinformation, long peace, operational security

What makes his account believable is that he admits that by the second prolonged ceasefire in 1997, the organisation was beginning to struggle in Belfast.99 The fact that commercial bombings inflicted significant financial damage and regularly went ahead casts doubts on claims that Stakeknife or other informers had complete access to Belfast IRA operations on a regular basis. These attacks suggest that the Belfast IRA was not completely ‘rotten’ with informers by the 1990s.100 It has often been overlooked that the cell structure provided the IRA with ‘greater operational security’ than it had had before 1975 in areas such as Belfast. In particular, cells often restricted foreknowledge about operations.101 A former British soldier recalled: The times when you would be given chapter and the verse [by human sources] were very, very few … People would be told at the last minute about an operation … PIRA did this deliberately, frightened that the information would be told to the intelligence agencies from sources.102 For instance, McGartland’s cell leader asked him to attend a meeting in June 1991.

The Contrarian: Peter Thiel and Silicon Valley's Pursuit of Power by Max Chafkin

3D printing, affirmative action, Airbnb, anti-communist, bank run, Bernie Sanders, Big Tech, bitcoin, Black Lives Matter, Black Monday: stock market crash in 1987, Blitzscaling, Boeing 747, borderless world, Cambridge Analytica, charter city, cloud computing, cognitive dissonance, Cornelius Vanderbilt, coronavirus, COVID-19, Credit Default Swap, cryptocurrency, David Brooks, David Graeber, DeepMind, digital capitalism, disinformation, don't be evil, Donald Trump, driverless car, Electric Kool-Aid Acid Test, Elon Musk, Ethereum, Extropian, facts on the ground, Fairchild Semiconductor, fake news, Ferguson, Missouri, Frank Gehry, Gavin Belson, global macro, Gordon Gekko, Greyball, growth hacking, guest worker program, Hacker News, Haight Ashbury, helicopter parent, hockey-stick growth, illegal immigration, immigration reform, Internet Archive, Jeff Bezos, John Markoff, Kevin Roose, Kickstarter, Larry Ellison, life extension, lockdown, low interest rates, Lyft, Marc Andreessen, Mark Zuckerberg, Maui Hawaii, Max Levchin, Menlo Park, military-industrial complex, moral panic, move fast and break things, Neal Stephenson, Nelson Mandela, Network effects, off grid, offshore financial centre, oil shale / tar sands, open borders, operational security, PalmPilot, Paris climate accords, Patri Friedman, paypal mafia, Peter Gregory, Peter Thiel, pets.com, plutocrats, Ponzi scheme, prosperity theology / prosperity gospel / gospel of success, public intellectual, QAnon, quantitative hedge fund, quantitative trading / quantitative finance, randomized controlled trial, regulatory arbitrage, Renaissance Technologies, reserve currency, ride hailing / ride sharing, risk tolerance, Robinhood: mobile stock trading app, Ronald Reagan, Sam Altman, Sand Hill Road, self-driving car, sharing economy, Sheryl Sandberg, Silicon Valley, Silicon Valley billionaire, Silicon Valley ideology, Silicon Valley startup, skunkworks, social distancing, software is eating the world, sovereign wealth fund, Steve Bannon, Steve Jobs, Steven Levy, Stewart Brand, surveillance capitalism, TaskRabbit, tech billionaire, tech worker, TechCrunch disrupt, techlash, technology bubble, technoutopianism, Ted Kaczynski, TED Talk, the new new thing, the scientific method, Tim Cook: Apple, transaction costs, Travis Kalanick, Tyler Cowen, Uber and Lyft, uber lyft, Upton Sinclair, Vitalik Buterin, We wanted flying cars, instead we got 140 characters, Whole Earth Catalog, WikiLeaks, William Shockley: the traitorous eight, Y Combinator, Y2K, yellow journalism, Zenefits

Then, after his parents moved to the United States in 1991, he’d taught himself enough English to get into college in part by watching Diff’rent Strokes. At Urbana-Champaign, he’d gotten interested in cryptography, the science of making and breaking codes. It was an arcane field that proved to be essential to anyone hoping to build services that would operate securely on the internet. Levchin had also become convinced that he was destined to start a company, which meant relocating to the Bay Area as soon as possible. “When I was graduating, basically if you were a good student in computer science you were figuring out the cheapest apartments in Palo Alto,” Levchin later recalled.

Ghost Fleet: A Novel of the Next World War by P. W. Singer, August Cole

3D printing, Admiral Zheng, air gap, augmented reality, British Empire, digital map, energy security, Firefox, glass ceiling, global reserve currency, Google Earth, Google Glasses, IFF: identification friend or foe, Just-in-time delivery, low earth orbit, Maui Hawaii, military-industrial complex, MITM: man-in-the-middle, new economy, old-boy network, operational security, RAND corporation, reserve currency, RFID, Silicon Valley, Silicon Valley startup, South China Sea, sovereign wealth fund, space junk, stealth mode startup, three-masted sailing ship, trade route, Virgin Galactic, Wall-E, We are Anonymous. We are Legion, WikiLeaks, zero day, zero-sum game

They had pulled up a hundred and fifty yards short of the summit to avoid highlighting their position along the ridge line, and Conan had disappeared for an hour while the rest set a security detail below. Conan would not tell Finn or any of the others why they’d had to go there. They knew she kept it from them for operational security, but it still made the whole trek a sullen expedition. Now, after a long hike back down, it was raining. Finn splashed into the swollen stream behind Conan and trudged on through the water. Going that way, they left no tracks and erased their movement signature in case they were being monitored from above, but really, he’d have chosen to go the stream route anyway.

Coders: The Making of a New Tribe and the Remaking of the World by Clive Thompson

"Margaret Hamilton" Apollo, "Susan Fowler" uber, 2013 Report for America's Infrastructure - American Society of Civil Engineers - 19 March 2013, 4chan, 8-hour work day, Aaron Swartz, Ada Lovelace, AI winter, air gap, Airbnb, algorithmic bias, AlphaGo, Amazon Web Services, Andy Rubin, Asperger Syndrome, augmented reality, Ayatollah Khomeini, backpropagation, barriers to entry, basic income, behavioural economics, Bernie Sanders, Big Tech, bitcoin, Bletchley Park, blockchain, blue-collar work, Brewster Kahle, Brian Krebs, Broken windows theory, call centre, Cambridge Analytica, cellular automata, Charles Babbage, Chelsea Manning, Citizen Lab, clean water, cloud computing, cognitive dissonance, computer vision, Conway's Game of Life, crisis actor, crowdsourcing, cryptocurrency, Danny Hillis, data science, David Heinemeier Hansson, deep learning, DeepMind, Demis Hassabis, disinformation, don't be evil, don't repeat yourself, Donald Trump, driverless car, dumpster diving, Edward Snowden, Elon Musk, Erik Brynjolfsson, Ernest Rutherford, Ethereum, ethereum blockchain, fake news, false flag, Firefox, Frederick Winslow Taylor, Free Software Foundation, Gabriella Coleman, game design, Geoffrey Hinton, glass ceiling, Golden Gate Park, Google Hangouts, Google X / Alphabet X, Grace Hopper, growth hacking, Guido van Rossum, Hacker Ethic, hockey-stick growth, HyperCard, Ian Bogost, illegal immigration, ImageNet competition, information security, Internet Archive, Internet of things, Jane Jacobs, John Markoff, Jony Ive, Julian Assange, Ken Thompson, Kickstarter, Larry Wall, lone genius, Lyft, Marc Andreessen, Mark Shuttleworth, Mark Zuckerberg, Max Levchin, Menlo Park, meritocracy, microdosing, microservices, Minecraft, move 37, move fast and break things, Nate Silver, Network effects, neurotypical, Nicholas Carr, Nick Bostrom, no silver bullet, Northpointe / Correctional Offender Management Profiling for Alternative Sanctions, Oculus Rift, off-the-grid, OpenAI, operational security, opioid epidemic / opioid crisis, PageRank, PalmPilot, paperclip maximiser, pattern recognition, Paul Graham, paypal mafia, Peter Thiel, pink-collar, planetary scale, profit motive, ransomware, recommendation engine, Richard Stallman, ride hailing / ride sharing, Rubik’s Cube, Ruby on Rails, Sam Altman, Satoshi Nakamoto, Saturday Night Live, scientific management, self-driving car, side project, Silicon Valley, Silicon Valley ideology, Silicon Valley startup, single-payer health, Skype, smart contracts, Snapchat, social software, software is eating the world, sorting algorithm, South of Market, San Francisco, speech recognition, Steve Wozniak, Steven Levy, systems thinking, TaskRabbit, tech worker, techlash, TED Talk, the High Line, Travis Kalanick, Uber and Lyft, Uber for X, uber lyft, universal basic income, urban planning, Wall-E, Watson beat the top human players on Jeopardy!, WeWork, WikiLeaks, women in the workforce, Y Combinator, Zimmermann PGP, éminence grise

So Helsby started using her data-crunching skills to help a Chicago project study urban blight, and then she helped found the Lucy Parsons Lab, which creates free, open source software to help citizens lodge complaints against police. (One is a database of officers with photos, to help citizens figure out, among other things, which officer harassed them.) She’d warn fellow activists that police and government agencies were likely monitoring them, and she held crypto parties to teach “opsec”—operational security, like using encrypted apps such as Signal instead of text messaging. “People should have the ability to read freely, speak freely, which you don’t have when everything is being watched by the government, and they can take action against you when they don’t like what they’re seeing,” she says.

Small Wars, Big Data: The Information Revolution in Modern Conflict by Eli Berman, Joseph H. Felter, Jacob N. Shapiro, Vestal Mcintyre

basic income, call centre, centre right, classic study, clean water, confounding variable, crowdsourcing, data science, demand response, drone strike, experimental economics, failed state, George Akerlof, Google Earth, guns versus butter model, HESCO bastion, income inequality, income per capita, information asymmetry, Internet of things, iterative process, land reform, mandatory minimum, minimum wage unemployment, moral hazard, natural language processing, operational security, RAND corporation, randomized controlled trial, Ronald Reagan, school vouchers, statistical model, the scientific method, trade route, Twitter Arab Spring, unemployed young men, WikiLeaks, World Values Survey

In Vietnam—as in Afghanistan, Iraq, and the Philippines—the data were tremendously informative about the tactical question of how to best win local battles but could not help with larger strategic questions about how to make the South Vietnamese government sustainable. Future operations should build in good data collection from the start and place a high value on consistency. Being able to track trends over time is critical for learning. Moreover, despite the risk to operational security that might come with disseminating data for research, sharing those data enables benefits that come from rigorous analysis of these complex problems.54 Faster sharing allows more immediate application, as we saw in the successes of Joe’s research team in Afghanistan. Thoughtful data collection and sharing the hard-earned information can provide returns beyond the immediate episode.

How Everything Became War and the Military Became Everything: Tales From the Pentagon by Rosa Brooks

airport security, Albert Einstein, Berlin Wall, big-box store, clean water, cognitive dissonance, continuation of politics by other means, different worldview, disruptive innovation, driverless car, drone strike, Edward Snowden, facts on the ground, failed state, illegal immigration, information security, Internet Archive, John Markoff, Mark Zuckerberg, moral panic, no-fly zone, Oklahoma City bombing, operational security, pattern recognition, Peace of Westphalia, personalized medicine, RAND corporation, Silicon Valley, South China Sea, technological determinism, Timothy McVeigh, Turing test, unemployed young men, Valery Gerasimov, Wall-E, War on Poverty, WikiLeaks, Yochai Benkler

There was literally a new language to be learned: for several muddled months, I assumed that the constant references I heard to the “DOTMLPF Spectrum” (pronounced dot-mil P F) had something to do with websites or the military’s Internet domain; in fact, the acronym stood for “Doctrine, Organization, Training, Matériel, Leadership & Education, Personnel, and Facilities.” Month by month, I learned to “speak DoD” as a second language. By the time I left the Pentagon, I could pontificate knowledgeably about OPSEC and MILDEC (operations security and military deception), wax eloquent about the importance of “shaping the battlespace” during “Phase Zero Operations,” and explain the difference between a D-FAC (the dining facility) and an MRAP (a mine-resistant ambush-protected vehicle). Like a total-immersion language course, my work at the Pentagon occupied every corner of my mind.

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World by Bruce Schneier

23andMe, Airbnb, airport security, AltaVista, Anne Wojcicki, AOL-Time Warner, augmented reality, behavioural economics, Benjamin Mako Hill, Black Swan, Boris Johnson, Brewster Kahle, Brian Krebs, call centre, Cass Sunstein, Chelsea Manning, citizen journalism, Citizen Lab, cloud computing, congestion charging, data science, digital rights, disintermediation, drone strike, Eben Moglen, Edward Snowden, end-to-end encryption, Evgeny Morozov, experimental subject, failed state, fault tolerance, Ferguson, Missouri, Filter Bubble, Firefox, friendly fire, Google Chrome, Google Glasses, heat death of the universe, hindsight bias, informal economy, information security, Internet Archive, Internet of things, Jacob Appelbaum, James Bridle, Jaron Lanier, John Gilmore, John Markoff, Julian Assange, Kevin Kelly, Laura Poitras, license plate recognition, lifelogging, linked data, Lyft, Mark Zuckerberg, moral panic, Nash equilibrium, Nate Silver, national security letter, Network effects, Occupy movement, operational security, Panopticon Jeremy Bentham, payday loans, pre–internet, price discrimination, profit motive, race to the bottom, RAND corporation, real-name policy, recommendation engine, RFID, Ross Ulbricht, satellite internet, self-driving car, Shoshana Zuboff, Silicon Valley, Skype, smart cities, smart grid, Snapchat, social graph, software as a service, South China Sea, sparse data, stealth mode startup, Steven Levy, Stuxnet, TaskRabbit, technological determinism, telemarketer, Tim Cook: Apple, transaction costs, Uber and Lyft, uber lyft, undersea cable, unit 8200, urban planning, Wayback Machine, WikiLeaks, workplace surveillance , Yochai Benkler, yottabyte, zero day

Photos of the girlfriend matched the original photo that started all this, and police arrested w0rmer aka Ochoa. Maintaining Internet anonymity against a ubiquitous surveillor is nearly impossible. If you forget even once to enable your protections, or click on the wrong link, or type the wrong thing, you’ve permanently attached your name to whatever anonymous provider you’re using. The level of operational security required to maintain privacy and anonymity in the face of a focused and determined investigation is beyond the resources of even trained government agents. Even a team of highly trained Israeli assassins was quickly identified in Dubai, based on surveillance camera footage around the city.

The Gamble: General David Petraeus and the American Military Adventure in Iraq, 2006-2008 by Thomas E. Ricks

"RICO laws" OR "Racketeer Influenced and Corrupt Organizations", amateurs talk tactics, professionals talk logistics, Berlin Wall, classic study, disinformation, facts on the ground, failed state, Fall of the Berlin Wall, friendly fire, interchangeable parts, It's morning again in America, open borders, operational security, RAND corporation, Ronald Reagan, Suez crisis 1956, traveling salesman

Tactical and Operational Considerations: The Sunni outlook underlies the dramatic increase in attacks since February. However, several tactical and operational considerations have contributed to the rise in violence. Despite some success in isolated areas of the province, the insurgency has strengthened in the past six months. Insurgent groups are better organized, increasingly achieve effective operational security, have improved their capabilities to cache and distribute weapons, and have refined and adapted their tactics. Control of criminal enterprise means the majority of insurgents are now financially self-sustaining at the lowest levels. Broad control of the illicit oil trade from Bayji provides millions af dollars per year to AQI, while official profits appear to feed Shi’a cronyism in Baghdad.

A Better War: The Unexamined Victories and Final Tragedy of America's Last Years in Vietnam by Lewis Sorley

currency manipulation / currency intervention, defense in depth, friendly fire, Herman Kahn, land reform, operational security, RAND corporation, Seymour Hersh, South China Sea

Douglas Pike estimates that South Vietnamese civilian casualties reached the staggering total of 465,000 killed and 935,000 wounded, those in the North only a tiny fraction of that.4 IT WAS WIDELY believed that the enemy had numerous penetration agents in South Vietnam’s government and armed forces, and indeed there were frequent indications that this was in fact the case. South Vietnamese commanders also were notoriously careless about operational security, providing in the process much valuable information to an alert and watchful enemy. What is less well known, however, is that the enemy was similarly at risk. General Le Nguyen Khang, while commanding AKVN III Corps, had an agent in the 9th VC Division and was tapping him weekly for information.

Superintelligence: Paths, Dangers, Strategies by Nick Bostrom

agricultural Revolution, AI winter, Albert Einstein, algorithmic trading, anthropic principle, Anthropocene, anti-communist, artificial general intelligence, autism spectrum disorder, autonomous vehicles, backpropagation, barriers to entry, Bayesian statistics, bioinformatics, brain emulation, cloud computing, combinatorial explosion, computer vision, Computing Machinery and Intelligence, cosmological constant, dark matter, DARPA: Urban Challenge, data acquisition, delayed gratification, Demis Hassabis, demographic transition, different worldview, Donald Knuth, Douglas Hofstadter, driverless car, Drosophila, Elon Musk, en.wikipedia.org, endogenous growth, epigenetics, fear of failure, Flash crash, Flynn Effect, friendly AI, general purpose technology, Geoffrey Hinton, Gödel, Escher, Bach, hallucination problem, Hans Moravec, income inequality, industrial robot, informal economy, information retrieval, interchangeable parts, iterative process, job automation, John Markoff, John von Neumann, knowledge worker, Large Hadron Collider, longitudinal study, machine translation, megaproject, Menlo Park, meta-analysis, mutually assured destruction, Nash equilibrium, Netflix Prize, new economy, Nick Bostrom, Norbert Wiener, NP-complete, nuclear winter, operational security, optical character recognition, paperclip maximiser, pattern recognition, performance metric, phenotype, prediction markets, price stability, principal–agent problem, race to the bottom, random walk, Ray Kurzweil, recommendation engine, reversible computing, search costs, social graph, speech recognition, Stanislav Petrov, statistical model, stem cell, Stephen Hawking, Strategic Defense Initiative, strong AI, superintelligent machines, supervolcano, synthetic biology, technological singularity, technoutopianism, The Coming Technological Singularity, The Nature of the Firm, Thomas Kuhn: the structure of scientific revolutions, time dilation, Tragedy of the Commons, transaction costs, trolley problem, Turing machine, Vernor Vinge, WarGames: Global Thermonuclear War, Watson beat the top human players on Jeopardy!, World Values Survey, zero-sum game

It might even present an existential risk, especially if preceded by the introduction of novel military technologies of destruction or unprecedented arms buildups. 35. A project could have its workers distributed over a large number of locations and collaborating via encrypted communications channels. But this tactic involves a security trade-off: while geographical dispersion may offer some protection against military attacks, it would impede operational security, since it is harder to prevent personnel from defecting, leaking information, or being abducted by a rival power if they are spread out over many locations. 36. Note that a large temporal discount factor could make a project behave in some ways as though it were in a race, even if it knows it has no real competitor.

The Hunt for Red October by Tom Clancy

Ada Lovelace, cuban missile crisis, disinformation, financial independence, impulse control, LNG terminal, operational security, orbital mechanics / astrodynamics, trade route, Upton Sinclair

"The latter alternative means that their security has been violated by outsiders, but being a victim is more palatable than having to recognize the intrinsic contradictions of their own governing philosophy. On top of that we have the fact that the KGB will be running the investigation." "Why?" Pelt asked, caught up in the judge's plot. "In either case, a defection or a penetration of naval operational security, the GRU would have been responsible. Security of the naval and military forces is their bailiwick, the more so with the damage done to the KGB after the departure of our friend Andropov. The Soviets can't have an organization investigating itself—not in their intelligence community! So, the KGB will be looking to take its rival service apart.

Disrupt and Deny: Spies, Special Forces, and the Secret Pursuit of British Foreign Policy by Rory Cormac

anti-communist, Berlin Wall, British Empire, colonial rule, currency manipulation / currency intervention, disinformation, drone strike, dual-use technology, Edward Snowden, Etonian, fake news, false flag, illegal immigration, land reform, Malacca Straits, Mikhail Gorbachev, operational security, precautionary principle, private military company, Ronald Reagan, Seymour Hersh, Stuxnet, Suez crisis 1956, trade route, union organizing, WikiLeaks, Yom Kippur War

And yet, its impact would have decreased the longer the campaign was drawn out.115 Building on nearly two years of subversion, the effort peaked in mid-August 1953. Conditions were now ripe for revolution. Unfortunately for SIS and the CIA, the initial coup attempt was betrayed.116 After problematic experiences with leaky émigrés in Albania, this initial failure served only to remind Whitehall of the difficulties of operational security. This time the culprit was a young Imperial Guard captain and communist who had informed the leftist Tudeh Party.117 Mossadeq evaded capture and arrested the key conspirators as his supporters flooded the streets in protest against the attempted coup. Bedell Smith warned Eisenhower that America would now have to ‘snuggle up to Mosadeq if we’re going to save anything there’—and braced himself for ‘added difficulty with the British’.118 With his country in chaos, the shah fled, retreating, without warning, to the Caspian Sea.

A Line in the Sand: Britain, France and the Struggle for the Mastery of the Middle East by James Barr

bank run, British Empire, facts on the ground, friendly fire, illegal immigration, Khartoum Gordon, operational security, Scramble for Africa, short selling, éminence grise

It was ‘a cock-up of the first water’, said a colleague.⁵⁶ Wingate wrote up his report of the operation from hospital. ‘More deliberation and care is called for,’ he admitted.⁵⁷ Although Wingate recovered and returned to lead the night squads on further raids, the squads were wound up later in the year. By then, Wingate’s refusal to share the details of his plans – on the grounds of operational security – had annoyed other British officers. Wingate was an easy scapegoat for the more general failings of British policy. A senior policeman described him as a ‘definite hindrance’. ⁵⁸ He said that Wingate made ‘no attempt to co-ordinate what he did with the government force for law and order, the police force, at all.’

Inside British Intelligence by Gordon Thomas

active measures, Albert Einstein, Apollo 11, Ayatollah Khomeini, Berlin Wall, Bletchley Park, British Empire, country house hotel, cuban missile crisis, disinformation, Etonian, Fall of the Berlin Wall, false flag, job satisfaction, Khyber Pass, kremlinology, lateral thinking, license plate recognition, Mikhail Gorbachev, Neil Armstrong, Nelson Mandela, old-boy network, operational security, Ronald Reagan, sensible shoes, Silicon Valley, South China Sea, Suez crisis 1956, University of East Anglia, uranium enrichment, Yom Kippur War

In June 2001, Labour was reelected with a majority of 179 seats, and the Scarletts were among their friends who danced the night away. Despite Scarlett’s efforts to build trust, however, mutual suspicions remained, with Labour politicians calling for a detailed account of MI6 spending and the Secret Intelligence Service arguing that revealing this would “prejudice its operational security.” A Cabinet Office inquiry had concluded that MI6 “lacked focus” and had recommended some “downsizing as it appears to have run out of things to do.” Scarlett had rejected this and crisply reminded Blair that the party’s election manifesto had no “discernible” intelligence policy. Foreign Secretary Robin Cook, under whose political control MI6 came, had been among the fiercest critics of the service for “its lack of performance and often [being] a waste of taxpayers’ money.”

The Prefect by Alastair Reynolds

gravity well, operational security, Turing test

"But it is part of the mandate that, when circumstances dictate, Panoply has the means to return to the citizenry and request the temporary right — a period specified as exactly one hundred and thirty hours, not a minute longer — to arm its agents with those weapons that remain in our arsenal, designated for use under extreme circumstances. I need hardly add that such a request is not issued lightly, nor in any expectation of automatic affirmation. It is, nonetheless, my unfortunate duty to issue such a request now. For matters of operational security, I regret that I cannot specify the exact nature of the crisis, other than to say that it is of a severity we have very rarely encountered, and that the future safety of the entire Glitter Band may depend on our actions. As you are doubtless aware, tensions between the Glitter Band and the Ultras have reached an unacceptable level in the last few days.

More Money Than God: Hedge Funds and the Making of a New Elite by Sebastian Mallaby

Alan Greenspan, Andrei Shleifer, Asian financial crisis, asset-backed security, automated trading system, bank run, barriers to entry, Bear Stearns, Benoit Mandelbrot, Berlin Wall, Bernie Madoff, Big bang: deregulation of the City of London, Bonfire of the Vanities, book value, Bretton Woods, business cycle, buy and hold, capital controls, Carmen Reinhart, collapse of Lehman Brothers, collateralized debt obligation, computerized trading, corporate raider, Credit Default Swap, credit default swaps / collateralized debt obligations, crony capitalism, currency manipulation / currency intervention, currency peg, deal flow, do well by doing good, Elliott wave, Eugene Fama: efficient market hypothesis, failed state, Fall of the Berlin Wall, financial deregulation, financial engineering, financial innovation, financial intermediation, fixed income, full employment, German hyperinflation, High speed trading, index fund, Jim Simons, John Bogle, John Meriwether, junk bonds, Kenneth Rogoff, Kickstarter, Long Term Capital Management, low interest rates, machine translation, margin call, market bubble, market clearing, market fundamentalism, Market Wizards by Jack D. Schwager, Mary Meeker, merger arbitrage, Michael Milken, money market fund, moral hazard, Myron Scholes, natural language processing, Network effects, new economy, Nikolai Kondratiev, operational security, pattern recognition, Paul Samuelson, pre–internet, proprietary trading, public intellectual, quantitative hedge fund, quantitative trading / quantitative finance, random walk, Renaissance Technologies, Richard Thaler, risk-adjusted returns, risk/return, Robert Mercer, rolodex, Savings and loan crisis, Sharpe ratio, short selling, short squeeze, Silicon Valley, South Sea Bubble, sovereign wealth fund, statistical arbitrage, statistical model, survivorship bias, tail risk, technology bubble, The Great Moderation, The Myth of the Rational Market, the new new thing, too big to fail, transaction costs, two and twenty, uptick rule

Rickards recalls, “What you realize [when you suddenly need to raise capital] is that everybody will see you. They might not have any intention of investing with you, but to them it’s information. You’re the desperate ones, so you’re like, ‘What do you want to know?’ We had had high-quality operational security for four years, and all of the sudden we’re pouring our hearts out.” Rickards interview. 35. Gary Gladstein, managing director of Soros Fund Management, recalls of this period, “The major bank we dealt with was Kleinwort Benson. Kleinwort had been acquired by Dresdner. The CEO of Dresdner made this comment in Europe that he didn’t have any exposure to hedge funds.

Against All Enemies by Tom Clancy, Peter Telep

airport security, augmented reality, back-to-the-land, Captain Sullenberger Hudson, illegal immigration, independent contractor, Iridium satellite, low earth orbit, off-the-grid, operational security, Pepto Bismol, Recombinant DNA, US Airways Flight 1549

That would take the focus off him. He descended the ladder, turned, and hurried across the damp earth, following the strings of LED lights. And now he really had to use the bathroom. While driving to the tunnel, Romero had explained to Samad that the three sicarios in the trailer would be watching via battery-operated security cameras around the warehouse and the tunnel. They’d tested wireless cameras, but the signals had been too weak to be read on the surface. Two things needed to happen at once: The power would need to be cut to the monitors of those cameras, and the sicarios would need to be “separated from their phones,” as Romero had put it.

The Price of Time: The Real Story of Interest by Edward Chancellor

"World Economic Forum" Davos, 3D printing, activist fund / activist shareholder / activist investor, Airbnb, Alan Greenspan, asset allocation, asset-backed security, assortative mating, autonomous vehicles, balance sheet recession, bank run, banking crisis, barriers to entry, Basel III, Bear Stearns, Ben Bernanke: helicopter money, Bernie Sanders, Big Tech, bitcoin, blockchain, bond market vigilante , bonus culture, book value, Bretton Woods, BRICs, business cycle, capital controls, Capital in the Twenty-First Century by Thomas Piketty, Carmen Reinhart, carried interest, cashless society, cloud computing, cognitive dissonance, collapse of Lehman Brothers, collateralized debt obligation, commodity super cycle, computer age, coronavirus, corporate governance, COVID-19, creative destruction, credit crunch, Credit Default Swap, credit default swaps / collateralized debt obligations, crony capitalism, cryptocurrency, currency peg, currency risk, David Graeber, debt deflation, deglobalization, delayed gratification, Deng Xiaoping, Detroit bankruptcy, distributed ledger, diversified portfolio, Dogecoin, Donald Trump, double entry bookkeeping, Elon Musk, equity risk premium, Ethereum, ethereum blockchain, eurozone crisis, everywhere but in the productivity statistics, Extinction Rebellion, fiat currency, financial engineering, financial innovation, financial intermediation, financial repression, fixed income, Flash crash, forward guidance, full employment, gig economy, Gini coefficient, Glass-Steagall Act, global reserve currency, global supply chain, Goodhart's law, Great Leap Forward, green new deal, Greenspan put, high net worth, high-speed rail, housing crisis, Hyman Minsky, implied volatility, income inequality, income per capita, inflation targeting, initial coin offering, intangible asset, Internet of things, inventory management, invisible hand, Japanese asset price bubble, Jean Tirole, Jeff Bezos, joint-stock company, Joseph Schumpeter, junk bonds, Kenneth Rogoff, land bank, large denomination, Les Trente Glorieuses, liquidity trap, lockdown, Long Term Capital Management, low interest rates, Lyft, manufacturing employment, margin call, Mark Spitznagel, market bubble, market clearing, market fundamentalism, Martin Wolf, mega-rich, megaproject, meme stock, Michael Milken, Minsky moment, Modern Monetary Theory, Mohammed Bouazizi, Money creation, money market fund, moral hazard, mortgage debt, negative equity, new economy, Northern Rock, offshore financial centre, operational security, Panopticon Jeremy Bentham, Paul Samuelson, payday loans, peer-to-peer lending, pensions crisis, Peter Thiel, Philip Mirowski, plutocrats, Ponzi scheme, price mechanism, price stability, quantitative easing, railway mania, reality distortion field, regulatory arbitrage, rent-seeking, reserve currency, ride hailing / ride sharing, risk free rate, risk tolerance, risk/return, road to serfdom, Robert Gordon, Robinhood: mobile stock trading app, Satoshi Nakamoto, Satyajit Das, Savings and loan crisis, savings glut, Second Machine Age, secular stagnation, self-driving car, shareholder value, Silicon Valley, Silicon Valley startup, South Sea Bubble, Stanford marshmallow experiment, Steve Jobs, stock buybacks, subprime mortgage crisis, Suez canal 1869, tech billionaire, The Great Moderation, The Rise and Fall of American Growth, The Wealth of Nations by Adam Smith, Thorstein Veblen, Tim Haywood, time value of money, too big to fail, total factor productivity, trickle-down economics, tulip mania, Tyler Cowen, Uber and Lyft, Uber for X, uber lyft, Walter Mischel, WeWork, When a measure becomes a target, yield curve

‘It’s the way of radical monetary gimmicks that one begets another,’ wrote James Grant. ‘The more they’re tried, the less they succeed. The less they succeed, the more they’re tried. There is no “exit”.’17 Not every monetary innovation was concocted in Washington, DC. The Bank of England came up with ‘credit easing’. The ECB had its ‘long-term refinancing operations’, ‘securities markets programme’ and ‘outright monetary transactions’. The currency pegs of the Danish and Swiss central banks provided them with an excuse to buy foreign securities with newly printed money. The Bank of Japan, which had been the first to initiate quantitative easing (in March 2001), later came up with ‘quantitative and qualitative easing’, to which it added ‘yield-curve control’.18 While interest rates in the United States and the rest of the Anglophone world never went below the ‘zero lower bound’, central banks in Europe and Japan crossed the Rubicon, venturing into the unknown territory of negative rates.

Ubuntu 15.04 Server with systemd: Administration and Reference by Richard Petersen

Amazon Web Services, bash_history, cloud computing, Debian, Firefox, lock screen, Mark Shuttleworth, MITM: man-in-the-middle, OpenAI, operational security, RFC: Request For Comment, SpamAssassin, web application

sftp download.ubuntu.com To use the sftp client to connect to an FTP server, that server needs to be operating the sftp-server application. The ssh server invokes sftp-server to provide encrypted FTP transmissions to those using the sftp client. The sftp server and client use the SSH File Transfer Protocol (SFTP) to perform FTP operations securely. Port Forwarding (Tunneling) If, for some reason, you can connect to a secure host only by going through an insecure host, ssh provides a feature called port forwarding. With port forwarding, you can secure the insecure segment of your connection. This involves simply specifying the port at which the insecure host is to connect to the secure one.

Blackwater: The Rise of the World's Most Powerful Mercenary Army by Jeremy Scahill

"World Economic Forum" Davos, air freight, anti-communist, Berlin Wall, Bernie Sanders, business climate, business intelligence, centralized clearinghouse, collective bargaining, Columbine, facts on the ground, Fall of the Berlin Wall, independent contractor, Kickstarter, military-industrial complex, multilevel marketing, Naomi Klein, no-fly zone, operational security, private military company, Project for a New American Century, Robert Bork, Ronald Reagan, school choice, school vouchers, Seymour Hersh, stem cell, Timothy McVeigh, urban planning, vertical integration, zero-sum game

Prisoners are alleged to have been brought there both for interrogation and repatriation from Afghanistan.86 Also, as it happens, Blackwater’s planes in Afghanistan operate out of Bagram, a known U.S.-run detention and torture facility. According to Blackwater /Presidential’s Afghanistan contract, all personnel “are required to possess a Secret security clearance.”87 The contract also outlined “operations security” requirements: “Information such as flight schedules, hotels where crews are staying, return trips, and other facts about the international mission shall be kept close hold and only communicated to persons who have a need to know this information. Flight crews should be aware of persons who are seeking information about the contractor, flights, etc.

Facebook: The Inside Story by Steven Levy

active measures, Airbnb, Airbus A320, Amazon Mechanical Turk, AOL-Time Warner, Apple's 1984 Super Bowl advert, augmented reality, Ben Horowitz, Benchmark Capital, Big Tech, Black Lives Matter, Blitzscaling, blockchain, Burning Man, business intelligence, Cambridge Analytica, cloud computing, company town, computer vision, crowdsourcing, cryptocurrency, data science, deep learning, disinformation, don't be evil, Donald Trump, Dunbar number, East Village, Edward Snowden, El Camino Real, Elon Musk, end-to-end encryption, fake news, Firefox, Frank Gehry, Geoffrey Hinton, glass ceiling, GPS: selective availability, growth hacking, imposter syndrome, indoor plumbing, information security, Jeff Bezos, John Markoff, Jony Ive, Kevin Kelly, Kickstarter, lock screen, Lyft, machine translation, Mahatma Gandhi, Marc Andreessen, Marc Benioff, Mark Zuckerberg, Max Levchin, Menlo Park, Metcalfe’s law, MITM: man-in-the-middle, move fast and break things, natural language processing, Network effects, Oculus Rift, operational security, PageRank, Paul Buchheit, paypal mafia, Peter Thiel, pets.com, post-work, Ray Kurzweil, recommendation engine, Robert Mercer, Robert Metcalfe, rolodex, Russian election interference, Salesforce, Sam Altman, Sand Hill Road, self-driving car, sexual politics, Sheryl Sandberg, Shoshana Zuboff, side project, Silicon Valley, Silicon Valley startup, skeuomorphism, slashdot, Snapchat, social contagion, social graph, social software, South of Market, San Francisco, Startup school, Steve Ballmer, Steve Bannon, Steve Jobs, Steven Levy, Steven Pinker, surveillance capitalism, tech billionaire, techlash, Tim Cook: Apple, Tragedy of the Commons, web application, WeWork, WikiLeaks, women in the workforce, Y Combinator, Y2K, you are the product

The stuffed-toy nicknames are deceiving. These were two separate groups of digital marauders based in Russia. Intelligence officials knew them as Units 26165 and 74455 of the Main Intelligence Directorate of the General Staff (GRU), roughly the Russian equivalent of the CIA. “Their tradecraft is superb, operational security second to none, and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter,” wrote CrowdStrike’s cyber-espionage specialists. Facebook knew that some of its active accounts were associated with the GRU. Instead of shutting them down—they weren’t doing anything illegal anyway—the Threat Intelligence team monitored them, to keep track of potential security concerns.

The Defence of the Realm by Christopher Andrew

Able Archer 83, active measures, anti-communist, Ayatollah Khomeini, Berlin Wall, Bletchley Park, Boeing 747, British Empire, classic study, Clive Stafford Smith, collective bargaining, credit crunch, cuban missile crisis, Desert Island Discs, disinformation, Etonian, Fall of the Berlin Wall, false flag, G4S, glass ceiling, illegal immigration, information security, job satisfaction, large denomination, liquidationism / Banker’s doctrine / the Treasury view, Mahatma Gandhi, Mikhail Gorbachev, Neil Kinnock, North Sea oil, operational security, post-work, Red Clydeside, Robert Hanssen: Double agent, Ronald Reagan, sexual politics, strikebreaker, Suez crisis 1956, Torches of Freedom, traveling salesman, union organizing, uranium enrichment, Vladimir Vetrov: Farewell Dossier, Winter of Discontent, work culture

Most of the people who have been as intimately associated with it as I have been, have developed an affection for the Office as a whole and the staff in particular which I am certain is most unusual in a large Government Department.154 Few of the Security Service’s wartime successes were known to other government departments. The reasons for the Service policy of hiding its light under a bushel went some way beyond the demands of operational security. Petrie preferred to keep his contacts with Whitehall to a minimum. Two years after becoming director general, he admitted to Duff Cooper (Swinton’s successor as head of the Security Executive) that he was a bad ‘publicity merchant’ for the Service: I have lived so long abroad that I had comparatively few contacts in London, and I never cared to extend them beyond what was necessary for business purposes.

…

.), Camp 020, p. 356. 32 Security Service Archives. 33 A year before the outbreak of war the Abwehr had sent to Britain ‘a private individual who had very good connections in high British government circles’, who was expected to be ‘questioned closely by the British about German policy’. With the personal approval of Canaris, he was supplied with a plausible mixture of information and disinformation likely to deceive the British. ‘Preliminary note on the use by German Intelligence of Deception as an aid to military operations’, Security Service Archives. No similar operation was mounted after the outbreak of war. 34 The continuing ability of German intelligence to run a successful deception operation was demonstrated by the SD Englandspiel in the Netherlands in 1942–3, which completely deceived SOE and cost the lives of fifty-four agents, as well as other Dutch civilians and about fifty RAF personnel.

Designing Data-Intensive Applications: The Big Ideas Behind Reliable, Scalable, and Maintainable Systems by Martin Kleppmann

active measures, Amazon Web Services, billion-dollar mistake, bitcoin, blockchain, business intelligence, business logic, business process, c2.com, cloud computing, collaborative editing, commoditize, conceptual framework, cryptocurrency, data science, database schema, deep learning, DevOps, distributed ledger, Donald Knuth, Edward Snowden, end-to-end encryption, Ethereum, ethereum blockchain, exponential backoff, fake news, fault tolerance, finite state, Flash crash, Free Software Foundation, full text search, functional programming, general-purpose programming language, Hacker News, informal economy, information retrieval, Internet of things, iterative process, John von Neumann, Ken Thompson, Kubernetes, Large Hadron Collider, level 1 cache, loose coupling, machine readable, machine translation, Marc Andreessen, microservices, natural language processing, Network effects, no silver bullet, operational security, packet switching, peer-to-peer, performance metric, place-making, premature optimization, recommendation engine, Richard Feynman, self-driving car, semantic web, Shoshana Zuboff, social graph, social web, software as a service, software is eating the world, sorting algorithm, source of truth, SPARQL, speech recognition, SQL injection, statistical model, surveillance capitalism, systematic bias, systems thinking, Tragedy of the Commons, undersea cable, web application, WebSocket, wikimedia commons

Alternatively, you can find all of the references at https:// github.com/ept/ddia-references, where we maintain up-to-date links. We look primarily at the architecture of data systems and the ways they are integrated into data-intensive applications. This book doesn’t have space to cover deployment, operations, security, management, and other areas—those are complex and impor‐ tant topics, and we wouldn’t do them justice by making them superficial side notes in this book. They deserve books of their own. Many of the technologies described in this book fall within the realm of the Big Data buzzword. However, the term “Big Data” is so overused and underdefined that it is not useful in a serious engineering discussion.

GCHQ by Richard Aldrich

belly landing, Berlin Wall, Bletchley Park, British Empire, Charles Babbage, colonial exploitation, cuban missile crisis, disinformation, friendly fire, illegal immigration, index card, it's over 9,000, lateral thinking, machine translation, Menlo Park, Mikhail Gorbachev, Neil Kinnock, New Journalism, operational security, packet switching, private military company, Robert Hanssen: Double agent, Ronald Reagan, Seymour Hersh, social intelligence, South China Sea, Suez crisis 1956, undersea cable, unit 8200, University of East Anglia, Yom Kippur War, Zimmermann PGP

At a higher level there was a supervising body called the Cypher Security Committee, supposedly chaired by Sir Stewart Menzies, but this had not attracted Menzies’ interest. Moreover, it lacked the power to compel Whitehall departments to change any practices that they thought lax. Chitty had done a spot check of twelve departments around Whitehall, and found that few were taking cypher security seriously. Britain needed a decent operational security section at Bletchley Park, and a proper supervisory board with teeth.27 No cypher system, Chitty warned, was unbreakable. Britain’s most sensitive material was sent by one-time pads, which were, in his opinion, ‘unassailable’ if used correctly. Yet he reminded his superiors that Bletchley was making a ‘most successful daily attack’ on the one-time pads of other countries, ‘which reach us in a steady stream by Photography, Theft, and the sifting of Embassy waste-paper baskets’.

Unelected Power: The Quest for Legitimacy in Central Banking and the Regulatory State by Paul Tucker

"Friedman doctrine" OR "shareholder theory", Alan Greenspan, Andrei Shleifer, bank run, banking crisis, barriers to entry, Basel III, battle of ideas, Bear Stearns, Ben Bernanke: helicopter money, Berlin Wall, Bretton Woods, Brexit referendum, business cycle, capital controls, Carmen Reinhart, Cass Sunstein, central bank independence, centre right, conceptual framework, corporate governance, diversified portfolio, electricity market, Fall of the Berlin Wall, financial innovation, financial intermediation, financial repression, first-past-the-post, floating exchange rates, forensic accounting, forward guidance, Fractional reserve banking, Francis Fukuyama: the end of history, full employment, George Akerlof, Greenspan put, incomplete markets, inflation targeting, information asymmetry, invisible hand, iterative process, Jean Tirole, Joseph Schumpeter, Kenneth Arrow, Kenneth Rogoff, liberal capitalism, light touch regulation, Long Term Capital Management, low interest rates, means of production, Money creation, money market fund, Mont Pelerin Society, moral hazard, Northern Rock, operational security, Pareto efficiency, Paul Samuelson, price mechanism, price stability, principal–agent problem, profit maximization, public intellectual, quantitative easing, regulatory arbitrage, reserve currency, risk free rate, risk tolerance, risk-adjusted returns, road to serfdom, Robert Bork, Ronald Coase, seigniorage, short selling, Social Responsibility of Business Is to Increase Its Profits, stochastic process, subprime mortgage crisis, tail risk, The Chicago School, The Great Moderation, The Market for Lemons, the payments system, too big to fail, transaction costs, Vilfredo Pareto, Washington Consensus, yield curve, zero-coupon bond, zero-sum game

Here the issues are less about coordination among the authorities, than about whether there are any absolute boundaries and what any permissive constraints might look like. Secured Lending Is Much More Acceptable Than Purchases The first thing to say is that, under our general principles for central bank operations, secured loans (repos) against baskets of diversified portfolios of private sector securities are preferable to outright purchases. Repos avoid important political economy hazards, as they leave the choice to invest in particular instruments in private hands and enable ongoing risk management by the central bank.18 For those reasons, if the usual banking counterparties are unable to participate in repo operations because they are distressed, rather than leap straight to outright purchases, it is preferable for the central bank temporarily to widen the population of intermediaries it will deal with (eligible counterparties).

Designing Data-Intensive Applications: The Big Ideas Behind Reliable, Scalable, and Maintainable Systems by Martin Kleppmann

active measures, Amazon Web Services, billion-dollar mistake, bitcoin, blockchain, business intelligence, business logic, business process, c2.com, cloud computing, collaborative editing, commoditize, conceptual framework, cryptocurrency, data science, database schema, deep learning, DevOps, distributed ledger, Donald Knuth, Edward Snowden, end-to-end encryption, Ethereum, ethereum blockchain, exponential backoff, fake news, fault tolerance, finite state, Flash crash, Free Software Foundation, full text search, functional programming, general-purpose programming language, Hacker News, informal economy, information retrieval, Infrastructure as a Service, Internet of things, iterative process, John von Neumann, Ken Thompson, Kubernetes, Large Hadron Collider, level 1 cache, loose coupling, machine readable, machine translation, Marc Andreessen, microservices, natural language processing, Network effects, no silver bullet, operational security, packet switching, peer-to-peer, performance metric, place-making, premature optimization, recommendation engine, Richard Feynman, self-driving car, semantic web, Shoshana Zuboff, social graph, social web, software as a service, software is eating the world, sorting algorithm, source of truth, SPARQL, speech recognition, SQL injection, statistical model, surveillance capitalism, systematic bias, systems thinking, Tragedy of the Commons, undersea cable, web application, WebSocket, wikimedia commons

Alternatively, you can find all of the references at https://github.com/ept/ddia-references, where we maintain up-to-date links. We look primarily at the architecture of data systems and the ways they are integrated into data-intensive applications. This book doesn’t have space to cover deployment, operations, security, management, and other areas—those are complex and important topics, and we wouldn’t do them justice by making them superficial side notes in this book. They deserve books of their own. Many of the technologies described in this book fall within the realm of the Big Data buzzword. However, the term “Big Data” is so overused and underdefined that it is not useful in a serious engineering discussion.

Without Remorse by Tom Clancy

Boeing 747, Charles Lindbergh, defense in depth, Ford Model T, operational security, South China Sea, Teledyne

'Where will we stay tonight?' 'On board,' Kelly answered. 'We'll be secure here.' Pam merely nodded, but he explained anyway. 'You look different now, and they don't know me from Adam. They don't know my car or my boat. Frank Allen doesn't know your name or even that you're a girl. That's operational security. We ought to be safe.' 'I'm sure you're right,' Pam said, turning to smile at him. The confidence in her face warmed his blood and fed his already capacious ego. 'Going to rain tonight,' Kelly noted, pointing at distant clouds. 'That's good, too. Cuts down visibility. We used to do a lot of stuff in the rain.

The Irrational Bundle by Dan Ariely

accounting loophole / creative accounting, air freight, Albert Einstein, Alvin Roth, An Inconvenient Truth, assortative mating, banking crisis, Bear Stearns, behavioural economics, Bernie Madoff, Black Swan, Broken windows theory, Burning Man, business process, cashless society, Cass Sunstein, clean water, cognitive dissonance, cognitive load, compensation consultant, computer vision, Cornelius Vanderbilt, corporate governance, credit crunch, Credit Default Swap, Daniel Kahneman / Amos Tversky, delayed gratification, Demis Hassabis, Donald Trump, end world poverty, endowment effect, Exxon Valdez, fake it until you make it, financial engineering, first-price auction, Ford Model T, Frederick Winslow Taylor, fudge factor, Garrett Hardin, George Akerlof, Gordon Gekko, greed is good, happiness index / gross national happiness, hedonic treadmill, IKEA effect, Jean Tirole, job satisfaction, John Perry Barlow, Kenneth Arrow, knowledge economy, knowledge worker, lake wobegon effect, late fees, loss aversion, Murray Gell-Mann, name-letter effect, new economy, operational security, Pepsi Challenge, Peter Singer: altruism, placebo effect, price anchoring, Richard Feynman, Richard Thaler, Saturday Night Live, Schrödinger's Cat, search costs, second-price auction, Shai Danziger, shareholder value, Silicon Valley, Skinner box, Skype, social contagion, software as a service, Steve Jobs, subprime mortgage crisis, sunk-cost fallacy, The Wealth of Nations by Adam Smith, The Wisdom of Crowds, Tragedy of the Commons, ultimatum game, Upton Sinclair, Walter Mischel, young professional

It’s more akin to taking several boxes of pens, a stapler, and a ream of printer paper, which is much more difficult to ignore or rationalize. To Catch a Thief Our next experiment looked at what might happen if participants felt that there was a higher probability of getting caught cheating. Basically, we inserted the mental equivalent of a partially operating security camera into the experiment. We asked one group of participants to shred one half of their worksheet—which meant that if they were dishonest, we might find some evidence of it. We asked a second group to shred the whole work sheet, meaning that they could get off scot-free. Finally, we asked a third group to shred the whole worksheet, leave the testing room, and pay themselves from a sizable bowl of money filled with more than $100 in small bills and coins.

Backup & Recovery by W. Curtis Preston

Berlin Wall, business intelligence, business process, database schema, Debian, dumpster diving, failed state, fault tolerance, full text search, job automation, Kickstarter, operational security, rolling blackouts, side project, Silicon Valley, systems thinking, web application

Magstar MP) 3590, 3590 3592, 3592 AIX operating system, AIX Bare-Metal Recovery bare-metal recovery tools, AIX Bare-Metal Recovery mksysb utility, IBM’s mksysb and savevg Utilities T1120, TS1120 IBM DB2 Universal Database, IBM DB2 Backup and Recovery (see DB2) Ignite-UX recovery tool, HP-UX Bare-Metal Recovery, Troubleshooting Recovery Operations, Ignite-UX Overview, Network Services and Remote Boot Protocols, Differences Between HP Integrity and HP9000 Clients, Planning for Ignite-UX Archive Storage and Recovery, Recovery Archive Management, Considerations for the Remote Booting of Clients, Sizing the Recovery Archive, Configuring an Ignite-UX Network Server, Recovery Archive Management, Verifying Archive Contents, Troubleshooting Recovery Operations, Security, System Recovery and Disk Mirroring archive contents, verifying, Verifying Archive Contents archive management, Recovery Archive Management disk mirroring, System Recovery and Disk Mirroring HP Integrity versus HP9000 clients, Differences Between HP Integrity and HP9000 Clients network server, configuring, Configuring an Ignite-UX Network Server network services and remote boot protocols, Network Services and Remote Boot Protocols overview, Ignite-UX Overview planning for archive storage and recovery, Planning for Ignite-UX Archive Storage and Recovery, Recovery Archive Management recovery archive, sizing, Sizing the Recovery Archive remote booting, Considerations for the Remote Booting of Clients security issues, Security troubleshooting, Troubleshooting Recovery Operations image versus filesystem level, Image level or filesystem level?

Clear and Present Danger by Tom Clancy

"RICO laws" OR "Racketeer Influenced and Corrupt Organizations", active measures, affirmative action, Apple's 1984 Super Bowl advert, card file, disinformation, operational security

It was not unknown, in fact, for those left out to have had knowledge crucial to the operation's successful conclusion. But it was equally true that history was replete with examples of the disasters that resulted from making an operation so broadly based as to paralyze the decision-making process and compromise its secrecy. Drawing the line between operational security and operational efficiency was historically the most difficult task of an intelligence executive. There were no rules, Judge Moore knew, merely the requirement that such operations must succeed. One of the most persistent elements of spy fiction was the supposition that intelligence chiefs had an uncanny, infallible sixth sense of how to run their ops.

Lawrence in Arabia: War, Deceit, Imperial Folly and the Making of the Modern Middle East by Scott Anderson

British Empire, centralized clearinghouse, disinformation, European colonialism, facts on the ground, Ford Model T, gentleman farmer, Islamic Golden Age, operational security, Potemkin village, Scramble for Africa, zero-sum game

Since the early days of the war, the British had employed carrier pigeons to relay messages on the Western Front, and in the summer of 1917 someone in Cairo hit on the same idea as a way to maintain contact with the NILI operatives in Palestine. On paper, the notion had a lot going for it. It would help eliminate the need for the perilous and trouble-prone spy-ship runs from Egypt—with almost eerie regularity, these voyages had a way of coinciding with bad storms—as well as the risk to operational security inherent in face-to-face contact between spies and spy handlers. Carrier pigeons might also mean that crucial intelligence would reach British lines much faster. Between the difficulty in getting informants’ reports to Athlit, and then the wait for the ship, the information Cairo received from NILI was often five or six weeks out of date.

Ghost Wars: The Secret History of the CIA, Afghanistan, and Bin Laden, from the Soviet Invasion to September 10, 2011 by Steve Coll

airport security, Ayatollah Khomeini, Berlin Wall, Boeing 747, Boycotts of Israel, centre right, colonial rule, computer age, disinformation, energy security, failed state, Fall of the Berlin Wall, illegal immigration, index card, Islamic Golden Age, Khyber Pass, Mikhail Gorbachev, Network effects, Oklahoma City bombing, operational security, RAND corporation, Ronald Reagan, Timothy McVeigh, trade route, upwardly mobile, urban planning, women in the workforce

The Defense Intelligence Agency, working its own Pakistani and Afghan sources, produced scores of its own classified reports about bin Laden.7 One purpose of the recruitments was to collect detailed intelligence about bin Laden’s movements, his training camps, the houses where he stayed, the houses where his wives stayed, and the houses where al-Zawahiri, Mohammed Atef, and other top lieutenants lived or worked. Gradually the CIA built up a detailed map of bin Laden’s infrastructure in Afghanistan. Reports and photography from unilateral agents were matched against satellite imagery to fill in maps of camps and urban neighborhoods. Bin Laden practiced intensive operational security. He was wary of telephones. He allowed no Afghans into his personal bodyguard, only Arabs he had known and trusted for many years. He varied his routes, did not stay in any one place for long, and never told anyone but his Arab inner circle about his plans. These practices limited the effectiveness of the CIA’s recruitments because the agency’s sources and paid agents were mainly Afghans who were kept at bay by bin Laden’s core bodyguard and leadership group.

Dirty Wars: The World Is a Battlefield by Jeremy Scahill

active measures, air freight, Andy Carvin, anti-communist, blood diamond, business climate, citizen journalism, colonial rule, crowdsourcing, disinformation, Donald Trump, drone strike, failed state, false flag, friendly fire, Google Hangouts, independent contractor, indoor plumbing, information security, Islamic Golden Age, Kickstarter, land reform, Mohammed Bouazizi, Naomi Klein, operational security, private military company, Project for a New American Century, rolodex, Ronald Reagan, Saturday Night Live, Seymour Hersh, Strategic Defense Initiative, WikiLeaks

US Special Operations Forces had taken over the base soon after the March 2003 invasion of Iraq and erected a fence around the cluster of buildings that made up Camp NAMA. At the center of the small compound, surrounded by barbed wire, was the Battlefield Interrogation Facility (BIF). Members of the JSOC Task Force resided at NAMA, but it was hardly just a dormitory. This task force went by various code names, and the names were frequently changed for operational security and to make investigating it difficult. At various times, it was known as Task Force 20, Task Force 121, Task Force 6-26, Task Force 714 and Task Force 145. Suspected insurgents snatched in house raids or taken off the streets of Iraq cities were brought to NAMA and placed in one of two structures: “Motel 6” was a plywood barracks; “Hotel California” was an actual cellblock that a few months earlier had been used by Saddam’s regime as a prison.

The Sum of All Fears by Tom Clancy

"RICO laws" OR "Racketeer Influenced and Corrupt Organizations", accounting loophole / creative accounting, airport security, Benoit Mandelbrot, Boeing 747, British Empire, colonial exploitation, complexity theory, cuban missile crisis, demand response, disinformation, false flag, financial independence, flag carrier, Herman Kahn, index card, mandelbrot fractal, operational security, Suez crisis 1956, trade route, uranium enrichment

If China were to do something like this, they would more likely attack us. We have the land and resources they need, and America has much more value to them as a trading partner than as an enemy. No, for this to be a project of a nation-state means that only one of a handful has the ability to do it, and the problems of operational security are virtually insurmountable. Andrey Il'ych, if you directed KGB to do this, we probably could not. The type of individual necessary for such a mission - by that I mean the skill, intelligence, dedication - are not qualities which you find in a psychotic; murder on this scale, likely to bring about such a crisis as this, would require a diseased personality.

Post Wall: Rebuilding the World After 1989 by Kristina Spohr

"World Economic Forum" Davos, Alan Greenspan, American Legislative Exchange Council, Andrei Shleifer, anti-communist, banking crisis, Berlin Wall, Bonfire of the Vanities, bread and circuses, Bretton Woods, central bank independence, colonial exploitation, Deng Xiaoping, Dissolution of the Soviet Union, Donald Trump, Doomsday Clock, facts on the ground, failed state, Fall of the Berlin Wall, foreign exchange controls, Francis Fukuyama: the end of history, G4S, Japanese asset price bubble, Kickstarter, mass immigration, means of production, Mikhail Gorbachev, military-industrial complex, open economy, operational security, Prenzlauer Berg, price stability, public intellectual, rising living standards, Ronald Reagan, Ronald Reagan: Tear down this wall, software patent, South China Sea, special economic zone, Thomas L Friedman, Transnistria, uranium enrichment, zero-coupon bond

Despite the efforts of some European statesmen – notably Genscher, Gorbachev and Mitterrand – in 1989–91, no new pan-European architecture was created to embrace the two halves of the continent and incorporate Russia into a shared security structure. The Helsinki 1975 Conference on Security and Cooperation in Europe (CSCE) possessed the potential to become such a structure, but it was never converted into an operative security organisation. The post-Wall political reality – with America set to remain a ‘European power’ – conspired against such pan-European paths. And the attractions of a Europe reunified under the aegis of an ever-closer European Union and secured by a reinvented NATO were simply too strong.[21] Consequently, the West–East asymmetry increased over time, as the jumbled fragments of what had been the Cold War order were re-formed within an ever-larger Western-dominated framework.

Days of Fire: Bush and Cheney in the White House by Peter Baker

"Hurricane Katrina" Superdome, addicted to oil, Alan Greenspan, anti-communist, battle of ideas, Bear Stearns, Berlin Wall, Bernie Madoff, Bob Geldof, Boeing 747, buy low sell high, carbon tax, card file, clean water, collective bargaining, cuban missile crisis, desegregation, drone strike, energy security, facts on the ground, failed state, Fall of the Berlin Wall, friendly fire, Glass-Steagall Act, guest worker program, hiring and firing, housing crisis, illegal immigration, immigration reform, information security, Mikhail Gorbachev, MITM: man-in-the-middle, no-fly zone, operational security, Robert Bork, rolling blackouts, Ronald Reagan, Ronald Reagan: Tear down this wall, Saturday Night Live, South China Sea, stem cell, Ted Sorensen, too big to fail, uranium enrichment, War on Poverty, working poor, Yom Kippur War

It would be a daring display of progress for the audience back home and a chance for the president to see the results of the surge. First, he had to slip out of the world’s most heavily guarded building without detection. Bush found himself in an unmarked vehicle heading to Andrews Air Force Base and stuck in traffic on an often-clogged exit ramp in Washington. For operational security, they posed as a regular vehicle, and no roads were cleared ahead of time. Suddenly Bush’s aides saw a panhandler collecting coins in a McDonald’s cup making his way to each of the cars stuck at the traffic light. Bush was in the third one back. Any moment the man would reach them, peer into the window, and notice the president of the United States, blowing the secrecy of the trip.

Pandora's Star by Peter F. Hamilton

Apollo 11, carbon-based life, clean water, corporate governance, disinformation, Magellanic Cloud, megacity, Neil Armstrong, nuclear winter, operational security, plutocrats, random walk, rolodex, Rubik’s Cube, stem cell, the scientific method, trade route, urban sprawl

Rob and the other guard waved their pistols meaningfully, shepherding the managers over to the glass wall. They were made to crouch down. “Joanne Bilheimer,” Rob called. “Front and center, now.” One of the women looked up fearfully. “I’m Joanne. What do you want?” “Up.” Rob beckoned with all four fingers. He pointed to the console marked Chief of Operations. “Secure this room, activate level three isolation.” “I . . .” She gave his pistol a frightened glance. “I’m not . . .” “Please,” he said. “Don’t give me any bullshit about not having the authority. And you really don’t want to make me start issuing threats, because I’ll carry them out. Now, level three?”

Engineering Security by Peter Gutmann

active measures, address space layout randomization, air gap, algorithmic trading, Amazon Web Services, Asperger Syndrome, bank run, barriers to entry, bitcoin, Brian Krebs, business process, call centre, card file, cloud computing, cognitive bias, cognitive dissonance, cognitive load, combinatorial explosion, Credit Default Swap, crowdsourcing, cryptocurrency, Daniel Kahneman / Amos Tversky, Debian, domain-specific language, Donald Davies, Donald Knuth, double helix, Dr. Strangelove, Dunning–Kruger effect, en.wikipedia.org, endowment effect, false flag, fault tolerance, Firefox, fundamental attribution error, George Akerlof, glass ceiling, GnuPG, Google Chrome, Hacker News, information security, iterative process, Jacob Appelbaum, Jane Jacobs, Jeff Bezos, John Conway, John Gilmore, John Markoff, John von Neumann, Ken Thompson, Kickstarter, lake wobegon effect, Laplace demon, linear programming, litecoin, load shedding, MITM: man-in-the-middle, Multics, Network effects, nocebo, operational security, Paradox of Choice, Parkinson's law, pattern recognition, peer-to-peer, Pierre-Simon Laplace, place-making, post-materialism, QR code, quantum cryptography, race to the bottom, random walk, recommendation engine, RFID, risk tolerance, Robert Metcalfe, rolling blackouts, Ruby on Rails, Sapir-Whorf hypothesis, Satoshi Nakamoto, security theater, semantic web, seminal paper, Skype, slashdot, smart meter, social intelligence, speech recognition, SQL injection, statistical model, Steve Jobs, Steven Pinker, Stuxnet, sunk-cost fallacy, supply-chain attack, telemarketer, text mining, the built environment, The Death and Life of Great American Cities, The Market for Lemons, the payments system, Therac-25, too big to fail, Tragedy of the Commons, Turing complete, Turing machine, Turing test, Wayback Machine, web application, web of trust, x509 certificate, Y2K, zero day, Zimmermann PGP

While the interception of tactical video communications may not seem like a major problem since the footage has a very short lifetime, in practice it can have all sorts of long-term benefits for an opponent such as allowing them to test the effectiveness of various camouflage measures, revealing details of UAV surveillance manoeuvres, search patterns and times, and operational security, and even providing clues on how to make civilian gatherings looks like targets (to create bad publicity when they’re attacked) or conversely targets look like civilian gatherings. When the situation was re-examined four years later, the majority of the UAVs were still transmitting video in the clear (the Navy’s equivalent, in contrast, had used encrypted feeds from day one) [103].