 So many people who want to improve their digital opsec spend way too much time obsessing over low-level technical details like whether or not Tor or some other anonymizing network can be trusted. And I think that this kind of obsession over the technical details is what fuels these endless online conversations I see about whether or not you should use a VPN together with Tor or whether one operating system is going to be you know more secure or give you better opsec over another or even whether you should use Librebooted hardware you know an open source BIOS on hardware that's a decade old for certain operations. And of course it makes sense to at least be aware of these different technologies and to experiment with them for educational purposes or to possibly even learn how they work to work them into your operations and improve your opsec. But if we look at ways that hackers actually get caught you know the mistakes that they made and thus what details should really be obsessed over there's rarely a complicated technical mistake at play. It's almost never a zero day in the Linux kernel that gets them caught. It's never the Intel management engine. It's almost never a flaw with Tor's protocols or someone's encryption being broken. But what is always involved is someone saying too much and even in these extreme cases where you know a lot of money and resources are thrown into creating some advanced malware like Pegasus or even something like Stuxnet where you know the state is deploying malware. And information leak somebody saying too much is what ultimately leads to that malware's target being picked. And in the case of Stuxnet intelligence was actually gathered about the target which was Iran's nuclear program and the machinery involved with that enrichment process prior to the malware being developed that intelligence helped them develop the malware because then they knew you know what machines were going to be used and so they could make the malware to attack those devices directly. So let's look at some examples of how Tor users hackers that were using Tor got caught. So this is Hector Montseger also known by his hacker name Sabu who was a member of Anonymous and the founder of another hacking group called Lulsec. That was a pretty notorious hacker group that was active in the early 2010s. So he had actually gotten doxed by members of Backtrace who were former members of Anonymous prior to his FBI arrest but Sabu was under FBI surveillance at this time and so that's why Backtrace actually took down their dox that or at least the links to the dox that they had published because you know he once mistakenly logged into an IRC channel where he was discussing operations with other hackers without using a proxy to mask his real IP address. So this exposes his IP and then of course the FBI can get his name from that but what also aided the FBI in catching Sabu and Backtrace in doxing him in the first place was his frequent mentions of a personal website that he had in the early 2000s called prvt.org where he had his real name and phone number and email listed in the contact information for the domain. So anybody could have just done a who is on prvt.org and get Sabu's dox which is probably what Backtrace ended up doing to get his dox and of course they had tons of screenshots from IRC chats where he's just saying too much you know he's giving away a lot of information about where he lives and things that he does so that they're able to correlate that with the who is details. So yeah obviously Sabu leaking his IP that was a big fail since the FBI just got his info from the ISP but the who is dox and Sabu talking about this website in IRC corroborates that IP address evidence and it gets twice as much surveillance sent to you twice as fast and it's pretty much over once close surveillance starts because the FBI once they surveilled him quickly realized that Sabu was taking care of his two young cousins and so they were able to use that against him when the FBI raided his house apparently according to him they didn't bust down his door do anything crazy like that they basically just knocked on the door and told him to cooperate with them or he was going to go to jail for life and the state would take his younger cousins away and so Sabu became an informant and this led to others in his ring like Jeremy Hammond to get caught. Now what's interesting about Hammond is apparently he didn't make any technical mistakes like signing on to IRC without using a proxy at least not during his involvement with lolsec but again he talked too much and he let these various identities you know various hacker identities overlap so you can see that he's got numerous hacker aliases in his indictment but there were multiple incidents in recorded IRC chats and you should be assuming that any every IRC chat is recorded where he would have one username but then he would respond to another or he would use another username and then tell people that he's this user as well. The whole point of using multiple identities is to reduce how much someone knows about you so if you let those identities overlap then that's going to unravel all of your efforts so we can see here I mean this is a perfect example of saying too much so this is the indictment for Jeremy Hammond and it says in a chat with covert witness one this would be Sabu on or about July 21st 2011 an individual using the alias NR chaos later identified as the defendant Jeremy Hammond told Sabu that he had been arrested for weed and did two weeks in county jail and then later in that same chat the individual said don't tell anyone because it could compromise my identity but I am on probation I've done time before though it's all cool so quick tip if you've got to tell somebody not to tell anybody else that's something that you shouldn't be telling that person in the first place because they could be an informant as you see here but regardless of who you're talking to this kind of information you know saying that you got arrested for weed and that you're on probation stuff could very likely be used by a civilian to get your docs it can definitely be used by an FBI agent obviously here it was used by the FBI to get his docs so you got to be aware when conducting these kinds of operations really you've got to assume that every single chat is going to be read by an FBI agent at some point and we can also see that Hammond when he used the alias sub G was telling Sabu that he was involved with these anarchist groups he described himself as an anarchist communist and said that he supported the anarchist movement and that he was also involved in militant anti-racist groups now obviously this was another huge mistake because the FBI were able to talk with the Chicago PD to get information about Hammond's arrest for involvement in various anarchist protests and involvement in the hacking of a white supremacist site years prior and that's something that he wasn't even charged for that's just something where you know they had his details because I believe he didn't mask his IP address the whole time when he was breaking into that white supremacist site he did make technical mistakes in the past but not you know so many when he was again involved with lull sack but a lot of the arrest information right typically arrest information and you know things that you're convicted of end up becoming public record which is why divulging this information about yourself which isn't even relevant to your current operations is such a grave error you know people who aren't even in law enforcement would have been able to dox him with this with all of these details plus introducing a bunch of political stuff or stating your strong political opinions when it's not necessary to your current operation in a group like this is a bad idea because it could set people with opposing opinions against you you know like these are controversial ideas like I guess you could consider lull second anarchist hacking group to some extent but as they've stated many times they mostly hacked for the lulls so telling people that you're a pot smoking anti-racist freaking anarchist that's currently on probation in the midwest in a hacker IRC channel is truly a horrific opsec you know it doesn't matter if you always used a quantum resistant vpn with tour if the feds have your name and they know you're in Chicago then they can identify you as the guy with weed and the anarchist t-shirt getting lunch out of a dumpster now in addition to giving away too many details about his personal life and past operations he had taken part in Hammond was giving away too many details about how he was conducting his current operations with lull sec so for example he stated on IRC that all of his connections were being made over tour over the tour network and he even complained about stuff like youtube being really slow over tour he also said that he used an apple laptop so of course during the surveillance phase the fbi confirmed that he was sending all of his traffic through tour and that the mac address of his computer matched to an apple computer it's not necessary to divulge those details to anyone you know even the people who you're working with in your current operation don't need to know that you use a mac or that you're always using tour or tour with a vpn or residential proxies or whatever it doesn't matter you really should treat your IRC chats or any online chats for that matter like you're talking directly to the police after you've been morandized especially if you're engaging in this kind of activity and you know speaking of that like if you're paid attention to the wording of the morander rights and i'm sure the other countries have a similar version of this but here in the states when the cops arrest you before questioning they tell you that you have the right to remain silent everything you say can and will be used against you in a court of law what that means is the only things you say that are going to be written down and remembered by the cops and used are things that can be used against you in court not for you which is why a good lawyer is going to tell you to not say anything after you've been morandized you know even if you say something that might exonerate you later on something that makes sense to you know like oh i wasn't there it wasn't me that statement isn't going to be written down it's not going to be remembered by the people talking to you and it's not going to be used in court right and not unless somehow your lawyer can get a recording of that and try to get it entered into evidence the cops and the da certainly aren't going to enter it into evidence if it makes you seem not guilty uh so yeah it turns out when it comes to opsec simply shutting the fuck up is so much more important than what vpn proxy or operating system you're using