Clothes Line OPSEC/PERSEC
BLUF: Clothes lines throughout history have offered a source of intel to surveillance operatives and is something that should be kept in mind for those preparing for a grid down, collapse or LAE/SHTF scenario where you may no longer have power for your dryer. Below are examples of what your hanging clothes tell others.
》Only men’s or women’s clothes – living alone
》Combination of M/F or larger quantity – in a relationship or multiple occupants
》Different sizes or styles – can be used to count how many people
》Children’s clothes – Children on the property, kidnapping target for ransom
》Athletic clothes – Fit person might put up more of a fight
》Oversized clothes – Likely unfit and possibly easier target
》Hunting clothes – Likely to have firearms, ammunition, and possibly food stocks
The clothes line example is just one of many examples of OPSEC/PERSEC vulnerabilities we often don’t consider.
OPSEC: Operational Security is the process of protecting individual pieces of data that could be grouped together to give the bigger picture (called aggregation). OPSEC is the protection of critical information deemed mission essential or vital to the protection of an entity. It involves identifying critical information, analyzing threats, analyzing vulnerabilities, assessing risk, and applying counter measures. A breach of OPSEC could included the exposure of a deployment date (posting on Facebook “So sad my hubby has to go to Afghanistan this weekend”), what weapons you are carrying (telling other dad’s at your kids soccer game that you carry a Glock 27 on your right ankle), or what deficiencies exist in home security (telling your FedEx driver not to worry about the camera because you alarm system is broken).
PERSEC: Personal Security is similar to OPSEC but does not involve the protection or concern of exposing mission essential information. It’s relative to yourself and family. A breach of PERSEC involves exposing your child’s school name, your home address, and PII (Personally Identifiable Information).
QR Code Security
QR or Quick Response Codes are being used more frequently to allow customers to access menus, complete contactless checkout, or mark a place in a waiting queue. These codes are also being used by cyber criminals to collect PII, fraudulently steal money, or access your phone.
A QR Code stores alphanumeric information in the data modules of the square shape designs.
A criminal typically alters or replaces existing QR Codes at reputable locations to attempt a physical origin spearphishing attack. For example, a placard on a restaurant table could easily be switched w/ another QR Code that directs you to the hostile actor’s spoofed website. If the website looks legitimate, the victim may make a payment, fill out a survey exposing PII, or unknowingly give remote access to their phone.
》Avoid scanning QR Codes.
》Inspect the physical code to ensure a sticker wasn’t placed over top of the old code.
》Review the URL of the website & compare it to the legitimate entity’s real website domain name.
This article was originally written by the Grayman Briefing. Stay in the know, sign up for Intel and Situational Awareness alerts pushed to your phone on emerging threats and preparedness warnings. Click HERE to subscribe to the Grayman Briefing.