Operational Security

  1. Identify the information you need to protect
  2. Analyze the threats
  3. Analyze your vulnerabilities
  4. Assess the risk
  5. Apply countermeasures

Understand your own risk/threat model: Who is your adversary? What needs protecting?

The OPSEC Two-Step: Know what to protect and know how to protect it.

  1. Back up all your important data
  2. factory reset / wipe all of your compromised devices
    • if there is a possibility the hardware has been tampered with, buy new hardware.
  3. Change all your passwords
    • most important:
      • email,
      • social media,
      • WLAN,
      • infrastructure accounts (phone company, ISP)
  4. use a password manager like KeePassXC on a trusted device
    • trusted = factory new or freshly reset
    • Do not change or enter passwords on compromised devices.
  1. Factory reset the phone.
  2. Change your Google or Apple ID password.
  3. do not restore app data from Google or Apple, you could potentially restore a backdoor.
  4. Reset 2FA information.
  5. Reset your desktop PC or laptop (maybe there's a keylogger installed as well).

You won't need to get a new phone and number.

  • Umbrella – Android App with security handbook
  • verify your contacts out-of-band (e.g. via phone call or in person)
  • if you send sensitive information (contacts, passwords etc.), delete it for both sides after saving
  • don't disclose sensitive information in public chatrooms
  • Last modified: 2022-01-29 13:57