Dyne.org Operational Security Handbook (OPSEC)
OPSEC: AKA a certain behaviour and a set of rules-of-thumb that will keep you and your informations more safe, as well in day to day as in production.
Plus an appendix on operational choices for dyne.org projects confidentiality.
THIS IS A LIVING DOC
Last revision 04-08-2019
Autors: fredd, parazyd,alv
Discretion and confidentiality
- Behavioural discretion
First thing first: assess the type of opposition you have. Consider that we operate in general in medium confidentiality environment.
Type of opposition: who wants to know, what and why.
Risk assessment: always assess minding that is a good rule to consider the opposition as stronger than you, better organised and that knows a lot already
(is true that it has a lot of resources).
At the same time avoid paranoia: you act and think actively and aware; this makes you a tough cookie.
Always remember that:
- you act according to the law and to your constitutional rights
- you act according to high etical standards
- you are not alone
As such, playing on project based compartments and personal trust is at the base of any security assessment.
You use paranoia, you are not used by her.
- RULE OF THUMB ONE: if you have no trust in someone you should not have business with him :)
- RULE OF FOOT TUMB: friends with everyone, in bed with no one
- General rule of pre post trust: in operation were you need to trust your peers your best is given when you keep confidential information on a need-to-know basis. Trust is increased by full disclosure in de-briefing
- Operative discretion: when project is running or when you are in indian country (a.k.a. unfriendly or uncharted territory)
If operation has a peculiar opsec level, everyone will be briefed beforehand about it.
In any case:
- tree circles metaphore: inner, outer and opposition
- Exemples from cospiracy: rings - in a ring of pairs all information is accessible by all the peers, but nothing goes out to others without agreeing between the inner parties;
- rule of 5; no more than 5 persons can be efficiently part of a ring. Communication needs else escalates. In soviet classic security organisations this was compartmentalised with a controller/ringleader mechanism. We are not in need of that level of paranoia. Yet is good to know just in case.
- Positive view: in/out border: Enforcing confidentiality between peers, agree with general consensus if disclosure to outer ring is necessary;
- Need to know basis in operation: in short operations were confidentiality and speed is necessary the operators are fed only with the informtion they need to perform the operational tasks. Full debriefing is usually necessary only ex-post.
- Always keep a plan B
- Stay safe
- “l’agendina”: write down stuff with pen and ink and keep it in with you a drawer; It is not safer but is much more expensive for the opposition to send a team to break in your house and look for a piece of paper than to bug your computer with malware ad filter all your communication;
- “il pizzino”: a paper written by hand that can be sent to someone, gets read and destroyed on spot. Or such kind of things. Works, is safe from sigint, implies a certain level of trust. A plus is that you can recognise calligraphy and handwriting brings signs of emotional stress. Consider a form of talk that might carry a world that if used implies you believe you are compromised… the rest is a Le Carre book (a very good read for fun but a paranoia level we don’t operate at).
- Need to know two - a measure to be used in delivery or operations: you know only what you need to know to perform your task to protect the operation. In this case you don’t talk any more about the whole picture, you operate temporarily on a “need to know” basis. Because we are peers you will be debriefed at the end.
- Communication loop outside the magic circle: strategies, objectives, keywords
- Confidentiality -
A document marked confidential has to be kept such: partial or total disclosure is up to be decided upon by the responsible. Has to have a distribution list printed on his first page so that all recipients know who has access to the document.
A document not marked confidential is still to be spoken of with a bit of discretional assessment outside our circle.
3.1. Dyne is a think (&do) tank but also a software foundry. WE USE FIRST OUR OWN SOFTWARE if it does the job.
Then we use open source, then eventually proprietary software. Some software we DONT USE ON PURPOSE. IS BANNED. For security reasons AND secondly for public coherence reasons, but security are primary. If in doubt ask.
3.2. Project based workflow confidentiality
- project lead has always to know
- project lead has consultive decision power regarding to the project
- project leader is responsible of their course of actions
3.3. Confidentiality tool:
- You need to create a ssh key, that is composed by two keys, a public and a private
- You need to create a GPG key. Get familiar with double key encryption
- The public key is also attached to your dyne.org mail.
- Use a long key (>4k)
- backup your secret key SAFELY (a phisical copy is a good idea)
- use to unlock your key a unique pass phrase that you don’t have to write anywhere and you will always remember.
- never put your passphrase in a keychain, never write it down, never use easy to guess stuff or cyphers
- keep a secret password file in a safe place. To do so you can use gpg, keep a password file encrypted with gpg.
- dyne developed tomb for hiding secret things in your file servers if on linux get familiar with tomb
- on mac you can use encryption AES 256 on disk images
- dyne developed https://secrets.dyne.org for share the burden of secrets like important passwords. Use it were necessary. This tool allows you to encode a string (a password) and shread it into a number of strings that can be distributed to friends. Putting a number of them together (for example 3 out of 5) can reconstruct the secret string and, as an example, use the lost password to re-open a bitcoin wallet. Use it.
3.3.1. Use of dyne.org git for confidential material: gitea.dyne.organisations
3.3.2. Use cloud.dyne.org for keeping files you want to sych within your machines or share with your collegues
- avoid google docs. A file on gdocs is to be consider compromised
- avoid dropbox type of services for sharing: use cloud.dyne.org (a nextcloud self hosted instance)
- What if:
- Your computer is stolen
- give alarm to your peers, let us know
- if your HD was encrypted (it should!!!) chances are your data is not compromised
- Your computer is compromised for example by virus or malware
- you can learn a lot by cleaning it up
- you have been compromised, call home to allow us assess the damage
OSX “security for toddlers”
written by fredd
- MAC OS X security hardening for everyone
Basic computer security for mac users.
• physical MAC can be stolen or bugged
• passwords and user setup 101
• encrypted home
• Password manager and password security rules of thumbs: use apple keychain
• Email is king
• double key how it works for dummies
• gpgmail is behind a paywall. This is unacceptable, just being some scripts over gpgkeys. So use thunderbird with enigmail from now on.
ABOUT CRYPTO https://www.gnupg.org/faq/gnupg-faq.html
Some tools that are there to assure you a certain kind of privacy if you think you might be observed. Is a long way to safeguard your privacy, start the trip asap. There is a lot to know.
- Tor Browser
- Heads or another privacy made USB key distro
- remember that any phone is a perfect recording and tracking device.
- To isolate it for a moment you can put it in a microwave oven (keep the oven OFF). The oven is radio isolated…
is your channel in clear or not? Is your channel cleared or memorised forever? Were the memory is going to stay? Logs?
- Signal (http://support.whispersystems.org/hc/en-us/articles/212477768-Is-it-secure-Can-I-trust-it-) is not so cool but safe (maybe)
- Telegram is cool probably safe but untrustable. This is good. Get used to the fact that your everyday communication is NEVER SAFE. NOTHING IS SAFE NOR SECURE BUT DEATH.
- IRC: on mac I use limechat as a client
DYNE OFFICE Toolkit WALKTHROUGH
- office.dyne.org is obsolete been replaced by nextcloud: https://cloud.dyne.org
- repository for file sharing document based on our servers. Functionalities similar to google drive and dropbox, install the client on your desktop/laptop/Mobile and give a look to the manual.
- use git! for example here with this gitea instance: https://ledger-git.dyne.org
- https://pad.dyne.org for shared document writing. Preferibly use “code” and write in markdown.
- for note taking and todos: https://joplin.cozic.net free and open source, integrates with Nextcloud and is multi-platform (as well for mobiles)
- libre office is the reference office suite in case of necessity. When we use .xls and .doc and ppt formats they are usually made with oo.
- http://vdc.dyne.org is our in-house video conference platform (self hosted jitsi)
- https://irc.dyne.org old school irc server, see below for configuration with ZNC
- https://coggle.it (mindmap, not secure but useful)
IRC ON LINUX
Dyne.org has a ZNC bouncer that we’ve started using. We can say that ZNC simulates a connection and makes it look like you’re always connected to IRC. This way, whenever and wherefrom(?) you connect to the ZNC server, you will get a playback of all the things you would have missed while you were offline.
You connect to ZNC the same way you connect to any other IRC server;
- host: znc.dyne.org
- port: 30001
- server username: yourusername/networkname
(networkname will be “dyne” for dyne’s IRC network)
- server password: the same password we used for registration on ZNC service
I DO NOT ALLOW ACCESS IF YOU'RE NOT USING SSL. YOU MUST USE SSL WITH
YOUR CLIENT. IF YOU DON'T USE SSL, THE DOOR IS THAT WAY :)
channels we are using:
#dyne - our main IRC channel, where most of the things are talked about
#bridge - the channel mostly used for people based in Amsterdam
https://znc.dyne.org also allows you to configure your user via a web-panel. It’s very well documented. I set good default settings for you and if you don’t use IRC on other networks, you shouldn’t need to change anything. You can change your password via the web-panel easily as well. You might like that.
Get it using your usual package manager. It is probably in your official repositories.
Run it, and see below.
https://moo.projectarch.tk/xchat.webm - video
IMPORTANT NOTES FOR ZNC/IRC
IRC is generally not considered as a very secure platforrm, yet it's extremely useful for quick communication. Please encrypt sensitive data. We try to make it more secure by using SSL but this does not promise anything.
JABBER ON LINUX
IRC ON ANDROID
IMPORTANT FOR ANDROID PHONES
Encrypt your stuff. ESPECIALLY if you have a rooted phone.
IRC ON MAC
Ivan aka. parazyd