Cyber crime is big business and that means the people behind it face many of the same challenges as legitimate organisations. This includes operational security (OPSEC), a key tactic used by commercial and military organisations to protect privacy and anonymity.
Research from cyber situational awareness specialist Digital Shadows reveals that criminals are using OPSEC as a means to an end - avoiding detection, maintaining availability of their attack infrastructure, and retaining access to environments they have compromised.
Just as with other enterprises, criminals stand to lose from poor OPSEC. For example, Dridex botnet operator Andrey Ghinkul associated his nickname - "Smilex" - with his real name, providing law enforcement with a valuable clue in their investigation. And of course defenders can exploit weak attacker OPSEC to gain insight into the people, process and technology used by their adversaries.
As always security is a balance, cyber crime forum operators for example need to offset staying under law enforcement radar with the ability to market their products. As with the Dridex example above, human error can lead to exposure.
Writing on the Digital Shadows blog Rick Holland, the company's vice president of strategy says, "It is critical to note that OPSEC will fail if people and process aren't taken into account. There are no technology silver bullets when it comes to OPSEC. Lapses in OPSEC can have significant implications for defenders and attackers alike. All too often organisations unknowingly expose confidential information that significantly increases the risks to their organisation".
The report reveals that attackers use a range of technologies including secure operating systems such as WHONIX and TAILS, instant messaging tools like OTR or Jabber, anonymisation networks like Tor, private email services such as SIGAINT and of course digital currencies including Bitcoin and WebMoney.
It shows that they're willing to innovate too, examples of this include Bitcoin 'tumbling' - using a third-party service to break the connection between sending and receiving Bitcoin addresses, making it harder to track transactions through the blockchain.
You can find out more in the full report which is available from the Digital Shadows website.