OPSEC for Hackers ( http://www.youtube.com/watch?v=9XaYdCdwiWU ) uses a quote from The Wire to reference what you're talking about: “The thing is, you only got to fuck up once. Be a little slow, be a little late, just once. And how you ain’t never gonna be slow, never be late? You can’t plan for no shit like this, man. It’s life.”
The Grugq addresses this issue by recommending that one set up an entire fake persona before doing anything, and then doing all the activities "in character" as that persona. If you stay in character, then even making the types of mistakes DPR made would only lead the authorities to the persona rather than yourself.
Granted, this video didn't exist when DPR made Silk Road...
grugq makes plenty of mistakes, just like the rest of us. He's just pimping an image to suck up more 0day from independent developers to unethically onsell to various dot govs. Sad friggin' industry, full of vacuous husks of people.
I believe Grugq's message is just that: everyone makes mistakes, and therefore if you're in that line of work you need infrastructure to shield yourself from those inevitable mistakes.
However, I'm not sure how his academic discussion about OPSEC "pimps an image" for his 0day business -- wouldn't security researchers writing 0days not really need the advice in OPSEC For Hackers since they are still acting legally?
wouldn't security researchers writing 0days not really need the advice in OPSEC For Hackers since they are still acting legally?
Your own government isn't your only potential enemy.
True story: A friend of mine works for a large defense contractor. He's done a fair amount of foreign travel to support projects on foreign soil. Not clandestine projects, they are fully above board with the cooperation of the host countries, but as Kissinger said, america has no permanent friends or enemies, only interests. (Kissinger's a douche, but he's right about that)
The result of all his work travel is that he's made it onto spear-phishing lists at all kinds of national hacker groups. His employer's IT security has had to put his corporate email address in a special group that gets extra scrutiny because of all the attacks directed specifically at him.
The Grugq addresses this issue by recommending that one set up an entire fake persona before doing anything, and then doing all the activities "in character" as that persona. If you stay in character, then even making the types of mistakes DPR made would only lead the authorities to the persona rather than yourself.
Granted, this video didn't exist when DPR made Silk Road...