SH20TAATSB18    Study    Archive    Feed    About    Error ?

OPSEC & Cryptocurrencies

OPerations SECurity (OPSEC)

Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.Wikipedia

TSB used an approximate and distorted way of writing from the outset. They have received many comments as a result. TSB explained its position on the subject by invoking OPSEC.

Indeed, these comments are not relevant for me. This OPSEC is necessary to defeat the analysts in stylography (analysis about word frequency, punctuation, vocabulary, emojis, …).

TSB has also used currencies known to be difficult to track, such as XMR and ZEC, we discuss about it in a dedicate section below.

They also used a platform called ZeroNet to host a site using the technology behind the blockchain and taking advantage of the BitTorrent network. This platform is considered uncensorable and relatively anaonymous; and it is a rather judicious choice given the number of censures they faced. In addition, they used several e-mail services renowned for their confidentiality and opacity such as Tutanota, i2p mail, Zeroid.bit.

Cryptocurrencies

As explained above (see “OPerations SECurity (OPSEC)”) TSB used several cryptocurrencies to try to get paid for their information. They first chose to use the BTC, then the ZEC (Message#13; 2017-05-30 at 08:06 AM) and finally the XMR (Message#14; 2017-06-02 at 11:24 AM). They have multiplied the addresses to make it difficult to track that money. Technologically speaking, these currencies are interesting because they allow a slightly higher to high level of confidentiality than the current banking circuit.

However, I do not understand why they’ve put their clients at risk in the first place by asking them to use BTC currency where confidentiality is not very strong even though they knew their activities were being monitored. They fucked up the XMR anonymity process by asking their “consumers” to add a specific string of characters in Payment ID. Because of this mistake, we have been able to recover several of “consumers” emails.

They used cryptocurrencies conversions mechanisms to add a higher level of complexity and on this point too, they fucked up again. They used ShapeShift to convert BTC to ZEC, a particularity of this service is the “Swiss transparency”. That means API shows the inputs and outputs addresses, even if you use the Shield option (normally, this option obfuscate the Shielded inputs & outputs addresses). So, we have been able to follow one more step the cryptocurrency convert process. Thanks again to the “Swiss Transparency” 😉.