The Online Operations Kill Chain’s Phase 6: Evading Detection clearly shows the theater wide viewpoint of a defender of a major platform. There are technical measures they’ve placed in this area that I included right at the very start of creating a new persona. There are simple word ban evasions. So this is all over the board from the perspective of a small unit engaging in a broad conflict.

Attention Conservation Notice:

I almost wonder if I shouldn’t be rewriting the ten phase set of tactics, techniques, and procedures for company sized ISR operations. This is one of those articles I write because I’m not sure what I’m doing, but you might get some benefit looking over my shoulder while I wonder aloud about things.

Technical Measures First:

Geo-limiting website audiences? OK … this presumes that you can do these things.

1. You have the ability to put up web sites.

2. Your web sites have some ability to see some visitor information.

3. You have the bandwidth to build general content for ALL and ...

4. You can also produce specific content for SOME.

I’ve encountered this sort of division here and there in my travels. The most notable event I can think of recently was a situation where Ukrainian refugees in Europe who could not see content there which WAS available to people still in country. This was on Telegram, a Russian platform that Ukrainians still treat as a trustworthy for communicating and organizing(!) Yes, the company made a show of relocating outside of Russia. If you are so foolish as to think that matters, perhaps this Substack is not for you.

Back during the Anonymous rampage of 2011 – 2012, The Onion Router, hereafter Tor, was a great way to conceal your location and get up to mischief. Today it is become more and more like I2P, another anonymity network that is a walled garden, having its own namespace unconnected to the DNS names with which you are familiar. Those using Tor are immediately treated as admitted behavior problems and often just shunned out of hand.

I keep a TAILS VM handy for occasional situations where I want to quickly look at something new without immediately knowing where it goes, or if it even matters. When I install a remote system I will often include Tor so I can expose ssh remove access as a hidden service. Tor is slow and erratic, but this is OK when I absolutely do not want the machine to be able to tell anyone anything about me, should it fall to some intruder.

VPNs are another matter. Most of them are absolute crap, any service that wants to install their binary client should be treated as malware and avoided. The only ones I find trustworthy are the free ProtonVPN that comes bundled with any ProtonMail account, and Mullvad. There are others based in Nordic countries that are probably OK, but I haven’t had a need to diversify.

The citing of Tor and VPNs as they do seems dated to me. Today I would place VPNs in the role of Tor – an edgy form of access likely to draw attention, and how they see VPNs is how I view a tethered burner phone. As the hazards have gone up there have been “taxes” added all over the environment, demands for real phone numbers rather than VOIP, and the requirement for picture ID for social media accounts that only a money transmission business would have been able to ask for five years ago.

Bobbing & Weaving:

The other evasion methods are simply getting up to speed on in-group communication norms and then, if you’re clever and/or you develop some reach, adding to the lexicon. When I started into this area I was making roughly five appearances a week on DailyKos and I was among the most popular dozen or some “right hand column” writers – non-staff whose access to the front page was dependent on mass promotion by regular readers. Since I find producing a curious turn of phrase simple, I was often on the “rec list” there.

Since things migrated from blogs and comments to social media things have evolved so much in this area, I’m not longer precisely sure what works. There are too many forces at work, too many in-groups, and as a Gen-X so old the kids occasionally “OK Boomer” me, my time in such environments has passed.

Where do things like ChatGPT fit into this? OpenAI’s ChatGPT 3.5 has been, at least for me, like a dumb but persistent technology intern. I’ve been doctoring Proxmox stuff while writing this and with it available I only need to have a vague memory of what I’m trying to do, a couple questions will find the configuration and code snippets I need. It’s been very empowering in this fashion, but I’ve seen others doing low key amazing stuff, like feeding bullet points to ChatGPT 4.0 and getting back tolerable drafts of articles based on the prompt.

Creating usable collateral in the form of stills has been around for a while, now we’re got examples of faked audio/video of high visibility people. A couple years ago putting someones nudes out could be highly destructive. Give that another twelve months and the response will be “lol fake!” … or you’ll face criminal charges.

Conclusion:

The defense evasion scenario TOOKC contemplates involves less capable pawns swarming social media and crimes against others to gather and exploit information. If you’re reading this you’re a bishop, a knight, or a rook, moving at speed and in ways no pawn ever could.

Perhaps one day soon individuals with the sanction required to cross that computer intrusion line may be reading this, but I can’t imagine ever describing how to do those things in detail. There will always be new people reading the content and they need cautious, conservative guidance until they can answer “What hunts you?” in an immediate, fulsome fashion regarding their current activities.

OK, after an uneven start we’ve got something on the first six phases of The Online Operation Kill Chain, and we’re 51 days into the 92 days of fourth quarter. Four more phases to cover, six weeks to do so. I think we’re gonna make it after all.