Hacker OPSEC

STFU is the best policy.

Resevoir Dogs: Lessons in OPSEC

Introduction

The cult movie classic Reservoir Dogs distills and imparts a number of important operational security (OPSEC) lessons. Although a work of fiction, the counter intelligence measures enacted by the gang were real standard operating procedure (SOP) for terrorist groups such as Fatah and the Black September Organisation (BSO). These OPSEC methods provide effective protection against informants participating in the operation. The weakness for this SOP is from informants at a higher level who have oversight of the operation.

The Reservoir Dogs OPSEC SOP

Procedure 1: Assigned Operational Aliases

  • Operational aliases for the duration of the op assigned by the organisation

    Using random aliases unique to the operation reduces the information available to informants who are involved in the op.

Procedure 2: Rapidly assembled cherry picked team

  • Just In Time team formation

    Creating the team just when it is needed reduces the time available for informants to find out about an operation and report it back to their handlers.

Procedure 3: Dedicated operational support teams

  • Dedicated Independant Operational Teams

    Dedicated teams conducting operational support roles ensures that each team, and its members, knows only their own small portion of the plan. For example, the pre-operational intelligence and surveillance are conducted by dedicated teams, separate from the team that conducts the operation.

Strengths:

This SOP provides a number of important protections against monitoring and infiltration by security forces.

Secret Agents

The agents are kept undercover until they are required to fulfill mission objectives. This both protects them against discovery by security forces, and also limits the quantity and quality of information available to any informants. For maximum effectiveness team is formed immediately prior to preoperational training and then kept isolated until after the operation is complete.

Mr Pink

Using assigned aliases limits the information that an informant can gather during an operation. Because the aliases are assigned rather than chosen, it is not possible for an agent to develop a preference for a particular alias and thus create an identity.

Weaknesses:

The Reservoir Dogs OPSEC SOP has a number of inherent weaknesses which can: limit its effectiveness; expose large numbers of agents to capture, and even directly lead to mission failure.

Inefficient Teams

Ad Hoc hastily assembled teams are less effecient, and possibly less effective, than long standing teams. The team lifecycle of: Forming-Storming-Norming-Performing is compacted into a reduced timeframe which inhibits achieving the higher levels of efficiency.

High Value Targets

Talent pool exposed to high level members. Knowledge of the group’s membership is heavily concentrated in a few individuals, rather than dispersed amongst the rank-and-file. These select individuals become high value targets in position to cause significant damage to the group if compromised.

Single Point of Failure

Single point of failure. The operational team captain is the only member of the team who knows the complete operation plan. The individual team members are unable to carry on the mission should the captain be eliminated.

Conclusion:

The Reservoir Dogs OPSEC SOP is an effective collection of techniques to protect a large group of agents against internal informants. The threat of a compromised internal member of a group is very likely the single greatest threat facing an underground organisation. This is demonstrated by the extreme lengths the PIRA went to hunting down informants, the dismantling of Lulzsec via a highly placed penetration, the extreme violence visited upon criminal informants (“snitches”, and “rats”), etc. etc. The Resevoir Dogs SOP provides a methodology to mitigate against all but the highest level penetrations.