Table Of Contents

Recap
What Is OpSec
100% Security Doesn't Exist
Common Threats
Doxing
Known Exploits
Zero Day Exploits
Social Engineering / Spam
How Are We Getting Hacked
Disclaimer
Telemetry
What We Can Do
Which Linux Version
Pop!_OS
Choosing The Device
Which Processor
Installing Pop!_OS
Configuring Pop!_OS
Your First Ride In The Terminal
Next Issue


Recap

Last week we've had a look at how to set a risk-target at the portfolio level and how to scale our position sizes to meet this target based on a continuous forecast created by an EMA8-32 crossover.


If you didn't yet, you can check out the article here


The plan was to follow this up with a backtest demonstration. However, something unexpected has come up, which requires most of my attention right now. That's why we're momentarily going to step away from the discussion and instead have a look at a substitute article about Operations Security 101, which has been in draft mode for some time now. This is a somewhat longer article so you might need be able to view it in full length within your mail application. Click here to view it in your browser instead.


What Is OpSec?

Operations Security - short OpSec - can mean lots of different things depending on the context of the "operation" you're looking at. In a more general sense, OpSec describes the process of identifying whether your actions and information can be observed or obtained by external actors, which can use this information to exploit or hack your "operation".


But OpSec doesn't stop there! Identifying potential attack vectors is only one part of securing your business. The next, at least equally important part, is the selection and execution of measurements to mitigate the possibilities of getting exploited or leaking critical information in the first place.


Unfortunately, even though everybody knows about Maslow's Pyramid of Needs, having worked as Penetration Tester and CISO, I can confidently say that almost nobody takes this as serious as they should. This is especially sad since most actions you as an individual can take are pretty straightforward and offer high degrees of security.


Maslows-Hierarchy-of-Needs-Educators-2204865472.png


100% Security Doesn't Exist

Technically anybody could get hacked at any point in time. There's no such thing as a 100% secure system. And depending on what threat you're up against, you really don't stand a chance. If NKs Lazarazus group somehow decides to target you with all their financial backing, knowledge and manpower, you mustn't slip up at any second to not get owned! Which is harder than one might think.


Luckily it makes zero sense for them to target you if you're not a high profile target with insane amounts of access, knowledge or funds. We're talking something like government level access or millions of dollars.


The threats you are facing are not even remotely comparable!


This doesn't mean you should ignore security entirely. Even though we can't get 100% security, we can come remarkably close by utilizing proper techniques and most important of all discipline.


Common Threats

To get a better idea of what proper techniques might look like, we can take a look at some of the most common attacks the average internet user might face:


Doxing

Doxing is commonly referred to the act of publishing sensitive details about a person online, including full name, home address, telephone numbers, family members, date of birth, social security number, employment details, etc. This information can then be used by others to spam your inboxes, steal your credentials or even visit you in real life.


Known Exploits

Known exploits are verified vulnerabilities which can be found in outdated software. For example if you open PDF files (like pirated ebooks) in a vulnerable Adobe application you could be unintentionally installing trojans that were embedded in them, setting up a backdoor for intruders.


It is a must to ensure the software you use is always up to date!


It's also a good idea to realize that nothing's ever really free. If someone is sharing pirated stuff with you, they might have other intentions than just gifting things to random strangers on the internet.


Never download or open a document from any source which you do not fully trust! And even if you trust the source, it's better to have dedicated old burner laptop as your "warez" device and never connect it to the internet.


I have an old laptop which sole purpose is to launch some weird proprietary legacy 3rd party application, that's somehow a heads up sit n go poker video course. When I launch it, all kinds of trojan alerts go off. I verified like 90% of them to be false positives and chances are the rest of it are too. But keeping it on a non-primary offline device is about the best protection you can get without any additional effort. The device can only be accessed physically, not remotely by some trojan or virus.


Zero Day Exploits

Zero Day exploits are vulnerabilities that aren't widely known yet but are getting actively exploited in the wild by threat actors. There's not really much you can do about it other than staying disciplined during internet usage (more on that later) and praying that the softwares developers fix them ASAP.


Social Engineering / Spam

Often times, when someone got "hacked", they didn't really got "hacked". Makes sense? Probably not. Let me clarify that..


Consensus about getting hacked is some notion like: you, as the victim, didn't do anything but some attacker gained access to your system via lots of hard work sitting in a dark room, typing cryptic symbols into his laptop for hours on end.


More often than not, this is not the case though. Most people get "hacked" because they clicked some damn link in an email, installed some questionable program, ran a custom executable that got sent to them or plugged an unknown device into their computer, which then opened a backdoor in their system.


All of these come in basically two forms:


One of which is spam. Each and every existing mailaddress is getting bombarded with spam emails that promise either some riches or sexy dates, which you ought to claim by clicking on a link. Most mail providers do a pretty good job at filtering those out but some get through nontheless.


Another, more sophisticated version is when you're getting approached, either online or in real life, with some promising offer tailored towards you or your hobbies. Again, this can be some kind of enticing offer, that's especially enticing to you because it fits within your area of interest. It could also be some kind of blackmail attempt, claiming to have recorded you while watching porn or other things.


In almost all cases, it's best to just delete and ignore these entirely. Again, nobody really wants to give you something for free.


How Are We Getting Hacked

So what can we do to reduce the chances of getting exploited? To come up with ideas on how to harden our security, we can take some inspiration from what bad actors might be doing to attack us. Hacking a system doesn't work like hollywood makes it look like:


hacking_complete_2.jpeg


It has a well defined process that starts with something called discovery or reconnaissance. During this stage hackers try to gather as much information as possible about the system they want to target. Now "system" can be a lot of things: your computer or any of your devices, you as a person, your online accounts, etc.


No matter the system, at this stage the attacker uses a mix of passive and active scanning and enumeration techniques. One of such techniques is called Open-source Intelligence, which describes the "collection and analysis of data gathered from open sources to produce actionable intelligence." (Wikipedia)


The next step is a research stage in which attackers dig deeper and research any information they found on the system for known vulnerabilities or possible attack vectors. During the first cycle of an active engagement (aka hack), attackers usually look for low hanging fruits like known remote-code execution in outdated software, leaked passwords or easy ways to slip you malicious links. Anything that can establish a quick and easy tunnel into your system really.


After that comes the phase that everybody knows from films: the exploitation phase. Attackers start cracking hashes gathered via OSINT, attack your online accounts with credential stuffing, try to get you to click links or start actively exploiting running applications like websites you own, etc. If they don't succeed, they will circle back to stage 1 - Reconaissance - and do it all over again. Until they found a way in or lose interest.


After setting foot in your system, hackers start another reconaissance process but this time from the inside. Instead of passively scanning outside resources they are actively enumerating your whole network. Map out how your system is connected to other systems they then try to pivot into, escalating their privileges from "normal user" to administrator access where possible until they infiltrated the whole network.


pentesting_steps.png


(Ignore the Reporting Tab in the graphic. This is only relevant for white-hats that are penetration testing systems to then report their findings to the systems owner. Not so much for malicious hackers)


How Can We Protect Ourselves

Unfortunately, we can't talk about how to mitigate all of this in this blogpost. There's so much to say that it probably won't even fit a normal-sized book.


What we can do however, is taking inspiration from this process and target low hanging fruits first to increase our security in a big way with small effort. And then gradually increase our protection as we go. In the future we're probably going to release an OpSec related article every other week or so.


Security is a marathon, not a sprint! Every step taken helps. No matter how big of a step.


The remainder of this article will focus on the OSINT process, giving some rough guidelines on what we can do to protect critical information, and then presenting the most effective action you can take right now: changing your operating system to linux.


Establishing a secure and private computer is a priority before tackling any other task. It can become impossible to achieve security if someone is capturing your screen or sits in your network, intercepting traffic and communication. We need a clean and secure computer untouched by anyone!


Disclaimer

The exact steps taken during the writing of this may need to be modified in order to match updated software and services. Use the overall methods as a guide and not the exact steps. I encourage you to confirm all of my suggestions online before execution. There may be better ways of doing things today. Next, there is no perfect playbook for everyone. You do not need to replicate every step I take on behalf of myself. You may identify a better privacy plan for yourself than the specific examples presented here. And as always things written are not any type of advice. They are merely explicit examples of the actions I have taken. There will be a balance of enjoyable living and refusal to submit to the standard abuses of data collection.


Telemetry

So what can we do to deny attackers doing OSINT to gather information about us? To come up with a plan we first need to understand how information about us gets out into the internet in the first place.


Telemetry is a concept utilized by almost all companies, which defines the act of collecting, storing and processing sensitive data about you and your (computer) habits with the purpose of providing you a better experience, tailoring the system towards you.


While the intent might be true and not malicious, from my point of view it poses a huge privacy invasion. To make things worse, corporations are notoriously bad at securing information. Data breaches or leaks happen often, exposing this sensitive information to everyone on the internet.


Here's a somewhat more recent example of how even governments fail to accurately secure your data, which. You can't even withhold that information because it's the government, that's collecting it.


cnbc_social_security_breach.png


Link to article


If you want to play around with this idea a little yourself, type your email address into https://haveibeenpwned.com/ to see which company also failed to protect your data.


But it doesn't even have to go this far. Data mining companies are collecting and scraping all sorts of personal information, matching it to your identity, your social network and your family and then package everything up to sell it as advertising profiles.


Here's an example of what Apple stores about their users, even if they try to stay anonymous by using an alias (and other privacy measures), you can easily confirm this yourself by requesting what Apple stores about you:

  • Full alias name and email address provided during account creation
  • Alias physical address provided during account creation
  • The serial numbers for all devices
  • The dates you first used the email addresses with Apple
  • Multiple IP addresses possessed during use of the devices
  • The internal computer names assigned to all devices
  • The dates/times of any reformatting of the systems
  • The dates/times and IP address of last access to iTunes, FaceTime, and iCloud
  • Your time zones during usage of the devices
  • The telephone number provided during Apple account logins
  • Songs you listened to through the official Apple Music application
  • The moments within the songs when you paused the playback
  • Your IP addresses during media streaming from Apple's servers
  • Your preferred musical artists identified during their onboarding process
  • The serial number of your iPhones (or other phones)
  • All podcasts subscribed to through iOS devices
  • Titles of podcast episodes which had been completed or paused
  • Dates of podcast subscriptions and listening times
  • Podcasts which possessed reviews from you, including full review text
  • All app purchases, including free apps, downloaded to the device
  • All IP addresses assigned during downloads
  • All books downloaded through Apple Books
  • All IP addresses used during connections
  • An export of all entries from Apple Calendar
  • Documents and contacts remaining in iCloud
  • Auto-stored contacts from Apple Mail
  • Recipient email addresses accessed within Apple Mail
  • Dates and times of outgoing email
  • Real name extracted from outgoing email headers

Or Some excerpt of what Microsoft likes to store:

  • Typing diagnostic data from your keyboard
  • Microphone transmissions
  • Index of all media files on your computer
  • Webcam data
  • Browsing history
  • Search history
  • Location activity
  • Health activity collected by HealthVault, Microsoft Band, and other trackers
  • Privacy settings across the Microsoft application ecosystem This data would make it very easy to identify you, your location, and all online activity.

In addition, if you have a microphone active and didn't disable the appropriate privacy settings, you could be sharing audio throughout the day. And this is only the hardware side of things. Imagine what information gets stored to create advertising profiles of you..


All of this data was monitored, collected and stored while the user assumed he was being anonymous.


Google or Amazon aren't any better!


There simply is no anonymity with Closed Source!


What We Can Do

There are multiple different approaches we can utilize to prevent the dangers of leaking sensitive information. They can be either REACTIVE or PROACTIVE. On the reactive side we can make an effort to remove publicly available information. This can become quite a challenge since notoriously everything that was once on the internet stays forever on the internet. It's still worth to do this regularly and we're going to show you how to do this and provide a template formular in a later issue.


On the PROACTIVE side we have things like spreading misinformation, preventing the collection of this data, not providing accurate details about ourselves or even completely relocate and start over assuming a new identity.


Preventing data leakage is a low hanging fruit because it can be done without lots of effort. Techniques include always using different email addresses for services, using different, secure passwords for each service, storing them locally encrypted in a password manager, using multi-factor authentication, using alias names instead of your real one where possible, using a VPN with integrated Ad, Tracker & Malware protection, using DNS blocking services with blacklists for Ads, Tracking & Malware hosts, using browser Add-Ons to block tracking, and much more.


This week we're going to show you how to set up your own Linux device so you can avoid getting scanned and objectified by big closed-source corporations like Apple and Microsoft.


Why Linux

Linux is the obvious answer to this problem because it doesn't do all of this nonsense out of the box. Technically, you could block all the telemetry of Apple and Microsoft but you need to actively maintain that protection after every little update. In a perfect world, you shouldn't really need to take such measures to prevent privacy invasions.


Linux has a lot of advantages:

  • it doesn't require an online account
  • never ask for name, email, address, phone, credit card, etc.
  • doesn't collect telemetry (or if so can easily be disabled)
  • security is better because of attack surface. There are way more Windows users around the world so more time is spent on developing malware for windows
  • completely free and open source. Anyone can audit the code. Many active communities do so.
  • almost anything can be modified and customized as you like with full control
  • very lightweight. runs smoothly even on older devices
  • since any device possible, there's no vendor lock imposed on you like for MacBooks

Almost any version of linux will be better privacy and security wise than MacOS and Windows.


Which Linux Version

Since linux is open-source there are quite a few versions out there to choose from. Anybody can spin up their own interpretation of how an operating system should look like.


If you've ever heard of QubesOS, it's basically a linux version that encapsulates your whole system with docker-like containerization. You can have different boxes for different tasks so your banking box doesn't know about your internet browsing container and vice versa. It might very well be the most private OS but has a very shallow learning curve due to its complexity.


Easier alternatives include distributions like Debian and Ubuntu and their subversions. For linux beginners the best choice is probably Ubuntu.


It allows easy access to software packages in a graphical interface and has some of the highest compatibility with existing computers. It also provides easy software update options, reflecting a large portion of Linux users with abundant online support. Ubuntu has way fewer driver issues than other systems when adding new hardware.


Pop!_OS

However, we're going to focus on Pop!_OS instead of Ubuntu. It is based on Ubuntu, but redesigned for privacy and security. The installer applies full-disk encryption by default. All telemetry is disabled and third-party connections are opt-in. The app store can install and update Flatpak/Deb programs. Snap is not installed. In addition Pop!_OS has better window tiling options and includes a recovery partition to easily restore your system when needed. Overall it just feels more polished.


Almost all steps in this installation guide can be used with Ubuntu, Mint or any other Debian distribution with minimal, if any, alterations.


pop_os.jpeg


Choosing The Device

If you're a macOS user, you're very limited to specific hardware approved and sold by Apple. If you want a laptop you only have a handful of options to choose from.


With linux - since it is so lightweight and can run on almost anything - the options are endless! You probably already possess an old laptop which is capable of running Pop!_OS. One of the best ways to test linux is to install it onto a retired or used machine. I keep old laptops specifically for testing new linux builds.


If you only have one computer, a linux virtual machine presents the ideal option for experimentation. However, this is not focus of todays article. We're going to set it up on a physical device in just a few moments.


A new computer is almost always my preference. Acquiring a new device as your security base mitigates any previous infections or issues your already existing devices might have fallen victim to. You might even be able to specify that you want linux installed on it when purchasing to spare some extra work and time.


I typically don't recommend desktops. Laptops are portable and include a screen, keyboard, and trackpad. If you need a desktop, you know your reasons why and do not need my input.


What Processor

The only thing that's really important during device choice security wise might be the processor, which is the main chip that allows your computer to function. Virtually every Intel processor made since 2008 possesses the Intel Management Engine (IME). IME is a proprietary firmware embedded directly onto the chip. It is a small operating system which runs while your computer is running, asleep or even during standby.


AMD processors also have this option, which is called AMD Secure Technology (AMD ST). Their purpose is to allow your device being managed within a low-powered state. Network administrators take advantage of this to remotely control many aspects of the device within the network.


Now to be clear, this is different from the telemetry invasion! Concerns only arise due to the overall secretiveness around their closed-source code and several known vulnerabilities reported since 2017. You might never have a problem using an Intel ME enabled chip but you could - and I do - argue that any new zero day exploit for IME can be used by criminals.


So if I ever would recommend a processor, it would be one with IME disabled!


The most active vendor of linux based machines with IME disabled by default is System 76. In addition they also use open-source firmwared called Coreboot which replaces the proprietary code included with most motherboards. Coreboot is typically faster and more secure than other BIOS version.


Installing Pop!_OS

Now that you've - hopefully - opted for an IME disabled and Coreboot device, we're ready to install Pop!_OS on it.


Step 1: Navigate to https://pop.system76.com/ and click Download.
Step 2: Choose the Download 22.04 LTS option and allow the download.


popos_dl.png


Step 3: Install Balena Etcher from https://etcher.balena.io/, launch it and click Flash from file and select the downloaded iso file
Step 4: Click Select target and choose your USB drive.
Step 5: Click Flash and allow the process to complete.


Note that this will completely erase any chosen USB drive, so be careful. As result you should have a bootable USB stick ready for Pop!_OS installation.


balena_etcher2.png


Step 6: Insert this drive into your computer and turn it on. Immediately press the key which presents boot options. This is typically, ESC, F1, F7, F8, F10, or DEL. Once you have your boot options screen loaded, select the USB drive with your Pop!_OS installation.


Step 7: Click Try or Install Pop!_OS, select language, location, keyboard layout. Choose clean install and select your internal drive, then click Erase and Install. Provide your desired computer name and password. Select the default option to encrypt the drive. To increase security, choose a different password for the encryption than you chose for your user.


popos_installer.png


Step 8: Allow the process to complete and click Restart Device. When the computer rebooted, enter your password to unlock the encrypted disk. Next enter your users password to access your Pop!_OS installation.


After gaining access, you're going to be presented a one-time setup. Choose whatever settings you like. Keep location services disabled! Click Skip to bypass any online accounts and Start Using Pop!_OS.


Configuring Pop!_OS

While Pop!_OS is already more secure than Ubuntu by default I still like to take it a step further. These are configurations I commonly use during the setup of my new devices:


Step 1: Launch settings in the lower-right of the dock, toggle Bluetooth to off.


popos_settings.png


Step 2: Click Privacy in the left menu and disable Connectivity Checking
Step 3: Click File History & Trash and disable everything.
Step 4: Click Screen and change Blank Screen Delay to a longer period
Step 5: Go back to main screen, click Power and disable Automatic Screen Brightness and Dim Screen
Step 6: Click Automatic Suspend and disable all options.
Step 7: Enable Show Battery Percentage


Your First Ride In The Terminal

We're almost done. Just a few more things we need to take care of, this time using the terminal. The linux terminal is a text-based interface which allows you to interact with linux by entering commands. You can use it to execute tasks and navigate the file system and running programs.


Open a terminal by opening the black icon in the Dock (or use the Windows key and type in terminal).


popos_terminal.png


Update your system: copy paste sudo apt update && sudo apt upgrade -y && sudo flatpak update -y && sudo apt full-upgrade -y && sudo pop-upgrade release upgrade into your terminal and hit enter.


This step might take a few minutes. Yeah, that's right.. minutes! Updating a linux distribution will never look like its Windows counterpart where you have to stare at a blue screen for hours on end and cycle through 20 reboots. There's virtually zero downtime when updating a linux machine. That's why you should run this command daily to always stay up to date.


popos_cp_update.png


Remove the unnecessary Ubuntu Pro warnings: copy paste mv /etc/apt/apt.conf.d/20apt-esm-hook.conf /etc/apt/apt.conf.d/20apt-esm-hook.conf.bak into your terminal.


Install antivirus: copy paste sudo apt install -y clamav clamav-daemon into your terminal and hit enter. More on this in a later issue. This step is good enough to get basic protection for now.


Remove your background: copy paste the following 3 commands and hit enter after each one:
gsettings set org.gnome.desktop.background picture-uri '',
gsettings set org.gnome.desktop.background picture-uri-dark '',
gsettings set org.gnome.desktop.background primary-color 'rgb(66, 81, 100)'.


You can change the rgb numbers to create the perfect color for your desktop. https://www.w3schools.com/colors/colors_rgb.asp should help.


Add the option to delete permanently to your explorers context menu (rightclick) instead of moving things to trash: gsettings set org.gnome.nautilus.preferences show-delete-permanently true


Next Issue

Congratulations! You now possess a privacy and security hardened linux device!


This was only the first step though. We're going to use that as a base to build up our stack over time. Right now we only prevented the collecting of sensitive data by Microsoft and Apple.


Next we're going to have a look at how to prevent privacy invasion based on Ads and Trackers. For this we're going to use a custom NextDNS profile and a VPN to block invasive connections at the network level so they don't even hit our device.


On top of that we're going to choose and configure Firefox as our main browser to block even more trackers and then talk about some proper ways to navigate and use the modern internet to stay safe and how to remove publicly available information about ourselves.


So long, stay safe!

- Hōrōshi バガボンド

Newsletter

Once a week I share Systematic Trading concepts that have worked for me and new ideas I'm exploring.

Recent Posts

Rebalancing Threshold
March 19, 2025
Fetching & Incorporating Funding
March 14, 2025
Calculating Turnover
March 7, 2025
Our First Backtest
February 13, 2025
OpSec 101 - Part I - The Basics
February 5, 2025