I really like learning about new OPSEC tactics, especially if they’re done by the non-tech savvy. Below we talk about the threat model of a Harlem residents and their defensive tactics.
Harlem: Surveillance Hipsters
New York City’s, Harlem, is home to the city’s lower income population. Not impoverish but, not Manhattan. Harlem has had an illustrious history being targeted by NYPD and other forms of law enforcement. Surveillance is part of every-day life. Who better to give us some perspective on dealing with mass surveillance on a day-to-day basis.
Harlem residents aren’t concerned about NSA or GCHQ. They have a local surveillance issues to deal with:
- Surveillance from their employers who install cameras to watch them work.
- Surveillance from the local NYPD who have installed street cameras on the corners that they know are not installed in Manhattan.
- Surveillance from ex-boyfriends on Facebook who are keeping track of who they talk with or what parties they go to.
They have a different threat model compared to the nation-state dissident. You might not find their tactics useful, but it serves as a remember that OPSEC is dependent on the threat model. Someone hiding from the government employs different tactics than someone hiding from their ex-boyfriend. The threats are one in the same.
Family Plan Surveillance
The US has “Family Plans.” These are cell phone plans that you share with trusted friends and family to can keep your bill to a minimum. But what happens when you no longer trust someone on the plan? You don’t kick them off. You ignore them. It’s cheaper.
For some of these sketchy carriers, a member of the plan can:
- Get access to a backup of the phone’s contact lists
- Read text messages
- Get the call records for the account
- Track the location of a phone using a “Find My Phone” app
This is their threat. On a day-to-day basis they aren’t worried about the FBI cracking down on them, they’re worried about their ex-boyfriend stalking them.
We know that LEO’s will keep track of social networking in their jurisdiction. NYPD has invested millions to keep track of this effort. This is done in one of a few ways. Most common of which, NYPD will make a request to Facebook for access to a specific facebook account. I’m told that 80%-90% of the time, Facebook does not contest these requests and as long as it’s coming from an attributable law enforcement office, they’re provided without any oversight.
The other more nefarious tactic that NYPD specifically uses is to generate fake accounts and target individuals in the neighbor hood. Keep track of their friends, watch what parties they go to, see what people are talking about.
The people in these neighborhoods know this is happening in the same way that they know the street cameras in the streets are keeping track of them.
For the non-tech savvy, their tactics are brilliant. They include:
- Emoji-contacts: Never saving their friends names in their phone. Use emoticons instead. Smiley face is a new boyfriend. Cake is your friend from the club. Happy penguin is your pot dealer.
- Never using iPhones: They don’t trust these devices and their tracking capabilities. Instead use a cheap Android device they feel can’t track them as accurately.
- Don’t use SMS: Use messaging apps like snapchat for messages with new boyfriends. They know that these are protected and don’t show up on the records for the account.
- Watch Out Who Friends You: They believe that the NYPD is “Cat Fishing” them to learn about their social circles and keep track of things they post that might be illegal.
Look, these aren’t tactics that a tech-savvy person would use, but they show real-world examples of different kinds of threats and ways to compensate for them.