OPSEC is pointless if the vendor is an idiot

Inspired by this guy, I though I should write this.

I hope to fuck everyone's getting the message loud and clear (even though I don't sincerely believe everyone is) about the importance of OPSEC. I can't tell you how many times I had to explain why it's not a good idea to send bitcoins to DNM directly from exchanges, why you should mix them, why PGP is important even if AlphaBay does delete messages after 30 days, etc. But it really doesn't matter the least bit how much of a fucking ninja you are if the vendor is an idiot.

One particular vendor, BrazilMed, even after quite a few people told him about his terrible opsec, refused to change his behaviour and possibly endangered hundreds in the process. It's a seemingly miniscule detail, almost unimportant if you're a god damn moron: sending the tracking number in cleartext. I mean, who's really got the time to encrypt shit nowadays, amirite?

It's unclear whether LE has managed to access the encrypted containts of AlphayBay's servers, but that's a real possibility, and just with that they now might have thousands of cleartext tracking codes from unscrupulous vendors to careful buyers. Congratulations to everyone involved. 10/10, would jeopardize my ass again.

Feel free to name and shame vendors with bad opsec below.


Comments


[1 Points] None:

[deleted]