TotW: Meaningful OpSec | anarchistnews.org
www.anarchistnews.org

cross-posted from: https://lemmy.zip/post/57834118

cross-posted from: https://hexbear.net/post/7454332

cross-posted from: https://news.abolish.capital/post/22689

TotW: Meaningful OpSec thecollective Sun, 01/25/2026 - 08:00

MEANINGFUL OPSEC; OR, NOW, YOU DON’T HAVE A PERSONAL FBI AGENT

I’ve been considering operational security and security culture a lot since the Turtle Island Liberation Front (TILF) case broke. For such a small group, about seven people, two were feds (well, one was a paid informant, the other was an FBI agent).

I am reminded of the joke myth of a CPUSA meeting that a federal infiltrator attends in order to arrest the attendees. Then all the other members are also feds. Cue the laugh track.

Despite the colossal fuck-up of being infiltrated, TILF had a plan that seemed based in strong Opsec. From The United States District Court For The Central District Of California: “The plan described multiple operational security measures the co-conspirators should take to conceal their identities, such as the use of a burner phone that would be disposed of after the bombings by ‘submerging it in a concrete brick after destroying the sim and then disposing of the brick in a body of water.’” and: the use of ‘BlacBloc’ overtop of a layer of ‘grey/casual bloc’ on top of normal street clothes, and noted to keep hair very tightly concealed and to wear gloves for the purpose of avoidance of leaving behind DNA” further: “participants should leave their personal devices at home and to make sure the devices were set up to stream a long movie during the time of the attacks, so as to craft an alibi.” Even a pebble in the show to alter their walking and material acquisition advice to avoid suspicion, were discussed.

A question I am stuck on is how can you have thought through these particular aspects of prep work and on the ground Opsec and allow yourself to be infiltrated by two Feds? As a friend said, “Because their security was missing the trees for the forest.”

From CrimethInc’s “What is Security Culture?” The difference between protocol and culture is that culture becomes unconscious, instinctive, and thus effortless; once the safest possible behavior has become habitual for everyone in the circles in which you travel, you can spend less time and energy emphasizing the need for it, or suffering the consequences of not having it, or worrying about how much danger you’re in, as you’ll know you’re already doing everything you can to be careful. It seems, from what is available, TILF had strong protocols for their “Operation Midnight Sun,” but not a real culture to develop secure, safe relationships to avoid infiltration. They posted calls for direct action and revolution on social media, one that was easily connected to a member of TILF (and thus, the radical section that sought to do the attack). They let relatively new people into the plan: the informant and later the FBI agent. The difference in attitudes about security by the same people is striking.

By having a strong focus (and in the case of TILF, reasonable ones in regards to the plan) on only some parts of Security Culture and not a whole picture, you leave gaps in the culture. For most people, this is “well, the feds are watching” and thus their security culture centers that primary concern, as opposed to it being part of a wider network of concerns. And let us be real: most of us do not have the feds particularly watching our actions or groupings, outside of the concerns of a general surveillance state. This all comes at the expense of, say, local cops, right-wing agitators, or the common person who may overhear or see something they shouldn’t.

So, while TILF did have personal FBI agents inside their network, it was because of a failure of their security culture leading up to that point. Had it been a stronger culture, maybe “Operation Midnight Sun” would have been another CNN news segment we’d forget by the next day.

Questions

What security concerns do you find are most overlooked in anarchist circles? What about overdone?

How are security concerns changing in light of the development of companies like Flock Safety, Oracle and Palantir?

What are ways security culture and protocols change between anarchist groupings, particularly those separated by geography? (Say, in different cities or countries)

From anarchistnews.org - We create the anarchy we want in the world via This RSS Feed.

  • perestroika@slrpnk.net
    3·
    21 hours ago

    Some notes:

    1. Discourage illegal activists from joining above-ground groups, explain why

    It will expose them as candidates to research in depth. A group should openly tell: we are likely under surveillance. To interact with the group, illegalist people have to practise security culture that will turn heads (e.g. “Bob never has a phone”, “Alice doesn’t have a social media account”, “Eve covers her face during demonstrations”).

    If an above-ground demonstration or event runs into trouble (e.g. cops arrive and start checking IDs), an illegal faces the choice of letting down their comrades and disappearing very fast, or getting exposed and no longer being capable of practising their art of illegal action.

    1. Keep groups small

    Groups need communication, communication invites surveillance. Illegal action should require one person to accomplish.

    1. Don’t hurry

    Hurry gets people busted, because they researched without protective tools, didn’t leave enough time between surveillance and strike, purchasing supplies and using supplies, etc.

    1. Don’t publish (if you publish, keep it simple)

    Vanity gets people busted. Epic anonymous ramblings about why an illegal deed was done == inviting cops to perform an automated writing style analysis to extract a writing pattern. (Pre-language-model sample: “activist P writing above, uses a double equal sign, hence an IT person, uses more commas than a native English speaker, and once upon a time, made a typo with the letter ‘õ’ instead of a line break, suggesting an Estonian keyboard layout”). A person who does illegal stuff should better say nothing. If an illegalist is also active on the internet, they should never publish a communique about direct action. Writing patterns can be matched up, especially with LLMs on the scene.

    1. Don’t boast

    Being overproud and trying to impress people has got people busted. Never ever boast, even indirectly, unless you are above 70 and writing your memoirs with zero f*cks given.

  • French75@slrpnk.net
    2·
    1 day ago

    What security concerns do you find are most overlooked in anarchist circles? What about overdone?

    I’m not in those circles, so I can’t say, but I’ll pretend for a bit…

    keep hair very tightly concealed and to wear gloves for the purpose of avoidance of leaving behind DNA

    I’d bring extra DNA with me and pollute the scene with it.

    Of course this won’t help when your highest levels of organization are fully compromised. But that’s another problem. You have to expect that your adversaries are inside the castle walls and continually plan and test for that.