THE ULTIMATE OPSEC GUIDE

✨ Megiddo

✨ President ✨
Staff member
Joined
May 15, 2016
Messages
12,357
Likes
2,641
Points
1,730
In the past few days I've seen many questions about OPSEC and how to set up your system and be almost untraceable while doing naughty things, therefore I decided to post this ultimate guide which will cover everything that is necessary and even more (if you want to be extra safe). I will begin with first part and if there is many people who are interested in this topic I will continue posting on this topic. It will probably consist of couple parts.

So there we go:
As a fraudster, the first thing you need to have done, is your Opsec (Operational Security). If you live and do fraud in high risk countries such as USA, Canada, UK, then your Opsec must be rock solid.
If you live in Africa, India and other low risk countries, in that case OPSEC matters less. The good thing of fraud is that if you have decent opsec, you will never worry about ending up in jail, unlike selling drugs etc. The opsec that I give here is simple yet extremely effective. Follow it to the line and you will be safe, rest assured.

Hardware:
You will require a burner laptop, avoid at all costs desktop pcs, as you can't bring them with you, plus if there is a raid going on from LE, you will find it harder to get rid of it/hide it. Here are the general specs that you will need to work proficiently: a minimum of a 8GB RAM and I5 processor laptop will be enough to handle all the apps and processes running into the VM.

Don't include any of your personal information here. Another thing you will need is a burner smartphone. I highly recommend an android one, as iOs is far too limited. You might need this one when you will do mobile carding, although you can execute mobile carding even from your laptop (not gonna get to much into this).
USB Stick key: Make sure it has plenty of gigabytes, you will store all your portable applications and some of the illegal data here. In case you are in troubles, you can throw away/ destroy it and all the evidence will be gone. Now, where to execute your fraud activities? I hear non-sense on forum such as going to the public library, use their wi-fi, go to an internet cafe and use their internet. Avoid at all costs public places. It doesn't look good that you browse some onion site and/or a clearnet cc autoshop. Long story short, make sure you are in a place where no one can spy on you.

Software:
Now that you have a laptop, you need to install the software, first of all, you will install VMware or VirtualBox. They both basically serve the same purpose, however VMware is not free, therefore it runs a little bit smoother, however I would suggest avoid buying legit licenses, or using licenses that you get at university/work etc. You can find it free on the internet too if you dig deep enough, but personally I use VirtualBox since it's free and as I said, serves literally the same purpose. Anyway it is up for you to decide on this one

After installing VMware or VirtualBox, proceed and create a virtual machine, and install an operating system on that. I would suggest using Windows7, since believe it or not, majority of the computers are still running. In addition, getting a copy of win7 is pretty easy and you can find activation keys all over the internet. Make sure to give plenty of space for windows VM, since it takes a bunch of space, and the more space you give the better it will run (given the fact that your pc is not a potato).

Now Install the following softwares on the machine: Mozilla Firefox (regular browsing), Mozilla Thunderbird (email management) Tor browser, ICQ(messaging) Team Viewer, Viscosity (DNS leak prevention) Cleaner (system cleaner) Bleachbit (additional cleaner) Mozbackup (Profile saver for FFox). These are the basics that you will most likely need with whatever method you will use(except mobile emulator setups). AND VERY IMPORTANT PART FOR CARDING. GET Yourself a LINKEN SPHERE browser, since nowadays it is the most reliable browser for carding. Not many people know this but even AD 7.4 is trashed now for like 4 months and it leaks data that indicates that you are not who you are claiming to be. As a result, you will burn many cards and will struggle a lot with carding, however LINKEN SPHERE covers all your tracks and does not leak anything.

Encryption:
Ok let’s touch a fundamental topic about security, encryption. Here’s the bad news, encryption won’t always hide 100% your illegal files, as a matter of fact many fraudsters get caught and the evidence extracted, but I still highly suggest to encrypt your illegal data. You can use Veracrypt to encrypt your virtual machine. I strongly suggest to encrypt your Virtual machines. You can look it up on youtube, however it is not an easy task if you don't have a clue what you're doing. I might share it later if many people will try to set up their OPSEC and will struggle on this part .

VPN:
Now, you also need to install a good VPN. It stands for Virtual Private Network, it will aid in hiding your real IP and keep you protected online. A good VPN must pass this checklist:

1) Does not store logs: this is important as if they store your IP and Law Enforcement demands for it, you are practically screwed
2) Non- Usa one: American VPNS are forced to give logs if LE asks for it by law hence avoid VPNs from USA even if they claim they do not keep logs
3) Fast: Virtual carding is slow itself when you add a VPN and socks, so make sure your VPN is blazing fast and pick a server that is closest to your location
4) Has a killswitch: Let's assume the connection from vpn server drops, your real IP is practically naked! (except if you are under a socks5, but LE can still do a traceback and find you), so your VPN provide must have a killswitch feature that kills your App if that happens.
5) DNS leak protection: This can be annoying so make sure your VPN provider helps you with that
6) Payment by BTC allowed: Of course you want to keep yourself anonymous even by payment method wise, so make sure the VPN accepts BTC
7) Auto login and connect and start up: It's annoying to always launch the VPN and connect it by yourself, so make sure your VPN allows you to connect and login on windows start.

Luckily boys, I'm here for you and I suggest using Mullvad, since it is probably the most reliable VPN on the market and passes this checklist. It costs like 7$ a month and is fairly simple to use.


After your illegal operations, you have to clear all your traces from both your host and Virtual Machine. We do so by running CCleaner and Bleachbit. You have to check all the checkboxes, ensuring that all the traces in your computer will be removed, don’t check wipe free space or it’s going to take too long. Also, you have to use the 35 Gutmann steps cleaning, ensuring that the files will be permanently deleted.
In the options of Ccleaner make sure to check "secure file deletion box" and very complex overwrite (35 passes) is chosen.

Final words on security: Yes, being safe is important, but don’t push it too far, there’s a mental disease that I call opsec paranoia, as if their security setup is never enough, I also learned that the more security you add the more frustrating fraud gets, in fact I’ve seen some fraudsters with double kill switched VPN. One is more than enough. Remember that there’s always a small risk that you get caught. From my experience, a burner laptop with encrypted illegal data and a kill switched VPN is more than enough to keep you safe without too many hassles, also make sure your key apps like browser etc are killswitched, many forget about this (don't need to do that on Mullvad, since it blocks the internet connection on default killswitch settings).


I think this is it for the security, so if you find this information useful, please click the like button and comment on the post, therefore I will know that I'm not doing this for nothing. Don't be lazy boys set up your OPSEC as it will save your asses. This is a very basic security setup, however it is crucial for any fraudster. Personally, I'm using a bit more complex system, which is pretty hard to setup, but if you are new just stick to this one .
If I missed some crucial parts just hit me up and I will try to cover it, by editing this post.
On the next part we will cover spoofing and I'll give you information on how webpages track all your information and how to minimize what they can see, which is also crucial part for success.
 

craftyripps

New Member
Registered User
Joined
Jan 31, 2024
Messages
1
Likes
0
Points
1
This is the most helpful and detailed opsec guide I've found anywhere so far ^^

The only thing I need to know is how opsec is applied on an android mobile device?
 

skitone

New Member
Registered User
Joined
Feb 18, 2024
Messages
2
Likes
0
Points
1
Thank you so much I am very much self taught and have heard of some of what you spoke of but had no real idea about it,ty ty ty
 
Top Bottom