What haunts me is that his identity was compromised despite his elite background. He was the chief engineer for the 2008 Beijing Olympics network security system. His OPSEC was rigorous: he operated on a cash-only basis, avoided all e-commerce, and never discussed his digital life with anyone, including his wife, who only learned of his "second life" after his disappearance.
Despite his expertise, it's still a mystery how his anonymous persona was deanonymized.
As a hacker in China, I’m interested in your thoughts on the feasibility of maintaining a truly anonymous identity long-term. Is it even possible to win a "battle" where you have to be perfect 100% of the time, while the adversary only needs to find one leak?
What are the most likely failure points in a high-level threat model like this?
johncoltrane•1d ago
The only explanation is that his OPSEC wasn't as rigorous as you think it was.
Reading the Wikipedia page, the most obvious gap would be the medical treatment he received in 2017. If he mentioned it publicly, then it was basically game over: finding him would have been routine police work at that point. The process that led to the interview by a German newspaper might have been leaky as well. There are so many opportunities.
As a rule of thumb, you can consider that while your OPSEC might _theoretically_ be the tightest in the world, you will eventually have to deal with other people and orgs at some time, who might not care as much as you do. In which case your OPSEC is really only as strong as _theirs_.
> Is it even possible to win a "battle" where you have to be perfect 100% of the time, while the adversary only needs to find one leak?
It is not. Simply because you can only control so much. A few years ago, there was a story about a mafia boss who successfully escaped justice for 20 years… until a Google Street View passed by while he was shopping groceries in a Spanish village. The guy certainly had the strongest OPSEC his money and relationships could buy, but it eventually amounted to nothing in the face of pure randomness.
All you can do is try to compartmentalize as best as you can for as long as you can, but something will eventually leak.
Also, it will be harder…
- the longer you keep it going,
- if it involves others,
- if you are married, have kids, etc.,
- if you have complicated needs (sex, drugs, health issues, etc.),
- if money is tight,
- if you are not geographically and socially mobile,
- if your public persona is too close to your real identity,
- etc.
adamanteye•21h ago