I believe Grugq's message is just that: everyone makes mistakes, and therefore if you're in that line of work you need infrastructure to shield yourself from those inevitable mistakes.
However, I'm not sure how his academic discussion about OPSEC "pimps an image" for his 0day business -- wouldn't security researchers writing 0days not really need the advice in OPSEC For Hackers since they are still acting legally?
wouldn't security researchers writing 0days not really need the advice in OPSEC For Hackers since they are still acting legally?
Your own government isn't your only potential enemy.
True story: A friend of mine works for a large defense contractor. He's done a fair amount of foreign travel to support projects on foreign soil. Not clandestine projects, they are fully above board with the cooperation of the host countries, but as Kissinger said, america has no permanent friends or enemies, only interests. (Kissinger's a douche, but he's right about that)
The result of all his work travel is that he's made it onto spear-phishing lists at all kinds of national hacker groups. His employer's IT security has had to put his corporate email address in a special group that gets extra scrutiny because of all the attacks directed specifically at him.
However, I'm not sure how his academic discussion about OPSEC "pimps an image" for his 0day business -- wouldn't security researchers writing 0days not really need the advice in OPSEC For Hackers since they are still acting legally?