Sunday, July 23, 2017

Crime, private and public sector

Let's start the week off with two birds and one stone!    





Earlier in the week I was finally able to get access to No Place to Hide, by Glenn Greenwald, on his encounter with Edward Snowden and the stories that led to.  For those hiding under rocks,  Edward Snowden was a civilian contractor working for the NSA until he exposed part of their globe-spanning surveillance apparatus in 2013/2014. While employed by the CIA and NSA, Snowden became increasingly concerned with the scope, ambition, and dubious legality of his employers' programs, and decided to begin documenting what he was seeing.  After methodically collecting reports for months on end, throughout several assignments, Snowden contacted a reporter with an established reputation for criticizing both the government and a complicit media.    Greenwald, after  recounting his first contact with Snowden,  then shares information from the stories he filed with The Guardian before switching into an argument against the surveillance state, and a condemnation of the establishment media, particularly the Washington Post and the New York Times.

I daresay no one will be surprised to learn that I'm far more a supporter of Snowden than the NSA -- not because I believe the NSA is  part of some evil conspiracy, but because I have certain strongly-held believes on the nature and consequences of power, and know that the construction of an inescapable surveillance apparatus is Bad News. When Greenwald says global, he means global;   the book mentions numerous programs, not just the email-tapping ones, and between them they cover pretty much everyone but the crew of the International Space Station.   It can't all be to fight terrorism: what do terrorists have to do with Brazilian gas companies, and why is NSA surveillance being shared with US agricultural departments?   Those who believe that the NSA are swell chaps who wouldn't countenance abuse of their data may sleep soundly, but what happens when someone with less scruples is in charge?  As the current administration demonstrates, we no longer require even the pretense of civility from those those who want to operate the beastly machine that is DC.



More recently I read through Kevin Mitnick's The Art of Intrusion.  Mitnick was partially featured in Cyberpunks, a teenage telephone 'phreaker' turned pioneering computer hacker. Since his release from prison Mitnick has used his reputation and experience in intrusion to sell himself as a cybersecurity consultant. The Art of Intrusion collects 'true crime' stories of computer-based or related intrusions;   ranging from illicit exploration to digital skulduggery.   A lot of data is omitted for the protection of the persons and companies mentioned, but a lot of the stories seem dated, for the book's publication year, and others are so technical I am not sure who would be reading them. I did find quite a bit of interest, however, in the chapters on penetration testing and social engineering. I still do not like Mitnick's term for an art he and his friends practiced, and one which remains a security threat:  obtaining information and access through human, instead of technological, means. Mitnick shares the stories of  analysists, who -- performing audits on companies, and attempting to breach their security -- were able  access highly sensitive areas within buildings simply by chatting up coworkers and 'acting' like they belonged there.  This also involved technical assistance, like a fake id that security guards didn't vet too closely.    Mitnick claimed in his trial that he relied on social engineering, not computer programs, to access as much as he did, and he has previously authored a book called The Art of Deception that documents the psychological strategies used in this kind of 'engineering'.  As someone with a work-related interest in security,  I may look around for a copy.

5 comments:

  1. i agree re Snowden; in spite of knee jerk reactions, i still believe he was much more patriotic than most politicians...
    Hacking is equivalent to quantum mechanics, imo: a pretty dense fog of expertise that leaves me bewildered...

    ReplyDelete
  2. Interesting and insightful commentary Stephen.

    These issues are both fascinating and important. Though I think that the role of the intelligence community in our democracy is complicated, I think there is both good and bad, there have been terrible excesses. I agree that Snowdan's leaks benefitted this country.

    Mitnick's book also seems fascinating.

    ReplyDelete
  3. Stephen, I am torn: I have concerns about American intel gathering, but I condemn Snowden; as I once had access to highly classified material, I cannot buy into any extenuating or mitigating defense for Snowden's betrayal. Perhaps I am in the minority. But thanks for a thought-provoking posting.

    ReplyDelete
  4. @Mudpuddle: Yes, the sort of hacking Mitnick describes here remains very opaque to me. I'm familiar with people using programs to do this and that, but the people working here were operating at a more direct and skilled level.

    @Brian Joseph:
    I try not to villainize the NSA, but they do take us into very dangerous territory.

    @R.T. I can appreciate your security concerns, but I think we can agree that everyone needs oversight. In the case of the CIA and NSA, this oversight appears to be practically nonexistent, or conducted by parties who have no real interest in reining them in.


    ReplyDelete
  5. The Greenwald book is in one of the piles. I was going to add it with two others for a Big Brother triple.... Saw the movie 'Snowden'. If *half* of that is true..... Sheesh!

    ReplyDelete