© 2017 Kevin Mitnick
320 pages
So, you want to be invisible online? Great. All you'll need is three separate computers -- one for your top secret business, one for your banking, and one for your everyday use; a few new email addresses, a handful of burner phones, a large pile of cash to buy gift cards and electronics without leaving a credit trace, a slightly larger pile if you intend on paying strangers to buy said cards and electronics for you, an ability to habitually lie, and the concentration of a criminal mastermind to remember which accounts you're using on which computer so you never accidentally blend your Top Secret identity with your real one. Child's play.
Kevin Mitnick knows a thing or two about the necessity and the difficulty of staying invisible. He spent two and a half years as a fugitive from the FBI, wanted for hacking, unauthorized access, and wire fraud. These days he works as a security consultant, and in The Art of Invisibility he provides a point-by-point tour of the surveillance web created by the internet and telecommunications infrastructure. There are also specialized chapters on surveillance in the workplace, and maintaining privacy while traveling abroad. Mitnick's survey and advice have at least two audiences: most of the book can be appreciated by a technologically savvy and privacy-minded individual who wants to know more, while a smaller but not insignificant portion of the book, somewhere between 30 and 40 percent, would be of interest to the truly paranoid.
Although Mitnick does cover material would be a given to those with an interest in security -- don't use public WIFI networks for banking or other sensitive business, even if they're password-protected, that kind of thing -- most of his information is less elementary. He's thorough, explaining how tools like email and hardware encryption work, where they're vulnerable, and why they're useful. The Tor browser is a mainstay of recommendation, as it allows users to be relatively anonymous and evade filters that restrict access in territories controlled by authoritarian states like China by redirecting the user's activity across a series of nodes. The nodes chosen are random, and it's possible to encounter a node controlled by surveying authorities. If a person uses Tor on the same computer and accesses the same accounts as they normally do, however, then if they're under active surveillance by someone their token efforts at anonymity are for naught. People in witness protection can't go to family reunions, and those who want remain invisible can't muddle their identities together. If you want to have an email account and use Tor, Mitnick advises, then use Tor and create a new email account. The same concept applies across communication technologies: Mitnick was caught in the 1990s because despite using multiple cell phones, he was using them in the same location (a motel room), and thereby connecting to the same cell tower every single time -- allowing the FBI to collaborate with the local telecom to get a fix on their man.
The Art of Invisibility is far more comprehensive and helpful than Mitnick's previous books on intrusion and social engineering. Mitnick offers his exhaustive tour of vulnerabilities not to scare readers into retreating to a monastery, but to point out -- this is what you're up against, this is what you can do about it, this is where you'll still be weak. Like a security consultant's tour of your home, The Art of Invisibility shakes expectations, and disturbs the illusion of safety -- while at the same timeVanishingly few people are capable of taking all of Mitnick's advice: even he doesn't. He leaves the decision to the reader how best to integrate this information with their own practices. Everyone can benefit from better cyber-security hygiene, even if it's something as basic as keeping your cellphone locked, running adblock to disable malicious scripts on websites, and keeping SmartTvs that never stop listening to you out of your house.
Related:
- 10 Don'ts On Your Digital Devices Daniel G. Bachrach, Eric J. Rzeszut. A more entry-level citizen's guide to digital hygiene.
- Swiped: How To Protect Yourself in World of Scammers, Phishers, and Identity Thieves, Adam Levin
- Future Crime: Everything Is Connected, Everyone is Vulnerable, and What We Can Do About It, Marc Goodman
"hygiene" is a good way to put it; even turning off the power won't give a person total security (one's house is still on Google Earth, woohoo). This is the kind of stuff I think about (too often), so I would probably like this book. I read something similar not too long ago (Beyond Fear, by Bruce Schneier), but it was more theory than daily-life tips.
ReplyDeleteHave you read Schneier's "Data and Goliath"? It's more of an expose than a "what to do about it" kind of book, though.
DeleteI have not...I found his writing style a bit dry, despite the interesting subject matter.
DeleteI can't recall much about his style, but in reading "Data and Goliath" I was definitely transfixed by the subject!
Delete