Thursday, June 28, 2018

The Art of Invisibility

The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data
© 2017 Kevin Mitnick
320 pages

So, you want to be invisible online? Great. All you'll need is three separate computers -- one for your top secret business, one for your banking, and one for your everyday use; a few new email addresses,  a handful of burner phones, a large pile of cash to buy gift cards and electronics without leaving a credit trace, a slightly larger pile if you intend on paying strangers to buy said cards and electronics for you,  an ability to habitually lie, and the concentration of a criminal mastermind to remember which accounts you're using on which computer so you never accidentally blend your Top Secret identity with your real one. Child's play.

Kevin Mitnick knows a thing  or two about the necessity and the difficulty of staying invisible. He spent two and a half years as a fugitive from the FBI, wanted for hacking, unauthorized access, and wire fraud. These days he works as a security consultant,  and in The Art of Invisibility he provides a point-by-point tour of the surveillance web created by the internet and telecommunications infrastructure. There are also specialized chapters on surveillance in the workplace, and maintaining privacy while traveling abroad.  Mitnick's survey and advice have at least two audiences:  most of the book can be appreciated by a technologically savvy and privacy-minded individual who wants to know more, while a smaller but not insignificant portion of the book, somewhere between 30 and 40 percent,  would be of interest to the truly paranoid.

Although Mitnick does cover material would be a given to those with an interest in security --  don't use public WIFI networks for banking or other sensitive business, even if they're password-protected, that kind of thing -- most of his information is less elementary. He's thorough, explaining how tools like email and hardware encryption work,  where they're vulnerable, and why they're useful.   The Tor browser  is a mainstay of recommendation, as it allows users to be relatively anonymous and evade filters that restrict access in territories controlled by authoritarian states like China by redirecting the user's activity across a series of nodes. The nodes chosen are random, and it's possible to encounter a node controlled by surveying authorities. If a person uses Tor on the same computer and accesses the same accounts as they normally do, however, then if they're under active surveillance by someone their token efforts at anonymity are for naught.  People in witness protection can't go to family reunions, and those who want remain invisible can't muddle their identities together. If you want to have an email account and use Tor,  Mitnick advises, then use Tor and create a new email account. The same concept applies across communication technologies: Mitnick was caught in the 1990s because despite using multiple cell phones, he was using them in the same location (a motel room), and thereby connecting to the same cell tower every single time -- allowing  the FBI to collaborate with the local telecom to get a fix on their man.

The Art of Invisibility is far more comprehensive and helpful than Mitnick's previous books on intrusion and social engineering.  Mitnick offers his exhaustive tour of vulnerabilities not to scare readers into retreating to a monastery, but to point out -- this is what you're up against, this is what you can do about it, this is where you'll still be weak. Like a security consultant's tour of your home, The Art of Invisibility shakes expectations, and disturbs the illusion of safety -- while at the same timeVanishingly few people are capable of taking all of Mitnick's advice: even he doesn't. He leaves the decision to the reader how best to integrate this information with their own practices. Everyone can benefit from better cyber-security hygiene, even if it's something as basic as keeping your cellphone locked, running adblock to disable malicious scripts on websites,  and keeping SmartTvs that never stop listening to you out of your house.



  1. "hygiene" is a good way to put it; even turning off the power won't give a person total security (one's house is still on Google Earth, woohoo). This is the kind of stuff I think about (too often), so I would probably like this book. I read something similar not too long ago (Beyond Fear, by Bruce Schneier), but it was more theory than daily-life tips.

    1. Have you read Schneier's "Data and Goliath"? It's more of an expose than a "what to do about it" kind of book, though.

    2. I have not...I found his writing style a bit dry, despite the interesting subject matter.

    3. I can't recall much about his style, but in reading "Data and Goliath" I was definitely transfixed by the subject!


Thank you for visiting! Because of some very clever spambots, I've had to start moderating comments more strictly, but they're approved throughout the day.