Mitnick In The News
BOOK REVIEW: The Art Of Invisibility
The Art of Invisibility is a book about methods of maintaining privacy and anonymity in an age of surveillance by American hacker and cybersecurity analyst Kevin Mitnick. The book gives advice on every aspect of modern technology which could expose one to nosy neighbors, identity thieves, law enforcement, and other sources of unwanted attention. The book is divided into sixteen chapters which advise the reader about various measures that can be taken to improve security.
The introduction begins with the revelations made about the NSA’s activities by Edward Snowden, then discusses the information that is publicly available about most people with very little searching required. The first chapter is about password security and security questions. Tips are given for choosing a strong password, using a password manager, creating answers for security questions, and using multi-factor authentication. The second and third chapters cover surveillance of email and phones. Mitnick covers the concepts of metadata, encryption, and social engineering. He explains how the Tor browser and MAC addresses work. He discusses several current and historic methods of wiretapping phone conversations and pinpointing the location of a phone, then explains how a burner phone may be used to obtain some privacy.
Chapter 4 is about the functionality and use of encryption to thwart eavesdroppers. This is discussed in the context of text messages, cell phones, and computers, each of which is remarkably vulnerable without it. The next chapter begins with the Sarbanes-Oxley Act, which is now being used to prosecute anyone who deletes browser history that federal prosecutors wish preserved. Mitnick makes the obvious recommendation of not collecting such history in the first place, then instructs the reader on how to do so. He then discusses how Internet browsers track a user’s location and how this may be countered. The chapter concludes with the dangers of connecting devices and cloud storage.
The sixth chapter details various tactics that websites use to track users, such as scripts, single-pixel images, cookies, and toolbars, then offers advice for stopping them. The chapter ends with a basic overview of Bitcoin for overcoming some current legitimate uses for tracking. The dangers of sharing an Internet connection make up the seventh and eighth chapters. Mitnick teaches the reader how to set up an Internet connection that is difficult for malicious users to find and use. Next, he discusses several cases in which webcams were used to spy on people, including underage students. The phenomenon of ransomware, in which a user’s files are encrypted by malware and can only be decrypted by paying an extortionist, concludes Chapter 7. After this comes the pitfalls of public computers and Wi-Fi connections. Lessons on avoiding man-in-the-middle attacks, using virtual private networks, resetting one’s MAC address, and more are found in the eighth chapter.
The second half of the book opens with examples of photo metadata being used to locate people, then tells how to delete such information and prevent it from being created. Mitnick then gives advice on how to get unwanted photographs of oneself removed from websites, though it may not always work. The dangers of posting sensitive personal information on social media or otherwise sharing it with strangers is discussed. The extent to which corporations track commentary on social media is detailed through examples of students found publicly discussing standardized test material. The absurdity of minors facing criminal charges for possessing nude photos of themselves is used to illustrate the potential dangers of Instagram and Snapchat. The chapter finishes with privacy problems that can come from using dating sites and mobile apps.
Mobile device tracking is the subject of the tenth chapter. Mitnick writes about the third-party accessibility of information recorded by fitness-tracking devices as well as the trackability of people through the GPS features of their devices. He also shares an interesting episode of social engineering combined with tracking in which he surprised a careless driver who almost killed him with a stern warning supposedly from the DMV. The use of drones and facial recognition to erode privacy come later in the chapter, along with some prototypical countermeasures. The next two chapters detail how cars and home appliances can be used to track people, then show people how to turn off many of these features. Doing so will deprive users of some convenience, but that is the general cost of privacy and anonymity.
Chapter 13 applies the information discussed in previous chapters to the workplace. The insecurity of copiers, printers, and other such office appliances is highlighted so as to warn readers not to use them for any purpose that one would not want one’s employer or any hacker to see. Videoconferencing and remote file storage systems are covered in the last part of the chapter, with advice given for increasing security on them. The fourteenth chapter details the myriad ways in which government agents violate privacy and interfere with private electronics and communications, then advises readers on how to protect themselves while being aware of the laws in various countries. Also included here are the privacy concerns with hotel keys, supermarket cards, and airline boarding passes should they fall into the wrong hands.
The fifteenth chapter is mostly about the arrest of Ross Ulbricht, describing the mistakes that led to his capture. Devices that masks geolocation, and could thus have hidden Ulbricht from law enforcement had they existed in 2013, are mentioned. The final chapter lays out a step-by-step guide to achieving as much anonymity online as possible.
From beginning to end, Mitnick shares a wealth of information with just the right amount of personal anecdotes and other stories to keep the reader engaged. The Art of Invisibility is an excellent reference that deserves a place on the bookshelf of all who care about online privacy and personal security until enough time passes to render the information within obsolete, which may be on the order of decades.
This insightful review and other very interesting articles can be found at the source.