“The art of being invisible. How to Maintain Privacy in the Age of Big Data" by Kevin Mitnick

Spoiler alert for the problem from today's headline: “No way.” This is what we will talk about.

Kevin Mitnick is a computer security specialist. The same person who can teach you how to maintain privacy on the Internet as much as possible. At one time, as a hacker, he committed a number of crimes on the network, served time and was released, so it will be especially interesting to read him.

In his book about the art of being an invisible badboy, Kevin talks about how you can protect your data, prevent surveillance, maintain anonymity, hide your IP, wisely use services for sending emails, and so on. The pages contain routine advice about passwords, and a database about social engineering – “a method of unauthorized access to information through psychological influence, manipulation and control of a person’s actions in order to force him to do what he wants.” This method is essentially suitable for fishing out information. The benefit of Mitnick’s book is precisely to learn not to succumb to this manipulation, to be aware of how you can be figured out, and to take precautions. Then all your data will always be safe.

Of course, the author gives many examples from the world of IT companies. Often scandalous. “One of the most famous such cases involves Microsoft, which was hit by a wave of public anger when it was discovered that it had been viewing the contents of the inboxes of a Hotmail user who was suspected of owning a pirated copy of Microsoft software. As a result of this discovery, the corporation announced that in the future similar investigations would be handled by law enforcement agencies,” he recalls.

Things also turned out interesting with thermostat manufacturer Nest. One day the company decided to add the ability to control the device through a web application and away we go. “In one scathing review of the Honeywell Wi-Fi Smart Touchscreen Thermostat on Amazon, a user named “General” wrote that his ex-wife took his house, dog and a significant part of his retirement savings, but he still had the password for Honeywell thermostat. This user claims to raise the temperature in the house while his ex-wife and her new lover are out of town, then lower it to normal before they return. “I can imagine the kind of electricity bills they get,” says Mitnick. Funny story. And he also gives his expert commentary: “It should be noted that many of these methods require physical access to the device, that is, someone must enter your home and connect to the thermostat’s USB interface. Daniel Buentello, an independent security researcher and one of four speakers who spoke on how the device could be hacked, said: “This is a computer on which the user cannot install antivirus. Even worse, there is a secret loophole that an attacker could exploit. In fact, this device can be used as a tracking device.”

So it goes. I remember an episode from the same series, which we have already referred to more than once, when Guilfoyle hacked a smart refrigerator with voice control, and then checked the firmware and logs and discovered that the data was illegally flying to the cloud.

And, conversely, Kevin Mitnick highlights some products in a positive way: “Open Whisper Systems has developed the Signal application, which is a free, open IP telephony system for mobile phones. With its help, Android and iOS users have the opportunity to truly effectively protect telephone conversations using end-to-end encryption. The main advantage of the Signal application is that the keys are managed by the one who makes the call and the one who receives it, without the participation of any intermediaries. In other words, as with SDES, new keys are generated for each call, but the keys exist in a single copy and are stored only on users’ devices.” Kevin Mitnick also writes in detail about encryption and keys in advance, so that the average reader who is worried about his data will have a clear understanding of how it all works.

Mr. Mitnick also shares his personal life hacks. Sometimes it seems funny that the reader will also have to use them. “I turned on TouchID on my iPhone so it would recognize my fingerprint. Before going through immigration in any country, I reboot my iPhone. And when the smartphone turns on, I deliberately do not enter my passcode. Even though I have enabled TouchID, it remains disabled by default until I enter the passcode. US courts are clear that law enforcement cannot require you to give up your password. Traditionally in the United States you cannot be forced to testify; however, you may be forced to turn the key in the safe's lock. Thus, the court may force you to provide your fingerprints to unlock the device. A simple solution is to restart your smartphone. This way, the fingerprint recognition function will not be enabled and you will not have to give out your access code,” the hacker writes about his travel rules. Or, for example, in the wake of obtaining permission to enter Canada, he also prudently advises: “When passing through any checkpoint, make sure that your laptop and electronic devices are the last on the conveyor belt. You don't want your laptop on the other end while someone ahead of you holds up the line. Also, if you need to leave the line, be sure to pick up your laptop and electronic device.” Probably, if you listen to the book in audio format, it will look just like a briefing for James Bond before a new mission, adjusted for the 21st century and its challenges.

Throughout the entire reading, the author literally instructs the reader on how to use gadgets safely and explains why sometimes it is worth having a separate device and logging into it only in guest mode, not administrator mode. It also reveals the secrets of stealing passwords, tricks of fitness tracker software and other tricks with devices.

There are a lot of nuances, which is probably why Kevin Mitnick calls it art. However, even a professional can make a mistake and log into personal mail from the wrong device.

Useful from Online Patent: