I was fortunate enough to meet the author, Kevin Mitnick, while attending
RSA in February. I was given a signed copy of
The Art of Invisibility, one of
The State Security's must-reads for infosec pros, so I made it a point to read the book.
I knew a bit about Kevin’s past and had seen a few of his DEF CON talks, so I had a general idea as to the content of this book. As I started reading, I found the book to be written in a moderately technical manner but presented in such a way that the average non-technical user could easily understand.
Kevin covers a range of topics presented mostly as historical accounts of past events, all of which centered around the main theme of the book – the continued erosion of our personal privacy. He explains a range of vulnerabilities and the process used to exploit them. He also delves into the questionable data collection practices of the services we all use daily.
He explains how much our personal lives have been monitored, tracked and recorded. Often, the reasoning behind these tracking mechanisms is presented to users a means to “improve the user experience.” All this comes at a very high price – your personal privacy.
If you like the story behind the story as it relates to many of the more well-publicized hacks, this book is for you. Kevin digs into the processes Edward Snowden used to secretly and securely communicate with reporters prior to the Guardian story about his disclosure of PRISM. He discusses the history and downfall of the Silk Road website using the story to illustrate the importance of completely separating any online identity that might be construed to be involved in illicit activity from your real persona.
Kevin also relates stories about a multitude of his own experiences. He dives into the tactics he used to infiltrate and manipulate people and organizations to achieve his goals. He highlights his shining moments, as well as his mistakes and their ultimate consequences.
The book spends a great deal of time relating these stories to the overall objective – teaching you how to become as invisible as you wish to be online. The unspoken message is that it’s likely too late for most of us to achieve any form of anonymity or invisibility due to the history we have developed as a result of our past and current habits.
However, he does go into great detail providing the steps one should take if the goal is to develop an online presence that is untraceable to your real identity. The process is not simple nor for the faint of heart. All it takes is one moment of inattention to compromise everything you worked so hard to protect.
The bottom line is this book is a great read for anyone who is connected in any way shape or form. Whether or not you have a need for an “invisible” presence in the online world, reading this book will make you much more aware of the things you do without much thought and the impact those habits have on your personal privacy.
If nothing else, you will be a bit more educated and a whole lot more paranoid. Sometimes questioning the things going on around you is a good thing!
About the Author: Jim Nitterauer, CISSP is currently a Senior Security Specialist at AppRiver, LLC. His team is responsible for global network deployments and manages the SecureSurf global DNS infrastructure and SecureTide global SPAM & Virus filtering infrastructure as well as all internal applications and helps manage security operations for the entire company. He is also well-versed in ethical hacking and penetration testing techniques and has been involved in technology for more than 20 years.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
