Let’s start the week off with two birds and one stone!
Earlier in the week I was finally able to get access to No Place to Hide, by Glenn Greenwald, on his encounter with Edward Snowden and the stories that led to. For those hiding under rocks, Edward Snowden was a civilian contractor working for the NSA until he exposed part of their globe-spanning surveillance apparatus in 2013/2014. While employed by the CIA and NSA, Snowden became increasingly concerned with the scope, ambition, and dubious legality of his employers’ programs, and decided to begin documenting what he was seeing. After methodically collecting reports for months on end, throughout several assignments, Snowden contacted a reporter with an established reputation for criticizing both the government and a complicit media. Greenwald, after recounting his first contact with Snowden, then shares information from the stories he filed with The Guardian before switching into an argument against the surveillance state, and a condemnation of the establishment media, particularly the Washington Post and the New York Times.
I daresay no one will be surprised to learn that I’m far more a supporter of Snowden than the NSA — not because I believe the NSA is part of some evil conspiracy, but because I have certain strongly-held believes on the nature and consequences of power, and know that the construction of an inescapable surveillance apparatus is Bad News. When Greenwald says global, he means global; the book mentions numerous programs, not just the email-tapping ones, and between them they cover pretty much everyone but the crew of the International Space Station. It can’t all be to fight terrorism: what do terrorists have to do with Brazilian gas companies, and why is NSA surveillance being shared with US agricultural departments? Those who believe that the NSA are swell chaps who wouldn’t countenance abuse of their data may sleep soundly, but what happens when someone with less scruples is in charge? As the current administration demonstrates, we no longer require even the pretense of civility from those those who want to operate the beastly machine that is DC.
More recently I read through Kevin Mitnick’s The Art of Intrusion. Mitnick was partially featured in Cyberpunks, a teenage telephone ‘phreaker’ turned pioneering computer hacker. Since his release from prison Mitnick has used his reputation and experience in intrusion to sell himself as a cybersecurity consultant. The Art of Intrusion collects ‘true crime’ stories of computer-based or related intrusions; ranging from illicit exploration to digital skulduggery. A lot of data is omitted for the protection of the persons and companies mentioned, but a lot of the stories seem dated, for the book’s publication year, and others are so technical I am not sure who would be reading them. I did find quite a bit of interest, however, in the chapters on penetration testing and social engineering. I still do not like Mitnick’s term for an art he and his friends practiced, and one which remains a security threat: obtaining information and access through human, instead of technological, means. Mitnick shares the stories of analysists, who — performing audits on companies, and attempting to breach their security — were able access highly sensitive areas within buildings simply by chatting up coworkers and ‘acting’ like they belonged there. This also involved technical assistance, like a fake id that security guards didn’t vet too closely. Mitnick claimed in his trial that he relied on social engineering, not computer programs, to access as much as he did, and he has previously authored a book called The Art of Deception that documents the psychological strategies used in this kind of ‘engineering’. As someone with a work-related interest in security, I may look around for a copy.