Since I became interested in Internet Privacy, data gathering and web tracking, as well as anonymity online, I have read many books, but some of them I want to introduce here. This blog post is loosely named books about privacy, technology, Wikileaks and Anonymous, but the idea behind it is that those books open a door to a world where our every move is in one way or another tracked, we are not truly anonymous anymore. On the other side, thanks to the technology, we are capable of releasing amounts of information that was hidden from the general audience, at an unprecedented way, speed and to a global audience.
But my goal in no way is to stipulate that our technology is bad or that we should stop using it. Nor is this the main idea of the books. On the contrary, I believe they show that technology by and of itself is neutral. How we use it – whether governments or regular people is what “colors”/defines its uses. Moreover, those books share with the reader a current snapshot of various uses. Is it possible for us to go in a Big Brother direction, where our every thought is tracked – in a way it is already so with the available keylogger tools. But technology is facilitating the ability for knowledge to reach remote villages, for people to collaborate on an unprecedented scale, as well as further our scientific understanding of the world around us.
Anyway, here are the books and short description.
1. Unmasked – the collection of articles from Ars Technica’s editors was compiled as a book and follows the story of the Anonymous attack and consequent fall of HBGary Federal in 2011. The whole story is described meticulously with the necessary technical details (not that I expect anything else from Ars). It explains how the hacks took place, how Anonymous tries to deal with various situations and it exposes something more important – how government contracts work in secret and to what depths people could go to discredit an organization (talking about the slides from HBGary to undermine Wikileaks through document manipulation). All the while their IT security was below the acceptable level for a security and government contractor. The method of attack from Anonymous was not some marvelous hacking insight – they used tools and knowledge that are widely known and professionals from HBGary should have been prepared for. A great deal of information is shared as well about the way Anonymous members used social engineering to get root privileges to the firm’s servers and how cleverly they managed that. Talk about irony.
Along those lines, I think the Ars Technica team shed light on something else: how one person interpretation of data and desire to be right, ultimately brought him and his business a lot of trouble. His methods are at best questionable, and even though governments employ them often, Aaron Barr (HBGary CEO) findings were based on statistical errors, false assumptions, pure desire to be correct even when the data was showing different. Even his programmer did not want to take a role at the end because he saw many errors in the preparation and interpretation of data.
2. Dragnet Nation – this is not your usual tech book. It starts with a good question – “Who is watching you?” and in our world, maybe the answer to it is – “Who isn’t?” – from Google Street Car debacle, “accidental” collection of wireless data from Google, tracking data from 3rd party advertisers on the net to the various Intelligence agencies around the World – we are constantly “tracked”. And though we should be worried about the government1 surveillance programs, we should be more worried about corporate data mining. After all, we willingly share so much of our lives online, and though we expect some level of privacy -such does not exist because it is and will always be trumped by shareholders interests. And pretty much this is the beginning of the book by Anqwin. She writes about the stories of various people who have shared medical problems online under anonymity in order to find another soul who could understand them, only to backfire on them due to invasive data mining policies from private companies, targeting profits.
But think about it – everything we do – share something on Facebook, tag a friend, buy a ticket online, pay with a credit card, talk on the phone, browse online – this is all information that is mined and used, tracking our movements, habits, ideas, needs. So the author decided to talk with various privacy experts and embark on a marvelous journey to remove or at least decrease her digital footprint. That of course became a quickly burdensome when she started realizing how much of our lives depends on easy to track us tools.
So what Angwil started first with was a security audit of her life. Then she decided to install non-tracking tools on her computers and browsers, got a more secure password, removed her smart phone. She even went as far as to put her phone in a Faraday cage not to be tracked. Of course this is a double edge sword nowadays when our livelihoods depend on communication with other people. Additionally she changed search engines, mail providers, back-up devices, prepaid payment cards and so on.
But she also realized through the audit one vital thing – that banks have an expansive and very useful data collection and analysis program. And because we use to pay with plastic cards almost anything these days it is pretty easy to leave a digital trail, showcasing our entire existence. So she decided to create a new persona – identity in a way – with a full name, details about her, and ultimately a credit card, in order to reduce Angwil’s footprint.
In her book, she traces and explains well how invasive today’s tracking really is – from Google DoubleClick codes, to Addthis social sharing buttons, to IBM’s Coremetrics and many more. I will not share all the book has to offer – but I highly recommend it to every person. Not to make you paranoid. This is not my goal, just so that we as people have an open eye of what we willingly share and allow private businesses to know about us.
3. Black Code – in his book Ronald Deibert, a leading expert on digital technology and security, manages to explain the two faces of Cyberspace. The one where Internet helps for the unprecedented way that people can communicate, share knowledge, advance science and society as a whole, and how it is used for grassroots movements in various parts of the world. At the same time, he craftily is able to show the other side of the coin – the space many people do not know exist. The place where technology and cyberspace is used for digital warfare. The sponsored state hacking, the cyber attacks on citizens and non-government organizations from Dalai Lama’s office, to corporate espionage rooted deep inside private networks, NSA scandal, and military Cybers attacks.
Deibert masterfully describes the well known incident with the Russian sponsored attacks on Georgian Internet and critical infrastructure like banks and government sites through DDOS2. Accompanied with reports of Citizen Lab is a story of how researchers establish and track attacks, but the analysis achieves another goal – it provides us with the notion that the Internet is not as decentralized as we might think or wish for. That there are certain choke-points , as well as the fact that the wires are own by only several communication providers. The author also makes a point to explain how important interests from governments and private actors try to undermine the stability and security online, and in the meantime manage to destroy our democratic process.
Important part of the book is the Great Chinese Firewall and the deep packet inspection and various other methods used to keep information and news in China filtered. Of course there is the tidbit how Chinese citizens could circumvent their Big Brother, should they have the technological know-how to do so.
Still cyberwarfare between China and USA is something that Deibert focuses on. Not only on the successful cyber espionage from Chinese unknown groups on Google and various other tech firms in US and Canada, but also how vulnerable US critical infrastructure – water, power, grid infrastructures are from cyber attacks due to years of neglect. And while US focuses on cyber offense, vital utilities are left with weak or non existent defenses from hackers.
Some people might initially resist the notion that such capabilities are possible. An example to the contrary is given with the now famous Stuxnet virus that disrupted Iranian Nuclear research. It is now widely acknowledged that the virus was developed by joint Israel-USA task-force and released to a great success. Unfortunately, bad code was the culprit behind the ability of the virus to spread around the world and cause damage.
If you still have a positive outlook about our digital future, the book final chapters focus on the business of selling viruses, malware, spyware and 0-day attacks3. It is a lucrative business, offered worldwide. As Deibert notes: “Cyber crime has become one of the world’s largest growth businesses…”.
Through the book, he gives his unique viewpoint and possible scenarios to help us prevent a total collapse of the system – from adaptation of the system and pathways for resiliency, to distributed security, stewardship and principles of “mutual restraint” for cyber warfare by the example from the missile crisis.
With all the warning and dark scenarios, Deibert’s goal is not to show pessimistic future, but rather to paint a way forward to a future
This is the first part of several posts about books focused on security, privacy, technology in 21st century, Wikileaks and Anonymous. The current post presented some dire outlooks of how technology is used to track us, decrease our privacy (which we often voluntarily offer when we share so much online), and ultimately of how vulnerable we all are from a personal and systems point of view.