The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data

by Kevin D. Mitnick

In this book I’ll make the case that each and every one of us is being watched, at home and out in the world—as you walk down the street, sit at a café, or drive down the highway. Your computer, your phone, your car, your home alarm system, even your refrigerator are all potential points of access into your private life.

In this book, you’ll learn how to: encrypt and send a secure e-mail protect your data with good password management hide your true IP address from places you visit obscure your computer from being tracked defend your anonymity

You can always check the site www.haveibeenpwned.com to see if your account has been compromised in the past.

First, strong passphrases, not passwords, should be long—at least twenty to twenty-five characters. Random characters—ek5iogh#skf&skd—work best. Unfortunately the human mind has trouble remembering random sequences. So use a password manager. Using a password manager is far better than choosing your own. I prefer open-source password managers like Password Safe and KeePass that only store data locally on your computer.

Creating passwords to protect online accounts and services is one thing, but it’s not going to help you if someone gains physical possession of your device, especially if you’ve left those online accounts open. So if you password-protect only one set of devices, it should be your mobile devices, because these are the most vulnerable to getting lost or stolen. Yet Consumer Reports found that 34 percent of Americans don’t protect their mobile devices with any security measures at all, such as locking the screen with a simple four-digit PIN.

The more red herrings you provide, the more you become invisible online.

To become truly invisible in the digital world you will need to do more than encrypt your messages. You will need to: Remove your true IP address: This is your point of connection to the Internet, your fingerprint. It can show where you are (down to your physical address) and what provider you use. Obscure your hardware and software: When you connect to a website online, a snapshot of the hardware and software you’re using may be collected by the site. There are tricks that can be used to find out if you have particular software installed, such as Adobe Flash. The browser software tells a website what operating system you’re using, what version of that operating system you have, and sometimes what other software you have running on your desktop at the time. Defend your anonymity: Attribution online is hard. Proving that you were at the keyboard when an event occurred is difficult. However, if you walk in front of a camera before going online at Starbucks, or if you just bought a latte at Starbucks with your credit card, these actions can be linked to your online presence a few moments later.

One way to mask your IP address is to use the onion router (Tor), which is what Snowden and Poitras did.

It should be noted, however, that there are several weaknesses with Tor: You have no control over the exit nodes, which may be under the control of government or law enforcement13 You can still be profiled and possibly identified14 Tor is very slow

A very basic rule is that you have to keep your anonymous accounts completely separate from anything that could relate back to your true identity.

To be invisible you will need to start with a clean slate for each new secure contact you make. Legacy e-mail accounts might be connected in various ways to other parts of your life—friends, hobbies, work. To communicate in secrecy, you will need to create new e-mail accounts using Tor so that the IP address setting up the account is not associated with your real identity in any way.

Tearing down that connection when the call ends Billing the appropriate party making the call Managing extra features such as call-forwarding, calling party name and number display, three-way calling, and other Intelligent Network (IN) services Toll-free (800 and 888) as well as toll (900) calls Wireless services, including subscriber identification, carrier, and mobile roaming

What ss7 does

There are three basic “flavors” of text apps: Those that provide no encryption at all—meaning that anyone can read your text messages. Those that provide encryption, but not from end to end—meaning that the communication can be intercepted by third parties such as the service provider, which has knowledge of the encryption keys. Those that provide encryption from end to end—meaning that the communication can’t be read by third parties because the keys are stored on the individual devices.

Text apps

Unsure whether you answered that browser question in the past? Then try the test page at http://benwerd.com/lab/geo.php. This is one of many test sites that will tell you whether your browser is reporting your location.

According to Apple, its various products will automatically connect to networks in this order of preference: 1. the private network the device most recently joined, 2. another private network, and 3. a hotspot network.

If you don’t want to have any sensitive data available on your hard drive, the choices are: 1. Clean up any sensitive data before you travel and perform a full backup. 2. Leave the data there but encrypt it with a strong key (although some countries may be able to compel you to reveal the key or password). Do not keep the passphrase with you: perhaps give half of the passphrase to a friend outside the United States who cannot be compelled to give it up. 3. Upload the encrypted data to a cloud service, then download and upload as needed. 4. Use a free product such as VeraCrypt to create a hidden encrypted file folder on your hard drive. Again, a foreign government, if it finds the hidden file folder, may be able to force you to reveal the password. 5. Whenever entering your password into your devices, cover yourself and your computer, perhaps with a jacket or other item of clothing, to prevent camera surveillance. 6. Seal your laptop and other devices in a FedEx or other Tyvek envelope and sign it, then put it in the hotel room safe. If the envelope is tampered with, you should notice it. Note, too, that hotel safes aren’t really that safe. You should consider buying a camera device that you can put inside the safe to take a photo of anyone opening it and send the photo via cellular in real time. 7. Best of all, don’t take any risk. Carry your device with you at all times, and don’t let it out of your sight.