I usually avoid giving convicted felons such as Kevin Mitnick much credence. While I acknowledge that Mitnick was a gifted phone hacker and, other than mischief making, he was not the hardened criminal type. Maybe I am jealous of his notoriety and big speaking fees. But I think there is something to be learned from the data protection techniques he uses as revealed in this article that spells out the hassles he experienced when returning from Bogota this two weeks ago.
After landing at the Atlanta airport for a security conference, Mitnick was detained for four hours for reasons still not fully explained. To make matters worse, while customs officials in Atlanta were busy inspecting his cell phone, laptop, and luggage, police in Bogota were ripping open a package he had mailed to his U.S. address on suspicion that it contained cocaine.
That level of notoriety I do not envy.
Read towards the end of the article:
To protect his privacy and that of his clients, Mitnick encrypts all the confidential data on his laptops, transmits it over the Internet for storage on servers in the U.S., and wipes it from the computer before returning from any international trips, just in case officials decide to search or seize his equipment. He also encrypts his hard drive. And now, he says he is going to keep a "clone" of his MacBook at home so he will have an exact duplicate of it if it is ever seized.
Most of us would consider these extraordinary measures. But, considering his high profile, completely logical, as just demonstrated by the manhandling his computer equipment suffered at the hands of the FBI. (Who by the way have completely exonerated Mitnick in this incident.)
So summing up:
1. Use a MacBook. All the paranoid security guys do.
2. Encrypt your hard drive.
3. Encrypt important files and back up to cloud based storage.
4. Wipe confidential files from your hard drive before entering hostile territory.
5. Keep a clone of your laptop at home in case your laptop is seized by authorities.
About Stiennon
Richard Stiennon is a security industry analyst. He is currently consulting, speaking and writing on all manner of security topics for IT-Harvest, the IT research firm he founded to cover the security space. He was most recently chief marketing officer for Fortinet. He has served stints at PricewaterhouseCoopers, Gartner, and Webroot Software.
The opinions expressed in this Weblog are those of the writer and may not represent the opinions of Network World.
|
|
And I avoid giving convicted
And I avoid giving convicted felons such as the aforementioned Mr. Mitnick any credence.
In fact, he's a good argument in favor of requiring professional licensing for computer professionals, if only to have a method for blackballing him from the industry once and for all...
Mitnick is good for security industry
Professional licensing could help if it was something like a nursing license or law license that could be revoked or professionally sanctioned for misconduct.
But there's certainly an argument to be made that Mitnick would be an excellent educator. His books on social engineering should be required reading for those professional license holders eCurmedgeon envisions.
Tactics like impersonating FedEx and UPS delivery staff to gain access to secured areas, faking appointments with high level employees, and low tech tactics like becoming a janitor in a building all are easy ways to bypass traditional physical access security. Merely smiling and making small talk with security guards has gotten me waved past checkpoints that usually require showing ID and signing in. Keep in mind that traditional computer security is worthless or worth very little if your attacker has physical access. Encrypting hard drives and anticipating physical access or theft is the best route to true security.
Mitnick's ability to "think outside the box" with regard to security is a welcome addition to the trade. With regard to "convicted felons", we hold several convicted criminals in high esteem, such as the convicted drunk drivers George Bush and Richard Cheney. Mitnick's crimes were annoying at worst, and certainly less harmful to society than committing corporate fraud and bankrupting a multi-billion dollar company.
1984
Licensing for computer professionals? Lets register their fingerprints and DNA while we are at it. Obama has already started his national registry for real estate professionals. No problem, just add computer geeks in.
Where is this country going? I feel like I fell asleep in the U.S. in 2003 and woke up in the Soviet Union in 1978.
we are Borg You will be
we are Borg You will be assimilated.
I usually avoid giving
I usually avoid giving convicted felons such as Kevin Mitnick much credence.
Well he's paid his debt, so get off it. You're just a pre-felon, after all.
Having said that, the whole "keep a clone of your Macbook at home" idea...now that's something that will stimulate the economy.
Post new comment