'

Lives of others - two aspects of social engineering

Kevin Mitnicks' exciting 'Ghost in the Wires' book is fundamentally a memoir of solo social engineering capers; is the modern 'social' web vulnerable to the few controlling the many in the style of the East German STASI?

Last century Kevin Mitnick was the most-wanted computer criminal in the United States, with his antics (real and claimed by sensationalist journalists) regularly making the mainstream media. Mitnick has a terrific new book out 'Ghost in the Wires' detailing his adventures and written with William Simon in the style of Frank Abaganale, author of 'Catch Me if You Can'.

Both Mitnick & Abaganale are first and foremost talented and convincing Social Engineers, possessing the ability to gain people's confidence and give them access to passwords, systems etc. Most of Mitnick's activities involved developing telephone relationships with people inside companies (he was an accomplished phone system hacker) and building relationships under various pseudonyms. According to his memoir he got into systems and downloaded data for the thrill of it rather than to steal ...and like Abagnale is now a security consultant.

These characters and their activities seem as quaint today as a Pee Wee Herman TV re run in a world where the next major war is likely to be fought on a new front - online - and where hactivist collaborators from groups like Anonymous and LulSec are feared by the vested interests. Joseph Menn wrote a terrific piece "They’re watching. And they can bring you down" in the Financial Times earlier this month that provides some color on the current state of play for idealists. The vast dark internet with its data markets and malware tools are a major part of international crime for the modern thief.

The internet knows few international boundaries of course, but there are parts of the world where personal privacy and rights are taken more seriously than others. Prior to reunification, East Germany had a terrifyingly efficient pre computer secret service, the STASI, (The Ministry for State Security or Ministerium für Staatssicherheit) widely regarded as one of the most effective and repressive intelligence and secret police agencies in the world from 1950 to 1990.

Like Mitnick, most STASI activities relied on social engineering, great data collection, the ability to make contextual connections from it and of course phone tapping and surveillance. This creepy world can seem fun when Mitnick is running capers to see if he can phreak phones and break into telephone companies and technology companies but scary when it's orchestrated at scale.

Facebook has been in the news again in the fall technology season, unveiling their new user interface and timeline feature and continuing to emulate the path of America Online in posturing as a credible media hub. Germany has very tight regulation on data portability as those of us in the Enterprise collaboration world know and there is increasing concern there on the permanent record being collected by Facebook on their users as the site europe-v-facebook.org documents. Every person in the European Union has the right to access all the data that a company is holding about him/her, partly because people remember the STASI era all too well,  and the Facebook Ireland office therefore in theory legally has various responsibilities to uphold.

Everything you do on the internet is trackable and traceable from email to your browsing history unless you take steps to cover your trail, but the sheer volume of information collected by Facebook - which tracks your online activities even if you are logged out as has been widely discussed recently - is pretty daunting. Take a look at all the data Facebook logs on you...

Using a browser type solely for Facebook accounts with a plugin to disable trackers and cookies such as disconnect.me helps, but the reality is that you are going to have to be a lot more circumspect in what you chose to share on these highly data promiscuous free services. Facebook is straining at the leash to get back to the Beacon days (your data was sent from 44 partner websites to Facebook, for the purpose of allowing targeted advertisements and allowing users to share their activities with their friends. This service was shut down in 2009 after a class action lawsuit and the annoyance of seeing your Fandango movie ticket purchase, or your Zappos gift purchase information posted to your Facebook wall).

If an online service is free you are the product, and the commercial pressures are clearly building up again for Facebook to strip mine your life and culture, and to expose as much of your online activity as broadly as possible.

The impact this has on the more structured word of work, where we use somewhat similar online tools to work together collectively with our colleagues can be negative, particularly if the employer already has a 'Big Brother' reputation. Orchestrating and driving consistent use of appropriate tools to help each other be more efficient is already much the harder part of driving more effective collaborative activities - picking technologies is the easy part.

Mitnick's 'Ghost in the Wires' capers ended in him getting chased by FBI helicopters, hunted down and incarcerated. Social engineering on a vast scale tends to have the opposite effect with the few controlling the many as the STASI so effectively demonstrated. While consumers can opt out of a free social network account by closing their individual account to end the data collection at that point, work systems have different goals, costs and objectives.

Evgeny Morozov's 'The Net Delusion: The Dark Side of Internet Freedom' is a very sober and important book about what can go wrong when totalitarian states use broadband and mobile driven social networks to drive STASI like conformity. After this latest wave of internet and mobile euphoria and fashion has waned in the west companies will still expect their employees and partners to collaborate together online: setting up an efficient, fair and equitable level playing field to achieve these goals and outlive the hype has never been more important.

-

Video: Trailer for 2006 German Film 'Das Leben der Anderen' The Lives of Others A drama about STASI monitoring of characters in mid 80's East German Berlin.