This is a three-part special. The first part of this three-part special would include, what privacy means to a normal person, how it impacts the normal day-to-day life of that person, the facts about what is going on in the cyber world, in terms of privacy.
The second part would comprise of the mistakes that are made by people and the mindset that people have about internet privacy.
The third and the final part would include how you can protect yourself against attacks, even if you aren’t computer savvy. You will also be introduced to technologies being used nowadays to defend against privacy breaches.
Part 1:
Lets start with what privacy is, though all of you might already know what it is. Privacy is the right of an individual to keeps his/her’s private stuff, private. Technology is a part of our life now and unfortunately, the threat landscape is quite big, in terms privacy.
You might have heard about IOT (Internet of things) which means, all the devices that are connected to the internet and to each other, for example Cameras, locks, fridges etc. There have been many security concerns about IOT devices, which I will not be covering here.
Technology has become closely intertwined with our daily lives. Cell phones, for example, instead of having different devices for different tasks, now smart phones have everything in one package, such as GPS, 3G/4G, Bluetooth, NFC, which are technologies which have many applications in our day-to-day life. Internet, a technology that we are so dependent on, that a little disruption in it causes serious discomfort to us. These technologies, can be attacked to invade one’s privacy.
Security and Privacy have always had a love/hate relationship. Complete security requires privacy breach at some level, which becomes a problem in case of complete privacy. Last year General Data Protection Regulation (GDPR) was adopted in the EU which has several detailed points about the protection of privacy for the EU citizens and residents. This is a very good thing, but to be honest, this protects against our data on services such as Google, or any other corporate entities. What about hackers, intelligence agencies, cyber armies? How should we protect ourselves against them? How can we keep our personal information personal? Though I will tell the good readers on how to protect one’s privacy online, in the part 3 of this article.
Now, I would like to briefly talk about the attacks against privacy. Recently, we heard about NSA snooping into mobile networks and reading SMS etc. Due to the leaks, the world now knows about Hacking Team and Finfisher, which are the companies who blatantly sell command and control implants to governments and even law enforcement agencies, which were initially used to spy on activists, journalists, etc. Nowadays, due to the threat of increasing cybercrime, the implants might be used against normal people, if they are persons of interest to law enforcement. For example, the recent Surveillance law in Germany, which empowers the German police to read WhatsApp messages of people who become person of interest to the police. Though direct interception is not possible, most probably, they would be using some kind of social engineering technique to install the police controlled implant onto the cell phone of their target. Similar surveillance powers are or will be given to the police in the UK.
To be very clear, if the person has committed a crime and/or, well, if he is a bad guy, which is quite hard to know, unless it is Tom Cruise’s Minority Report, and there is a pre-crime unit, but still, I am completely in favor of this surveillance law, in that case. But knowing which of the suspect is a real bad guy and which of the suspects is an innocent, is quite hard to know, thus there would be quite a big range of false positives, who would lose their privacy as collateral.
There have been so many cases of identity thefts in different countries due to breaches, leaks, phishing etc. With your identity stolen, you can lose your bank accounts, can end up in the police wanted list, can come under serious debt, etc. Apart from identity theft, GPS spoofing, where you can be sent somewhere else and the information that you contain may be taken by force, cell phone hacking, television hacking and voice snooping, implants to intercept internet traffic at the ISP end, SMS interception, SS7 based attacks, all of which are attacks against normal people and which are used to compromise confidentiality and breach privacy of the intended targets.
I would be, in the end of this three-part article, mention different books covering privacy and how to be invisible.
Thanks for reading.
Part 2 would be coming out soon!
Peace!