"Hello, my name is UserName and I'm calling you from the Sberbank security service." Recently, more and more people are faced with various manifestations of fraudsters ' actions, trying to extract financial or other equally critical information under any pretext. There are infinitely many ways of fraudulent actions. And the most interesting thing about them can be told by people who were on both sides of the barricades. Such a person is Dmitry Artimovich with his book "The Art of digital self-defense".
The Art of Digital Self-Defense
First of all, the new book by Dmitry Artimovich, a Russian expert in the field of information security and a former hacker, is of interest as a popular science reading that reveals in an accessible language all aspects of cyber threats in the modern world aimed at the average person. There are no complicated phrases and terms in this book, everything is written as simply and clearly as possible.
At the very beginning of the book, the author lists 4 rules for protecting against the threat of fraud on the Internet. These rules remain the basis of personal information security today:
The author identifies five major blocks in the book, each of which is associated with various ways of implementing information security threats and recommendations for protection. In the course of the story, the text is diluted with references to the author's previous books.
Dmitry writes in simple language about complex things, supporting them with clear examples. Even the technically complex process of describing and classifying malicious software in the first section can be turned into a rather fascinating and interesting activity. The author does not hesitate to admit his own failures, when he himself became a victim of account hijacking in the well-known ICQ. At the same time, the technical component of the book does not suffer from the use of simple terminology at all. The article covers issues related to the differences between Trojans, viruses, and worms, which only at first glance are synonymous. An interesting point: this section also describes legitimate methods for obtaining information, such as keyloggers in DLP systems.
In the second chapter, the author touches on aspects of information security on smartphones and IoT devices, which is probably the most relevant for most readers. It is interesting to use QR codes in the text, which complement the information provided quite well. The author gives a description of the main malware that affects Android and iOS devices. Moreover, iOS devices seem generally invulnerable, but only at first glance. General recommendations seem obvious, but the lion's share of Android devices becomes attacked by one or another malware, due to the actions of the user who downloaded the apk. file on the Internet. There is a reason to think about whether the permissions that we give apps without looking at them are really necessary. Why does the flashlight app, downloaded from an Internet site, need access to GPRS?
The third chapter reveals one of the most common types of Internet fraud today, social engineering. The author gives a very succinct thesis: "The weakest link of the system is its user." Thanks to the development of social networks and the careless attitude of people to personal data, experienced cybercriminals who are well versed in psychology are able to manipulate the victim. The historical background of the "Nigerian letter", already known from numerous Internet memes, is very well worked out- a letter to the victim's email address informing about entering into a rich inheritance in a distant country, but in order to receive it, you need to pay a small insurance premium using the specified banking details. It's funny, isn't it? Yes, it's very funny, but every year thousands of people transfer money to intruders who use such techniques. The main message is that it is necessary to carefully observe digital hygiene, restrict access to personal information on the network and do not leave your personal data on unknown resources.
The fourth section is devoted to threats related to carding, a type of fraud related to payment cards in one way or another. This section is relatively small compared to the rest, but it probably contains an excessive number of recommendations.
The author emphasizes the importance of data protection and backup in the fifth section, delving into methods of data protection that at first glance do not seem necessary. This section of the book tells the story of the problems of the author's interaction with public authorities, in which he was often subjected to the seizure of personal electronics and money. Dmitry also urges not to trust commercial software in matters of encryption, despite their mandatory certification. The thesis is put forward that any such cryptographic system has an additional loophole, which is used by special services. Also, you should not trust modern messengers, and even more so, conduct a working correspondence there.
The author quite emotionally questions the theses of modern IT giants related to the inaccessibility of user data to anyone but the user himself. This is especially evident against the background of the revelation of former CIA employee Edward Snowden regarding the PRISM Internet surveillance system. And if in the first four sections, Dmitry described ways to protect against fraud by "evil hackers", then the fifth section from the point of view of the layman looks like paranoia. But is it true? In fact, no, because even at first glance the most ordinary person can become the subject of such actions on the part of both government intelligence agencies and corporations. And if you really care about the safety of your personal data, then at least you should not immediately reject the information protection methods proposed in the fifth section.
If this book falls into the hands of a person who is familiar with the world of computer crime only by hearsay or not at all familiar, he will experience a strong shock from how easy and ordinary Internet scammers act. But after studying the book, even a person who is very far from the field of information security will draw conclusions for himself. At the same time, detailed instructions are given regarding the use of certain means of protecting personal information, which will be understandable to absolutely any user.
Nor should cybersecurity professionals write off this book. The author has done a lot of work on structuring the main ways to ensure digital security, and every specialist will find something to learn from this book.
P.S. The review was written by an outsider. Don't criticize me for writing reviews of my books. Everything is fair. If you liked it, please add a PLUS SIGN
.
The Art of Digital Self-Defense
First of all, the new book by Dmitry Artimovich, a Russian expert in the field of information security and a former hacker, is of interest as a popular science reading that reveals in an accessible language all aspects of cyber threats in the modern world aimed at the average person. There are no complicated phrases and terms in this book, everything is written as simply and clearly as possible.
At the very beginning of the book, the author lists 4 rules for protecting against the threat of fraud on the Internet. These rules remain the basis of personal information security today:
- Install antivirus software on your personal computer.
- Keep your software updated in a timely manner.
- Install software only from trusted sources.
- Do not share your payment details with anyone, especially by phone (card numbers, SMS codes, etc.).
The author identifies five major blocks in the book, each of which is associated with various ways of implementing information security threats and recommendations for protection. In the course of the story, the text is diluted with references to the author's previous books.
Dmitry writes in simple language about complex things, supporting them with clear examples. Even the technically complex process of describing and classifying malicious software in the first section can be turned into a rather fascinating and interesting activity. The author does not hesitate to admit his own failures, when he himself became a victim of account hijacking in the well-known ICQ. At the same time, the technical component of the book does not suffer from the use of simple terminology at all. The article covers issues related to the differences between Trojans, viruses, and worms, which only at first glance are synonymous. An interesting point: this section also describes legitimate methods for obtaining information, such as keyloggers in DLP systems.
In the second chapter, the author touches on aspects of information security on smartphones and IoT devices, which is probably the most relevant for most readers. It is interesting to use QR codes in the text, which complement the information provided quite well. The author gives a description of the main malware that affects Android and iOS devices. Moreover, iOS devices seem generally invulnerable, but only at first glance. General recommendations seem obvious, but the lion's share of Android devices becomes attacked by one or another malware, due to the actions of the user who downloaded the apk. file on the Internet. There is a reason to think about whether the permissions that we give apps without looking at them are really necessary. Why does the flashlight app, downloaded from an Internet site, need access to GPRS?
The third chapter reveals one of the most common types of Internet fraud today, social engineering. The author gives a very succinct thesis: "The weakest link of the system is its user." Thanks to the development of social networks and the careless attitude of people to personal data, experienced cybercriminals who are well versed in psychology are able to manipulate the victim. The historical background of the "Nigerian letter", already known from numerous Internet memes, is very well worked out- a letter to the victim's email address informing about entering into a rich inheritance in a distant country, but in order to receive it, you need to pay a small insurance premium using the specified banking details. It's funny, isn't it? Yes, it's very funny, but every year thousands of people transfer money to intruders who use such techniques. The main message is that it is necessary to carefully observe digital hygiene, restrict access to personal information on the network and do not leave your personal data on unknown resources.
The fourth section is devoted to threats related to carding, a type of fraud related to payment cards in one way or another. This section is relatively small compared to the rest, but it probably contains an excessive number of recommendations.
The author emphasizes the importance of data protection and backup in the fifth section, delving into methods of data protection that at first glance do not seem necessary. This section of the book tells the story of the problems of the author's interaction with public authorities, in which he was often subjected to the seizure of personal electronics and money. Dmitry also urges not to trust commercial software in matters of encryption, despite their mandatory certification. The thesis is put forward that any such cryptographic system has an additional loophole, which is used by special services. Also, you should not trust modern messengers, and even more so, conduct a working correspondence there.
The author quite emotionally questions the theses of modern IT giants related to the inaccessibility of user data to anyone but the user himself. This is especially evident against the background of the revelation of former CIA employee Edward Snowden regarding the PRISM Internet surveillance system. And if in the first four sections, Dmitry described ways to protect against fraud by "evil hackers", then the fifth section from the point of view of the layman looks like paranoia. But is it true? In fact, no, because even at first glance the most ordinary person can become the subject of such actions on the part of both government intelligence agencies and corporations. And if you really care about the safety of your personal data, then at least you should not immediately reject the information protection methods proposed in the fifth section.
If this book falls into the hands of a person who is familiar with the world of computer crime only by hearsay or not at all familiar, he will experience a strong shock from how easy and ordinary Internet scammers act. But after studying the book, even a person who is very far from the field of information security will draw conclusions for himself. At the same time, detailed instructions are given regarding the use of certain means of protecting personal information, which will be understandable to absolutely any user.
Nor should cybersecurity professionals write off this book. The author has done a lot of work on structuring the main ways to ensure digital security, and every specialist will find something to learn from this book.
P.S. The review was written by an outsider. Don't criticize me for writing reviews of my books. Everything is fair. If you liked it, please add a PLUS SIGN
.
