Now, is it advisable to read it? In my opinion the book as such is a bit boring, although the basic concept is exciting and can make anyone's hair stand on end. Apart from the cases he analyzes, in too much detail for my taste, there are many others, even more interesting, that he does not even mention. Therefore, always in my modest opinion, the book, as a whole, becomes quite heavy, but at the beginning of it, the reality to which it mentions in the book, is chilling, and this is precisely the reason why I recommend reading it since in it Baker discovers an exciting underworld for those of us who are dedicated to the world of security and, undoubtedly, scary for those who are simply users of information and communication technologies.
The Numerati know everything about us. They analyze trillions of data daily to establish profiles of users, buyers, voters and a long etcetera. Legions of engineers and mathematicians who scrutinize the network in search and capture of information that allows to establish patterns of behavior, groups of user profiles, groups of individuals. The first of this saga, or at least the first celebrities, were Sergey Brin and Larry Page, co-founders of Google.
One of the first issues that this book makes you think about is the dubious usefulness of certain laws, such as the LOPD, in the face of such a reality. I do not know what the members of the AEPD (Spanish Agency for Data Protection) have to say before the reality shown in a book as disturbing as this. The LOPD can say whatever it wants, but the fact is that the Numerati exist and, apparently, are not subject to laws. They know who we are, the tastes we have, our political ideology, our sexual tastes and a lot of other things that we can't even imagine and here we are worrying about whether the shopkeeper on the corner has our mobile phone number or if at school our children are asked about their parents' profession.
The Numerati analyze our digital footprint and use it for business development, to create opinion, to manipulate the masses, sometimes taking advantage of numerical and statistical patterns that nobody thought in their day would be investigated. For example, as indicated in the book, according to a study by Carnegie Mellon University, simply by knowing the date of birth, sex and postal district can obtain 87% of the SSN (Social Security Number) of the US population, which not only identifies them, but whose importance has always forced them to be kept secret, since only with this one you can quite a few financial operations. Amazing, isn't it? This is barbaric.
What applications have the information we may collect on our security or on the security of our businesses? Like the Numerati they scrutinize the network looking under the bits for our preferences, our tastes, passions, hatreds, etc ... the security companies of the world do an equivalent job collecting all kinds of information about the identity of natural and legal persons that may directly or indirectly impact the security of their customers. Through all the logs that are stored in the exercise of your business activity, through the available information services or even making use of netbots developed ad-hoc to investigate certain characteristics of the Internet, it is possible to develop IP addressing taxonomies with a clear application in terms of security.
Making use of all this information we could classify IPs or IP ranges according to a calculated and scheduled risk, with a specific numerical method of calculation. For example, a priori and without having a single additional data, an IP address geographically located in China or Russia is not the same as a geolocated IP address in Madrid. We could even analyze what happens to the "organization" in the IP addressing map within a company. A type of traffic that comes from a computer in the IT department is not the same as that coming from a segment of interns or contractors.
In general terms we would be interested to know EVERYTHING about the IPs of the world in terms of security, making the simile of the IP as a citizen of the virtual world, which after all is what it really is. Security companies need to become the monster of cataloguing the behavior of cyber citizens on the network by looking for:
Author: José Rosell
Source: Security Art Work
