|
Introduction
|
xi |
|
1: Crime, Terrorism, Spying, and War
|
1 |
|
Cyberconflicts and National Security
|
1 |
|
Counterterrorism Mission Creep
|
4 |
|
Syrian Electronic Army Cyberattacks
|
7 |
|
The Limitations of Intelligence
|
8 |
|
Computer Network Exploitation vs. Computer Network Attack
|
11 |
|
iPhone Encryption and the Return of the Crypto Wars
|
13 |
|
Attack Attribution and Cyber Conflict
|
16 |
|
Metal Detectors at Sports Stadiums
|
19 |
|
The Future of Ransomware
|
21 |
|
2: Travel and Security
|
25 |
|
Hacking Airplanes
|
25 |
|
Reassessing Airport Security
|
28 |
|
3: Internet of Things
|
31 |
|
Hacking Consumer Devices
|
31 |
|
Security Risks of Embedded Systems
|
32 |
|
Samsung Television Spies on Viewers
|
36 |
|
Volkswagen and Cheating Software
|
38 |
|
DMCA and the Internet of Things
|
41 |
|
Real-World Security and the Internet of Things
|
43 |
|
Lessons from the Dyn DDoS Attack
|
47 |
|
Regulation of the Internet of Things
|
50 |
|
Security and the Internet of Things
|
53 |
|
Botnets
|
69 |
|
IoT Cybersecurity: What’s Plan B?
|
70 |
|
4: Security and Technology
|
73 |
|
The NSA’s Cryptographic Capabilities
|
73 |
|
iPhone Fingerprint Authentication
|
76 |
|
The Future of Incident Response
|
78 |
|
Drone Self-Defense and the Law
|
81 |
|
Replacing Judgment with Algorithms
|
83 |
|
Class Breaks
|
87 |
|
5: Elections and Voting
|
89 |
|
Candidates Won’t Hesitate to Use Manipulative Advertising to Score Votes
|
89 |
|
The Security of Our Election Systems
|
91 |
|
Election Security
|
93 |
|
Hacking and the 2016 Presidential Election
|
96 |
|
6: Privacy and Surveillance
|
99 |
|
Restoring Trust in Government and the Internet
|
99 |
|
The NSA Is Commandeering the Internet
|
102 |
|
Conspiracy Theories and the NSA
|
104 |
|
How to Remain Secure against the NSA
|
106 |
|
Air Gaps
|
110 |
|
Why the NSA’s Defense of Mass Data Collection Makes No Sense
|
114 |
|
Defending Against Crypto Backdoors
|
117 |
|
A Fraying of the Public/Private Surveillance Partnership
|
121 |
|
Surveillance as a Business Model
|
123 |
|
Finding People’s Locations Based on Their Activities in Cyberspace
|
125 |
|
Surveillance by Algorithm
|
128 |
|
Metadata = Surveillance
|
132 |
|
Everyone Wants You to Have Security, But Not from Them
|
133 |
|
Why We Encrypt
|
136 |
|
Automatic Face Recognition and Surveillance
|
137 |
|
The Internet of Things that Talk about You behind Your Back
|
141 |
|
Security vs. Surveillance
|
143 |
|
The Value of Encryption
|
145 |
|
Congress Removes FCC Privacy Protections on Your Internet Usage
|
148 |
|
Infrastructure Vulnerabilities Make Surveillance Easy
|
150 |
|
7: Business and Economics of Security
|
155 |
|
More on Feudal Security
|
155 |
|
The Public/Private Surveillance Partnership
|
158 |
|
Should Companies Do Most of Their Computing in the Cloud?
|
160 |
|
Security Economics of the Internet of Things
|
165 |
|
8: Human Aspects of Security
|
169 |
|
Human-Machine Trust Failures
|
169 |
|
Government Secrecy and the Generation Gap
|
171 |
|
Choosing Secure Passwords
|
173 |
|
The Human Side of Heartbleed
|
177 |
|
The Security of Data Deletion
|
179 |
|
Living in a Code Yellow World
|
180 |
|
Security Design: Stop Trying to Fix the User
|
182 |
|
Security Orchestration and Incident Response
|
184 |
|
9: Leaking, Hacking, Doxing, and Whistleblowing
|
189 |
|
Government Secrets and the Need for Whistleblowers
|
189 |
|
Protecting Against Leakers
|
193 |
|
Why the Government Should Help Leakers
|
195 |
|
Lessons from the Sony Hack
|
197 |
|
Reacting to the Sony Hack
|
200 |
|
Attack Attribution in Cyberspace
|
203 |
|
Organizational Doxing
|
205 |
|
The Security Risks of Third-Party Data
|
207 |
|
The Rise of Political Doxing
|
210 |
|
Data Is a Toxic Asset
|
211 |
|
Credential Stealing as an Attack Vector
|
215 |
|
Someone Is Learning How to Take Down the Internet
|
216 |
|
Who Is Publishing NSA and CIA Secrets, and Why?
|
218 |
|
Who Are the Shadow Brokers?
|
222 |
|
On the Equifax Data Breach
|
226 |
|
10: Security, Policy, Liberty, and Law
|
229 |
|
Our Newfound Fear of Risk
|
229 |
|
Take Back the Internet
|
232 |
|
The Battle for Power on the Internet
|
234 |
|
How the NSA Threatens National Security
|
241 |
|
Who Should Store NSA Surveillance Data?
|
244 |
|
Ephemeral Apps
|
247 |
|
Disclosing vs. Hoarding Vulnerabilities
|
249 |
|
The Limits of Police Subterfuge
|
254 |
|
When Thinking Machines Break the Law
|
256 |
|
The Democratization of Cyberattack
|
258 |
|
Using Law against Technology
|
260 |
|
Decrypting an iPhone for the FBI
|
263 |
|
Lawful Hacking and Continuing Vulnerabilities
|
265 |
|
The NSA Is Hoarding Vulnerabilities
|
267 |
|
WannaCry and Vulnerabilities
|
271 |
|
NSA Document Outlining Russian Attempts to Hack Voter Rolls
|
275 |
|
Warrant Protections against Police Searches of Our Data
|
277 |
|
References
|
281 |