IST 497B -Cyber -crime and Cyber-warfare

Resources

KEY:

 

BK: Book

BN: Blog & Newsletters

GV: Government

PJ: Professional Online Journals

PO: Players & Organizations

SA: Scholarly Articles

TL: Tools

UV: University    

VD: Video

WB: Web site

WP: White Paper

Not Categorized yet

Keywords: Cyber Stalking; Cyber Syndicates; Cyber Terrorism; Online Violent Extremism;

1.    WP. Countering Violent Extremism in United States. Congressional Research Services. http://fas.org/sgp/crs/homesec/R42553.pdf

2.    WP. Promoting Online Voices for Countering Violent Extremism. Rand. http://www.rand.org/pubs/research_reports/RR130.html

3.    GV. Countering Violent Extremism.  http://www.dhs.gov/topic/countering-violent-extremism

4.    GV. National Cyber Forensics and Training Alliance. http://www.ncfta.net/

5.    UV. Institute for Cyber Science. http://ics.psu.edu/

6.    TL. Cyberpunks vs Syndicates GAME. http://www.kongregate.com/games/mososh/cyberpunks-vs-syndicates

7.    PO. Against Violent Extremism. http://www.againstviolentextremism.org/

8.    BN. Google Ideas. Network Against Violent Extremism.  http://www.google.com/ideas/projects/network-against-violent-extremism/

 

 

===========================================================

Organized by course topical areas

===========================================================

 

NOTE: Some white papers require free registration for access.  This is necessary to comply with copyright law and the wishes of the publishers.

 

 

Penn State Resources

 

       UV. Penn State Center for Cyber-Security, Information Privacy and Trust - http://cybersecurity.ist.psu.edu/index.php

       UV. Penn State Cyber-Security Lab - http://s2.ist.psu.edu/

 

 

US Government Resources

 

NOTE: Some of these, such as NIST documents, may be listed below in topical areas.

 

       GV: NSA Information Assurance advice and resources - http://www.nsa.gov/ia/mitigation_guidance/index.shtml

       GV: US Computer Emergency Readiness Team - http://www.us-cert.gov/

       WB: NIST Cyber-security framework, industry resources - http://www.nist.gov/cyberframework/cybersecurity-framework-industry-resources.cfm

       GV: Complete list of NIST Information Security Publications - http://csrc.nist.gov/publications/PubsTC.html

       GV: NICCS – National Initiative for Cybersecurity Careers and Studies - http://niccs.us-cert.gov/

 

 

Hacking Educational Resources

 

Security professionals must understand how systems are attacked and compromised in order to effectively protect those systems.  Following is a list of Web sites that provide learning resources for ethical hacking.

 

       WB: Hack This Site - https://www.hackthissite.org/

       WB: Hack This! - https://www.hackthis.co.uk/

       WB: Hack in the Box - http://www.hitb.org/

       WB: Hack a Day - http://hackaday.com/

       WB: Evil Zone - https://evilzone.org/

       WB: Security Tube - http://www.securitytube.net/

 

 

Blogs and Newsletters

 

       BN:  Bruce Schneier Crypt-O-Gram -- http://www.schneier.com/crypto-gram.html

       BN:  Secure State Blog -- http://blog.securestate.com/

       BN:  Krebs on Security -- http://krebsonsecurity.com/

       BN:  CSM Passcode --  http://www.csmonitor.com/World/Passcode

 

 

 

(1) The importance of  understanding cyber-crime and cyber warfare (Santoro)

 

       GV. Cyber Crime. FBI. http://www.fbi.gov/about-us/investigate/cyber

       GV.  CNSS National Information Assurance Glossary

http://www.isoc.org/internet/history/brief.shtml

       BN. Top information security breaches in history

http://www.devry.edu/know-how/top-information-security-breaches-in-history/

       PJ. The 15 worst data security breaches of the 21’st Century

http://www.csoonline.com/article/700263/the-15-worst-data-security-breaches-of-the-21st-century

     WP.  The Economic Impact of Cyber-crime.  http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf

     BN. New Ponemon report shows cybercrime is on the rise.  http://www.techrepublic.com/article/new-ponemon-report-shows-cybercrime-is-on-the-rise/

     BN.  Hacker attack on federal security contractor not noticed for months, report claims.  http://www.foxnews.com/tech/2014/11/04/hacker-attack-on-federal-security-contractor-not-noticed-for-months-report/

     BN.  Bank’s Concerns about Cyberthreats Grow.  http://www.bankinfosecurity.com/banks-concerns-about-cyberthreats-grow-a-7486/op-1

     BN.  Global cyber-attacks up 48% in 2014.  http://www.cgma.org/Magazine/News/Pages/201411089.aspx?TestCookiesEnabled=redirect

     BN.  The big one: The makings of a global cyber attack.  http://www.infoworld.com/article/2838986/malware/what-makes-a-cyber-attack-go-big.html

     WP.  Microsoft Security Intelligence Report - Worldwide Threat Assessment.   http://www.microsoft.com/en-us/download/details.aspx?id=44937

     WP. 2014 Ponemon Cost of Data Breach Security

http://www.techrepublic.com/resource-library/whitepapers/2014-ponemon-cost-of-data-breach-study/post/?promo=99

      

 

 

 

 

(2) The major players (Santoro)

       BN. The Ukrainian Crisis- A Cyber Warfare Battlefield http://defense-update.com/20140405_ukrainian-crisis-cyber-warfare-battlefield.html#.VFeTaovF9vY

       BN. In China, Cyber Crime Underground Activities Doubled in 2013. http://www.darkreading.com/in-china-cybercrime-underground-activity-doubled-in-2013/d/d-id/1306921

       SA. Organizations and Cyber Crime. An analysis of the nature of groups engaged in Cyber Crime.  http://www.cybercrimejournal.com/broadhurstetalijcc2014vol8issue1.pdf

       BN.  Russian Cybercrime Network Targets US Bank Customers.  http://www.tomsguide.com/us/russian-cybecrime-online-banking,news-19700.html

       WB. Terrorism Research & Analysis Consortium..  http://www.trackingterrorism.org/

       WB. Indictment of PLA hackers is part of broad U.S. strategy to curb Chinese cyberspying. The Washington Post. http://www.washingtonpost.com/world/national-security/indictment-of-pla-hackers-is-part-of-broad-us-strategy-to-curb-chinese-cyberspying/2014/05/22/a66cf26a-e1b4-11e3-9743-bb9b59cde7b9_story.html

        

 

(3) Tools of Attack (Santoro)

 

       BK. T. J. O’Connor. Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers. http://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579/ref=sr_1_9?s=books&ie=UTF8&qid=1411583519&sr=1-9&keywords=cyber+hack

       WB. Top 125 Security Tools -  http://sectools.org/

       WB. Ping of Death - http://insecure.org/sploits/ping-o-death.html

       VD.  Kevin Mitnick on Social Engineering - http://www.youtube.com/watch?v=1doZ-Jlu0mE

       WB. SANS article showing how DNS spoofing can lead to MITM attack - http://www.sans.org/reading_room/whitepapers/dns/dns-spoofing-man-middle_1567

       WB. Mariposa Botnet -  http://www.csmonitor.com/USA/2011/0630/How-the-FBI-and-Interpol-trapped-the-world-s-biggest-Butterfly-botnet

       WB. America’s 10 most-wanted BOTnets. http://www.networkworld.com/news/2009/072209-botnets.html

       WB. An unprecedented look at Stuxnet, the world’s first digital weapon. http://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/

       WB. Year of the RAT: China’s malware war on activists goes mobile. http://arstechnica.com/security/2014/10/year-of-the-rat-chinas-malware-war-on-activists-goes-mobile/

       WB: 100+ Free Hacking Tools

http://www.fromdev.com/2014/09/free-hacking-tools-hacker.html

       SA: A Guide to War Driving and Detecting Wardrivers. SANS

https://www.sans.org/reading-room/whitepapers/wireless/guide-wardriving-detecting-wardrivers-174

 

 

(4) Vulnerability - Anatomy of a network attack (Santoro)

       BN. Heartbleed: Understanding When We Disclose Cyber Vulnerabilities. http://www.whitehouse.gov/blog/2014/04/28/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities

       WB. Cross-site scripting FAQ http://www.cgisecurity.com/xss-faq.html

       VD.  SQL Injection – walking through walls (video) http://www.youtube.com/watch?v=jMQ2wdOmMIA

       WB. Cyberattack on U.S Infrastructure. http://www.cfr.org/global/global-conflict-tracker/p32137#!/?marker=2

       WB. America’s Critical Infrastructure is Vulnerable to Cyber Attacks. Forbes. http://www.forbes.com/sites/realspin/2014/11/11/americas-critical-infrastructure-is-vulnerable-to-cyber-attacks/

       WB. Cyber Attacks likely to Increase. Pew Research,  Internet Center. http://www.pewinternet.org/2014/10/29/cyber-attacks-likely-to-increase/

       WB. The Darkhotel Apt: the Story of Unusual Hospitality.  https://securelist.com/files/2014/11/darkhotel_kl_07.11.pdf

       WB. Risky Management: Cybersecurity Breaches and Social Media Use Are Top Concerns for Boards. http://www.natlawreview.com/article/risky-management-cybersecurity-breaches-and-social-media-use-are-top-concerns-boards

       WB. 1.2 billion logins scooped up by CyberVor hacking crew  - what you need to do. https://nakedsecurity.sophos.com/2014/08/06/1-2-billion-logins-scooped-up-by-cybervor-hacking-crew-what-you-need-to-do/

 

 

(5) Information compromise (Glantz)

       WB. JPMorgan Chase Hacking Affects 76 Million Households. http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/?_r=0

       WB. Sony Picture corporate network compromised by a major attack. http://securityaffairs.co/wordpress/30498/cyber-crime/sony-pictures-corporate-network-compromised-major-attack.html

       GV. Internet Social Networking Risks. http://www.fbi.gov/about-us/investigate/counterintelligence/internet-social-networking-risks

 

 

(6) Important current developing areas (Glantz)

 

       BN.  Smart Grid and Cyber Security. https://www.smartgrid.gov/recovery_act/overview/standards_interoperability_and_cyber_security/cyber_security

       BN.  Smart Grid and Cyber Security.  NEMA: National Electrical Manufacturer Association. http://www.nema.org/Policy/Energy/Smartgrid/Pages/default.aspx

       BN. Smart Grid Cybersecurity Committee (SGCC).  Smart Grid Interoperability Panel. http://www.sgip.org/Smart-Grid-Cybersecurity-Committee-SGCC

     PO. Barnes & Thornburg. Cloud Computing Law http://www.btcloudcomputinglaw.com/

 

(7) Policy on Cyber Crime & Terrorism (Hancock/Forster)

 

       WP. National Cyber Security Strategy 2013. https://www.gov.uk/government/publications/national-cyber-security-strategy-2-years-on

       PO. Cyberbulling Research Center. http://cyberbullying.us/

       GV. Cyberbullying. National Conference of State Legislatures. http://www.ncsl.org/research/education/cyberbullying.aspx

       UV. Berkman Center for Internet & Society. http://cyber.law.harvard.edu/

     WP.  NIST. Framework for Improving Critical Infrastructure Cybersecurity. http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf

 

(8) Law pertaining to cyber-crime (Hancock/Forster)

 

       GV. State Cyber-stalking and Cyber-harassment Laws. National Conference of State Legislations. http://www.ncsl.org/research/telecommunications-and-information-technology/cyberstalking-and-cyberharassment-laws.aspx

       PJ. Cybercrime Law. http://www.cybercrimelaw.net/Cybercrimelaw.html

        

 

(9) Cyber-terrorism and cyber-activism (Hancock/Forster)

 

       BK. Molly Sauter, Ethan Zuckerman. The Coming Swarm: DDOS Actions, Hacktivism, and Civil Disobedience on the Internet. http://www.amazon.com/Coming-Swarm-Hacktivism-Disobedience-Internet/dp/1623564565/ref=sr_1_1?s=books&ie=UTF8&qid=1411584160&sr=1-1&keywords=hacktivism

       BN. Hactivism: Means and Motivations…What Else?  InfoSec Institute. http://resources.infosecinstitute.com/hacktivism-means-and-motivations-what-else/

       BN. Hactivism. http://mashable.com/category/hacktivism/

        

 

(10) Cyber-warfare - the new frontier (Hancock/Forster)

 

     SA. Galen Grimes. How prepared are we for the cyber warfare? https://scholarsphere.psu.edu/downloads/8623j030s

     BK. The Cyber Military Revolution and the Need for a New Framework of War. 2014.  http://www.amazon.com/Cyber-Military-Revolution-Need-Framework/dp/1500610801/ref=sr_1_4?s=books&ie=UTF8&qid=1411583481&sr=1-4&keywords=cyber+war

       BN. Cameron Stevens. Casualties of Cyber Warfare. http://thediplomat.com/2014/08/casualties-of-cyber-warfare/

       BN. Cyber Warfare. Financial Times.

              http://www.ft.com/indepth/cyberwarfare

       BN. Cyber Warfare. Rand. http://www.rand.org/topics/cyber-warfare.html

       BN. Cyber Warfare. RSA Speaking of Security. https://blogs.rsa.com/tag/cyberwarfare/

       BK. Jason Andress, Steve Winterfeld. Cyber Warfare, Second Edition: Techniques, Tactics and Tools for Security Practitioners. 2013.

http://www.amazon.com/Cyber-Warfare-Second-Techniques-Practitioners/dp/0124166725/ref=sr_1_1?s=books&ie=UTF8&qid=1411583519&sr=1-1&keywords=cyber+hack

       BN. The New York Times. Cyber Warfare. http://topics.nytimes.com/top/reference/timestopics/subjects/c/cyberwarfare/index.html

       BK. P. W. Singer, Allan Friedman. Cybersecurity and Cyberwar: What Everyone Needs to Know.

http://www.amazon.com/Cybersecurity-Cyberwar-Everyone-Needs-Know%C2%AE/dp/0199918112/ref=sr_1_2?s=books&ie=UTF8&qid=1411583481&sr=1-2&keywords=cyber+war

       VD. Staged cyber attack reveals vulnerability in power grid http://www.youtube.com/watch?v=fJyWngDco3g&list=FLIQk9hVzgU9CMmk8bT-e38w&index=224

 

 

(11) Cyber-warfare policy and response (Hancock/Forster)

       SA. Russia’s Public Stance on Cyberspace issues. http://www.ccdcoe.org/publications/2012proceedings/2_1_Giles_RussiasPublicStanceOnCyberInformationWarfare.pdf

       GV: National Cybersecurity and Communications Integration Center. https://www.us-cert.gov/nccic

       BN. Interpol’s new centre to counter cybercrime.  http://news.asiaone.com/news/singapore/interpols-new-centre-counter-cybercrime

        

 

(12) Strategic measures and future issues (Santoro)

 

     SA. SANS institute InfoSec Reading Room Straddling the Next Frontier Part 2: How Quantum Computing has already begun impacting the CyberSecurity landscape. http://www.sans.org/reading-room/whitepapers/securitytrends/straddling-frontier-2-quantum-computing-begun-impacting-cyber-se-35395

     TL. Cyber Robotics Learning Center.  http://www.cyberroboticslearning.com/

     BN.  How Israel is Rewriting the Future of Cybersecurity and Creating the Next Silicon Valley. TechRepublic. http://www.techrepublic.com/article/how-israel-is-rewriting-the-future-of-cybersecurity-and-creating-the-next-silicon-valley/

     WB.  Quantum-key distribution - http://en.wikipedia.org/wiki/Quantum_key_distribution