File #2521: "2018_Book_CyberWeaponry.pdf"
Text
1|Dedication|6
1|Foreword|7
1|Preface|9
1|About the Study Questions|11
1|Acknowledgment|12
1|Contents|13
1|Chapter 1: Weaponization of Computers|15
2|1.1 Weaponization|15
2|1.2 Weaponizing Computers|16
2|1.3 How Is Weaponizing Done?|18
2|1.4 Who Does It?|18
2|1.5 Implications for Policy and Practice|19
3|1.5.1 Legislative Control|19
3|1.5.2 Malware Marketplaces|19
3|1.5.3 Need for Self-Defence|20
3|1.5.4 Personal Privacy|20
3|1.5.5 Dual-Purpose Weapons|21
3|1.5.6 Business Sector and Non-government Organizations|21
3|1.5.7 Cyber War|22
3|1.5.8 State´s Obligation to Citizen Protection|22
3|1.5.9 Use in Disrupting Drug Trafficking|23
3|1.5.10 Cyber Counterintelligence|24
2|1.6 Cyber-Security Myth|24
2|1.7 Principal Concepts|25
2|1.8 Study Questions|25
2|1.9 Learning Activity|25
2|Reference|26
1|Chapter 2: Human Nature and Cyber Weaponry: Use of Denial and Deception in Cyber Counterintelligence|27
2|2.1 Background|27
2|2.2 The Cyber Espionage Threat|29
2|2.3 Counterintelligence Definitions, Status, and Frameworks|31
2|2.4 Cyber Counterintelligence Framework in Active Cyber Defense|32
2|2.5 Cyber Denial and Deception Techniques and Technologies to Enhance Cyber Counterintelligence in Active Cyber Defense|35
2|2.6 Hypothetical Case Study|36
2|2.7 Conclusion|39
2|2.8 Principal Concepts|39
2|2.9 Study Questions|39
2|2.10 Learning Activities|40
2|References|40
1|Chapter 3: The Human Element: The ``Trigger´´ on Cyber Weapons|42
2|3.1 Introduction|42
2|3.2 Rationale|43
2|3.3 Who|44
2|3.4 How|45
3|3.4.1 Attack Vectors|45
2|3.5 Why|46
3|3.5.1 Identify Vital Information Assets|46
3|3.5.2 Assess Your Vital Information Assets´ Vulnerability|48
3|3.5.3 Vital Information|49
4|3.5.3.1 Basics|49
4|3.5.3.2 IT Infrastructure|49
4|3.5.3.3 Internet of Things|50
4|3.5.3.4 Public Networks and Social Media|50
3|3.5.4 Reinforce Basic Protections|50
3|3.5.5 Improve Awareness|51
3|3.5.6 Act, But Do Not Over React|52
2|3.6 Best Practice|53
2|3.7 Conclusion|55
2|3.8 Principal Concepts|56
2|3.9 Study Questions|56
2|3.10 Learning Activity|56
2|References|57
1|Chapter 4: Cyber Defense for IMGs and NGOs Using Crime Prevention Through Environmental Design|60
2|4.1 Background|60
2|4.2 Introduction|60
2|4.3 Role of Social Media in Protest|61
2|4.4 Background to CPTED|63
2|4.5 Developing a Cyber Defence Plan|64
3|4.5.1 Creating the Network|65
3|4.5.2 Gathering Information|65
3|4.5.3 Sending Information|66
2|4.6 Using CPTED|66
3|4.6.1 Surveillance|66
3|4.6.2 Legibility|67
3|4.6.3 Territoriality|67
3|4.6.4 Ownership of the Space|68
3|4.6.5 Management of the Space|68
3|4.6.6 Vulnerability|68
2|4.7 Agent Provocateur|69
2|4.8 Conclusion|69
2|4.9 Principal Concepts|70
2|4.10 Study Questions|70
2|4.11 Learning Activity|71
2|References|71
1|Chapter 5: Drinking from a Fire Hydrant: Information Overload As a Cyber Weapon|72
2|5.1 Introduction|72
2|5.2 Cyber War|73
2|5.3 Fog of War|74
2|5.4 Typology|75
2|5.5 X Axis|76
2|5.6 Y Axis|78
2|5.7 Z Axis|79
2|5.8 Conclusion|81
2|5.9 Principal Concepts|81
2|5.10 Study Questions|81
2|5.11 Learning Activity|82
2|References|82
1|Chapter 6: Archer´s Stakes in Cyber Space: Methods to Analyze Force Advantage|84
2|6.1 Introduction|84
2|6.2 Framework One|85
3|6.2.1 Analysing State Deployment of Cyber Weapons|85
3|6.2.2 Case Study One-Operation Orchard|88
3|6.2.3 Analysing Operation Orchard|88
2|6.3 Framework Two|90
3|6.3.1 Analysing State Deployments of Cyber Weapons|90
3|6.3.2 Case Study Two-Stuxnet|93
3|6.3.3 Analysing Stuxnet|94
3|6.3.4 Predictive Analysis|95
2|6.4 Conclusion|96
2|6.5 Principal Concepts|96
2|6.6 Study Questions|96
2|6.7 Learning Activity|97
2|References|97
1|Chapter 7: The Rule of Law: Controlling Cyber Weapons|99
2|7.1 Introduction|99
2|7.2 Background|100
2|7.3 Criminogenic Risk|101
2|7.4 The Law as Protection|103
2|7.5 Hazard Identification|104
3|7.5.1 Scalable Regulatory Framework|105
3|7.5.2 Regulatory Options|106
2|7.6 Discussion|107
3|7.6.1 Classes of Weapons|108
2|7.7 Conclusion|110
2|7.8 Principal Concepts|111
2|7.9 Study Questions|111
2|7.10 Learning Activity|111
2|References|111
1|Chapter 8: Double-Edged Sword: Dual-Purpose Cyber Security Methods|113
2|8.1 Introduction|113
2|8.2 System Logging|114
2|8.3 Vulnerability Scanners|117
3|8.3.1 Network and Traffic Monitoring|119
2|8.4 Conclusion|121
2|8.5 Principal Concepts|122
2|8.6 Study Questions|122
2|8.7 Learning Activity|122
2|References|123
1|Chapter 9: ``Who Was That Masked Man?´´: System Penetrations-Friend or Foe?|125
2|9.1 Introduction|125
2|9.2 Hacking Typology|126
3|9.2.1 Black Hats|126
3|9.2.2 White Hats|126
3|9.2.3 Gray Hats|126
2|9.3 Ethical Hacking|127
2|9.4 Ethical Hacking As a Career|127
2|9.5 Training and Education|128
2|9.6 Penetration Testing|129
2|9.7 Real-World Pen Testing|129
2|9.8 Software Programs and Methods|129
3|9.8.1 Aircrack|130
3|9.8.2 Burpsuite|130
3|9.8.3 Cain and Abel|130
3|9.8.4 Hashcat|130
3|9.8.5 Hydra|130
3|9.8.6 Kali Linux|131
3|9.8.7 Metasploit|131
3|9.8.8 Nessus|131
3|9.8.9 Nmap|131
3|9.8.10 Zap|132
2|9.9 Hardware Devices|132
3|9.9.1 Pwn Phone|132
3|9.9.2 Pwn Plug|132
3|9.9.3 USB Rubber Ducky|132
3|9.9.4 WiFi Pineapple|133
2|9.10 Other Software and Methods|133
3|9.10.1 OWASP Top 10|133
3|9.10.2 Powershell|133
3|9.10.3 Python|134
2|9.11 Friend or Foe?|134
2|9.12 Principal Concepts|135
2|9.13 Study Questions|135
2|9.14 Learning Activity|135
2|References|136
1|Chapter 10: Development and Proliferation of Offensive Weapons in Cyber-Security|137
2|10.1 Introduction|137
2|10.2 What Makes a Weapon in Cyberspace?|137
2|10.3 Building Destructive Software|138
2|10.4 Destructive Effects Used for Strategic Ends|140
3|10.4.1 Knowing What to Hit-Intelligence Infrastructure|141
3|10.4.2 Effects over a System|141
3|10.4.3 Making it Dependable-Reliability in Software Engineering|142
2|10.5 Where the State Might Have an Advantage|142
2|10.6 Proliferation in Cyber-Security-Role of the Malware Markets|145
3|10.6.1 Malware Markets|146
3|10.6.2 High-End Cluster|146
3|10.6.3 Low-End Cluster|148
2|10.7 Conclusion|149
2|10.8 Principal Concepts|149
2|10.9 Study Questions|149
2|10.10 Learning Activities|150
2|References|150
1|Chapter 11: No Smoking Gun: Cyber Weapons and Drug Traffickers|154
2|11.1 Introduction|154
2|11.2 Context|155
2|11.3 Strategy Options|156
2|11.4 War Metaphor|156
2|11.5 Drug Trafficking|157
2|11.6 International Relations|158
2|11.7 Repercussions of Military Intervention|159
3|11.7.1 Covert Operations|160
3|11.7.2 Offensive Information Warfare|161
2|11.8 Conclusion|164
2|References|165
1|Chapter 12: Autonomous Weapons: Terminator-Esque Software Design|168
2|12.1 Introduction|168
2|12.2 Autonomous Weapons|169
2|12.3 Moral Autonomy|171
2|12.4 Moral Responsibility and Autonomous Weapons|174
2|12.5 Prohibition of Autonomous Weapons|177
2|12.6 Summary|179
1|Chapter 13: Warfare of the Future|181
2|13.1 Introduction|181
2|13.2 Background|181
2|13.3 Industrial Control Systems-The Holy Grail of Cyber-War|185
2|13.4 Warfare of the Future|187
2|13.5 Re-thinking Traditional Principles in the Era of Cyber-Warfare|189
2|13.6 Conclusion|190
2|13.7 Principal Concepts|191
2|13.8 Study Questions|191
2|13.9 Learning Activity|192
2|References|192
1|Chapter 14: Researching Cyber Weapons: An Enumerative Bibliography|194
2|14.1 Introduction|194
2|14.2 Methods for Locating Information|195
2|14.3 Tides, Currents, Reefs|196
2|Books|197
2|Frequently Cited or Influential Books|197
2|Other Influential Books|198
2|Law Review/Journal Articles|198
2|Frequently-Cited Articles|198
2|Other Relevant Articles|199
2|Non-law Articles and Book Chapters|200
2|Frequently-Cited Article|200
2|Other Relevant Articles and Chapters|200
2|Gray Literature|202
2|Frequently-Cited Report|202
2|Other Relevant Reports|202
2|Government Documents|203
2|Frequently-Cited Government Documents|203
2|Other Relevant Government Documents|203
1|Erratum to: “Who Was That MaskedMan?”: System Penetrations—Friendor Foe?|205
1|Index|206
1|Foreword|7
1|Preface|9
1|About the Study Questions|11
1|Acknowledgment|12
1|Contents|13
1|Chapter 1: Weaponization of Computers|15
2|1.1 Weaponization|15
2|1.2 Weaponizing Computers|16
2|1.3 How Is Weaponizing Done?|18
2|1.4 Who Does It?|18
2|1.5 Implications for Policy and Practice|19
3|1.5.1 Legislative Control|19
3|1.5.2 Malware Marketplaces|19
3|1.5.3 Need for Self-Defence|20
3|1.5.4 Personal Privacy|20
3|1.5.5 Dual-Purpose Weapons|21
3|1.5.6 Business Sector and Non-government Organizations|21
3|1.5.7 Cyber War|22
3|1.5.8 State´s Obligation to Citizen Protection|22
3|1.5.9 Use in Disrupting Drug Trafficking|23
3|1.5.10 Cyber Counterintelligence|24
2|1.6 Cyber-Security Myth|24
2|1.7 Principal Concepts|25
2|1.8 Study Questions|25
2|1.9 Learning Activity|25
2|Reference|26
1|Chapter 2: Human Nature and Cyber Weaponry: Use of Denial and Deception in Cyber Counterintelligence|27
2|2.1 Background|27
2|2.2 The Cyber Espionage Threat|29
2|2.3 Counterintelligence Definitions, Status, and Frameworks|31
2|2.4 Cyber Counterintelligence Framework in Active Cyber Defense|32
2|2.5 Cyber Denial and Deception Techniques and Technologies to Enhance Cyber Counterintelligence in Active Cyber Defense|35
2|2.6 Hypothetical Case Study|36
2|2.7 Conclusion|39
2|2.8 Principal Concepts|39
2|2.9 Study Questions|39
2|2.10 Learning Activities|40
2|References|40
1|Chapter 3: The Human Element: The ``Trigger´´ on Cyber Weapons|42
2|3.1 Introduction|42
2|3.2 Rationale|43
2|3.3 Who|44
2|3.4 How|45
3|3.4.1 Attack Vectors|45
2|3.5 Why|46
3|3.5.1 Identify Vital Information Assets|46
3|3.5.2 Assess Your Vital Information Assets´ Vulnerability|48
3|3.5.3 Vital Information|49
4|3.5.3.1 Basics|49
4|3.5.3.2 IT Infrastructure|49
4|3.5.3.3 Internet of Things|50
4|3.5.3.4 Public Networks and Social Media|50
3|3.5.4 Reinforce Basic Protections|50
3|3.5.5 Improve Awareness|51
3|3.5.6 Act, But Do Not Over React|52
2|3.6 Best Practice|53
2|3.7 Conclusion|55
2|3.8 Principal Concepts|56
2|3.9 Study Questions|56
2|3.10 Learning Activity|56
2|References|57
1|Chapter 4: Cyber Defense for IMGs and NGOs Using Crime Prevention Through Environmental Design|60
2|4.1 Background|60
2|4.2 Introduction|60
2|4.3 Role of Social Media in Protest|61
2|4.4 Background to CPTED|63
2|4.5 Developing a Cyber Defence Plan|64
3|4.5.1 Creating the Network|65
3|4.5.2 Gathering Information|65
3|4.5.3 Sending Information|66
2|4.6 Using CPTED|66
3|4.6.1 Surveillance|66
3|4.6.2 Legibility|67
3|4.6.3 Territoriality|67
3|4.6.4 Ownership of the Space|68
3|4.6.5 Management of the Space|68
3|4.6.6 Vulnerability|68
2|4.7 Agent Provocateur|69
2|4.8 Conclusion|69
2|4.9 Principal Concepts|70
2|4.10 Study Questions|70
2|4.11 Learning Activity|71
2|References|71
1|Chapter 5: Drinking from a Fire Hydrant: Information Overload As a Cyber Weapon|72
2|5.1 Introduction|72
2|5.2 Cyber War|73
2|5.3 Fog of War|74
2|5.4 Typology|75
2|5.5 X Axis|76
2|5.6 Y Axis|78
2|5.7 Z Axis|79
2|5.8 Conclusion|81
2|5.9 Principal Concepts|81
2|5.10 Study Questions|81
2|5.11 Learning Activity|82
2|References|82
1|Chapter 6: Archer´s Stakes in Cyber Space: Methods to Analyze Force Advantage|84
2|6.1 Introduction|84
2|6.2 Framework One|85
3|6.2.1 Analysing State Deployment of Cyber Weapons|85
3|6.2.2 Case Study One-Operation Orchard|88
3|6.2.3 Analysing Operation Orchard|88
2|6.3 Framework Two|90
3|6.3.1 Analysing State Deployments of Cyber Weapons|90
3|6.3.2 Case Study Two-Stuxnet|93
3|6.3.3 Analysing Stuxnet|94
3|6.3.4 Predictive Analysis|95
2|6.4 Conclusion|96
2|6.5 Principal Concepts|96
2|6.6 Study Questions|96
2|6.7 Learning Activity|97
2|References|97
1|Chapter 7: The Rule of Law: Controlling Cyber Weapons|99
2|7.1 Introduction|99
2|7.2 Background|100
2|7.3 Criminogenic Risk|101
2|7.4 The Law as Protection|103
2|7.5 Hazard Identification|104
3|7.5.1 Scalable Regulatory Framework|105
3|7.5.2 Regulatory Options|106
2|7.6 Discussion|107
3|7.6.1 Classes of Weapons|108
2|7.7 Conclusion|110
2|7.8 Principal Concepts|111
2|7.9 Study Questions|111
2|7.10 Learning Activity|111
2|References|111
1|Chapter 8: Double-Edged Sword: Dual-Purpose Cyber Security Methods|113
2|8.1 Introduction|113
2|8.2 System Logging|114
2|8.3 Vulnerability Scanners|117
3|8.3.1 Network and Traffic Monitoring|119
2|8.4 Conclusion|121
2|8.5 Principal Concepts|122
2|8.6 Study Questions|122
2|8.7 Learning Activity|122
2|References|123
1|Chapter 9: ``Who Was That Masked Man?´´: System Penetrations-Friend or Foe?|125
2|9.1 Introduction|125
2|9.2 Hacking Typology|126
3|9.2.1 Black Hats|126
3|9.2.2 White Hats|126
3|9.2.3 Gray Hats|126
2|9.3 Ethical Hacking|127
2|9.4 Ethical Hacking As a Career|127
2|9.5 Training and Education|128
2|9.6 Penetration Testing|129
2|9.7 Real-World Pen Testing|129
2|9.8 Software Programs and Methods|129
3|9.8.1 Aircrack|130
3|9.8.2 Burpsuite|130
3|9.8.3 Cain and Abel|130
3|9.8.4 Hashcat|130
3|9.8.5 Hydra|130
3|9.8.6 Kali Linux|131
3|9.8.7 Metasploit|131
3|9.8.8 Nessus|131
3|9.8.9 Nmap|131
3|9.8.10 Zap|132
2|9.9 Hardware Devices|132
3|9.9.1 Pwn Phone|132
3|9.9.2 Pwn Plug|132
3|9.9.3 USB Rubber Ducky|132
3|9.9.4 WiFi Pineapple|133
2|9.10 Other Software and Methods|133
3|9.10.1 OWASP Top 10|133
3|9.10.2 Powershell|133
3|9.10.3 Python|134
2|9.11 Friend or Foe?|134
2|9.12 Principal Concepts|135
2|9.13 Study Questions|135
2|9.14 Learning Activity|135
2|References|136
1|Chapter 10: Development and Proliferation of Offensive Weapons in Cyber-Security|137
2|10.1 Introduction|137
2|10.2 What Makes a Weapon in Cyberspace?|137
2|10.3 Building Destructive Software|138
2|10.4 Destructive Effects Used for Strategic Ends|140
3|10.4.1 Knowing What to Hit-Intelligence Infrastructure|141
3|10.4.2 Effects over a System|141
3|10.4.3 Making it Dependable-Reliability in Software Engineering|142
2|10.5 Where the State Might Have an Advantage|142
2|10.6 Proliferation in Cyber-Security-Role of the Malware Markets|145
3|10.6.1 Malware Markets|146
3|10.6.2 High-End Cluster|146
3|10.6.3 Low-End Cluster|148
2|10.7 Conclusion|149
2|10.8 Principal Concepts|149
2|10.9 Study Questions|149
2|10.10 Learning Activities|150
2|References|150
1|Chapter 11: No Smoking Gun: Cyber Weapons and Drug Traffickers|154
2|11.1 Introduction|154
2|11.2 Context|155
2|11.3 Strategy Options|156
2|11.4 War Metaphor|156
2|11.5 Drug Trafficking|157
2|11.6 International Relations|158
2|11.7 Repercussions of Military Intervention|159
3|11.7.1 Covert Operations|160
3|11.7.2 Offensive Information Warfare|161
2|11.8 Conclusion|164
2|References|165
1|Chapter 12: Autonomous Weapons: Terminator-Esque Software Design|168
2|12.1 Introduction|168
2|12.2 Autonomous Weapons|169
2|12.3 Moral Autonomy|171
2|12.4 Moral Responsibility and Autonomous Weapons|174
2|12.5 Prohibition of Autonomous Weapons|177
2|12.6 Summary|179
1|Chapter 13: Warfare of the Future|181
2|13.1 Introduction|181
2|13.2 Background|181
2|13.3 Industrial Control Systems-The Holy Grail of Cyber-War|185
2|13.4 Warfare of the Future|187
2|13.5 Re-thinking Traditional Principles in the Era of Cyber-Warfare|189
2|13.6 Conclusion|190
2|13.7 Principal Concepts|191
2|13.8 Study Questions|191
2|13.9 Learning Activity|192
2|References|192
1|Chapter 14: Researching Cyber Weapons: An Enumerative Bibliography|194
2|14.1 Introduction|194
2|14.2 Methods for Locating Information|195
2|14.3 Tides, Currents, Reefs|196
2|Books|197
2|Frequently Cited or Influential Books|197
2|Other Influential Books|198
2|Law Review/Journal Articles|198
2|Frequently-Cited Articles|198
2|Other Relevant Articles|199
2|Non-law Articles and Book Chapters|200
2|Frequently-Cited Article|200
2|Other Relevant Articles and Chapters|200
2|Gray Literature|202
2|Frequently-Cited Report|202
2|Other Relevant Reports|202
2|Government Documents|203
2|Frequently-Cited Government Documents|203
2|Other Relevant Government Documents|203
1|Erratum to: “Who Was That MaskedMan?”: System Penetrations—Friendor Foe?|205
1|Index|206