Open Access Publisher and Free Library
01-crime.jpg

CRIME

CRIME-VIOLENT & NON-VIOLENT-FINANCLIAL-CYBER

Posts tagged Cybersecurity
Voting System Security Measures

By: US Election Assistance Commission

The security of voting systems is essential to a trustworthy election. Every state and local jurisdiction utilizes common-sense procedures and tools to safeguard the voting process. Common best practices include using locks, tamper-evident seals, security cameras, system testing before and after elections, audits, and physical and cybersecurity access controls. This guide outlines some of the many best practices local election officials follow to secure voting systems through an election cycle. It's important to note this is a broad list of common security measures and procedures to protect the integrity of an election. The types of security measures may vary based on the voting systems in use in state and local jurisdictions.

United States. Election Assistance Commission, Oct 2024

THE IMPLICATIONS OF ARTIFICIAL INTELLIGENCE IN CYBERSECURITY: SHIFTING THE OFFENSE- DEFENSE BALANCE

By: Jennifer Tang, Tiffany Saade, and Steve Kelly

Cutting-edge advances in artificial intelligence (AI) are taking the world by storm, driven by a massive surge of investment, countless new start-ups, and regular technological breakthroughs. AI presents key opportunities within cybersecurity, but concerns remain regarding the ways malicious actors might also use the technology. In this study, the Institute for Security and Technology (IST) seeks to paint a comprehensive picture of the state of play— cutting through vagaries and product marketing hype, providing our outlook for the near future, and most importantly, suggesting ways in which the case for optimism can be realized.

The report concludes that in the near term, AI offers a significant advantage to cyber defenders, particularly those who can capitalize on their "home field" advantage and firstmover status. However, sophisticated threat actors are also leveraging AI to enhance their capabilities, making continued investment and innovation in AI-enabled cyber defense crucial. At this time of writing, AI is not yet unlocking novel capabilities or outcomes, but instead represents a significant leap in speed, scale, and completeness.

This work is the foundation of a broader IST project to better understand which areas of cybersecurity require the greatest collective focus and alignment—for example, greater opportunities for accelerating threat intelligence collection and response, democratized tools for automating defenses, and/or developing the means for scaling security across disparate platforms—and to design a set of actionable technical and policy recommendations in pursuit of a secure, sustainable digital ecosystem.

The Institute for Security and Technology, October 2024

Cybersecuring the Pipeline

By Ido Kilovaty

The Colonial Pipeline ransomware attack, which shut down gas supply to the entire East Coast back in May 2021, has sparked debate as to the regulation of the pipeline’s cybersecurity. After ten years of inaction on the matter, the Transportation Security Administration (TSA) has issued two mandatory directives on pipeline cybersecurity. This Article delves into the propriety of the TSA as a pipeline security regulator, as well as the incomplete and ineffective approach currently laid out in the TSA’s pipeline cybersecurity directives. This Article argues that there may be other agencies more suitable for the task, such as the Federal Energy Regulatory Commission, acting under the auspices of the Department of Energy. It also provides specific recommendations as to the substance of any prospective pipeline cybersecurity regulation, such as the creation of more open-ended and flexible cybersecurity objectives as opposed to the current approach of prescriptive standards.

Houston Law Review, Vol. 60, 2023, Kilovaty, Ido, Cybersecuring the Pipeline (March 29, 2022). Houston Law Review, Vol. 60, 2023,

Industry of Anonymity: Inside the Business of Cybercrime

By Jonathan Lusthaus

Human Element in Cybercrime: The book emphasizes the human aspect of cybercrime, using the story of Roman Seleznev to illustrate how cyber criminals operate within specific social settings.

Industrialization of Cybercrime: Cybercrime has evolved from individual hackers to a sophisticated, profit-driven industry with specialized roles and professionalization.

Trust and Cooperation: Despite the anonymity and inherent distrust among cybercriminals, they have developed ways to cooperate and build trust, often through online forums and referrals.

Research and Methodology: The book is based on extensive field research over seven years, including 238 interviews, to provide a detailed overview of the cybercrime industry.

Harvard University Press, 2018, 289 pages

Future Crimes: Inside The Digital Underground And The Battle For Our Connected World

MAY CONTAIN MARKUP

Marc Goodman

In "Future Crimes: Inside The Digital Underground And The Battle For Our Connected World," author Marc Goodman delves into the dark and complex world of cybercrime. He explores the ways in which technology has transformed criminal activities, from hacking and identity theft to cyberterrorism and digital espionage. Goodman sheds light on the threats that the digital age poses to individuals, organizations, and governments, urging readers to become more vigilant and informed about cybersecurity. Through detailed research and gripping real-life stories, "Future Crimes" offers a compelling and sobering look at the vulnerabilities of our interconnected world.

ANCHOR BOOKS. A Division of Penguin Random House LLC New York. 2016. 601p.

Digital Crime and Digital Terrorism

MAY CONTAIN MARKUP

ROBERT W. TAYLOR, TORY J.CAETI, D. KALL LOPER, ERIC J. FRITSCH, and JOHN LIEDERBACH

FROM THE PREFACE: “The first section of the book covers the etiology of the digital crime and digital terrorism problem. The focus in this section is on the types of crimes and acts of terrorism that are committed using computers, networks, and the Internet. Additionally, the reasons why offenders commit these types of crimes are examined in relation to current criminological theories and explanations. As the reader will find, applying criminological theory to digital crime and terrorism is a relatively recent conception. Finally, the section concludes with a chapter on digital criminals and hackers. Chapter I provides an introduction and overview of computer crime. In particular, a categorization of types of computer crimes is presented including I) the computer as the target, 2) the computer as an instrument of a crime, 3) the computer as incidental to crime, and 4) crimes associated with the prevalence of computers. Chapter 2 provides a definition and overview of two key areas of concern in regards to computer crimes, specifically "information warfare" and "cyber-terrorism." Chapter 3 reviews criminological theories that can explain digital crime. Since few theories have been applied directly to digital crime, this chapter focuses on the classic criminological theories that can be applied to digital crime. In other words, the theories discussed in this chapter were developed to explain crime in general, not digital crime specifically. In particular, this chapter focuses on choice, deterrence, psychological. social structure, and social process theories. Finally, Chapter 4 presents an overview of the hacker subculture and presents a typology of hacker types based on relative levels of skill, resources, and enculturation in the values of the hacker subculture. The chapter closes with a discussion of contemporary hacker roles and terminology.”

Prentice Hall. Upper Saddle River, New Jersey. 2006. 413p.

The Best Damn Cybercrime and Digital Forensics Book Period

MAY CONTAIN MARKUP

By Kevin Cardwell, Timothy Clinton, Tyler Cohen, Edward Collins, James "Jim" Cornell, Michael Cross, Larry Depew, Art Ehuan, Michael Gregg, Captain Benjamin R. Jean, Kevin O'Shea, Kevin Reis ,Anthony Reyes, Sondra Schneider ,Amber Schroader, Karen Schuler, Jesse Varsalone ,Jack Wiles and Craig Wright

INTRODUCTION: “As is often the case with security compromises, it's not a matter of if your company will be compromised, but when. If I had known the employee I hired was going to resign, break into my office, and damage my computers in the span of three days, hindsight being 20/20,I would have sent notification to the security guards at the front door placing them on high alert and made sure he was not granted access to the building after he resigned. Of course, I in hindsight, I should have done a better job of hiring critical personnel .He was hired as a computer security analyst and security hacker instructor; and was (or should have been) the best example of ethical conduct.

Clearly, we see only what we want to see when hiring staff and you won't know whether an employee is ethical until a compromise occurs. Even if my blinders had been off, I would have never seen this compromise coming. It boggles the mind to think that anyone would ruin or jeopardize his career in computer security for so little. But he did break into the building and he did damage our computers, and therefore he will be held accountable for his actions, as detailed in the following forensic information. Pay attention when the legal issues are reviewed.You will learn bits and pieces regarding how to make your life easier by knowing what you really need to know "when" your computer security compromise occurs.

Computer forensics is the preservation, identification, extraction, interpretation, and documentation of computer evidence. In Chapter 9 of Cyber Crime Investigations, digital forensics is referred to as "the scientific acquisition, analysis, and preservation of data contained in electronic media whose information can be used as evidence in a court of law"

Syngress Publishing. Inc. Elsevier, Inc.. Burlington, MA. 2007. 727p.