By Cassandra Cross, Thomas Holt
Data breaches, or the unauthorized access of personal information, are increasing globally as are the number of victims affected. Existing studies restrict their focus on fraud and identity theft as principal consequences of data breaches for individuals, limiting our knowledge of the extent of other harms associated with victimisation. This article assesses the impacts of third-party data breaches within a sample of 552 Australian victims. The findings note specific behavioural factors and data losses were associated with emotional, health, relationship, and financial harms. This article advocates recognition of data breach impacts beyond the financial losses of fraud and identity crime, and expanding support offered to victims in response to such incidents.
Journal of Crime and Justice, 1–24
By Hany Farid
The ability to distort the visual record is not new. Airbrushed images attempted to alter the historical archives in the early 1900s. Today, digitally manipulated cheapfakes and deepfakes supercharge the spread of lies and conspiracies. While not fundamentally new, today's enhanced ability to easily create, distribute, and amplify manipulated media has heightened the risks. Reasonable and proportional interventions can and should be adopted that would allow for the creative uses of these powerful new technologies while mitigating the risk they pose to individuals, societies, and democracies.
PNAS Nexus, Volume 4, Issue 7, July 2025, pgaf194,
By: US Election Assistance Commission
The security of voting systems is essential to a trustworthy election. Every state and local jurisdiction utilizes common-sense procedures and tools to safeguard the voting process. Common best practices include using locks, tamper-evident seals, security cameras, system testing before and after elections, audits, and physical and cybersecurity access controls. This guide outlines some of the many best practices local election officials follow to secure voting systems through an election cycle. It's important to note this is a broad list of common security measures and procedures to protect the integrity of an election. The types of security measures may vary based on the voting systems in use in state and local jurisdictions.
United States. Election Assistance Commission, Oct 2024
By: Jennifer Tang, Tiffany Saade, and Steve Kelly
Cutting-edge advances in artificial intelligence (AI) are taking the world by storm, driven by a massive surge of investment, countless new start-ups, and regular technological breakthroughs. AI presents key opportunities within cybersecurity, but concerns remain regarding the ways malicious actors might also use the technology. In this study, the Institute for Security and Technology (IST) seeks to paint a comprehensive picture of the state of play— cutting through vagaries and product marketing hype, providing our outlook for the near future, and most importantly, suggesting ways in which the case for optimism can be realized.
The report concludes that in the near term, AI offers a significant advantage to cyber defenders, particularly those who can capitalize on their "home field" advantage and firstmover status. However, sophisticated threat actors are also leveraging AI to enhance their capabilities, making continued investment and innovation in AI-enabled cyber defense crucial. At this time of writing, AI is not yet unlocking novel capabilities or outcomes, but instead represents a significant leap in speed, scale, and completeness.
This work is the foundation of a broader IST project to better understand which areas of cybersecurity require the greatest collective focus and alignment—for example, greater opportunities for accelerating threat intelligence collection and response, democratized tools for automating defenses, and/or developing the means for scaling security across disparate platforms—and to design a set of actionable technical and policy recommendations in pursuit of a secure, sustainable digital ecosystem.
The Institute for Security and Technology, October 2024
By Ido Kilovaty
The Colonial Pipeline ransomware attack, which shut down gas supply to the entire East Coast back in May 2021, has sparked debate as to the regulation of the pipeline’s cybersecurity. After ten years of inaction on the matter, the Transportation Security Administration (TSA) has issued two mandatory directives on pipeline cybersecurity. This Article delves into the propriety of the TSA as a pipeline security regulator, as well as the incomplete and ineffective approach currently laid out in the TSA’s pipeline cybersecurity directives. This Article argues that there may be other agencies more suitable for the task, such as the Federal Energy Regulatory Commission, acting under the auspices of the Department of Energy. It also provides specific recommendations as to the substance of any prospective pipeline cybersecurity regulation, such as the creation of more open-ended and flexible cybersecurity objectives as opposed to the current approach of prescriptive standards.
Houston Law Review, Vol. 60, 2023, Kilovaty, Ido, Cybersecuring the Pipeline (March 29, 2022). Houston Law Review, Vol. 60, 2023,
By Jonathan Lusthaus
Human Element in Cybercrime: The book emphasizes the human aspect of cybercrime, using the story of Roman Seleznev to illustrate how cyber criminals operate within specific social settings.
Industrialization of Cybercrime: Cybercrime has evolved from individual hackers to a sophisticated, profit-driven industry with specialized roles and professionalization.
Trust and Cooperation: Despite the anonymity and inherent distrust among cybercriminals, they have developed ways to cooperate and build trust, often through online forums and referrals.
Research and Methodology: The book is based on extensive field research over seven years, including 238 interviews, to provide a detailed overview of the cybercrime industry.
Harvard University Press, 2018, 289 pages
MAY CONTAIN MARKUP
Marc Goodman
In "Future Crimes: Inside The Digital Underground And The Battle For Our Connected World," author Marc Goodman delves into the dark and complex world of cybercrime. He explores the ways in which technology has transformed criminal activities, from hacking and identity theft to cyberterrorism and digital espionage. Goodman sheds light on the threats that the digital age poses to individuals, organizations, and governments, urging readers to become more vigilant and informed about cybersecurity. Through detailed research and gripping real-life stories, "Future Crimes" offers a compelling and sobering look at the vulnerabilities of our interconnected world.
ANCHOR BOOKS. A Division of Penguin Random House LLC New York. 2016. 601p.
MAY CONTAIN MARKUP
ROBERT W. TAYLOR, TORY J.CAETI, D. KALL LOPER, ERIC J. FRITSCH, and JOHN LIEDERBACH
FROM THE PREFACE: “The first section of the book covers the etiology of the digital crime and digital terrorism problem. The focus in this section is on the types of crimes and acts of terrorism that are committed using computers, networks, and the Internet. Additionally, the reasons why offenders commit these types of crimes are examined in relation to current criminological theories and explanations. As the reader will find, applying criminological theory to digital crime and terrorism is a relatively recent conception. Finally, the section concludes with a chapter on digital criminals and hackers. Chapter I provides an introduction and overview of computer crime. In particular, a categorization of types of computer crimes is presented including I) the computer as the target, 2) the computer as an instrument of a crime, 3) the computer as incidental to crime, and 4) crimes associated with the prevalence of computers. Chapter 2 provides a definition and overview of two key areas of concern in regards to computer crimes, specifically "information warfare" and "cyber-terrorism." Chapter 3 reviews criminological theories that can explain digital crime. Since few theories have been applied directly to digital crime, this chapter focuses on the classic criminological theories that can be applied to digital crime. In other words, the theories discussed in this chapter were developed to explain crime in general, not digital crime specifically. In particular, this chapter focuses on choice, deterrence, psychological. social structure, and social process theories. Finally, Chapter 4 presents an overview of the hacker subculture and presents a typology of hacker types based on relative levels of skill, resources, and enculturation in the values of the hacker subculture. The chapter closes with a discussion of contemporary hacker roles and terminology.”
Prentice Hall. Upper Saddle River, New Jersey. 2006. 413p.
MAY CONTAIN MARKUP
By Kevin Cardwell, Timothy Clinton, Tyler Cohen, Edward Collins, James "Jim" Cornell, Michael Cross, Larry Depew, Art Ehuan, Michael Gregg, Captain Benjamin R. Jean, Kevin O'Shea, Kevin Reis ,Anthony Reyes, Sondra Schneider ,Amber Schroader, Karen Schuler, Jesse Varsalone ,Jack Wiles and Craig Wright
INTRODUCTION: “As is often the case with security compromises, it's not a matter of if your company will be compromised, but when. If I had known the employee I hired was going to resign, break into my office, and damage my computers in the span of three days, hindsight being 20/20,I would have sent notification to the security guards at the front door placing them on high alert and made sure he was not granted access to the building after he resigned. Of course, I in hindsight, I should have done a better job of hiring critical personnel .He was hired as a computer security analyst and security hacker instructor; and was (or should have been) the best example of ethical conduct.
Clearly, we see only what we want to see when hiring staff and you won't know whether an employee is ethical until a compromise occurs. Even if my blinders had been off, I would have never seen this compromise coming. It boggles the mind to think that anyone would ruin or jeopardize his career in computer security for so little. But he did break into the building and he did damage our computers, and therefore he will be held accountable for his actions, as detailed in the following forensic information. Pay attention when the legal issues are reviewed.You will learn bits and pieces regarding how to make your life easier by knowing what you really need to know "when" your computer security compromise occurs.
Computer forensics is the preservation, identification, extraction, interpretation, and documentation of computer evidence. In Chapter 9 of Cyber Crime Investigations, digital forensics is referred to as "the scientific acquisition, analysis, and preservation of data contained in electronic media whose information can be used as evidence in a court of law"
Syngress Publishing. Inc. Elsevier, Inc.. Burlington, MA. 2007. 727p.