Details

<p>Introduction xi</p> <p><b>1 </b><b>Crime, Terrorism, Spying, and War 1</b></p> <p>Cyberconflicts and National Security 1</p> <p>Counterterrorism Mission Creep 4</p> <p>Syrian Electronic Army Cyberattacks 7</p> <p>The Limitations of Intelligence 8</p> <p>Computer Network Exploitation vs Computer Network Attack 11</p> <p>iPhone Encryption and the Return of the Crypto Wars 13</p> <p>Attack Attribution and Cyber Conflict 16</p> <p>Metal Detectors at Sports Stadiums 19</p> <p>The Future of Ransomware 21</p> <p><b>2 </b><b>Travel and Security 25</b></p> <p>Hacking Airplanes 25</p> <p>Reassessing Airport Security 28</p> <p><b>3 </b><b>Internet of Things 31</b></p> <p>Hacking Consumer Devices 31</p> <p>Security Risks of Embedded Systems 32</p> <p>Samsung Television Spies on Viewers 36</p> <p>Volkswagen and Cheating Software 38</p> <p>DMCA and the Internet of Things 41</p> <p>Real-World Security and the Internet of Things 43</p> <p>Lessons from the Dyn DDoS Attack 47</p> <p>Regulation of the Internet of Things 50</p> <p>Security and the Internet of Things 53</p> <p>Botnets 69</p> <p>IoT Cybersecurity: What’s Plan B? 70</p> <p><b>4 </b><b>Security and Technology 73</b></p> <p>The NSA’s Cryptographic Capabilities 73</p> <p>iPhone Fingerprint Authentication 76</p> <p>The Future of Incident Response 78</p> <p>Drone Self-Defense and the Law 81</p> <p>Replacing Judgment with Algorithms 83</p> <p>Class Breaks 87</p> <p><b>5 </b><b>Elections and Voting 89</b></p> <p>Candidates Won’t Hesitate to Use Manipulative Advertising to Score Votes 89</p> <p>The Security of Our Election Systems 91</p> <p>Election Security 93</p> <p>Hacking and the 2016 Presidential Election 96</p> <p><b>6 </b><b>Privacy and Surveillance 99</b></p> <p>Restoring Trust in Government and the Internet 99</p> <p>The NSA is Commandeering the Internet 102</p> <p>Conspiracy Theories and the NSA 104</p> <p>How to Remain Secure against the NSA 106</p> <p>Air Gaps 110</p> <p>Why the NSA’s Defense of Mass Data Collection Makes No Sense 114</p> <p>Defending Against Crypto Backdoors 117</p> <p>A Fraying of the Public/Private Surveillance Partnership 121</p> <p>Surveillance as a Business Model 123</p> <p>Finding People’s Locations Based on Their Activities in Cyberspace 125</p> <p>Surveillance by Algorithm 128</p> <p>Metadata = Surveillance 132</p> <p>Everyone Wants You to Have Security, But Not from Them 133</p> <p>Why We Encrypt 136</p> <p>Automatic Face Recognition and Surveillance 137</p> <p>The Internet of Things that Talk about You behind Your Back 141</p> <p>Security vs Surveillance 143</p> <p>The Value of Encryption 145</p> <p>Congress Removes FCC Privacy Protections on Your Internet Usage 148</p> <p>Infrastructure Vulnerabilities Make Surveillance Easy 150</p> <p><b>7 </b><b>Business and Economics of Security 155</b></p> <p>More on Feudal Security 155</p> <p>The Public/Private Surveillance Partnership 158</p> <p>Should Companies Do Most of Their Computing in the Cloud? 160</p> <p>Security Economics of the Internet of Things 165</p> <p><b>8 </b><b>Human Aspects of Security 169</b></p> <p>Human-Machine Trust Failures 169</p> <p>Government Secrecy and the Generation Gap 171</p> <p>Choosing Secure Passwords 173</p> <p>The Human Side of Heartbleed 177</p> <p>The Security of Data Deletion 179</p> <p>Living in a Code Yellow World 180</p> <p>Security Design: Stop Trying to Fix the User 182</p> <p>Security Orchestration and Incident Response 184</p> <p><b>9 </b><b>Leaking, Hacking, Doxing, and Whistleblowing 189</b></p> <p>Government Secrets and the Need for Whistleblowers 189</p> <p>Protecting Against Leakers 193</p> <p>Why the Government Should Help Leakers 195</p> <p>Lessons from the Sony Hack 197</p> <p>Reacting to the Sony Hack 200</p> <p>Attack Attribution in Cyberspace 203</p> <p>Organizational Doxing 205</p> <p>The Security Risks of Third-Party Data 207</p> <p>The Rise of Political Doxing 210</p> <p>Data is a Toxic Asset 211</p> <p>Credential Stealing as an Attack Vector 215</p> <p>Someone is Learning How to Take Down the Internet 216</p> <p>Who is Publishing NSA and CIA Secrets, and Why? 218</p> <p>Who are the Shadow Brokers? 222</p> <p>On the Equifax Data Breach 226</p> <p><b>10 </b><b>Security, Policy, Liberty, and Law 229</b></p> <p>Our Newfound Fear of Risk 229</p> <p>Take Back the Internet 232</p> <p>The Battle for Power on the Internet 234</p> <p>How the NSA Threatens National Security 241</p> <p>Who Should Store NSA Surveillance Data? 244</p> <p>Ephemeral Apps 247</p> <p>Disclosing vs Hoarding Vulnerabilities 249</p> <p>The Limits of Police Subterfuge 254</p> <p>When Thinking Machines Break the Law 256</p> <p>The Democratization of Cyberattack 258</p> <p>Using Law against Technology 260</p> <p>Decrypting an iPhone for the FBI 263</p> <p>Lawful Hacking and Continuing Vulnerabilities 265</p> <p>The NSA is Hoarding Vulnerabilities 267</p> <p>WannaCry and Vulnerabilities 271</p> <p>NSA Document Outlining Russian Attempts to Hack Voter Rolls 275</p> <p>Warrant Protections against Police Searches of Our Data 277</p> <p>References 281</p>

<p><b>Bruce Schneier</b> is an internationally renowned security technologist, called a "security guru" by <i>The Economist</i>. He is the author of over one dozen books as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and his blog "Schneier on Security" are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. Schneier is a fellow at the Berkman Klein Center for Internet & Society at Harvard University; a Lecturer in Public Policy at the Harvard Kennedy School; a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; an Advisory Board Member of the Electronic Privacy Information Center and VerifiedVoting.org; and a special advisor to IBM Security.</p>

US