Courses/Computer Science/CPSC 601.65.Cyberwar.F2012

This page serves as the main course page for CPSC 601.65. It contains the course policies, syllabus (topics/sessions), and a list for background reading and viewing of material related to the study of cyberwar, cyberterror, and cyberprotest.

This course will examine cyberwar, cyberterrorism, and cyberprotest: are these credible threats? Is it meaningful to talk about them? What mechanisms are used to perpetrate and defend against them? Who are the actors involved and what are their motivations? Ethical and legal considerations will be introduced as necessary. Students are expected to complete assigned readings prior to class time and participate in discussion. This course is structured as half lecture / half debate; lectures provide introductory material to certain topics and debates offer the chance for participants to present and discuss their understanding of topic matter. This course is interdisciplinary in nature and focus, but emphasizes technical content; it specifically seeks understanding of how technical knowledge informs lay perspectives of the topics in the course title.

= Course Description =

Cyberwarfare is an ill-defined topic that cuts across the boundaries between cyber-espionage, criminal cyber attacks and activity, information security, economic espionage, "traditional" kinetic conflict, and kinetic war with electronic weapons and targeting systems.

The use of digital techniques to commit traditional crimes, undertake legally and morally murky activities, and engage in "the continuation of politics by another means" presents a fascinating lens with which to understand the contemporary geopolitical climate. From Estonia to Stuxnet to the Arab Spring, the recent impact of digital technology and information security on global affairs has been sharp and striking. Where are these trends leading our society?

People in Western societies fear the potential that cyber attacks have to wreak havoc on basic services like water, energy, sewer, food, transportation, and communication systems -- not to mention financial systems, entertainment systems, television and broadcast media, personal devices, cars, medical devices, health care, etc. Western governments and military are especially sensitive to the perceived vulnerabilities of a highly electronic logistics system and weapons systems and platforms. A great deal of risk seems to exist partly because the complete interface between ordered civil society and Internet and computer-based services has not been well--defined.

Yet all too often, discussion of this concept is based on supposition rather than knowledge. It invites panic rather than prudence. Is cyberwar hype? Do we need social, legal, diplomatic, technical, and military deterrents to it? Is anything really different from 10 years ago? Do we need treaties to govern cyberweapons? What is a cyberweapon, anyway?

= Course Information =

Web Tools and Discussion
The course blog is located at:

http://uofccyberwar.blogspot.ca/

The Piazza site is here:

https://piazza.com/ucalgary.ca/fall2012/cpsc60165/home

Meetings
Meetings take place most Tuesdays (see schedule below) from 4:00pm to 6:50pm Mountain Time in the University of Calgary's ICT 616 room.

Some sessions will also be available to a select number of external participants via a G+ hangout.

The course blog will limit authors to official course participants, but external participants may post comments to blog discussion threads if they authenticate with a Google account or other OpenID account.

We will also use Piazza for some internal discussions and items related to class logistics.

Session List and Schedule
Class is held once per week for just shy of three hours; we will (usually) discuss two topics per session. Prof. Locasto will hand out any physical readings at the previous session. Blog authors must post essays for that week by that week's class period (for example, the blog essay authors indicated in the "2 Oct." row should have posted their essays by 2 October before class). Readings listed in Week W are for discussion the following week. For example, the readings listed in the "2 Oct." row will be discussed on 9 Oct. The exceptions are the 11 Sept readings; they will be discussed on 25 Sept.

= References / Reading List =


 * 1) Unmasked, Ars Technica editorial staff e-book: http://arstechnica.com/tech-policy/2011/03/hbgaryanonymous-special-report/ ($1.99 from BN.com)
 * 2) Civil Disobedience ebook, PDF, HTML (Project Gutenberg)
 * 3) UofC Statement of Intellectual Honesty
 * 4) ACM Code of Ethics
 * 5) Towards an Ethical Code for Information Security
 * 6) Epilogue to "War and the Rise of the State" by Bruce D. Porter
 * 7) Conclusion to "A History of Warfare" by John Keegan
 * 8) "Human Subjects, Agents, or Bots: Current Issues in Ethics and Computer Security Research" by John Aycock, Elizabeth Buchanan, Scott Dexter and David Dittrich
 * 9) Cyberdeterrence and Cyberwar, Martin C. Libicki, RAND Corporation links to ebooks and PDF
 * 10) The Tallinn Manual on the International Law Applicable to Cyber Warfare
 * 11) Daily Dave thread on "Neal Stephenson, the EFF and Exploit Sales", paying particular attention to the EFF article:
 * 12) "Zero-day exploit sales should be key point in cybersecurity debate"
 * 13) "The EFF is Losing Its Way on Internet Freedom" by Dave Aitel
 * 14) J. Aycock. Stux in a Rut: Why Stuxnet is Boring. Virus Bulletin, September 2011, pp. 14-17.
 * 15) W32.Stuxnet Dossier by Symantec
 * 16) "The (Almost) Complete History of Memory Corruption Attacks" http://prezi.com/iemlmzvpnk_d/the-almost-complete-history-of-memory-corruption-attacks/
 * 17) NDU Press: Book Review of Cyberdeterrence and Cyberwar http://www.ndu.edu/press/cyberdeterrence-and-cyberwar.html
 * 18) Obama Order Sped Up Wave of Cyberattacks Against Iran NYTimes Article by David Sanger
 * 19) Stuxnet: Leaks or Lies? by Steven Cherry (commentary on Sanger's NYTimes article)
 * 20) War 2.0: Cyberweapons and Ethics By Patrick Lin, Fritz Allhoff, Neil C. Rowe. Communications of the ACM, Vol. 55 No. 3, Pages 24-26
 * 21) A Comparative Study of Cyberattacks
 * 22) Cybermilitias and Political Hackers—Use of Irregular Forces in Cyberwarfare by Scott D. Applegate
 * 23) Ready Player One
 * 24) read/listen Massive Cyberattack: Act 1 Of Israeli Strike On Iran? by TOM GJELTEN (NPR)
 * 25) Cyberterrorism

= Notes =


 * 1) n0 example code injection countermeasures
 * 2) n1 http://dazzlepod.com/rootkit/?email=%40gmail.com
 * 3) n2 Langner TED talk on Stuxnet
 * 4) n3 Timeline of Memory Exploit Techniques
 * 5) n4 Why antivirus companies like mine failed to catch Flame and Stuxnet
 * 6) n5 Report: Stuxnet delivered to Iranian nuclear plant on thumb drive by Daniel Terdiman (CBSNews)
 * 7) n6 Stuxnet Will Come Back to Haunt Us
 * 8) n7 "The History of Cyber warfare" Infographic
 * 9) n8 Kaspersky: Cyberweapons Flame and Stuxnet share code
 * 10) n9 Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees)
 * 11) n10 Security firm exploits Chrome zero-day to hack browser, escape sandbox
 * 12) n11 Vupen Chrome Demo
 * 13) n12 Kaminsky's viewpoint "VUPEN vs. Google: They’re Both Right (Mostly)"
 * 14) n13 Secrecy surrounding ‘zero-day exploits’ industry spurs calls for government oversight
 * 15) n14 price list for zero days: "Shopping For Zero-Days: A Price List For Hackers' Secret Software Exploits"
 * 16) n15 From March 29: EFF Position on Exploit Sales: “Zero-day” exploit sales should be key point in cybersecurity debate
 * 17) n16 an opinion on selling zero day exploits
 * 18) n17 EFF clarification on n15
 * 19) n18 viewpoint on EFF position
 * 20) n19 CNN on Panetta's "cyber pearl harbor" speech
 * 21) n20 Anonymous Targets Israel

= Debates =

1 v 2: Be it resolved: Hacker tools are cyberweapons and should be licensed or banned.

Affirmative: 2 Negative: 1

3 v 4: Be it resolved: People should be able to shed their national or sovereign allegiance or identification when participating in online conversations, information exchange, or transactions.

Affirmative: 3 Negative: 4

1 v 4: Be it resolved: Cyberwar can be effectively regulated through multilateral treaties.

Affirmative: 4 Negative: 1

2 v 3: Be it resolved: Cyberware is the new "yellow cake."

Affirmative: 3 Negative: 2

Debate Format:

This is a combination of Oxford and Mace styles.


 * Audience Vote: For, Against, Undecided
 * 7 minute opening for Affirmative
 * 7 minute opening for Negative
 * 7 minute follow up for Affirmative
 * 7 minute follow up for Negative
 * 10 minutes of audience questions
 * 4 minute closing by Affirmative
 * 4 minute closing by Negative
 * Audience Vote: For, Against, Undecided

= Meeting Notes =

Courses/Computer_Science/CPSC_601.65.Cyberwar.F2012/Lecture Notes

= Policies =

Goal and Structure
The overriding aim of this class is to help build an understanding of this complex topic so that participants can have a more effective and informed opinion when discussing technical or policy initiatives related to the topic. This seminar class will begin with a consideration of the definition of war and cyberwar and whether the cyberwar concept exists independently of traditional kinetic conflicts. It will then cover technical material dealing with actual offensive cyber operations techniques. The course will move to a debate-style seminar, where teams of students will debate a central question arising from the different aspects of this complex topic.

I have organized meeting sessions in three general groupings. The first provides background and overview material. The second offers a taste of various offensive cyber operations tools and techniques. The third is a collection of debate topics informed by the first two parts of the course. Many later class sessions will utilize a debate-style interaction to explore the topic and readings for that session.

Assessment
Students should emerge from the course with an appreciation for the ethical issues surrounding the use of digital techniques to engage in "armed" conflict along with an understanding of how our society should best steer a course forward in setting norms, international guidelines, and expected behavior in the use of digital weapons and cyber conflict.

The instructor will assess student proficiency through (1) student performance in debates, (2) students' skill in evaluating the arguments of others (both in debates and in blog comments), and (3) a series of brief written opinion pieces published via the course blog.


 * Team debate performances: 50%
 * Blog comments / Debate evaluations / Class participation: 10%
 * Blog essays: 40% of your grade

Peer review is an important skill to nurture in an academic and professional setting. Most of the evaluated skills in this course are purposefully on the "soft" side of the discipline: how to construct and write effective arguments, how to construct terse but convincing essays, and how to argue viewpoints based on technical merit of the ideas. This is not a course that asks participants to demonstrate skill in actual hacking techniques; CPSC has other graduate and undergraduate courses (601.29, 626, 627, 628) for that purpose.

Course Policies

 * Course communication and discussion should take place via the blog (blog posts and comments) and wiki talk page (if applicable). You are expected to be an active contributor to the blog forum both through your formal posts and the follow-up comments and discussion.
 * Pseudonyms in Piazza are not an option (for grading and attribution); psuedonyms will be used on the blog.
 * Late work is not accepted.
 * There will be no curve.
 * Please keep email traffic limited; use Piazza instead. Feel free to use email for personal or grade-related matters.
 * This course is a seminar and largely discussion-based (both in class and via the blog). Please treat your colleagues with respect and treat their opinions with the level of professionalism you expect your contributions to command. This course should provide a safe environment for expressing, exploring, and testing opinions, facts, arguments, and assertions related to many potentially controversial topics about which people get very passionate.
 * Prof. Locasto will be offline and unavailable Nov 10 through Nov 13. (Reading Days, Remembrance Day)
 * Prof. Locasto will be offline and unavailable from Nov 21 through Nov 25. (US Thanksgiving)

= Discussion Topics / Syllabus =

I list possible session topics here; we may not cover all of these depending on time, class interest, and the path various discussion take.

Unit 1: Introduction

 * What is security? This session will run as a lecture and consider various definitions of "security", particularly in two contexts: information security and global security. Basic terms like confidentiality, integrity, availability; basic concepts and principles of information security. The security mindset. We offer this session to help orient students (including undergraduates or CMSS students) who may not have a background in information security.


 * Ethical Considerations A discussion of what moral frameworks might apply to studying cyberwar; a discussion of what ethical principles should guide the studies in this course including the ACM Code of Conduct and the UofC Academic Honesty Policy (Statement of Intellectual Honesty). Additional readings for this session will come from Applying Moral Theories (C.E. Harris, Jr.) and Towards an Ethical Code for Information Security?


 * What is war? This session will involve an overview of and discussion of the emergence, evolution, and characteristics of war, particularly as experienced in Western society. This topic will likely take two sessions. See wiki for texts.


 * What is cyberwar? This session will focus on trying to reach a definition of cyberwar; nature and characteristics of cyberwar; comparison with cyberterrorism, cyber-espionage, and cyber-crime. A viewing of General Alexander's briefing "Cybersecurity and American Power" at the American Enterprise Institute.


 * The Three Fallacies of Cyberwar This session will center on viewing and discussing the video of Dave Aitel's talk from RSA or USENIX Security. Costs involved in information warfare and developing reliable, high-value cyberweapons.

Unit 2: Cyber Weapons
This unit aims to give students hands-on experience with actual infosec techniques and tools.


 * Cryptography as digital munitions One of the earliest mixtures (in recent history) of the concept of computer security technology and war was the designation of cryptograpy as a munitions by the US government. This session will discuss the history of legal control over the export of cryptographic software and algorithms.


 * Hacker Tools I (Network Analysis) A technical overview of various systems and network security tools and penetration testing techniques. Includes discussion of network mapping, tracing, sniffing, and injection.


 * Web Attacks A hands-on session for learning how to attack web servers, web services, etc. Students will be guided through two online learning sites: hack-test.com and Google's Gruyere web application.


 * Hacker Tools II (Host Analysis and Debuggers) A technical overview of various systems tools and penetration testing techniques. Includes discussion of shellcode, debuggers like OllyBone, OllyDbg, gdb, Immunity Debugger, Rasta debugger, Phrack, and IDAPro.


 * Anatomy of Polymorphic Shellcode A lecture on shellcode disassembly, polymorphic shellcode, English shellcode, shellcode disassembly. A self-guided exercise in disassembling and hand-executing a piece of polymorphic shellcode. Requires a working Linux environment.


 * Stuxnet Overview. A technical overview of Stuxnet, Duqu, and Flame (time permitting).


 * HBGary Case Study A discussion session based on Ars Technica's reporting about the Anonymous and HBGary Federal interaction from 2011.


 * Anonymity Systems An overview session on research in and technical systems for network-based anonymous communication, including overlay networks, onion routing, Tor, Freenet, Crowds, and similar technology. Include discussion of recent work in browser-based anonymous chat.


 * Design Exercise In this session, we will engage in a thought experiment based on targeting the University of Calgary's network and computer systems.


 * Guest Speaker We will have a guest speaker on the future zoning or fragmentation of the Internet due to cyber arms control, attempts to filter or censor Internet content, and attempts to provide and enforce attribution.

Unit 3: Debates

 * Estonia Be it resolved: Estonia was the first example of cyberwar. Support or refute with counterexamples.


 * Cyberweapons I Be it resolved: Hacker tools are cyberweapons and should be licensed or banned.


 * Stuxnet Be it resolved: Stuxnet is not a significant development in cyber weapon technology.


 * Protest Be it resolved: Distributed Denial of Service (DDoS) is a valid, morally permissible form of protest; it is the equivalent of a digital sit-in. Examples include LulzSec's attention to PayPal and Anonymous's attention to Visa and others.


 * Hacktivism and Lulz Be it resolved: LulzSec and Anonymous are not engaging in cyberwar. Debate positions should be backed up by an examination of last year's activities and current efforts as recorded on Twitter, pastebin, and other resources provided by the instructor or credible online sources.


 * Anonymity Be it resolved: People should be able to shed their national or sovereign allegiance or identification when participating in online conversations, information exchange, or transactions.


 * Tor Be it resolved: Tor is a cyberweapon.

Wired Opinion: Cyberwar Is the New Yellowcake'' by Brito and Watkins. A discussion of whether or not cyberwar is a black swan, a real technical possibility, or is a political diversion much like the ``yellow cake'' argument circa 2002. This session is a bookend to    the session What is cyberwar?
 * Hype Be it resolved: Cyberwar is the new yellow cake. In this capstone session, the class will explore the position stated in the Wired article

= Blog Post Topics =

Below appears a list of possible topics for blog posts. You have the freedom to select one of these topics or a topic of your own choosing when writing your posts. Posts should be well-researched, include citations, and present a coherent and terse argument.

Social Networking and Social Movements. Twitter. Arab Spring. Quebec student protests. Unintended Consequences. Government responses. Legislation. Regulation. Effects on liberal democratic society. Open source projectile guidance and flight software. Cyberterror. Can a small group of non-state actors (e.g., students in this class) engage in cyberwar? Whistleblowing. Bradley Manning. Assange. Wikileaks. Industrial espionage.

= Other Cyberwar Courses =

Cyberwar is a hot topic, and other people teach courses about it. You may be interested in the material you find at those pages.


 * http://www.au.af.mil/info-ops/
 * http://homelandsecurity.sdsu.edu/690 (Steven Andrés)
 * http://courses.georgetown.edu/?CourseID=SEST-569 (Martin C. Libicki)
 * SS490 Strategy and Policy of Cyberwar (Greg Conti, USMA)

= Related Work =

Books

 * Stealing the Network: How to Own a Continent, various
 * Unmasked, Ars Technica editorial staff e-book: http://arstechnica.com/tech-policy/2011/03/hbgaryanonymous-special-report/
 * Inside Cyber Warfare: Mapping the Cyber Underworld, Jeffery Carr
 * Cyber War (The Next Threat to National Security and What to do About it), Richard Clarke
 * Wired for War, Peter Singer http://wiredforwar.pwsinger.com/
 * Civil Disobedience, Henry David Thoreau
 * A History of Warfare, John Keegan
 * War and the Rise of the State, Bruce D. Porter
 * Ride of the Second Horseman, Robert L. O'Connell

Talks and Videos

 * Dave Aitel's talk on cyberwar costs http://prezi.com/vunircise2q8/three-cyber-war-fallacies/
 * http://www.aei.org/events/2012/07/09/cybersecurity-and-american-power/
 * Greg Conti, Shmoocon 2012: http://www.youtube.com/watch?v=v0JHDr1oT0Y
 * Bruce, RSA: http://www.youtube.com/watch?v=SrjgXHAYvxk
 * http://www.ists.dartmouth.edu/events/abstract-cyberops.html
 * DEF CON 21 Presentation By Mudge - Unexpected Stories From a Hacker Inside the Government http://youtu.be/TSR-b9yuTbM?t=11m20s

Policy and Law

 * "The Cybersecurity Act of 2012: Are We Smarter Than a Fifth Grader?" http://www.huffingtonpost.com/dave-aitel/the-cybersecurity-act-of-_b_1737129.html?utm_hp_ref=tw
 * RT @daveaitel Leon Panetta Warns of Digital 9/11 Cyber Attack - The CIO Report - WSJ http://t.co/TEwyK6MU
 * U.S. Information Operations Roadmap (Oct. 2003) http://news.bbc.co.uk/2/shared/bsp/hi/pdfs/27_01_06_psyops.pdf
 * Internet Posting Removal Act (Illinois State Bill) http://legiscan.com/IL/text/SB1614

CyberOffense

 * http://www.forbes.com/sites/ciocentral/2012/08/02/its-time-for-the-security-industry-to-step-up-and-play-offense/
 * The Jester Dynamic: A Lesson in Asymmetric Unmanaged Cyber Warfare http://www.sans.org/reading_room/whitepapers/attacking/jester-dynamic-lesson-asymmetric-unmanaged-cyber-warfare_33889

Cybercrime

 * http://www.rollingstone.com/culture/news/sex-drugs-and-the-biggest-cybercrime-of-all-time-20101111
 * DoD Communications Systems Breach in 9/11 Trials http://cryptome.org/2013/04/dod-911-trial-breach.htm

The Big Picture: Timeline and Background

 * An illustration of the cyberwar timeline: http://online.lewisu.edu/the-history-of-cyber-warfare.asp
 * http://security.blogs.cnn.com/2012/07/09/cyber-chief-warns-of-rising-danger-from-cyber-attacks/?hpt=hp_t2
 * "Four Ways the Internet Could Go Down" http://www.cnn.com/2012/07/10/tech/web/internet-down-eagleman/index.html?iref=obnetwork
 * http://www.ndu.edu/press/cyberdeterrence-and-cyberwar.html
 * http://www.wired.com/threatlevel/2012/02/yellowcake-and-cyberwar/
 * http://cacm.acm.org/magazines/2012/3/146243-a-comparative-study-of-cyberattacks
 * http://mlocasto.blogspot.ca/2010/03/cyberwar-and-non-military-cyber.html
 * Cyberwar is expensive: https://www.usenix.org/conference/usenix-security-11/three-cyber-war-fallacies
 * "Cyber war realities—What lies ahead Pages 84-85 by Robert A. Miller" http://pdn.sciencedirect.com/science?_ob=MiamiImageURL&_cid=277415&_user=1067480&_pii=S1874548211000436&_check=y&_origin=browse&_zone=rslt_list_item&_coverDate=2012-07-31&wchp=dGLbVlk-zSkzk&md5=454f605b5d12e1594cdb6fe5f61f610a&pid=1-s2.0-S1874548211000436-main.pdf&sqtrkid=0.7252857018475265

Techniques: Affecting the Real World

 * power grid threats: http://news.cnet.com/8301-1009_3-57501660-83/feds-power-grid-vulnerable-to-fast-moving-cybersecurity-threats/
 * http://security.blogs.cnn.com/2012/05/08/cyber-attack-targets-gas-pipeline-companies/?hpt=hp_t3
 * homemade GPS jammers
 * http://www.computerworld.com/s/article/77702/Homemade_GPS_jammers_raise_concerns
 * http://www.phrack.org/issues.html?issue=60&id=13
 * Hijacking Airplanes with an Android phone http://net-security.org/secworld.php?id=14733

Stuxnet, Flame, and other Cyberweapons

 * Stuxnet: leaks or lies? http://spectrum.ieee.org/podcast/computing/embedded-systems/stuxnet-leaks-or-lies
 * http://cacm.acm.org/magazines/2012/3/146257-war-20-cyberweapons-and-ethics
 * A Weapon We Can't Control http://www.nytimes.com/2012/06/25/opinion/stuxnet-will-come-back-to-haunt-us.html?emc=eta1
 * http://www.symantec.com/connect/blogs/w32stuxnet-dossier - would have to walk through it for non-CS types
 * http://arstechnica.com/security/2012/08/mystery-malware-amateur-coding-error/
 * http://www.kaspersky.com/about/news/virus/2012/Kaspersky_Lab_and_ITU_Research_Reveals_New_Advanced_Cyber_Threat
 * http://www.cnn.com/2012/06/04/opinion/rushkoff-flame-virus/index.html
 * J. Aycock. Stux in a Rut: Why Stuxnet is Boring. Virus Bulletin, September 2011, pp. 14-17. Copyright is held by Virus Bulletin Ltd., but is made available on this site for personal use free of charge by permission of Virus Bulletin. http://pages.cpsc.ucalgary.ca/~aycock/papers/vb-stuxnet.pdf
 * "Red October" Diplomatic Cyber Attacks Investigation
 * Adventures in Analyzing Stuxnet: http://www.youtube.com/watch?v=fVNHX1Hrr6w

Robots, Drones, and Automation

 * http://m.theatlantic.com/politics/archive/2012/04/this-industrys-voice-on-capitol-hill-the-drone-industrial-complex/256177/
 * is the drone program secret? or not? http://security.blogs.cnn.com/2012/05/23/deadly-drones-and-the-classified-conundrum/?hpt=hp_bn2
 * Essay on targeted drone killings: http://us.cnn.com/2012/08/15/opinion/oconnell-targeted-killing/index.html?hpt=hp_t2
 * http://www.guardian.co.uk/commentisfree/cifamerica/2012/jan/20/why-obama-targeted-killing-is-like-bush-torture
 * Russia Stockpiling Drones to Spy on Protesters: http://www.cnn.com/2012/07/25/tech/innovation/russia-stockpiling-drones-wired/index.html
 * Drones are Obama's weapon of choice: http://www.cnn.com/2012/09/05/opinion/bergen-obama-drone/index.html?hpt=hp_t3
 * recommendations on drones: http://www.aclu.org/blog/technology-and-liberty/police-chiefs-issue-recommendations-drones-look-how-they-measure
 * asymmetry: 1LPR != 1LEO: http://arstechnica.com/tech-policy/2012/08/your-car-tracked-the-rapid-rise-of-license-plate-readers/3/
 * CNN Video: Robots training for war: http://us.cnn.com/video/?hpt=hp_t2#/video/bestoftv/2012/08/01/exp-lawrence-robot-boot-camp.cnn
 * https://twitter.com/drunkenpredator
 * The Al-Qaida Papers - Drones http://cryptome.org/2013/02/al-qaida-drones.pdf
 * http://www.guardian.co.uk/commentisfree/2013/mar/10/paul-filibuster-drones-progressives
 * http://www.policymic.com/articles/29569/i-filibustered-to-defend-millennials
 * http://www.mcclatchydc.com/2013/04/09/188062/obamas-drone-war-kills-others.html

Government Responsibility and Power

 * Aitel on Obama and information security policy: http://cybersecpolitics.blogspot.ca/2012/07/obama-and-cyber-security.html
 * http://arstechnica.com/information-technology/2012/09/big-brother-meets-big-data-the-next-wave-in-net-surveillance-tech/
 * Govt. reading your tweets? http://www.cnn.com/2012/03/09/opinion/obeidallah-social-media/index.html
 * FISA: http://www.wired.com/threatlevel/2012/09/house-approves-spy-bill/?utm_source=twitter&utm_medium=socialmedia&utm_campaign=twitterclickthru
 * FISA: http://www.wired.com/threatlevel/2012/06/fisa-amendments-act-fate/
 * "Is the Govt Doing Enough to Protect Us?" http://us.cnn.com/2012/07/25/tech/regulating-cybersecurity/index.html?hpt=hp_bn5
 * http://www.google.com/transparencyreport/removals/government/data/
 * Google Transparency Report: http://us.cnn.com/2012/06/18/tech/web/google-transparency-report/index.html?hpt=hp_t1
 * http://www.wired.com/threatlevel/2012/08/administrative-subpoenas/all/
 * http://us.cnn.com/2012/05/29/tech/web/internet-defense-league/index.html?hpt=hp_t3
 * "Project Farewell" https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi-studies/studies/96unclass/farewell.htm
 * "Darpa Looks to Make Cyberwar Routine With Secret ‘Plan X’" http://www.wired.com/dangerroom/2012/08/plan-x/
 * "Obama signs secret directive to help thwart cyberattacks" http://www.washingtonpost.com/world/national-security/obama-signs-secret-cybersecurity-directive-allowing-more-aggressive-military-role/2012/11/14/7bf51512-2cde-11e2-9ac2-1c61452669c3_print.html
 * "Jeremy Hammond on Aaron Swartz and the Criminalization of Digital Dissent" http://freehammond.com/node/jeremy-article-aaron-swartz-and-the-criminalization-of-digital-dissent
 * "Obama officials refuse to say if assassination power extends to US soil" http://www.guardian.co.uk/commentisfree/2013/feb/22/obama-brennan-paul-assassinations-filibuster
 * Wikimedia Foundation elaborates on recent demand by French governmental agency to remove Wikipedia content. https://fr.wikipedia.org/w/index.php?title=Wikip%C3%A9dia:Bulletin_des_administrateurs/2013/Semaine_14&diff=91740048&oldid=91739287#Wikimedia_Foundation_elaborates_on_recent_demand_by_French_governmental_agency_to_remove_Wikipedia_content.

Training Cyber-warriors

 * http://www.theinquirer.net/inquirer/news/2199376/uks-first-cyber-security-camp-aims-to-train-an-army-of-cyber-warriors
 * http://www.lawfareblog.com/2012/05/state-department-hackers/
 * http://cryptome.org/2013/03/call-to-cyber-arms.pdf

Selling Exploits and Regulating or Controlling Sale thereof

 * secrecy around zero-day exploits spurs calls for govt regulation http://www.washingtonpost.com/world/national-security/secrecy-surrounding-zero-day-exploits-industry-spurs-calls-for-government-oversight/2012/09/01/46d664a6-edf7-11e1-afd6-f55f84bc0c41_story.html
 * EFF position
 * DD mail thread
 * http://torontogoat.wordpress.com/2012/09/05/my-thoughts-on-exploit-sales/
 * Forget Disclosure — Hackers Should Keep Security Holes to Themselves http://www.wired.com/opinion/2012/11/hacking-choice-and-disclosure/

The West vs. China, Iran, and ?
http://money.cnn.com/2013/02/19/technology/china-military-cybercrime/index.html?hpt=hp_t2
 * RIM and China: http://www.huffingtonpost.ca/dave-aitel/rim-china_b_1672276.html?utm_hp_ref=canada-business
 * http://www.schneier.com/blog/archives/2012/08/us_and_china_ta.html
 * http://us.cnn.com/2012/06/06/tech/google-hacking-alerts/index.html?hpt=hp_t3

Cyberterrorism

 * http://www.nextgov.com/cybersecurity/2012/05/al-qaeda-video-calls-electronic-jihad-government-computers/55886/?oref=ng-dropdown
 * Ford & Gordon’s cyberterrorism paper (http://www.symantec.com/avcenter/reference/cyberterrorism.pdf, also in Computers & Security IIRC)

Uncategorized Links

 * https://www.eff.org/deeplinks/2013/12/meet-co-traveler-nsas-cell-phone-location-tracking-program
 * a review... http://www.newyorker.com/online/blogs/johncassidy/2013/12/nsa-report-white-house-the-good-and-the-bad.html?mobify=0
 * ...of this report: http://www.whitehouse.gov/blog/2013/12/18/liberty-and-security-changing-world
 * http://edition.cnn.com/2013/12/30/us/nsa-spying-hacking-program/
 * http://www.dni.gov/index.php/newsroom/press-releases/198-press-releases-2014/994-foreign-intelligence-surveillance-court-approves-government%E2%80%99s-application-to-renew-telephony-metadata-program
 * https://freedom-to-tinker.com/blog/felten/a-court-order-is-an-insider-attack/
 * http://blog.sfgate.com/techchron/2013/10/10/stanford-researchers-discover-alarming-method-for-phone-tracking-fingerprinting-through-sensor-flaws/
 * http://www.washingtonpost.com/world/national-security/nsa-collects-millions-of-e-mail-address-books-globally/2013/10/14/8e58b5be-34f9-11e3-80c6-7e6dd8d22d8f_story_2.html
 * http://www.nytimes.com/2012/06/17/technology/acxiom-the-quiet-giant-of-consumer-database-marketing.html?_r=1&pagewanted=all
 * https://ssd.eff.org/
 * https://globalchokepoints.org/
 * https://www.eff.org/free-speech-weak-link#isp
 * http://us.cnn.com/2012/06/21/tech/web/internet-data-evernote/index.html?hpt=hp_t3
 * http://www.robertgraham.com/journal/030815-blaster.c
 * http://www.washingtonpost.com/world/national-security/us-documents-detail-al-qaedas-efforts-to-fight-back-against-drones/2013/09/03/b83e7654-11c0-11e3-b630-36617ca6640f_story.html?Post+generic=%3Ftid%3Dsm_twitter_washingtonpost
 * http://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption
 * http://www.washingtonpost.com/business/technology/google-encrypts-data-amid-backlash-against-nsa-spying/2013/09/06/9acc3c20-1722-11e3-a2ec-b47e45e6f8ef_story.html
 * http://www.links.org/?p=1283
 * http://www.smithsonianmag.com/history-archaeology/Richard-Clarke-on-Who-Was-Behind-the-Stuxnet-Attack.html?c=y&story=fullstory
 * http://arstechnica.com/tech-policy/2012/03/sealand-and-havenco/4/
 * joint operation planning manual; http://t.co/1FCBm8qaNl
 * http://www.theatlantic.com/international/archive/2013/09/the-us-should-use-cyber-weapons-against-assad/279266/
 * Cyberswitzerland: http://spiresecurity.com/?p=1345
 * http://mobile.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html
 * http://www.theatlantic.com/technology/archive/2013/08/the-nsa-is-commandeering-the-internet/278572/
 * http://www.theguardian.com/world/2013/aug/18/glenn-greenwald-guardian-partner-detained-heathrow
 * http://www.theguardian.com/commentisfree/2013/aug/18/david-miranda-detained-uk-nsa
 * Groklaw shutdown: http://www.groklaw.net/article.php?story=20130818120421175
 * http://patrickcollison.com/post/government-internet
 * https://www.eff.org/deeplinks/2013/08/eff-victory-results-expected-release-secret-court-opinion-finding-nsa-surveillance
 * http://fdlaction.firedoglake.com/2013/08/23/obama-is-just-going-to-pretend-the-nsa-phone-sex-abuses-never-happened/?utm_source=twitterfeed&utm_medium=twitter
 * http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/29/the-nsa-has-its-own-team-of-elite-hackers/?wprss=rss_social-postbusinessonly&Post+generic=%3Ftid%3Dsm_twitter_washingtonpost&clsrd
 * http://mobile.nytimes.com/2013/09/02/us/drug-agents-use-vast-phone-trove-eclipsing-nsas.html?ref=us&
 * http://www.washingtonpost.com/blogs/the-switch/wp/2013/08/31/the-nsa-hacks-other-countries-by-buying-millions-of-dollars-worth-of-computer-vulnerabilities/?Post+generic=%3Ftid%3Dsm_twitter_washingtonpost
 * http://us.cnn.com/2013/08/09/politics/nsa-documents-scope/index.html?hpt=hp_t2
 * http://us.cnn.com/2013/08/09/politics/obama-news-conference/index.html?hpt=hp_t2
 * drones and judges: http://www.usnews.com/news/politics/articles/2013/07/19/judge-govt-position-in-drone-suit-disconcerting
 * cybercrime and entrapment: http://www.wired.com/threatlevel/2013/07/open-market/
 * http://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/
 * rise of the warrior cop: http://online.wsj.com/article/SB10001424127887323848804578608040780519904.html
 * http://www.theguardian.com/world/2013/jul/24/nsa-surveillance-amash-amendment?CMP=twt_fd
 * http://maradydd.livejournal.com/528620.html
 * http://articles.washingtonpost.com/2013-07-07/opinions/40427629_1_daniel-ellsberg-pentagon-papers-snowden-s/2
 * http://www.techdirt.com/articles/20130726/01200123954/obama-promise-to-protect-whistleblowers-just-disappeared-changegov.shtml
 * http://www.washingtonpost.com/opinions/the-white-house-should-end-the-bulk-collection-of-americans-phone-records/2013/07/26/c3c0103e-f553-11e2-9434-60440856fadf_story.html
 * http://www.newyorker.com/online/blogs/closeread/2013/07/holder-we-wont-torture-or-kill-snowden.html?mobify=0
 * http://www.theguardian.com/world/2013/jul/27/nsa-snowden-father-justice-russia?CMP=twt_fd
 * http://www.out.com/news-commentary/2011/04/18/glenn-greenwald-life-beyond-borders
 * http://www.buzzfeed.com/hunterschwarz/americans-are-more-concerned-about-the-government-spying-on
 * http://slog.thestranger.com/slog/archives/2013/07/31/police-threatened-to-arrest-me-for-taking-their-photo-last-night
 * http://www.nytimes.com/2013/08/06/us/tsa-expands-duties-beyond-airport-security.html?partner=rss&emc=rss&smid=tw-nytimes&_r=3&
 * https://lavabit.com/
 * http://www.ottawacitizen.com/news/national/Canada%20cyberspace%20talks%20military%20strategy/8754132/story.html
 * https://www.eff.org/deeplinks/2013/08/lavabit-encrypted-email-service-shuts-down-cant-say-why
 * http://techcrunch.com/2013/08/08/silent-circle-preemptively-shuts-down-encrypted-email-service-to-prevent-nsa-spying/
 * http://www.theregister.co.uk/2007/11/08/hushmail_court_orders/
 * https://ilt.eff.org/index.php/Speech:_Anonymity
 * http://preview.reuters.com/2013/8/9/nsa-to-cut-system-administrators-by-90-percent-to
 * http://www.techdirt.com/articles/20130809/16320324131/doj-theres-no-expectation-privacy-your-phone-records-because-people-dont-like-terrorists.shtml
 * http://us.cnn.com/2012/10/29/opinion/jaffer-abdo-wiretapping/index.html?hpt=hp_t3
 * http://us.cnn.com/2012/11/14/tech/petraeus-email-privacy/index.html?hpt=hp_c1
 * http://www.redorbit.com/news/technology/1112735903/hacker-greek-personal-data-programmer-112312/
 * http://us.cnn.com/2013/05/01/opinion/chertoff-wearable-devices/index.html?hpt=hp_t3
 * http://www.cnn.com/2013/06/08/opinion/cheng-privacy-snooping/index.html?hpt=hp_t4
 * http://www.cbc.ca/news/canada/story/2013/06/10/surveillance-canadians-target-data-collect.html
 * http://us.cnn.com/2013/06/12/opinion/deibert-nsa-surveillance/index.html?hpt=hp_t4
 * http://politicalticker.blogs.cnn.com/2013/06/11/king-journalists-in-classified-leak-cases-should-face-punishment/?hpt=hp_t1
 * http://us.cnn.com/2013/06/12/politics/nsa-leak/index.html?hpt=hp_t1
 * http://www.salon.com/2013/07/12/stop_ray_kelly_from_leading_homeland_security_department/
 * http://www.thedailybeast.com/articles/2013/06/25/greenwald-snowden-s-files-are-out-there-if-anything-happens-to-him.html
 * http://www.economist.com/blogs/democracyinamerica/2013/07/secret-government
 * http://thehill.com/blogs/global-affairs/human-rights/310773-obama-administration-urges-human-rights-groups-to-abandon-snowden
 * http://www.guardian.co.uk/world/interactive/2013/jun/07/obama-cyber-directive-full-text
 * http://www.motherjones.com/politics/2012/06/obamas-whistleblowers-stuxnet-leaks-drones
 * http://wemeantwell.com/blog/2011/08/25/us-military-spare-parts-went-to-qaddafi-in-2009/
 * http://www.guardian.co.uk/world/2013/jul/12/edward-snowden-full-statement-moscow?CMP=twt_fd
 * http://blogs.technet.com/b/microsoft_on_the_issues/archive/2013/06/14/microsoft-s-u-s-law-enforcement-and-national-security-requests-for-last-half-of-2012.aspx
 * http://wikileaks.org/wiki/On_the_take_and_loving_it
 * http://mg.co.za/article/2013-05-10-00-why-the-geeks-will-inherit-the-earth
 * http://www.foxnews.com/politics/2013/07/20/state-department-agency-deemed-critical-to-information-security-is-mess-report/?utm_source=dlvr.it&utm_medium=twitter
 * http://wiki.ucalgary.ca/page/Courses/Computer_Science/CPSC_601.65.Cyberwar.F2012
 * http://online.wsj.com/article/SB10001424127887324235304578438571356460546.html
 * http://news.yahoo.com/special-report-u-cyberwar-strategy-stokes-fear-blowback-110055163.html
 * https://krebsonsecurity.com/2013/04/fool-me-once/
 * http://www.taipeitimes.com/News/front/archives/2013/04/28/2003560895
 * http://cacm.acm.org/news/163284-obama-budget-makes-cybersecurity-a-growing-us-priority/fulltext
 * http://cacm.acm.org/news/164128-china-sees-cyberwar-as-reducing-us-advantage-in-future-conflict/fulltext
 * http://us.cnn.com/2013/04/07/world/meast/israel-cyberattacks/index.html?hpt=hp_t2
 * http://www.nytimes.com/2013/03/21/world/asia/south-korea-computer-network-crashes.html?ref=world&_r=1&
 * the fog of cyberwar: http://www.foreignaffairs.com/articles/138443/brandon-valeriano-and-ryan-maness/the-fog-of-cyberwar?cid=soc-twitter-in-snapshots-fog_of_cyberwar-120612
 * 7 technologies that will make it easier for the president to hunt and kill you: http://www.wired.com/dangerroom/2012/11/president-hunt-you/
 * can't say anything about nuclear power plant security: http://nakedsecurity.sophos.com/2012/10/31/nuclear-security-silence/?utm_medium=linkedin&utm_source=twitterfeed
 * http://news.cnet.com/8301-13578_3-57533001-38/verizon-draws-fire-for-monitoring-app-usage-browsing-habits/
 * http://online.wsj.com/article/SB10000872396390444375104577593543203853710.html
 * http://arstechnica.com/information-technology/2012/09/big-brother-meets-big-data-the-next-wave-in-net-surveillance-tech/
 * air force seeking cyberweapons http://blog.spaf.us/post/30499344542/air-force-openly-seeking-cyber-weapons-threatpost?b0772f58?52d8de80?07e70040?9fa24270
 * http://www.nybooks.com/blogs/nyrblog/2012/apr/19/39-ways-limit-free-speech/
 * spyware leads to activist: http://www.businessweek.com/news/2012-10-10/spyware-leaves-trail-to-beaten-activist-through-microsoft-flaw#p3
 * homeland security budget: http://www.schneier.com/blog/archives/2012/10/2013_us_homelan.html
 * weev: http://www.wired.com/threatlevel/2012/11/att-hacker-found-guilty/
 * zero day price list: http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/?utm_campaign=techtwittersf&utm_source=twitter&utm_medium=social
 * on disclosure of intrusion events in cyberwar: http://blog.hacktalk.net/on-disclosure-of-intrusion-events-in-a-cyberwar/
 * http://blog.thephoenix.com/BLOGS/phlog/archive/2012/04/06/when-police-subpoena-your-facebook-information-heres-what-facebook-sends-cops.aspx
 * http://theweek.com/bullpen/column/239929/americas-embarrassingly-redundant-and-entangled-cybersecurity-complex
 * malware spying on govt computers for decades: http://arstechnica.com/security/2013/03/decade-old-espionage-malware-found-targeting-government-computers/
 * drones http://us.cnn.com/2012/10/25/us/drones-privacy/index.html?hpt=hp_bn1
 * drones http://news.cnet.com/8301-13578_3-57572207-38/dhs-built-domestic-surveillance-tech-into-predator-drones/
 * http://www.lawfareblog.com/2013/03/the-faa-wants-to-hear-from-you-about-privacy-and-domestic-drones/
 * http://www.regulations.gov/#!docketDetail;D=FAA-2013-0061
 * http://security.blogs.cnn.com/category/cybersecurity/
 * http://money.cnn.com/2012/09/27/technology/bank-cyberattacks/index.html?hpt=hp_t3
 * Internet Freedome report: http://us.cnn.com/2012/09/27/world/world-internet-freedom-report/index.html?hpt=hp_t3
 * http://www.haaretz.com/opinion/how-many-rockets-has-iron-dome-really-intercepted.premium-1.508277
 * syria might shut down internet http://us.cnn.com/2012/10/10/tech/web/syria-internet/index.html?hpt=hp_c3
 * UK blocks extradition to US: http://us.cnn.com/2012/10/16/world/europe/uk-us-mckinnon-extradition/index.html?hpt=hp_t3
 * Harvard B Center wiki: http://bit.ly/PMLGYz
 * http://fabiusmaximus.com/2012/08/20/41929/
 * A little project involving unethical experiments: http://www.ceas.uc.edu/current_students/Student_Stories/cyber_war_.html
 * An article/paper on network warfare with a military perspective http://www.au.af.mil/au/awc/awcgate/cst/bugs_ch01.pdf
 * http://www.ists.dartmouth.edu/events/abstract-mcgraw.html
 * McGraw on proactive defense: http://searchsecurity.techtarget.com/news/2240169976/Gary-McGraw-Proactive-defense-prudent-alternative-to-cyberwarfare
 * http://doi.acm.org/10.1145/1363686.1364193
 * http://www.cnn.com/2012/11/05/world/meast/israel-iran-war-games/index.html?iref=obinsite
 * The Hackers of Damascus http://www.businessweek.com/articles/2012-11-15/the-hackers-of-damascus
 * Canadian security agencies reports on Anonymous http://www.scribd.com/doc/117399813/Canadian-security-agencies-reports-on-Anonymous
 * http://www.foxnews.com/world/2012/11/19/hackers-target-israel-with-millions-attacks-as-hamas-rockets-continue-to-fall/
 * us.cnn.com/2012/11/19/tech/web/cyber-attack-israel-anonymous/index.html?hpt=hp_t1
 * http://us.cnn.com/2012/11/16/tech/social-media/social-media-war-gaza-israel/index.html?hpt=hp_bn5
 * http://www.ccdcoe.org/249.html
 * bug bounties: http://www.wired.com/threatlevel/2012/11/bug-bounties/all/
 * Mudge Zatko, Defense Advanced Research Projects Agency (DARPA) program manager [Reddit AMA] http://www.reddit.com/r/netsec/comments/18dz1q/im_mudge_zatko_darpa_program_manager_amaa/
 * Van Riper's Asymmetric Strategy http://en.wikipedia.org/wiki/Millennium_Challenge_2002
 * Raytheon's 'Google for Spies' http://www.guardian.co.uk/world/2013/feb/10/software-tracks-social-media-defence
 * http://us.cnn.com/2013/02/19/opinion/hayden-courage-security-decisions/index.html?hpt=hp_c3