Module Navigation
Introduction to Public Interest Cybersecurity
- Sean Brooks, Center for Long-Term Cybersecurity. “Defending Politically Vulnerable Organizations Online” [https://cltc.berkeley.edu/wp-content/uploads/2018/07/CLTC_Defending_PVOs.pdf]
- Citizen Lab’s “About Us” Paper. [https://citizenlab.ca/wp-content/uploads/2018/05/18033-Citizen-Lab-booklet-p-E.pdf]
- Citizen Lab’s Security Planner. [https://securityplanner.org/]
- Sandro Contenta, Toronto Star. “How these Toronto sleuths are exposing the world’s digital spies while risking their own lives” [https://www.thestar.com/news/canada/2019/12/13/from-a-tower-in-toronto-they-watch-the-watchers-how-citizen-lab-sleuths-are-exposing-the-worlds-digital-spies-while-risking-their-own-lives.html]
- Havron et al. “Clinical computer security for victims of intimate partner violence.” In Proceedings of the 28th USENIX Security Symposium (pp. 105-122).[https://www.nixdell.com/papers/2019-usenix_clinical_security_FULL.pdf]
- Deji Olukotun, Access Now. “Spyware in Mexico: an interview with Luis Fernando García of R3D Mexico” [https://www.accessnow.org/spyware-mexico-interview-luis-fernando-garcia-r3d-mexico/]
- Tactical Tech’s Annual Report [https://cdn.ttc.io/s/tacticaltech.org/Tactical-Tech-2018-Annual-Report.pdf]
Ethics and the Citizen Clinic Code of Conduct
- Citizen Clinic. “Student Code of Conduct” [https://www.citizenclinic.io/Clinic_Curriculum/Modules/Ethics/Student_Code_of_Conduct/]
- Shannon Vallor, The Markkula Center for Applied Ethics. “An Introduction to Cybersecurity Ethics” [https://www.scu.edu/media/ethics-center/technology-ethics/IntroToCybersecurityEthics.pdf]
Old School INFOSEC: Basic Controls
- Le Blond et al. “A look at targeted attacks through the lense of an NGO” [www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-blond.pdf]
- Sean Brooks, CLTC, TechSoup Webinar. “Cybersecurity in Low-Risk Organizations: Understanding Your Risk and Making Practical Improvements.”: [https://cltc.berkeley.edu/2019/02/25/cltc-and-citizen-clinic-present-cybersecurity-in-low-risk-organizations-webinar/]
- Citizen Lab’s Security Planner. [https://securityplanner.org/]
- Electronic Frontier Foundation’s Surveillance Self-Defense guide. [https://ssd.eff.org/]
- Alex Gaynor. “What happens when you type google.com into your browser’s address box and press enter?” [https://github.com/alex/what-happens-when]
- Rus Shuler. “How Does the Internet Work?” [web.stanford.edu/class/msande91si/www-spr04/readings/week1/InternetWhitepaper.htm]
Digital Surveillance of Politically Vulnerable Organizations: The Threat Landscape
- Stephen Arnold. “Telestrategies – An Interview with Dr. Jerry Lucas” [http://www.arnoldit.com/search-wizards-speak/telestrategies-2.html]
- Joseph Cox. “I Gave a Bounty Hunter $300. Then He Located Our Phone” [https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bounty-hunter-300-dollars-located-phone-microbilt-zumigo-tmobile]
- Vernon Silver and Ben Elgin. “Torture in Bahrain Becomes Routine With Help From Nokia Siemens” [https://web.archive.org/web/20111006185329/http://www.bloomberg.com/news/2011-08-22/torture-in-bahrain-becomes-routine-with-help-from-nokia-siemens-networking.html]
- John Scott-Railton et al, Citizen Lab. “Bittersweet: Supporters of Mexico’s soda tax targeted with NSO exploit links” [https://citizenlab.ca/2017/02/bittersweet-nso-mexico-spyware/]
Problem Diagnosis and Reframing
- Netgain. “Digital Security and Grantcraft Guide” [fordfoundation.org/media/3334/digital-security-grantcraft-guide-v10-final-22317.pdf]
- Arthur Turner. “Consulting Is More Than Giving Advice” [https://hbr.org/1982/09/consulting-is-more-than-giving-advice]
- Thomas Wedell-Wedellsborg. “Are You Solving the Right Problems?” [https://hbr.org/2017/01/are-you-solving-the-right-problems]
Threat Modeling & Bounding Risk Assessments
- Electronic Frontier Foundation, “Surveillance Self-Defense: Your Security Plan” [https://ssd.eff.org/en/playlist/activist-or-protester#your-security-plan]
- NIST SP 800-37 “Risk Management Framework for Information Systems and Organizations.” Chapter 2 only. [https://csrc.nist.gov/CSRC/media/Publications/sp/800-37/rev-2/draft/documents/sp800-37r2-draft-ipd.pdf or Shutdown Mirror]
- NIST SP 800-39 “Managing Information Security Risk.” Chapter 2 only. [https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf or Shutdown Mirror]
- NISTIR 8062 “An Introduction to Privacy Engineering and Risk Management in Federal Systems.” [https://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8062.pdf or Shutdown Mirror]
Contextual & Capacity Research
- SAFETAG, Internews. “SAFETAG Guide” Skim to Section 2.2, then read Section 2.2 and Section 2.3. [https://safetag.org/guide/]
- Read and Explore Examples About PESTLE. (use an ad-blocker!) [https://pestleanalysis.com/what-is-pestle-analysis/]
- Jorge Luis Sierra. “Digital and Mobile Security for Mexican Journalists and Bloggers” [https://freedomhouse.org/sites/default/files/Digital%20and%20Mobile%20Security%20for%20Mexican%20Journalists%20and%20Bloggers.pdf]
Information Gathering
- Ruba Abu-Salma et al. “Obstacles to the Adoption of Secure Communication Tools” [https://ieeexplore.ieee.org/abstract/document/7958575/]
- Jeanette Blomberg et al. “An Ethnographic Approach to Design” [https://www.researchgate.net/publication/262363851_An_Ethnographic_Approach_to_Design]
- Jenna Burrell. “The Field Site as a Network: A Strategy for Locating Ethnographic Research” [https://doi.org/10.1177/1525822X08329699]
- Collaboration on International ICT Policy in East and Southern Africa. “Safeguarding Civil Society: Assessing Internet Freedom and the Digital Resilience of Civil Society in East Africa” – Read each chapter, but for one country only. [https://cipesa.org/?wpfb_dl=237]
- Lofland and Lofland. Read Chapter 5 (66-98) “Logging Data” in “Analyzing social settings: A guide to qualitative observation and analysis” [https://searchworks.stanford.edu/view/10531063]
Open Source Research Methods, Safety, and Tools
- Awesome OSINT [https://github.com/jivoi/awesome-osint]
- Ian Barwise. “Open-Source Intelligence (OSINT) Reconnaissance” [https://medium.com/@z3roTrust/open-source-intelligence-osint-reconnaissance-75edd7f7dada]
- Conor Fortune, Amnesty International. “Digitally dissecting atrocities – Amnesty International’s open source investigations.” [https://www.amnesty.org/en/latest/news/2018/09/digitally-dissecting-atrocities-amnesty-internationals-open-source-investigations/]
- OSINT Framework [https://osintframework.com/]
- OSINT.link [https://osint.link]
- Travis Lishok, Protective Intelligence. “Part I: An Introduction To OSINT Research For Protective Intelligence Professionals” [https://www.protectiveintelligence.com/blog/osint-intro-for-protective-intelligence-pt1]
- Travis Lishok, Protective Intelligence. “Part 2: An Introduction To OSINT Research For Protective Intelligence Professionals” [https://www.protectiveintelligence.com/blog/osint-intro-for-protective-intelligence-pt2]
- SECALERTS – Automated Security Audit [https://secalerts.co/security-audit]
- Marc Wilson, PCWDLD.com. “OSINT Tools & Software for Passive & Active Recon & Security!” [https://www.pcwdld.com/osint-tools-and-software]
Security Law and Policy Factors
- James C. Scott. “Seeing Like a State” – Chapter 9 [https://libcom.org/files/Seeing%20Like%20a%20State%20-%20James%20C.%20Scott.pdf]
- Kim Fong et al. “A CRIMSon Tide of Data: An Assessment of Potential Privacy Problems of the Consolidate Records Information Management System” [http://people.ischool.berkeley.edu/~strush/CRIMS_FongRowlandTrush_Feb2018.pdf]
Adversary Persona Development
- Julian Cohen. “Playbook Based Testing.” [https://medium.com/@HockeyInJune/playbook-based-testing-5df4b656113a]
- Bill Marczak and John Scott-Railton, Citizen Lab. “Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents” [https://citizenlab.ca/2016/05/stealth-falcon/]
- Nick Merrill, Daylight Security Research Lab. “Adversary Personas” [https://daylight.berkeley.edu/adversary-personas/]
- Microsoft’s STRIDE and related blog posts. [https://cloudblogs.microsoft.com/microsoftsecure/2007/09/11/stride-chart/]
Threat Scenario Development
- Mitre’s ATT&CK Wiki. [https://attack.mitre.org/]
- Mitre’s PRE-ATT&CK Techniques. [https://attack.mitre.org/techniques/pre/]
- Mitre’s Common Vulnerabilities and Exposures search.[https://cve.mitre.org/cve/]
Changing Security Behaviors
- The Engine Room. “Ties That Bind: Organisational Security for Civil Society” [https://www.theengineroom.org/civil-society-digital-security-new-research/]
- Adrienne Porter Felt et al. “Improving SSL Warnings: Comprehension and Adherence” [https://dl.acm.org/citation.cfm?id=2702442]
- Francesca Musiani and Ksenia Ermoshina. “What is a Good Secure Messaging Tool? The EFF Secure Messaging Scorecard and the Shaping of Digital (Usable) Security” [https://www.westminsterpapers.org/articles/10.16997/wpcc.265/]
- Alma Whitten and Doug Tygar. “Why Johnny Can’t Encrypt” [https://www.usenix.org/legacy/publications/library/proceedings/sec99/full_papers/whitten/whitten_html/index.html]
Social Engineering and Phishing
- Citizen Clinic. “Phishing Simulation Policy” [https://www.citizenclinic.io/Clinic_Infrastructure/Phishing_Simulation/]
- Masashi Crete-Nishihata et al, Citizen Lab. “Spying on a Budget: Inside a Phishing Operation with Targets in the Tibetan Community” [https://citizenlab.ca/2018/01/spying-on-a-budget-inside-a-phishing-operation-with-targets-in-the-tibetan-community/]]
- Micah Lee, The Intercept. “It’s Impossible To Prove Your Laptop Hasn’t Been Hacked. I Spent Two Years Finding Out.” [https://theintercept.com/2018/04/28/computer-malware-tampering/]
- Rachel Tobac. Social Proof Security. “How I would Hack You: Social Engineering Step-by-Step” [https://www.youtube.com/watch?v=L5J2PgGOLtE]
Designing Security Training
- Electronic Frontier Foundation. “Am I the Right Person?” [https://sec.eff.org/articles/right-person-to-train]
- Electronic Frontier Foundation. “How to Teach Adults” [https://sec.eff.org/articles/how-to-teach-adults]
- Browse the rest of EFF’s Security Education Companion. [https://sec.eff.org/]
- Rachel Weidinger et al. “How To Give A Digital Security Training” [https://medium.com/@geminiimatt/how-to-give-a-digital-security-training-4c83af667d40]
- Rachel Weidinger et al. “Digital Security Training Resources for Security Trainers, Fall 2019 Edition” [https://medium.com/cryptofriends/digital-security-training-resources-for-security-trainers-spring-2017-edition-e95d9e50065e]
Psychosocial Resilience
- Rated R for Resilience resource site. [https://sites.google.com/view/ratedr/basics]
- Angela Chen. The Verge. “Moderating content doesn’t have to be so traumatic” [https://www.theverge.com/2019/2/27/18243359/content-moderation-mental-health-ptsd-psychology-science-facebook]
- Sam Dubberley and Michele Grant. First Draft. “Journalism and Vicarious Trauma” [https://firstdraftnews.org/wp-content/uploads/2017/04/vicarioustrauma.pdf]
- Sarah Jeong, Charlie Warzel, Brianna Wu, Joan Donovan. New York Times. “Everything is GamerGate” [https://www.nytimes.com/interactive/2019/08/15/opinion/gamergate-twitter.html] – Read all of the four essays.
Harmful Information (Misinformation and Harassment)
- Tahmina Ansari, First Draft. “This Muslim journalist embraced social media until it ‘ruined’ his life” [https://firstdraftnews.org/this-muslim-journalist-embraced-social-media-until-it-ruined-his-life/]
- Nicholas Monaco and Carly Nyst. Institute For The Future. “State-Sponsored Trolling: How Governments Are Deploying Disinformation as Part of Broader Digital Harassment Campaigns”. Read pages 3 to 21 & 45 to 51. [http://www.iftf.org/statesponsoredtrolling]
- Sarah Oh and Travis L. Adkins. InterAction. “Disinformation Toolkit.” [https://staging.interaction.org/documents/disinformation-toolkit/]
- Cindy Otis. USA Today. “Americans could be a bigger fake news threat than Russians in the 2020 presidential campaign” [https://www.usatoday.com/story/opinion/2019/07/19/disinformation-attacks-americans-threaten-2020-election-column/1756092001/]
- Reply All podcast. “#112 The Prophet” Listen to or read transcript. [https://www.gimletmedia.com/reply-all/112-the-prophet]
