• Data breaches
• Phishing and identity theft

---

Books

• Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, by Bruce Schneier, 2018
• Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions, National Academies Press 2017
• Software Update as a Mechanism for Resilience and Security, National Academies Press 2017
• Liars & Outliers: Enabling the Trust that Society Needs to Thrive, Bruce Schneier, 2012
• Secrets & Lies: Digital Security in a Networked World, Bruce Schneier, 2000
• Cyberpunk: Outlaws and Hackers on the Computer Frontier, Touchstone 1991
• Hackers: Heroes of the Computer Revolution, Anchor Press/Doubleday 1984

Research

• A Future Built on Data: Data Strategies, Competitive Advantage and Trust, Institute for Data, Democracy Politics June 9, 2022
• Data is disruptive: How data sovereignty is challenging data governance, Institute for Data, Democracy Politics August 3, 2021
• How to Protect Critical Infrastructure From Ransomware Attacks, Cyber Policy Center 2021
• Privacy and Security Analysis of the IATA Travel Pass Android App, The Citizen Lab April 2022
• Annual Cybersecurity Report, Cisco 2021
• Internet Security Threat Report, Symantec 2021
• Threats Reports, McAfee 2021
• The Senate’s twin threats to online speech and security, Stanford University July 13, 2020
• Move Fast and Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings, The Citizen Lab April 2020
• “Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces, The Citizen Lab August 2018
• Shining a Light on the Encryption Debate: A Canadian Field Guide, The Citizen Lab May 2018
• Spying on a Budget: Inside a Phishing Operation with Targets in the Tibetan Community, The Citizen Lab January 2018
• APWG Report: Phishing Surges by 250 Percent in Q1 2016, SCMagazine.com May 25, 2016
• Identity Theft. U.S. Federal Bureau of Investigation, FBI 2017
• Consumer Confidence in Internet Security Is Weakening, The American Consumer Institute for Citizen Research May 20, 2016
• Do Data Breach Disclosure Laws Reduce Identity Theft? Journal of Policy Analysis and Management 2011
• An Investigation into Chinese Cybercrime and the Underground Economy in Comparison with the West. M.Sc. Dissertation, University of Southampton September 24, 2010
• Internet Development, Censorship, and Cyber Crimes in China, Journal of Contemporary Criminal Justice 2010
• All Your Contacts Belong to Us: Automated Identity Theft Attacks on Social Networks, Proclamation of the 18th International Conference on World Wide Web 2009
• Identity Theft, Computers and Behavioral Biometrics, Proceedings of the ISI World Statistics Congress 2009, IEEE, 2009
• On Lightweight Mobile Phone Application Certification, Proceedings of CCS 2009, 2009
• Identity Theft: Making the Known Unknowns Known, Harvard Journal of Law & Technology 2007
• Identity Theft in Cyberspace: Crime Control Methods and their Effectiveness in Combating Phishing Attacks, Berkeley Technology Law Journal 2005
• Human Identification Theory and the Identity Theft Problem, Texas Law Review November 2001
• Identity Theft, Social Security Numbers, and the Web, Communications of the ACM 2000
• Rogue Programs: Viruses, Worms, and Trojan Horses, Van Nostrand Reinhold 1990
• Reflections on Trusting Trust, Communications of the ACM 1984
• A Panel Session—Security Kernels, AFIPS Conference Proceedings National Computer Conference 1974
• Privacy and Protection in Operating Systems, Computer 1973
• Computer Security Technology Planning Study. Volumes I and II. Report ESD-TR-73-51, Electronic Systems Division (AFSC). Report ESD-TR-73-51 1972
• On Building Systems That Will Fail, Communications of the ACM 1971

Law Review Articles

• Ransomware, Cyber Sanctions, and the Problem of Timing, Boston College Law Review 2022
• Cybersecurity regulation in Brazil and Latin America: an overview. International Cybersecurity Law Review 2022
• Analysis of the cybersecurity ecosystem in the European Union, International Cybersecurity Law Review 2022
• Potential security and privacy issues in zero UI touchless technology, International Cybersecurity Law Review 2022
• Small Business Cybersecurity: A Loophole to Consumer Data, The Scholar: St. Mary’s Law Review on Race and Social Justice 2022
• Understanding the Chinese Data Security Law, International Cybersecurity Law Review 2021
• Square pegs, round holes, and Indian cybersecurity laws, International Cybersecurity Law Review 2021
• Korea’s cybersecurity regulations and enforcement related to security incidents, International Cybersecurity Law Review 2021
• Cybersecurity regulation in the financial sector: prospects of legal harmonization in the European Union and beyond, Uniform Law Review 2020
• Identity Theft in Cyberspace: Crime Control Methods and their Effectiveness in Combating Phishing Attacks, Berkeley Technology Law Journal 2015
• Digital Innocence, Cornell Law Review 2014
• Data Mining and Substandard Medical Practice: The Difference between Privacy, Secrets and Hidden Defects, Vanderbilt Law Review 2013
• Creating a ‘Circle of Trust’ to Further Digital Privacy and Cybersecurity Goals, Michigan State Law Review 2012
• Data Mining and Internet Profiling: Emerging Regulatory and Technological Approaches, The University of Chicago Law Review 2008
• Data Mining and the Fourth Amendment, The University of Chicago Law Review 2008
• Identity Theft: Making the Known Unknowns Known, Harvard Law Review 2007
• Health Information Technology and HIPAA: Can We Satisfy Security and Privacy Standards in the Digital Age, Oklahoma Journal of Law and Technology 2007
• In Sickness, Health, and Cyberspace: Protecting the Security of Electronic Private Health Information, Bepress Legal Series 2006
• Human Identification Theory and the Identity Theft Problem, Texas Law Review 2001

Laws

• Public Company Accounting Reform and Corporate Responsibility (15 U.S. Code Chapter 98), United States 2002 – Text
• Regulation S-P: Privacy of Consumer Financial Information and Safeguarding Personal Information (17 CFR Subpart A), United States, 2000 – Text
• Hong Kong National Security Law, Hong Kong, 2000 – Wikipedia
• Gramm-Leach-Bliley Act (GLBA), United States, 1999 – Text; Wikipedia
• Disclosure of Nonpublic Personal Information (15 U.S. Code Subchapter I), United States, 1999 – Text
• National Security Act of 1947, United States, 1947 – Text; Wikipedia

Essays/Blogs

• Is the End of Many Security Bugs Coming? LinkedIn AI Report January 29, 2022
• A New In-Depth Analysis of Anthem Breach, Bankinfosecurity.com January 10, 2017
• Where Is Cybercrime Really Coming From? Ted Talks November 2016
• Inside the Cyberattack that Shocked the US Government, Wired October 23, 2016
• The Guide to Password Security (and Why You Should Care), CNET.com January 1, 2016
• China Will Protect ‘Cyber-Security’ Borders by Any Means Necessary, CTGN.com December 28, 2015
• 5.6 Million Fingerprints Stolen in U.S. Personnel Data Hack: Government, Reuters.com September 23, 2015
• China Vows to ‘Clean the Internet’ in Cybercrime Crackdown, 15,000 Arrested, Naked Security by Sophos 2015
• The Internet’s Own Boy: The Story of Aaron Swartz, Video 2014
• Report to the President: MIT and the Prosecution of Aaron Swartz, MIT 2013
• Koobface: Inside a Crimeware Network. Information Warfare Monitor Announcement, CitizenLab November 12, 2012
• How to Master the Art of Passwords, CNET.com December 24, 2011
• Seeking Address: Why Cyber Attacks Are So Difficult to Trace Back to Hackers, Scientific American June 11, 2011
• Keep Your Data Safe by Following the Password Commandments, CNET.com February 25, 2008

News

• Crypto Scammers’ New Target: Dating Apps, NYTimes February 21, 2022
• What We Learned About Pegasus, the Smartphone Cracker, NYTimes January 28, 2022
• Apple Issues Emergency Security Updates to Close a Spyware Flaw, NYTimes Sept. 13, 2021
• Clarinetist Discovers His Ex-Girlfriend Faked a Rejection Letter from His Dream School, The Washington Post June 15, 2018
• Banks Adopt Military‑Style Tactics to Fight Cybercrime, NYTimes May 20, 2018
• Cloud Security: The Reason Hackers Have it So Easy Will Infuriate You, Fast Company May 29, 2018
• F.B.I.’s Urgent Request: Reboot Your Router to Stop Russia‑Linked Malware, NY Times May 27, 2018
• ‘Too Inconvenient’: Trump Goes Rogue on Phone Security, Politico.com May 21, 2018
• Amazon’s Alexa Could Be Tricked into Snooping on Users, Say Security Researchers, ZDNet.com April 25, 2018
• Hard Choice for Cities Under Cyberattack: Whether to Pay Ransom, NYTimes March 29, 2018
• A New Data Leak Hits Aadhaar, India’s National ID Database, ZDNet.com March 23, 2018
• Encryption Policy and its International Effects: A Framework for Understanding Extraterritorial Ripple Effects, Hoover Institution March 2, 2018
• An ‘Iceberg’ of Unseen Crimes: Many Cyber Offenses Go Unreported, NY Times February 5, 2018
• Strava Fitness App Can Reveal Military Sites, Analysts Say, NYTimes January 29, 2018
• Lebanese Intelligence Turned Targets’ Android Phones into Spy Devices, Researchers Say, NY Times, January 18, 2018
• What You Need to Do Because of Flaws in Computer Chips, NYTimes January 4, 2018
• Researchers Discover Two Major Flaws in the World’s Computers, NYTimes January 3, 2018
• How Strava’s Heat Map Uncovers Military Bases, NYTimes Video 2018
• SEC Issues $35 Million Fine over Yahoo Failing to Disclose Data Breach, TheVerge.com 2018
• 5 Mobile Security Threats You Should Take Seriously in 2018, CS Online 2018
• Decrypting the Encryption Debate: A Framework for Decision Makers, National Academies Press 2018
• A Cute Toy Just Brought a Hacker into Your Home, NewYTimes December 21, 2017
• U.S. Accuses North Korea of Mounting WannaCry Cyberattack, NYTimes December 18, 2017
• Researchers Take Down Koobface Servers, Computerworld.com November 13, 2017
• The Post-Equifax Marketing Push: Identity Protection Services, NYTimes October 25, 2017
• The Equifax Hack Has the Hallmarks of State-Sponsored Pros, Bloomberg September 29, 2017
• As Equifax Amassed Ever More Data, Safety Was a Sales Pitch, NYTimes September 23, 2017
• Chatbot-creator DoNotPay will sue Equifax for you — without an attorney, CNBC September 13, 2017
• Equifax Says Cyberattack May Have Affected 143 Million in the U.S., NYTimes September 7, 2017
• Equifax Breach: Two Executives Step Down as Investigation Continues, NYTimes September 7, 2017
• Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency, NYTimes August 21, 2017
• Apple Opening Data Center in China to Comply with Cybersecurity Law, NYTimes July 12, 2017
• Lasting Damage and a Search for Clues in Cyberattack, NYTimes July 6, 2017
• Hackers Find ‘Ideal Testing Ground’ for Attacks: Developing Countries, NYTimes July 2, 2017
• Ukraine Cyberattack Was Meant to Paralyze, not Profit, Evidence Shows, NY Times June 28, 2017
• Cyberattack Hits Ukraine Then Spreads Internationally, NY Times June 27, 2017
• A Cyberattack ‘the World Isn’t Ready For’, NY Times June 22, 2017
• Ponzi Scheme Meets Ransomware for a Doubly Malicious Attack, NY Times June 6, 2017
• China’s Strict Cybersecurity Laws Took Effect Today; Potentially Impacting Foreign Businesses, Techcrunch.com, June 1, 2017
• China’s New Cybersecurity Law Leaves Foreign Firms Guessing, NYTimes May 31, 2017
• Victims Call Hackers’ Bluff as Ransomware Deadline Nears, NYTimes May 19, 2017
• Focus Turns to North Korea Sleeper Cells as Possible Culprits in Cyberattack, NYTimes May 16, 2017
• Malware Case Is Major Blow for the N.S.A., NYTimes May 16, 2017
• Ransomware’s Aftershocks Feared as U.S. Warns of Complexity, NYTimes May 14, 2017
• Small Countries’ New Weapon Against Goliaths: Hacking, NYTimes May 14, 2017
• With New Digital Tools, Even Nonexperts Can Wage Cyberattacks, NYTimes May 13, 2017
• Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool, NYTimes May 12, 2017
• Russian Hacker Sentenced to 27 Years in Credit Card Case, NYTimes April 21, 2017
• Infrastructure Vulnerabilities Make Surveillance Easy, Al Jazeera April 11, 2017
• It’s Possible to Hack a Phone with Sound Waves, Researchers Show, NYTimes March 14, 2017
• Reformed Canadian Hacker ‘Mafiaboy’ Teams Up with HP on Documentary about Corporate Cyberattacks, Financial Post March 1, 2017
• That Cool Robot May Be a Security Risk, NYTimes March 1, 2017
• Identity Fraud Hits Record High with 15.4 Million U.S. Victims in 2016, Up 16 Percent According to New Javelin Strategy & Research Study, Javelin Strategy Press Release February 1, 2017
• Identity Fraud Hits Record High with 15.4 Million U.S. Victims in 2016, Up 16 Percent According to New Javelin Strategy & Research Study, Javelin Strategy Press Release Infographic February 1, 2017
• Overview of China’s Cybersecurity Law, IT Advisory February 2017
• Microsoft President Urges Nuclear-Like Limits on Cyberweapons. All Things Considered, NPR Now 2017
• Protecting Your Digital Life in 9 Easy Steps, NYTimes November 16, 2016
• Million VK.com Accounts Stolen by Hackers, ZDNet June 5, 2016
• 3 Years After Aaron Swartz’s Death, Here’s What’s Happened to Aaron’s Law, Mic Daily January 11, 2016
• Chief Teller Is Accused of Theft Of $1.5-Million at a Bank Here, NYTimes March 23, 1973

Websites

• Aaron Swartz, Wikipedia
• Ashley Madison Data Breach, Wikipedia
• Computer Fraud and Abuse Act, Wikipedia
• Computer Misuse Act 1990, Wikipedia
• Data breach, Wikipedia
• Data Protection Act 1998, Wikipedia
• Fair Credit Reporting Act, Wikipedia
• Identity Theft, Wikipedia
• MafiaBoy, Wikipedia
• Mobile Security, Wikipedia
• Multi-factor Authentication, Wikipedia
• Office of Personnel Management data breach, Wikipedia
• Yahoo! Data Breaches, Wikipedia
• Wanna Cry Ransomware Attack, Wikipedia
• World’s biggest data breaches, Information is Beautiful 2021
• Data breaches, Privacy Rights Clearinghouse 2020
• Investigation of Major Anthem Cyber Breach Reveals Foreign Nation Behind Breach, Insurance Canada Press release January 6, 2017
• Hackers (1995). Feature film 1995