This is a short graduate course providing an introduction to the areas of crime, espionage and conflicts in cyberspace. The material is used for the "Cybercrime, Cyberespionage, and Cyberwar" course currently taught in the Master in Cybersecurity at UC3M.
The course provides a gentle, not very technical introduction to several contemporary security and privacy topics, including
- some bits of history,
- opponents and the current cyberthreat landscape,
- the underground economy of cybercrime,
- vulnerabilities, exploits and their markets,
- privacy and surveillance --including commercial surveillance--, and
- state-sponsored cyberoperations.
The main goal of the course is to provide students who approach cybersecurity with little-to-none previous backgound with a socio-techno-economic perspective of current security and privacy phenomena in the Internet, how we got here, and what might be done about it. The treatment of some topis might be too superficial for some audiences and a few key topics are certainly missing, but this is a short (6 weeks) course and there is no room for more. The material can be extended with some extra effort to make up for these limitations.
For each topic (see the syllabus below), this repository contains a contents file providing:
- a description of the contents covered in the topic,
- a list of core readings,
- a list of questions, problems, and learning activities, and
- a list of supplementary readings for those who want to go a bit deeper into the subject.
There is also a set of slides used in class during the lectures.
Class recordings are not available yet.
-
Module 1. Hostilities in Cyberspace
- A Brief History of the Internet
- Threats
- Opponents
- Why Security is Hard
-
Module 2. Cybercrime and its Underground Economy
- What is Cybercrime
- The Underground Economy of Cybercrime
- Marketplaces
- Intervention
-
Module 3. Vulnerabilities, Exploits, and their Market
- Vulnerabilities
- Zero-day Vulnerabilities
- The Rise of an Industry
- The Ethics of Vulnerability Research
-
Module 4. Privacy and Surveillance
- Privacy
- The Crypto Wars
- Mass Surveillance
- Commercial Surveillance
-
- Operations in Cyberspace
- The ATT&CK Framework
- APTs and State-sponsored Operations
The course is designed to be taught over a 6-week term, with two 1.5-hour sessions per week. Each module is covered in one week, plus time off class for self-study and work on assignments. The last week is used to review contents and explore other topics and directions from here.
The assessment activitites include:
- Three quizzes spaced throughout the term (weeks 2, 4, and 6). All quizzes are closed book and closed notes. Access to the Internet via any device is not allowed. Grading: 20% each.
- A workbook handed in the last day with solutions to 4 activities chosen from those available across all modules. Grading: 40%
Week | Module | Assessment activitities |
---|---|---|
1 | Hostilities in Cyberspace | |
2 | Cybercrime and its Underground Economy | Quizz 1 (Module 1) |
3 | Vulnerabilities, Exploits, and their Market | |
4 | Privacy and Surveillance | Quizz 2 (Modules 2 and 3) |
5 | Cyberoperations | |
6 | Course Wrap Up | Quizz 3 (Modules 4 and 5) Workbook |
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Feedback is welcome. Please contact me for any comments, questions or suggestions on this material.