Chapter 2: There's a video of the leader of the NSA's TAO team ralking on how to hack, and reports of US agencies using location data without warrants. As for its competitors, there's a long-running debate over whether China backdoored some motherboards from Supermicro in about 2015, leading to the Equifax hack; China used such bulk personal data to identify CIA agents. A report that the Chinese stole and reused NSA exploits in 2014, even before the Shadow Brokers did. As for Russia, their Solar Winds hack compromised dozens of US government departments and hundreds of companies, while ransomware is growing so rapidly that it got on the agenda of President Biden's first call with Vladimir Putin. And the Mexican government appears to be obstructing the US collection of signals intelligence and evidence against drug cartels linked with government ministers.
Chapter 3: A recent French rerun of Milgram's experiment showed that participants who scored highest on conscientiousness were most likely to torture other participants; other experiments showed that they were more likely to be mean and to cheat where they could get away with it. And there's an analysis of the security economics of CAPTCHAs.
Chapter 8: Since my book was published, Biden became President and got serious on antitrust enforcement. I recommend that students read Matt Stoller's blog. Other countries are presenting evidence, e.g. of Google's dominance of both sides of the ad market. On the security economics front, there an explanation of how this works at Amazon, including how dual control interacted with the pandemic, and how security compliance helps marketing.
Chapter 10: The worst-case attack on health privacy may now be the Vastaamo case, where a ransomware gang stole the psychiatric records of 45,000 patients, demanded a ransom, and started publishing the records of celebrity patients when it was not paid.
Chapter 12: Since writing the book, I've paid much more attention to the global anti-money-laundering (AML) rules, which are not only the main obstacle to financial inclusion in poorer countries, but have also driven cryptocurrency development and use. The AML rules impose huge costs on banks in developed countries; at 3%, they're the second largest non-interest cost after IT. They are ineffective, as for every $1000 in stolen money that goes through the world's banking system, AML stops $1 but at a cost to the banks of $100 (that's $3tr, $3bn and $300bn respectively). London is the world's money-laundering capital, because the authorities turn a blind eye to the serious stuff.
On the more technical side, a novel insider attack on banking came from a bad ATM network in Mexico whose ATMs stole card and PIN data from Amercan tourists. For a more historical angle, a bank robbery wave in 1980s Los Angeles was due to the confluence of cars and cocaine.
Chapter 17: Current debates on biometrics and privacy reflect similar debates in the early 20th century about police having a rogues' gallery.
Chapter 18: I got it wrong on page 627 where I reported that the FBI used Cellebrite tools and the Checkm8 bug to get data from the San Bernardino phone. It turned out that they used Azimuth tools and their Condor exploit.
Chapter 19: Operation Gunman found bugs in US embassy typewriters in 1984.
Chapter 22: Android device encryption is not that great after the first device unlock.
Chapter 23: A growing number of reported UFOs in the USA now turn out to be drones operated by peer adversaries such as Russia and China.
Chapter 24: The latest abuse of copyright law and DRM? Cops playing copyrighted music so that people who film them and upload videos to YouTube have the videos automatically taken down.
Chapter 25: Researchers in Israel have shown how to trigger phantom braking by ADAS systems, a threat I discuss briefly on p878.
Chapter 26: The coronavirus pandemic has shown us how censorship in China really works. The Trump presidency enabled Big Tobacco to rewrite the rules of the Environmental Protection Agency so that only scientific papers that make all their data open can be considered in rulemaking, thus excluding much medical research.
Chapter 27: The Singaporean civil service understands that software development involves application know-how as well as code; if you outsource too much, that know-how ends up the property of your contractors.
Chapter 28: The obsolescence of minor electronic components is a huge problem for the world's armed forces.
See also the notes on the second edition.
Return to the book's home page.