"Part John le Carré and more parts Michael Crichton . . . spellbinding." –The New Yorker
From The New York Times cybersecurity reporter Nicole Perlroth, the untold story of the cyberweapons market-the most secretive, invisible, government-backed market on earth-and a terrifying first look at a new kind of global warfare.
Zero day: a software bug that allows a hacker to break into your devices and move around undetected. One of the most coveted tools in a spy's arsenal, a zero day has the power to silently spy on your iPhone, dismantle the safety controls at a chemical plant, alter an election, and shut down the electric grid (just ask Ukraine).
For decades, under cover of classification levels and non-disclosure agreements, the United States government became the world's dominant hoarder of zero days. U.S. government agents paid top dollar-first thousands, and later millions of dollars- to hackers willing to sell their lock-picking code and their silence.
Then the United States lost control of its hoard and the market.
Now those zero days are in the hands of hostile nations and mercenaries who do not care if your vote goes missing, your clean water is contaminated, or our nuclear plants melt down.
Filled with spies, hackers, arms dealers, and a few unsung heroes, written like a thriller and a reference, This Is How They Tell Me the World Ends is an astonishing feat of journalism. Based on years of reporting and hundreds of interviews, The New York Times reporter Nicole Perlroth lifts the curtain on a market in shadow, revealing the urgent threat faced by us all if we cannot bring the global cyber arms race to heel.
New York Times cybersecurity reporter Perlroth debuts with a colorful rundown of threats to the world's digital infrastructure. She pays particular attention to "zero-days," a term for "a software or hardware flaw for which there is no existing patch." Though she notes their rarity (98% of cyberattacks do not involve zero-days or malware), Perlroth argues that the destructive capacity of cyberweapons like Stuxnet, a code comprising seven zero-day exploits that was used by the U.S. and Israel to disable uranium centrifuges at an Iranian nuclear plant, makes them an existential threat. She details the underground market for cyberweapons, where hackers can earn millions of dollars by finding a flaw in commonly used technologies such as Microsoft Windows, and explains how the U.S. lost its global monopoly on zero-day exploits in 2016, when a group calling itself the Shadow Brokers released a trove of NSA hacking tools. Perlroth's searing account of the role American hubris played in creating the zero-day market hits the mark, but she leaves many technical details about cyberweapons unexplained, and stuffs the book with superfluous details about getting her sources to spill. This breathless account raises alarms but adds little of substance to the debate over cyberweapons.
Ultimately, I would suggest reading Thomas Dullien’s review in blog post for more thorough thoughts, but in addition to other items I had, there are a number of factual inaccuracies here about technical matters (for which the writer herself later tweeted that Dullien had a “bruised male ego” for his criticism).
But I actually read this before I found that review and in addition to any of that... I’m really sick of these sort of tech culture writers releasing something that’s really more about them than the advertised subject matter. It just reeks of vanity.
I would recommend Andy Greenberg’s “Sandworm” instead.