This Is How They Tell Me the World Ends: The Cyberweapons Arms Race Paperback – February 21, 2023

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race by Nicole Perlroth“This Is How They Tell Me the World Ends” tells the gripping story of a new form of warfare that takes place in the digital realm and its impact on society. New York Times Bestselling author Nicole Perlroth provides readers with an eye-opening look into the cyberweapons race and our vulnerabilities. This fascinating 505-page book includes twenty-three chapters broken out by the following seven parts: I. Mission Impossible, II. The Capitalists, III. The Spies, IV. The Mercenaries, V. The Resistance, VI. The Twister, and VII. Boomerang.Positives:1. An exhaustively researched, well-organized book that reads like a spy novel.2. The fascinating topic of cybersecurity.3. The writing style is engaging and keeps your interest.4. Defines key hacking terms such as zero-days, which are basically a software or hardware flaw for which there is no existing patch. They are called zero-days because the victims or good guys have zero days to fix them.5. It provides a lot of insights into investigative journalism. Perlroth is a part of the story as she relates the challenges she faced to uncover the cybersecurity world. “The first rule of the zero-day market was: Nobody talks about the zero-day market. The second rule of the zero-day market was: Nobody talks about the zero-day market. I’d posed this question many times, and I knew it was the one question nobody in this business would answer.”6. Does a great job of describing the hackers, their sponsors (if they have any) and state sponsors. “The New Hacker’s Dictionary, which offers definitions for just about every bit of hacker jargon you can think of, defines hacker as “one who enjoys the intellectual challenge of creatively overcoming or circumventing limitations.””7. Describes how hacking companies operate. “In the mid-1990s Sabien’s team started trafficking in digital access, searching for bugs and exploiting them for customers. The bulk of his company’s revenues—more than 80 percent—came from the Pentagon and intelligence agencies, with the remainder from law enforcement and other U.S. government agencies. The goal was to deliver their government customers secret tried-and-tested ways into every system used by the adversary, be it nation-states, terrorists, or low-level criminals.”8. The purpose behind the zero-days. “Once his zero-day was in the agency’s hands, they could use it to spy on whomever they chose. In the United States, the likeliest targets were terrorists, foreign adversaries, or drug cartels, but there were never any guarantees that very same zero-day wouldn’t come back to haunt you.”9. Uncovering the world of spies. “I asked nearly every single one of the men who guided the CIA and NSA through the turn of the century to name the father of American cyberwar, and none hesitated: “Jim Gosler.””10. Great quotes that must be shared. “Organizations can’t stop the world from changing. The best they can do is adapt. The smart ones change before they have to. The lucky ones manage to scramble and adjust, when push comes to shove. The rest are losers, and they become history.”11. Defines the role of the TAO (Tailored Access Operations) unit inside the NSA. “In the aftermath of 9/11, these hundreds turned to thousands as TAO accelerated its breaking-and-entering mission around the globe, through a combination of brute-force hacking, cracking passwords and algorithms, finding zero-days, writing exploits, and developing implants and malware that bent hardware and software to their will. Their job was to find every crack in every layer of the digital universe and plant themselves there for as long as possible.”12. Describes the role of hacking with regards to the Natanz Nuclear Facility in Iran. “By late 2008 the joint operation known as Olympic Games had infiltrated Natanz’s PLCs, and nobody appeared to suspect a cyberattack.”13. Global hacking described. “The NSA was finding evidence that Russian hackers were tampering with the same routers and switches it had exploited for years. Chinese hackers were breaking into American telecoms and internet companies and stealing passwords, blueprints, source code, and trade secrets that could be used to exploit these systems for their own ends.”14. Describes some of the stars of cybersecurity. “Inside the agency, these men had been revered as “the Maryland Five,” and time and time again, they had proved indispensable. They were each members of a premier TAO access team that hacked into the systems nobody else could. If the target was a terrorist, an arms dealer, a Chinese mole, or a nuclear scientist, you wanted the Five on it. Rarely was there a system, or a target, they could not hack.”15. Describes what happens when hackers attack corporations. “It was time to call in the specialists. Google’s first call was to a cybersecurity shop in Virginia called Mandiant. In the messy world of security breaches, Mandiant had carved out a niche for itself responding to cyberattacks, and was now on the speed dial of nearly every chief information officer in the Fortune 500.”16. Describes famous hacks. “The Chinese had been inside OPM’s systems for more than a year by the time they were discovered in 2015.”17. The impact of Snowden’s revelations. “Without the companies’ knowledge or cooperation, the Snowden revelations that fall showed that the NSA, and its British counterpart, GCHQ, were sucking up companies’ data from the internet’s undersea fiber-optic cables and switches.”18. Cyber wars. “Three years after the United States and the Israelis reached across Iran’s borders and destroyed its centrifuges, Iran launched a retaliatory attack, the most destructive cyberattack the world had seen to date. On August 15, 2012, Iranian hackers hit Saudi Aramco, the world’s richest oil company—a company worth more than five Apples on paper—with malware that demolished thirty thousand of its computers, wiped its data, and replaced it all with the image of the burning American flag.”19. Describes American vulnerabilities. “Their letter was blunt: “Virtually all of our civilian critical infrastructure—including telecommunications, water, sanitation, transportation, and health care—depend on the electric grid. The grid is extremely vulnerable to disruption caused by a cyber or other attack. Our adversaries already have the capability to carry out such an attack.”20. The impact of Stuxnet (computer worm responsible for the destruction of Iranian centrifuges). “Stuxnet had inspired dozens of other countries to join the zero-day hunt, and the United States was losing control over the market it had once dominated.”21. Describes many attacks and the impact of misspelling. “North Korea’s hackers had been caught—but never punished—for major cyber heists at banks in the Philippines, Vietnam, and at the Bangladesh Central Bank, where they’d made a $1 billion transfer request from the New York Federal Bank. Only a spelling error (they’d misspelled foundation as “fandation”) had kept bankers from transferring the full billion, but they’d still made off with $81 million, among the largest bank heists in history. WannaCry was the next evolution in North Korea’s efforts to generate badly needed income.”22. The impact of hacks. “China was decades behind the United States in nuclear weapons development, but thanks to Legion Amber, it had stolen everything it needed to catch up. In 2018, U.S. officials watched in horror as Beijing successfully tested a new submarine-launched ballistic missile and began moving ahead with a new class of subs that could be equipped with nuclear-armed missiles.”23. An excellent Epilogue that describes defenses against hacks. “So-called “password-spraying attacks” have surged in the past three years, in which hackers try common passwords (e.g. “password”) across multiple user accounts. It’s not rocket science, but it’s insanely effective. Password-spraying is all it took for Iranian hackers, working at the behest of the IRGC, to break into thirty-six private American companies, multiple U.S. government agencies, and NGOs. Multifactor authentication is the best defense against these attacks.”24. Notes included.Negatives:1. This book was begging for some key supplementary material but to no avail. I can think of many examples. I would have added a table of state sponsored hacking and their main goals. Another would be list of the top hackers in the world and their strengths. List of the biggest known hacks in the world.2. No formal bibliography.3. At around 400 pages of main narrative, it will require an investment of your time.4. With so many players and intersecting stories involved it can be easy to lose yourself.5. A glossary would have been helpful.In summary, this is an excellent book that describes the vulnerabilities of our digital world and how the modern arms race have moved away from the sea and air to said digital world. Perlroth identifies the major players and countries involved in the cybersecurity arena and what their main goals are. It also tells the story of how the US had become the world’s stockpiler of zero days and lost control of it. It reads like a spy novel but it’s real global warfare taking place in our digital realm with real-life consequences. Lack of supplementary material aside, I highly recommend this book.Further recommendations: “Cyber War” by Richard A. Clark, “The Personal Cybersecurity Manual” by Marlon Buchanan, “The Hacker and the State” by Ben Buchanan, “The Smartest Person in the Room” by Christian Espinosa, “Hunting Cyber Criminals” by Vinny Troia and “Social Engineering: The Science of Human Hacking.

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race by Nicole Perlroth is a compelling and informative exploration of the growing threat of cyber warfare. Perlroth, a seasoned investigative reporter, skillfully guides readers through the complex world of digital espionage, hacking, and the potential for catastrophic cyberattacks.The book offers a fascinating glimpse into the shadowy world of cyber criminals and nation-states engaged in digital warfare. Perlroth's engaging writing style makes even the most technical concepts accessible to a general audience. She delves into high-profile cyberattacks, such as the Stuxnet worm and the SolarWinds hack, providing a detailed analysis of their impact and implications.Overall, *This Is How They Tell Me the World Ends* is a must-read for anyone interested in understanding the evolving landscape of cyber threats and the urgent need for global cooperation to address them.

Really enjoyed reading this book...mostly. Like most, if not all, NY Times journalists, they can'tmiss an opportunity to blame conservatives for everything not lining up with their world view. The story she puts together is riveting though and I will not downplay the importance of the information passed. The world is vulnerable. We need to collectively secure our infrastructure, financial systems, hospitals, etc.What struck me as disingenuous however was the gist of the modern day attacks on networks were amplified by the release of the "STUXNET" code. This, Perloth says, was the draw of first blood in the cyberwars for most nation states after seeing the sophistication used in that successful US/Israeli operation. It was used by the Obama Administration. Perloth never attributes this to Obama or the left but is happy to reach for a thread to Trump and his canceling of the Iran Nuclear Deal (terrorist ransom payment that it was) for most of the cybercrime that took place afterwards! Anyway, if you can get past the inserted opinions of the Liberal author, read this book.

In today’s world, this publication ought to be required reading. In the authors epilogue, she offers recommendations that can save civilization.