REVIEW – You may or may not know that zero-day exploits are used to take over, control, or destroy a target system. In her book, This is How They Tell Me the World Ends, journalist Nicole Perlroth explains how the zero-day exploits (code vulnerabilities that are unknown to the vendor or software manufacturer, that allow the operator to gain access), are bought and sold by hackers. The author explains this secret market filled with hackers, spies, arm-dealers, and white-hats in clear, non-technical language.
From compromising iPhones to keeping track of a target’s movements, emails, messages, and all associated accounts, to compromising the centrifuges in nuclear facilities, zero-days offer technological supremacy and are auctioned off to the highest bidder.
The book chronicles the history of the zero-day exploits up to the present time with the author explaining how zero-days are weaponized in cyberweapon programs – and the arms race – by stockpiling and using the zero-day cyberweapons. In doing so, Perlroth analyzes the capabilities, market makers, buyers, brokers, and hackers of the zero-day market.
The author covers many public and some non-public breaches, and joint operations between the National Security Agency (NSA), and Central Intelligence Agency (CIA). She documents top-secret government groups working with zero-days, such as Tailored Access Operations (TAO) their Remote Operation Center (ROC), and how various groups were compromised for example, in the so-called “Vault 7” hack by a group calling itself the Shadow Brokers.
Perlroth explains the transition of brokers from hacker technologists to arms dealers and how this effectively changed the market from vulnerabilities to zero-day exploits, into cyberweapons.
Perlroth explains the transition of brokers from hacker technologists to arms dealers.
The author illustrates how the zero-day as a cyber weapon is being bought, used, and stockpiled by governments, and how these governments became the market makers driving up the value of the code and scripts, from a couple hundred dollars to duffle bags full of millions of dollars in cash.
From governments spying on each other with hacked typewriters, to the most sophisticated circuitry, software, and encryption of today, the author names the players and brings light into the zero-day marketplace. Perlroth also tells of the first cyber weapon – a joint activity known as “Olympic Games” aka Stuxnet – and describes how Iran’s Natanz nuclear plant three was targeted with incredible precision.
The Cyberweapons arms race is unlike a conventional arms race. The author does a stellar job in explaining this significance and the critical impact to all those that own and deploy the zero-days.
Perlroth also writes about the Russians accessing nuclear facilities in the US and documents the election interference, the groups, targets, and exploits used in attempts to disrupt US elections.
This is How They Tell Me the World Ends is a must-read, for those in, out, and not of the Intelligence Community, for a better understanding of our national security critical infrastructure vulnerabilities, what’s at stake, and what it’s going to take to protect it.
Book Review: This is How They Tell Me the World Ends: The Cyberweapons Arms Race by Nicole Perlroth / Bloomsbury Publishing
The Author: Nicole Perlroth is an award-winning staff writer at The New York Times where she covers digital espionage and cybersecurity.
The Reviewer: Christopher Gallup is a Senior Cloud Security Architect with a master’s in information assurance and cybersecurity, and he is an active CISSP.
This is How They Tell Me the World Ends earns an impressive 3.5 out of 4 trench coats.
Disclaimer: The Cipher Brief, like other Amazon Affiliate partners, gets paid a small commission based on purchases made via the links provided in this review.
Read Under/Cover interviews with authors and publishers in The Cipher Brief
Interested in submitting a book review? Check out our guidelines here
Sign up for our free Undercover newsletter to make sure you stay on top of all of the new releases and expert reviews
Read more expert national security perspectives and analysis in The Cipher Brief