491 pp., 2021, Bloomsbury Publishing, $16.69 on Amazon
This is not a quick read by any means. It is an inch and a half thick with small type. That said, it is still a page-turner, with unbelievable exploits detailed and revealed in nearly every chapter. Some of the deeds are sobering:
- The program Microsoft used to update their software to fix bugs and stop hacks was itself infected for years
- Hackers embedded malicious code in many of Intel’s basic computer chips
- The Russians tried desperately to disguise their hack of the DNC during the last presidential election as the work of Romanians
- Mexico, Saudi Arabia and others were using U.S. developed hacking tools to harass, torture, imprison and sometimes kill their political opponents
- Cities like Baltimore, OH; Allentown, PA; and others were knocked completely offline by ransomware for weeks, taking down surveillance cameras, databases, public records, police departments and the like
- As the pandemic peaked in the United States, daily hacking attempts quadrupled
- And many, many more
You’ll also learn some new vocabulary words like a “zero-day”. As Perlroth defines the term, “a zero-day is a software or hardware flaw for which there is no existing patch. They got their name because when a zero-day flaw is discovered, the good guys have had zero days to fix them.”
It is fascinating to learn the history of the evolving marketing infrastructure around zero-day bugs. These once were sold for a few dollars on the dark web, but now nation-states often pay millions for a good one. What makes them worth so much? “A first rate zero-day in Apple’s mobile software allows spies and hackers with the requisite skills to exploit it, to remotely break into iPhones undetected, and glean access to every minutia of our digital lives.”
Unless you’ve been a victim, or working in the field, you’ve probably never heard of some of the more infamous programs that have wreaked havoc around the world: Wanna Cry, NotPetya, Eternal Blue, Aurora, Flame, Duqu, Pegasus, Snacks, and dozens more. Perlroth explains each in fascinating detail that will make you cringe.
Ironically, it was a brilliant – and very targeted – cyber-attack that the U.S. made on the nuclear centrifuges in Iran that was the literal “first shot fired” in the current international cyber war. Using the hack known as Stuxnet, we attacked those machines remotely from the internet and caused them to spin out of control and self-destruct. It set back that country’s work on developing a nuclear bomb for years. The hack was meant to be completely covert, with Iran having no idea of what was happening, or that we were involved. Sadly, word got out, as Perlroth explains.
As we all prepare to visit the G2E trade show in Las Vegas next month for enlightenment and education, you’ll learn that both cybercriminals and cybercops do the same at similar gatherings named DefCon, Black Hat, RSA, Ekoparty and CanSecWest. There, attendees sell their wares, attend seminars, swap stories and explore the latest hardware. For some, it is a way of developing better malware, shutting down your systems, stealing trade secrets, creating havoc and just having “fun”.
This is one of the most important books written in years. While I’ve no desire to have you haunted by the realization that everything we enjoy today could be wiped out by a few strokes on a computer keyboard, being informed about the threat, I believe, is one of the first steps to avoiding that future.
Perlroth does a magnificent job of lifting the veil of secrecy shrouding this cyber world. The book is a “New York Times Bestseller” and won the 2021 “Business Book of the Year”. The closing liner notes say, “Perlroth lives with her family in the Bay Area, but increasingly prefers life off the grid in their cabin in the woods.” You need to read this book, even though it may make you want to buy a cabin in the woods too.