Nonfiction

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

  • Downloads:2237
  • Type:Epub+TxT+PDF+Mobi
  • Create Date:2021-12-05 09:21:11
  • Update Date:2025-09-06
  • Status:finish
  • Author:Nicole Perlroth
  • ISBN:1635578493
  • Environment:PC/Android/iPhone/iPad/Kindle
  • Download

Summary

THE NEW YORK TIMES BESTSELLER
Finalist for the FT & McKinsey Business Book of the Year Award

"Written in the hot, propulsive prose of a spy thriller" (The New York Times), the untold story of the cyberweapons market-the most secretive, government-backed market on earth-and a terrifying first look at a new kind of global warfare。

Zero-day: a software bug that allows a hacker to break into your devices and move around undetected。 One of the most coveted tools in a spy's arsenal, a zero-day has the power to silently spy on your iPhone, dismantle the safety controls at a chemical plant, alter an election, and shut down the electric grid (just ask Ukraine)。

For decades, under cover of classification levels and nondisclosure agreements, the United States government became the world's dominant hoarder of zero-days。 U。S。 government agents paid top dollar-first thousands, and later millions of dollars-to hackers willing to sell their lock-picking code and their silence。 Then the United States lost control of its hoard and the market。 Now those zero-days are in the hands of hostile nations and mercenaries who do not care if your vote goes missing, your clean water is contaminated, or our nuclear plants melt down。

Filled with spies, hackers, arms dealers, and a few unsung heroes, written like a thriller and a reference, This Is How They Tell Me the World Ends is an astonishing feat of journalism。 Based on years of reporting and hundreds of interviews, New York Times reporter Nicole Perlroth lifts the curtain on a market in shadow, revealing the urgent threat faced by us all if we cannot bring the global cyberarms race to heel。

Download

Reviews

Noel Hayes

Amazing

Patrick

terrifyingI don’t know what else to say。 This book scared me to the point of nightmares。 If you’re on line at least skip this book。

Ari Polakof

Relevant book。 At times lengthy, but quite interesting/scary to read about the zero-day market and the state of cyber weapons。

Jim Tower

Reads like a Masters Thesis 。。。 lots of data for those into this subject!

Gumble's Yard - Golden Reviewer

2021 Financial Times and McKinsey Business Book of the YearA lengthy although very readable non-fiction exploration of the topic of the Cyber Weapons Arms Race between the US and other countries (with a particular emphasis on Russia, China, Iran, North Korea and more recently some Gulf States)The books main focus, within this context, is on the history of zero day attacks (from the back cover) “a software bug that allows a hacker to break into a device undetected” – it is written by the New York 2021 Financial Times and McKinsey Business Book of the YearA lengthy although very readable non-fiction exploration of the topic of the Cyber Weapons Arms Race between the US and other countries (with a particular emphasis on Russia, China, Iran, North Korea and more recently some Gulf States)The books main focus, within this context, is on the history of zero day attacks (from the back cover) “a software bug that allows a hacker to break into a device undetected” – it is written by the New York Times cybersecurity correspondent since 2013 and is based off copious interviews and investigative journalism with both current and past players in the field (both state and non-state sponsored)。The book reads like it is very much based around newspaper articles turned into much longer profiles (the acknowledgement to what became her Agent and who effectively pitched the book to her with a proposed chapter and article list confirms this) – and the book is effectively grouped into a series of chapters based around some key protagonists from a similar background: starting with a group of capitalists wo realised there was money to be made in acting as a broker between buyers and sellers of exploits; then a number of America intelligence operatives; then a group of stateless mercenaries; then a group of people who concentrated more on defending attacks。 The actual structure is a little more messy than this though as the author also develops themes and ideas as she goes along and timescales can be a little messy – the book has an overall forward chronological momentum – starting with the nascent market for exploits in the early 2000s and coming right up to the 2020 election – but often heading back in time to explore a theme from outset。 Although never less than gripping, the book does feel like some better signposting or more drastic editing would have assisted。 I think it may also frustrate those looking for real technical understanding – this is a book which tries to bring a story alive using personalities and protagonists (and some fairly breathless journalism) rather than with copious explanation。The author defends this approachThere is a reason why I wrote this book for the lay audience, why I chose to focus primarily on people, not machinery, why I hope it will be “user friendly”。 And that is because there are no cyber silver bullets: it is going to take people ot hack our way out of this mess。 The technical community will argue I have overgeneralized and over simplified, and indeed, some of the issues and solutions are highly technical and best left to them。 But I would also argue that many are not techincla at all, that we wach have a role to play, and that the longer we keep everyday people in the dark, the more we relinquish control of the problem to those with the least incentive to actually solve itThe core premise of the book is that the US Security agents have allowed a thriving industry to emerge in the development of new zero-day attacks through a series of missteps: first underpaying any hackers that discovered and reported them (or even at an extreme arresting them) so setting a base for a thriving private market to set up; secondly when they did start paying realistically for attacks by making things worse by not really requesting or if they did enforcing exclusivity – so that greedy or naïve hackers could sell the attacks either directly or more commonly indirectly to hostile states; thirdly by keeping secret the many zero-day attacks they discovered themselves and not notifying software providers or users, so as to save up the attacks for future use against other states; fourthly by not realising that due to the disparate nature of the US infrastructure the US is perhaps more vulnerable to attack than anywhere。A key point here is that due to the global nature of technology plaforms – the same attacks that the US could use elsewhere could be used on it。On the one hand, retaining a zero day vulnerability undercuts our collective cybersecurity。 On the other, disclosing a zero-day so vendors can patch it undercuts intelligence agencies’ ability to conduct [their own] digital espionage, the military’s ability to carry out offensive cyberattacks and law enforcements to investigate crimes …………。 “In the 1970s and 1980s Russia was using technology we did not。 We were using technology that they didn’t。 If we found a hole in their systems, we exploited it。 Period。 But now it’s not so cut and dried。 We’ve all migrated to the same technology。 You can no longer cut a hole in something without picking a hole in security for everyone。Some particular key events around which the book hinges include:The 2017 “Not Petya” attack on Ukraine – this (and some follow up attacks by Russia on Ukraine) bookend the story with a strong sense of the US may be next。 The attacks also showed the difficulty of attackers containing Zero Days to their intended target – as the attacks split out wider including to Mondelez (who in turn ended up in a Cyber dispute with Zurich over the warlike/hostile action exclusion in their clients all risks policy。The Operation Olympic Games/Stuxnet attack on the Iranian Nuclear Facilities – which both showed the world some of the things that US (and possibly Israel) had developed and effectively legitimized state on state cyber infrastructure attacks as well as inviting retaliation。The WannaCry attacks which used Eternal Blue - a zero day exploit for old Window Systems developed (and not revealed to Microsoft for many years) by the National Security Agency (NSA) and then leaked in a huge dump of the NSA’s arsenal by the ShadowBrokers group。The book politically betrays a double bias of the author’s employing paper: firstly it is US centric – portrayed very much as the US versus hostile actors – with say Israel or the UK only really seen when they act as US allies, and with very little feel for an increasingly multi-polar world; secondly, and particularly towards the last quarter of the book, the book is extremely anti-Trump and pro-Democrat – although no expert I feel that some of her treatment of the interference in the 2016 and 2020 elections while probably correct in its overall message, lacked any nuance or counterbalance。 Some of the author’s conclusions and recommendations are:For individuals: Change passwords from any defaults, Use different passwords on different sitesUse multi-factor verification (for example text updates)Always download latest safety patches and software updates。 For the US government:Put as much effort into defence as attackGive departments like Homeland Security and equal voice to say the National Security Agency in deciding which zero days to disclose to manufacturers and which to hold backChange production of code from a “Move fast and Break Things” mentality to a “Move Slow and Fix your garbage” mentality – with security engineers involved in design and code sign offInvolve and reward hackers as part of code design – not after the eventAddress the issues of open source codeDiscover at a national/governmental which third party systems which are widely used in critical infrastructure and then assess their security and if necessary mandate improvements or ban their useIn hardware use more sandboxing of components as used by iPhonesAlthough published in 2021, the book ends in 2020 which means that two high profile attacks which seem to me to almost entirely validate many of the author’s theses: SolarWinds and the Microsoft Exchange Server Data Breach, are not included – I think these would have made a very interesting Appendix (and will perhaps be addressed in a future edition)。Overall a fascinating read。 。。。more

Peter Wolfley

This book shook me to the core。 The governments of the world are in a huge arms race and the weapons this time are not nukes but insane digital weapons that could completely disrupt life as we know it。 The level of depth and detail is remarkable and I salute Nicole Perlroth for the courage and dedication it took to put this book together。

K

Important topic and great storytelling。 I found the last quarter of the book veered off the key points that made the first 3/4 so impactful

Jordan Schneider

can't help the feeling that she's missing a lot of the story in this book。。。would've rather had a less objective but more informed take by an insider from this community can't help the feeling that she's missing a lot of the story in this book。。。would've rather had a less objective but more informed take by an insider from this community 。。。more

Iván

Un buen libro de periodismo de investigación por una reportera del New York Times。 La temática es un mundo desconocido por el gran público, la ciberseguridad y todo lo que lleva parejo de hackeos, virus, conflictos, geopolítica y tecnología。 Es un viaje a la realidad cibernética con los intereses de los países, el dinero, el espionaje y las luchas de poder。 Aparecen casos que han saltado a los titulares y que involucran a países como Estados Unidos, Rusia, China, Irán, Israel, Corea del Norte y Un buen libro de periodismo de investigación por una reportera del New York Times。 La temática es un mundo desconocido por el gran público, la ciberseguridad y todo lo que lleva parejo de hackeos, virus, conflictos, geopolítica y tecnología。 Es un viaje a la realidad cibernética con los intereses de los países, el dinero, el espionaje y las luchas de poder。 Aparecen casos que han saltado a los titulares y que involucran a países como Estados Unidos, Rusia, China, Irán, Israel, Corea del Norte y Arabia Saudí。 。。。more

Geoffrey Clapp

Intense。 I'd write a review, but I'm probably just going to delete my account and move to the woods。 Intense。 I'd write a review, but I'm probably just going to delete my account and move to the woods。 。。。more

Peter Sanchez

A lot of this was a trip down memory lane。 The "underground" scene in the 90's tech/hacker world was a blast。 Aside from that, this book is a huge wake up call。 I'm someone who works in tech and is familiar with systems, security, etc。 I had no idea how far things have come。 Many of the events referenced in the book I already knew of, but had no idea of all the details。 This was such a good read! A lot of this was a trip down memory lane。 The "underground" scene in the 90's tech/hacker world was a blast。 Aside from that, this book is a huge wake up call。 I'm someone who works in tech and is familiar with systems, security, etc。 I had no idea how far things have come。 Many of the events referenced in the book I already knew of, but had no idea of all the details。 This was such a good read! 。。。more

Carter

My own research into this area recently, reveals a frightening picture; the material in this book, is not known to me。 There is much here, that reflects my understanding, of how the picture is perceived now, by most practitioners。 The question, facing most of us, is does it have to be this way? Or is the US favouring offence over defense?

Pete Zilla

A book everyone should read as the issues it discusses affect our digital and real world lives every day。 Highly detailed and well researched with a good story line。 Useful way for non technical folks to understand the use of zero day exploits within governmental, criminal, and private sectors。

Markus Staud

Strong recommendation for anyone that is wondering what all those stories about Stuxnet and Eternal Blue were about, albeit don't expect a lot of technical in-depth details。 The story does give a great overview about the involved actors in what should probably be called digital warfare after reading this book。 Whenever anyone is complaining about the rigid cyber security measures around your company, point them to Miss Pelroth's book and they might get an inkling why 2FA matters and how nothing Strong recommendation for anyone that is wondering what all those stories about Stuxnet and Eternal Blue were about, albeit don't expect a lot of technical in-depth details。 The story does give a great overview about the involved actors in what should probably be called digital warfare after reading this book。 Whenever anyone is complaining about the rigid cyber security measures around your company, point them to Miss Pelroth's book and they might get an inkling why 2FA matters and how nothing can be declared 100% secure。 。。。more

Dave

Overall excellent book。 Covers the history of information security pre-Internet and proceeds through the Internet start to current。 Clearly goes through many zero days, the source, and those that are exploiting them。 I highly recommend this book。

Donohues

Must ReadAn insightful view of the cyber threats we face today, an honest report of how we got here, how pervasive these threats and how to survive them。

Igor Pejic

Everybody has an idea what an arms dealer looks like, but what about #cyberweapons? This is a terrifying, yet absorbing read on the cyber arms race that threatens to spin out of control。 Reads like a thriller

Thomas

It's a pretty decent overview of cybersecurity, but if you've been on the internet for any length of time, you probably already know about most everything the book covers。 It's a pretty decent overview of cybersecurity, but if you've been on the internet for any length of time, you probably already know about most everything the book covers。 。。。more

Brad

It was a good read for the most part。 I learned quite a bit and it was good to get the back story on things that I had heard about over the years。 Like most sceptics though, I don't take everything at face value。 There were a lot of things that, if true, would keep me up at night so maybe I am just protecting my psyche。。。time will tell。 It was a good read for the most part。 I learned quite a bit and it was good to get the back story on things that I had heard about over the years。 Like most sceptics though, I don't take everything at face value。 There were a lot of things that, if true, would keep me up at night so maybe I am just protecting my psyche。。。time will tell。 。。。more

Winnie

Fascinating topic and extremely informative。 Terrifying。 Could have used a slight trimming, but does not detract from the above。

Michael Saxen

A very interesting book about the ongoing cyberwar around the globe。 Easy to read even if you’re not into all the technicalities。 You get a good insight into how the various players act。 My rating would be around 4。5 stars for this book。 It’s easy to get paranoid after reading this book when you realize how widespread this ongoing cyberwar is。 Strongly recommend this book。

Patti Avery

This is one of the scariest books I've ever read! Everyone and I do mean everyone should read it。 Then take a class on cyber security and implement what you learn! Now! This is one of the scariest books I've ever read! Everyone and I do mean everyone should read it。 Then take a class on cyber security and implement what you learn! Now! 。。。more

Yann Roshdy

Well written but ideological when talking about the Trump administration。 Also, Perlroth fails to piece together the fact that most employees of Obama's and Biden's administrations are from Google, Facebook and other Silicone Valley corporations。Livre qui reprend 1) l'histoire grossière d'internet, avec 2) quelques détails sur la fin de la guerre froide où les Russes ont été les premiers à utiliser des innovations technologiques pour espionner (Project Gunman - des machines à écrire capables de Well written but ideological when talking about the Trump administration。 Also, Perlroth fails to piece together the fact that most employees of Obama's and Biden's administrations are from Google, Facebook and other Silicone Valley corporations。Livre qui reprend 1) l'histoire grossière d'internet, avec 2) quelques détails sur la fin de la guerre froide où les Russes ont été les premiers à utiliser des innovations technologiques pour espionner (Project Gunman - des machines à écrire capables de transmettre les touches frappées en utilisant une bobine comme cylindre creux avec a) un magnétomètre qui perçoit les variations électromagnétique et b) un petit appareil électronique catalogant les données et les transmettant à poste de surveillance soviétique), 3) puis l'ouverture du marché des cyber-armes (zero-days, 0-days, vulnérabilités) via des agences américaines, auxquels s'ajoutèrent des sous-traitants, anciennement fonctionnaires ou pas, ainsi que les corporations transnationales et gouvernements étrangers - marché dans lequel les USA furent les #1 pendant près de 30 ans, empilant les vulnérabilités comme on amasse des ogives nucléaires, 4) jusqu'à la guerre secrète qui s'ouvra vers 2003-2007 sous Bush, 5) dans laquelle les révélations de Snowden (2013) et les Shadow Brokers (2016-2017) firent très mal à Washington, 6) et où ce que nous vivons depuis 10 ans (ransomwares et campagnes d'influence) est le retour de feu de tous les régimes autoritaires (Chine, Russie, Iran, Corée du Nord) de la planète tentant de faire tomber l'Hegemon américain et son Deep State。Un livre ab-so-lu-ment biaisé dès que l'on parle de Trump (c'est une gauchiste) même si certains faits sont importants à relever (j'ai relevé plusieurs mensonges et omissions dans les dernières 100 pages)。 Malgré tout, le livre nomme des gens et des corporations, puis donne des chiffres et explicite les méthodes des corporations et agences américaines dans le traitement de la menace cyber - la journaliste a eu accès à beaucoup de compagnies et agences pour ses entrevues。 C'est donc un ouvrage important pour faire une mise en contexte de la situation globale; le fameux "situationnal awareness" dont je parle tout le temps ou presque。 En comprenant que nous vivons une course à l'armement cyber qui ressemble à celles 1) des chimistes de la première guerre mondiale, 2) des ingénieurs et physiciens de la seconde guerre mondiale ou 3) encore des ingénieurs de la guerre froide。 C'est le même phénomène。Dans une course à l'armement (ou une guerre), tu peux faire deux choses: 1) développer ta puissance ou 2) tenter de limiter l'expansion, la croissance, le développement, de ton adversaire。 L'attaque et la défense est une autre manière de le redire。 Nous vivons donc une guerre secrète dans laquelle a) les médias et la culture, b) l'économie et la finance, c) la technologie et les innovations, imposent un novueau champ de bataille - nous devons même parler de BATTLESPACE dans lequel la zone cyber et ses espaces discrets peuvent coïncider avec des menaces physiques。 Si vous voulez connaître votre puissance dans ce BATTLESPACE, vous devez prendre le temps de compiler dénormes quantités d'informations (cartographie de l'espace) et concentrer votre attention sur a) la chaîne d'approvisionnement en ressources, b) les algorithmes décisionnels des agences et corporations, c) la légalité des acteurs, gestes, comportements, objectifs, moyens, et surtout d) la qualité des pipelines d'expertise (main d'oeuvre spécialisée, éducation à la guerre politique, formation des programmeurs, immigration spécialisée et respectant nos valeurs, puis patriotisme des nouveaux conscrits)。 Car oui, nous devrons prochainement conscrire les programmeurs comme le gouvernement a conscrit les infirmières ces deux dernières années。 。。。more

Rob

Wow。 Get all your friends to read this。

ginny newman

Highly recommendedIf this book doesn’t frighten you…。you have more steely nerves or ability to be actively ignorant than me。 The author works through the history of cyber threats and concludes that nothing is safe and nothing can be safe。 Rather, we need to build in protections that limit the blast radius of failures。 I strongly recommend the book。 I’ve been in technology for nearly 40 years - from before the internet and cell phones。 And I was not aware of most of what the author discusses here Highly recommendedIf this book doesn’t frighten you…。you have more steely nerves or ability to be actively ignorant than me。 The author works through the history of cyber threats and concludes that nothing is safe and nothing can be safe。 Rather, we need to build in protections that limit the blast radius of failures。 I strongly recommend the book。 I’ve been in technology for nearly 40 years - from before the internet and cell phones。 And I was not aware of most of what the author discusses here。 Well researched。 Well written。 Compelling。 Frightening。 。。。more

Bonnie_blu

Cyber security is one of the most pressing issues of our time。 The lack of it can cause untold damage and suffering。 Perlroth's stated purpose is to explicate the highly complex aspects of cyber security and the lack of nations, especially the U。S。, to address vulnerabilities。 She recounts numerous security failures, and consistently faults intelligence communities and governments。 I agree that cyber security demands a much greater effort than governments are giving it, but Perlroth's book offer Cyber security is one of the most pressing issues of our time。 The lack of it can cause untold damage and suffering。 Perlroth's stated purpose is to explicate the highly complex aspects of cyber security and the lack of nations, especially the U。S。, to address vulnerabilities。 She recounts numerous security failures, and consistently faults intelligence communities and governments。 I agree that cyber security demands a much greater effort than governments are giving it, but Perlroth's book offers little to nothing toward this goal。 The book is written in a sensationalistic manner, rehashes well-documented cyber security failures, is redundant, has no bibliography, and has footnotes that are not ties to specific text (making it hard to tie the two together)。 For these reasons, I have given the book two stars。 。。。more

David Annable

All I can say is "wow"。 Informative and terrifying。 This is a well written, coherent, and in-depth accounting of the state of the digital arms race that was largely birthed with Stuxnet and has resulted in such unbelievably brazen attacks as Heartbleed, NotPetya, and WannaCry (not to mention the hacking of the world's richest man revealing his infidelity)。 This should be required reading for anyone living a connected life in the world today and honestly - that's most people。 All I can say is "wow"。 Informative and terrifying。 This is a well written, coherent, and in-depth accounting of the state of the digital arms race that was largely birthed with Stuxnet and has resulted in such unbelievably brazen attacks as Heartbleed, NotPetya, and WannaCry (not to mention the hacking of the world's richest man revealing his infidelity)。 This should be required reading for anyone living a connected life in the world today and honestly - that's most people。 。。。more

Tanveer Singh

The first half is really informative and scary as hell。 I didn't give much attention when the word Pegasus was being thrown around in the media here but to read about it and know what it actually is is chilling。 But the second half is unfortunately mind-numbingly repetitive which frankly could have cut down to a couple of pages, if not entirely removed。 The first half is really informative and scary as hell。 I didn't give much attention when the word Pegasus was being thrown around in the media here but to read about it and know what it actually is is chilling。 But the second half is unfortunately mind-numbingly repetitive which frankly could have cut down to a couple of pages, if not entirely removed。 。。。more

Dale

Great book that I will utilize to review Wisconsin's public policy relating to IT vulnerabilities。 This is also a must read for Military Officers in order to understand the new threat and vulnerabilities across numerous systems。 Interesting ethical/moral/legal questions come to the surface in this book。 If you see the world in black and white this book will reveal a like of grey zones when it comes to the right approaches and policies to address "zero days" and other threats to IT systems that h Great book that I will utilize to review Wisconsin's public policy relating to IT vulnerabilities。 This is also a must read for Military Officers in order to understand the new threat and vulnerabilities across numerous systems。 Interesting ethical/moral/legal questions come to the surface in this book。 If you see the world in black and white this book will reveal a like of grey zones when it comes to the right approaches and policies to address "zero days" and other threats to IT systems that have the power to shut down life as we know it。 。。。more

Wojtek Erbetowski

It was OK, but I barely got to the midpoint of the book。 While I enjoyed the beginning, I got more and more bored as I continued the book。 Perhaps it's just me being an outsider, but I couldn't keep my focus while stories seemed more and more like each other。 It was OK, but I barely got to the midpoint of the book。 While I enjoyed the beginning, I got more and more bored as I continued the book。 Perhaps it's just me being an outsider, but I couldn't keep my focus while stories seemed more and more like each other。 。。。more

Reference

google book https://www.google.com/search?tbm=bks&q=This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

hathitrust digital library https://babel.hathitrust.org/cgi/ls?q1=This Is How They Tell Me the World Ends: The Cyberweapons Arms Race&field1=ocr&a=srchls&ft=ft&lmt=ft

The British Library https://bll01.primo.exlibrisgroup.com/discovery/search?query=any,contains,This Is How They Tell Me the World Ends: The Cyberweapons Arms Race&tab=LibraryCatalog&search_scope=Not_BL_Suppress&vid=44BL_INST:BLL01&lang=en&offset=0