Part John le Carré and more parts Michael Crichton ... spellbinding.” —The New Yorker
“An intricately detailed, deeply sourced and reported history.” —The New York Times
“Vivid and provocative.” —The New York Review of Books
“Told in an enthrallingly cinematic style . . . a stark, necessary, thoroughly reported reminder that no matter how strong the safe is, there'll always be someone who can come along and crack it.” —LitHub
“Possibly the most important book of the year . . . Perlroth's precise, lucid, and compelling presentation of mind-blowing disclosures about the underground arms race a must-read exposé.” —Booklist, starred review
“An engaging and troubling account of 'zero-day exploits' . . . This secretive market is difficult to penetrate, but Ms. Perlroth has dug deeper than most and chronicles her efforts wittily.” —The Economist
“[Perlroth] has delivered a five-alarm page turner that weighs the possibility of cyber-cataclysm.” —The Boston Globe
“A masterful inside look at a highly profitable industry that was supposed to make us safer, but has ended up bringing us to the brink of the next world war.” —John Markoff, former New York Times cybersecurity reporter
“Takes a complex subject that has been cloaked in techspeak and makes it dead real for the rest of us.” —Kara Swisher, host of the podcast On with Kara Swisher
“100% gripping. For anyone interested in cybersecurity, whether as student, policymaker, or citizen, it is well worth your read.” —P.W. Singer, author of LIKEWAR
“A rollicking fun trip, front to back, and an urgent call for action before our wired world spins out of our control.” —Garrett M. Graff, Wired, author of New York Times bestseller THE ONLY PLANE IN THE SKY
“A whirlwind global tour that introduces us to the crazy characters and bizarre stories behind the struggle to control the internet. It would be unbelievable if it wasn't all so very true.” —Alex Stamos, Director of the Stanford Internet Observatory and former head of security for Facebook and Yahoo
“The definitive history of cyberwarfare.” —Clint Watts, author of MESSING WITH THE ENEMY
“A must-read tale of cloak-and-dagger mercenary hackers, digital weapons of mass destruction and clandestine, ne'er-do-well government agencies. Perlroth's intrepid reporting shows why the consequences could be frightening.” —Lawrence Ingrassia, author of BILLION DOLLAR BRAND CLUB
“Will keep you up at night, both unable to stop reading, and terrified for what the future holds.” —Nick Bilton, Vanity Fair, author of AMERICAN KINGPIN
“Nicole Perlroth tells a highly technical, gripping story as if over a beer at your favorite local dive bar. A page-turner.” —Nina Jankowicz, author of How to Lose the Information War
“[A] wonderfully readable new book. Underlying everything Perlroth writes is the question of ethics: What is the right thing to do? Too many of the people she describes never seemed to think about that; their goals were short-term or selfish or both. A rip-roaring story of hackers and bug-sellers and spies that also looks at the deeper questions.” —Steven M. Bellovin, Professor of Computer Science, Columbia University
“The murky world of zero-day sales has remained in the shadows for decades, with few in the trade willing to talk about this critical topic. Nicole Perlroth has done a great job tracing the origin stories, coaxing practitioners into telling their fascinating tales, and explaining why it all matters.” —Kim Zetter, author of COUNTDOWN TO ZERO DAY
“From one of the literati, a compelling tale of the digerati: Nicole Perlroth puts arresting faces on the clandestine government-sponsored elites using 1s and 0s to protect us or menace us-and profit.” —Glenn Kramon, former New York Times senior editor
“Lays bare the stark realities of disinformation, hacking, and software vulnerability that are the Achilles' Heel of modern democracy. I work in this field as a scientist and technologist, and this book scared the bejesus out of me. Read it.” —Gary McGraw, PhD, founder, Berryville Institute of Machine Learning and author of Software Security
“Usually, books like this are praised by saying that they read like a screenplay or a novel. Nicole Perlroth's is better: her sensitivity to both technical issues and human behavior give this book an authenticity that makes its message-that cybersecurity issues threaten our privacy, our economy, and maybe our lives-even scarier.” —Steven Levy, author of Hackers and Facebook
“You MUST read this book-every word.” —Tom Peters, author of In Search of Excellence
“Exposes the motivations and misgivings of the people helping governments hack into our devices. After Perlroth's incisive investigation, there's no excuse for ignoring the costs of the cyber arms race. Indeed, we are already deeply vulnerable.” —Sarah Frier, Bloomberg, author of NO FILTER
“A powerful case for strong cybersecurity policy that reduces vulnerabilities while respecting civil rights.” —Kirkus Reviews
11/23/2020
New York Times cybersecurity reporter Perlroth debuts with a colorful rundown of threats to the world’s digital infrastructure. She pays particular attention to “zero-days,” a term for “a software or hardware flaw for which there is no existing patch.” Though she notes their rarity (98% of cyberattacks do not involve zero-days or malware), Perlroth argues that the destructive capacity of cyberweapons like Stuxnet, a code comprising seven zero-day exploits that was used by the U.S. and Israel to disable uranium centrifuges at an Iranian nuclear plant, makes them an existential threat. She details the underground market for cyberweapons, where hackers can earn millions of dollars by finding a flaw in commonly used technologies such as Microsoft Windows, and explains how the U.S. lost its global monopoly on zero-day exploits in 2016, when a group calling itself the Shadow Brokers released a trove of NSA hacking tools. Perlroth’s searing account of the role American hubris played in creating the zero-day market hits the mark, but she leaves many technical details about cyberweapons unexplained, and stuffs the book with superfluous details about getting her sources to spill. This breathless account raises alarms but adds little of substance to the debate over cyberweapons. (Feb.)
2020-12-15
A New York Times cybersecurity writer delivers a sobering account of a thoroughly hacked and cyberattacked world.
Perlroth opens with the 2017 attack of Ukraine’s infrastructure on the part of Russian hackers who, employed directly by Vladimir Putin, had only two rules to follow: They couldn’t attack inside Russia, and “when the Kremlin calls in a favor, you do whatever it asks.” Apart from that, they were free to do as they pleased, and they detonated cyberbombs across the neighboring nation, bringing the power grid down, closing supply chains, and crashing computers, phones, and ATMs. As Perlroth writes, they attacked with poorly guarded tools developed by the American intelligence community. In the end, Russia could have done far worse “with the access it had and the American weapons at its disposal.” But there are other players with the same tools, including Iran and China, who have the wherewithal to wreak greater havoc on the infrastructure of a thoroughly unprepared America. Some of Perlroth’s interlocutors are rightfully paranoid while others are open in defying demands to make private information available to government agencies through back doors into those very tools—a recipe for a police state. One old-school hacker whom the author interviewed in Buenos Aires lamented a change of culture. “We were sharing exploits as a game,” he tells her. “Now the next generation is hoarding them for a profit.” Perlroth suggests that these latter-day hackers are capable of great evil against vulnerable nations—the U.S. foremost among the list of prime targets, not least because America is so addicted to technology. “There wasn’t a single area of our lives that wasn’t touched by the web,” writes the author. “We could now control our entire lives, economy, and grid via a remote web control. And we had never paused to think that, along the way, we were creating the world’s largest attack surface.”
A powerful case for strong cybersecurity policy that reduces vulnerabilities while respecting civil rights.