All Activities

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

Wrote a review for

This was a depressing read, even if much of it covered ground I’ve read about before.

My first impression was that barely 30 pages in, the demeaning descriptions given of stereotypical hacker appearance, mannerisms, and interests were incredibly off-putting. Perhaps she was trying to add color to the personalities, but I did not appreciate that. Fortunately it subsided the partway through the book.

My thoughts were as follows:

  1. This book is extremely U.S. focused.
  2. Oh look, another example of taxpayer money being used for nefarious purposes (buying zero days).
  3. The Internet + hardware complexity is a double edged sword for recon.
  4. The human element (in spycraft) still matters.
  5. “Snowden was a low-level admin. The NSA’s capabilities were far, far more expansive than what Snowden had revealed.” - former TAO hacker.
  6. People who do dumb tech things (the weakest link) also happens at the government level, but with much more severe consequences.
  7. Google, Facebook and especially the iPhone changed the game.
  8. “Mike McConnell, the former director of national intelligence, would later tell me, “In looking at any computers of consequence—in government, in Congress, at the Department of Defense, aerospace, companies with valuable trade secrets-we've not examined one yet that has not been infected,” by China."”
  9. The reason the US is paranoid about Huawei or TikTok, etc, is because the US has hacked everything, so they know/assume China has too. It’s projection, but it’s also documented.
  10. Russian vs US hacking is the equivalent of the spiderman pointing meme. The best defense is an offense kind of things - we know you’re in our systems, but we’re in yours too so watch yourself.
  11. Industrial controllers have all already been hacked, including nuclear plants. Just assume Russia could take down the US power grid at any time (see Ukraine).
  12. US election interference by Russia was just as much social (Twitter trolls and fake Facebook nonsense, etc.) as it was attempting to hack systems.
  13. Google has taken security much more seriously after finding out the NSA was tapping all their data.
  14. Microsoft is PISSED about the constant government stockpiling of zero days and has gotten a lot better about catching bugs and bug bounty programs.

This is certainly a recommended read, but it wasn’t a fun one the month before the election. The last third of the book deals heavily with the political impact of the new world of cyber warfare. If you’ve never read anything about Stuxnet, or NotPetya or know very little about cybersecurity in general, this is a good place to start.

Read full review

2 years ago