This Is How They Tell Me the World Ends

Reads like a thriller. Until you realize it all could be actively happening on the device you are reading the book with ;-) Yikes
Zero days in connection with state intelligence agencies is a volatile situation with no easy answers. I suspect we need to end up similar to the privacy/encryption debate. Nobody gets super-keys to encrypted data, impossible to control to only the “good guys” (also my good guy might be your bad guy). Need to do same with zero days.

This was a depressing read, even if much of it covered ground I’ve read about before.

My first impression was that barely 30 pages in, the demeaning descriptions given of stereotypical hacker appearance, mannerisms, and interests were incredibly off-putting. Perhaps she was trying to add color to the personalities, but I did not appreciate that. Fortunately it subsided the partway through the book.

My thoughts were as follows:

1. This book is extremely U.S. focused.
2. Oh look, another example of taxpayer money being used for nefarious purposes (buying zero days).
3. The Internet + hardware complexity is a double edged sword for recon.
4. The human element (in spycraft) still matters.
5. “Snowden was a low-level admin. The NSA’s capabilities were far, far more expansive than what Snowden had revealed.” - former TAO hacker.
6. People who do dumb tech things (the weakest link) also happens at the government level, but with much more severe consequences.
7. Google, Facebook and especially the iPhone changed the game.
8. “Mike McConnell, the former director of national intelligence, would later tell me, “In looking at any computers of consequence—in government, in Congress, at the Department of Defense, aerospace, companies with valuable trade secrets-we've not examined one yet that has not been infected,” by China."”
9. The reason the US is paranoid about Huawei or TikTok, etc, is because the US has hacked everything, so they know/assume China has too. It’s projection, but it’s also documented.
10. Russian grid hack access is the equivalent of the spiderman pointing meme. Stuxnet was the US pointing first, the Ukraine attacks are Russia pointing at the US. You touch us we do this to you.

The potential of cyberwar - where countries turn off another country's electricity in the middle of winter, attack the internet infrastructure of hospitals to render those hospitals dysfunctional in the middle of a pandemic, break into voter registration and election count system to mess with foreign election data - is very real. All of this has already happened. Yet somehow it still feels distant, like the plot of a thriller movie. It fits in well with the threats of the [b:New Dark Age: Technology and the End of the Future 36696533 New Dark Age Technology and the End of the Future James Bridle https://i.gr-assets.com/images/S/compressed.photo.goodreads.com/books/1512132962l/36696533.SY75.jpg 58496642]: systems that are so complex that we've lost oversight. And it's not the layers of technology that are complex, it's the politics tangled up with it. A lot of this underground war of cyber criminals and cyber mercenaries is enabled and funded by governments - the US, Russia, China, Iran being the biggest players. They exploit vulnerabilities in internet software (so-called “zero-days” - called for the fact that you only learn about the vulnerability on the day it is already exploited, day zero), that they use for spy operations instead of alerting the software companies to its existence. Often they even pressure the software companies to NOT FIX THE BUG, in order to be able to keep on using it. Perlroth's book is a wakeup call for the general public. Alerting everyone not just to update their software with the latest security patches and to smarten up about phishing emails, but also to be aware that governments are putting our crucial infrastructure - our power grid, our health system, our elections - on the line, if they keep on insisting on playing the spy game. Reads like a thriller.