This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

This is an interesting effort — Ms. Perlroth is a skilled writer dealing with a complex set of topics. She spends considerable amount of time dealing with the drama of cybersecurity and cyber warfare. The author does provide some useful interviews with some cyber specialists, government figures and mercenary elements involved in intrusion of information systems. Unfortunately she omits several well less known cyber attacks and the various roles of non-state actors in our present cybersecurity environment. This is a useful read for nonprofessional cybersecurity readers. It's unfortunate that she sometimes renders some sensationalist opinions that are not backed by appropriate facts. In sum, I would recommend this book however, I urge some caution because some of her facts have scant attribution. I respect your opinions however in cybersecurity we have to make a clear differentiation between facts and opinions. I enjoy her skilled writing and varied perspectives.

I looked forward to receiving this book, but now I cannot return it fast enough. This is a retelling of old news about hackers and the dangers of our electronic dependent world, but no news.
The 61-page endnotes are organized by chapter and nothing else. Good luck finding a reference tied back to the narrative in a useful manner, which is supposedly what endnotes are designed for. Not in this book.
The author apparently hates the NSA, CIA, FBI, and many other US government agencies she believes are responsible for unleashing the evil internet and hackers on the world. The totalitarian nations have merely stolen the tools of destruction from the USA and now endanger us all. She could not resist the impulse to bash President Trump and blames him for numerous atrocities against humankind that are baseless and useless. And yes, he is/was colluding with the Russians in spite of evidence to the contrary.
What a waste of good paper.

Too much about author, and terrible writing.

I lead one of the largest cybersecurity firms in Europe and can confidently say this Author has no idea what she is writing about. If you want to read a legitimate well-researched and well-reasoned account on cyberwarfare, read Countdown to Zero Day. It is supported by well-known security researchers and hackers, i.e. Mitnick.
This book is nothing but an ignorantly biased version of US mass media, i.e. NY Times account.
I’m intimately familiar (technically) with the events she’s describing and what she presents in her book is largely just another West-centric propaganda and holds little to no truth or substance. You might as well just read a political science fiction novel.

Another lazy, sloppy self-important book tossed off by a beat reporter trading on author’s credentials

Few insights, nothing new, lightweight

Compares very poorly with Sanger, Zetter, Schneier who wrote excellent must-read books on computer security and policy for the lay reader

I regret paying even one penny for this collection of commonplaces and banalities!

I was eager to read this book, but find it too politically biased to recommend it to anyone as worthwhile, unfortunately.

I like to read accurate factual assessments without bothersome opinions that are baseless, politically motivated, and without real merit that prove to be very irritating and distracting. No thanks

Perlroth is a decent writer, and the topic at hand is vital to learn about in the modern age. With a neutral, solemn, realistic perspective and deep-dive into the topic, with her writing style, there's no reason why this should be anything short of a 5-star review.

Unfortunately, her willfully ignorant, blatant political bias gets in the way of that. She's very pro-America, big government, pro-CIA, pro-NSA, pro-uniparty, etc. She'll rightfully point out the obvious faults of other nations & interest groups using cyber-crime to attack other nations with the common man caught up as collateral damage, while turning a blind-eye towards when her own interest group does the same. This is from one sentence to the next, making you wonder if she's aware of it and just lacks integrity, or if she's that brainwashed.

Her New York/California/MSM background shows, and I personally believe she's just been in the entertainment industry for so long that this is just simply what she actually believes, living in an echo-chamber. It's sad really.

If you can overlook the obvious bias here & read this with a massive grain of salt, there's a lot of eye-opening, well researched info here. Just beware of that before buying.

As a reporter from Silicon Valley hired by the New York Times to cover cyber (yes I called it cyber) for the past 10 years, Nicole Perlroth has been in a unique position to interview and report on the wave of cyber-attacks that have defined this decade. Starting with the realization of the threat from a nation state with something as sophisticated as the Stuxnet worm attack in 2010 and ending right after the SolarWinds attacks in 2020. she has chosen an active time to be covering the cyber beat and a great time to write it all down.

Her research is now accessible to us all. With the melodramatic title, “This is How They Tell Me the World Ends”, Perlroth dives into what can only be called a hyper extended NYT’s article about her investigation into the history of so the called “Zero-Day” exploit. And further, the creation of the “bug” bounty program that built a market and financed several generations of hackers working from their mother’s basement. Principally, in her mind, the 0-day exploit is her poster child for cyber attacks because the Stuxnet worm contained seven (7) of these 0-days (someone should do a fact check). As a result she was intrigued by what she was told by the multitudes of domestic and international computer savvy personalities (hackers?) she came across during her reporting travels.

Perlroth has presented a long history of the spy vs spy world depicting the dark underbelly of an underground eco-system she documented in an effort to unearth the 0-day feeding frenzy. She does this to place the blame for the failure of our government to keep us safe from cyber-attacks while at the same time placing blame on our government for paying the legions of hackers out there who are trying to find these 0-day’s which created the demand to sell on the black market to the highest bidder without scruples. Thus creating the plethora of vulnerabilities from which our country has now been left unprotected. It’s a lot more complicated then that. but that's the gist. Some of her sources provided her the proper insight and perspective. Some of her sources were speculating wildly about things of which they have little to no idea. It wasn’t clear to me if Perlroth could sort them out because she kept coming back to a reference to Salmon when she reached a dead end. Or the idea that no one would really talk to her about truly classified information. Furthering, in her mind, a grand conspiracy theory being guided by some unseen hand she couldn't label.

They say in my business, particularly as it relates to articles we read about in the media, I can neither confirm nor deny the facts surrounding these topics as they have been reported. So I’m not going to walk through point by point what’s she has written correctly and what she has wrong. She is clearly reporting on a story for which she has many sources who have been willing to talk to her. There is no use disputing much of what she is saying. What she hasn’t reported on, however, beyond the coveted 0-day, is everything else that could also comprise a cyber attack. SolarWinds, for instance, didn’t require a 0-day. Most of the security breaches that have taken down the big commercial companies of the past decade (I won’t list them) did not require an 0-day (Perlroth lists everything). Most breeches are the result of poor cyber-hygiene and persistent social engineering to find passwords for accounts through a hapless insider. This requires certain set of social skills more akin to a suave telemarketer than a her vision of a neckbeard who may never find a mate. After all, SolarWinds was a supply chain attack. Source code was modified from the inside. And that Trojan in the code left the back door unlocked and was calling home. No 0-day hacker or code researcher looking to defend that system is going to find what amounted to a single line of correctly operating code.

But what does this all mean? Is this how they told tell her, and she is now telling us, how the world ends? Throughout the read she makes the parallel to the development of nuclear weapons. During that phase of our existence starting with the Manhattan Project we hung under the Sword of Damocles. This is her weakest comparison. She continuously harkens back to the fact that we haven’t seen a cyber-derived mushroom cloud rising from some hacked nuclear reactor which will surely give us our own Chernobyl or Fukushima, yet. According to Perlroth it’s just a matter of time. For the record I don’t buy into this analogy nor am I worried about a cyber attack kicking off a mushroom cloud. She's mixing the threat of a meltdown at a nuclear facility with the threat of someone achieving a high yield detonation of a nuclear weapon at the hands of some hacker. That does not keep me up at night. Again, details are neither confirmed or denied.

At the end of the book, she argues, that the Cyber Pearl Harbor is a misnomer. The single event won’t happen because it’s actually already occurred through a thousand cyber cuts. Cyber vulnerabilities just crept up on us and we never noticed just like a frog doesn’t notice it’s being boiled. She can’t say both things. If a nuclear detonation produced by a cyber-attack in our own back yard isn’t a cyber-Pearl Harbor I don’t know what you would call it. Again, I’m able to sleep at night.

Towards the end of the book she turns political. She begins covering the presidential election and leaves 0-day cyber and begins commenting on the success and utility of Russian troll farms both in 2016 and again in 2020. Once again, the fabled 0-day of her reporting, was not a factor in the social influence game…but nevertheless social media provides huge surface for 0-day-less cyber attackers to work with.

So to complete my review I’ll start with for 4-stars as Perlroth does provide an informal history and retelling of a number of cyber stories. It’s a nice history of some fabled characters but it's not deeply technical. It’s not unlike the history of other malicious hacks as told in a multiple of cyber security pod casts such as the one called “Malicious Life”. Subtract 1-star for her unnecessary degradation into politics which added perhaps 100 unnecessary pages to the book. 3-stars for this accumulation of cyber history and tribute to the 0-day. By the way, it's pronounced "Oh-Day" if you want to blend in at DEFCON.

The book was interesting but the author chose to allow her political point of view to distract throughout. I was excited about the book after hearing stories on DarkNet Diaries. The more in depth you get, the more you just end up reading some person's political point of view. She lost me when she basically insinuated that the Obama administration ended Chinese hacking until big, bad Trump came along. This is a disingenuous retelling of history. One in which an administration from one political party is creating hackers, while another is saving the day and can do no wrong... *Dramatic eye roll* Both political parties are at fault. I'm just looking for facts. Leave the interpretation to the reader. If you make a compelling enough case, you wouldn't come off a political hack (pun intended).

Avoid this book and don't waste you money. I really regret buying this puppet's book. If I could I would give no stars.

The author gives the reader a non-technical yet comprehensive introduction to the "Wild West" frontier where hackers and nations compete to discover and weaponize new vulnerabilities in computer systems worldwide. This book is well-written, detailed, and will probably frighten you. The author starts by describing the infamous Russian cyberattack on the entire country of Ukraine, perhaps a dry run for a possible future attack against the US. Although little known in the US, nearly every aspect of Ukrainian society was disrupted by the attack. The book then provides a brief history showing how early cyber hacking morphed into discoveries of serious security flaws (zero days) in commonly used computer software and systems. Major Silicon Valley companies, such as GOOGLE, had to scramble to respond to security breaches. One fascinating chapter describes how GOOGLE executives and engineers desperately tried to stop a very sophisticated intrusion, perhaps sponsored by the Chinese government, aimed at acquiring their source code. Individuals and governments sought to use security flaws to create tools for espionage, and also for offensive cyber weapons. A bizarre "arms market" emerged, populated by former NSA employees, individual hackers worldwide, shady government contractors, and intelligence agencies. It was shocking to learn that some of the most potent cyber weapons were stolen from the NSA, and then turned against the US. The author makes a persuasive case for a more coordinated US gov't response to the threats of cyberwar. Her research dramatically shows that this threat to our computerized society must be taken seriously.