Nicole Perlroth has spent more than a decade covering the cybersecurity beat for the New York Times. She followed John Markoff, a contemporary of mine who broke the story of the first Internet worm when Robert Tappan Morris sent a string of code out into the unmapped network to map its nodes and byways.
In her reporting she’s covered some legendary hacks, attacks, and feats of digital espionage that, when viewed across a timeline of escalating threats and exploits against the world’s new central nervous system, portray a world being eaten by software. The cybersecurity beat is, in my opinion as someone who covered computer crime in the 80s and 90s, the most frustrating and opaque of any in journalism. An editor at Forbes challenged me to find out what secret supercomputers or massively parallel Thinking Machines the National Security Agency had inside of its impenetrable glass cubes at Fort Meade and after months of fruitless phone calls chasing unsubstantiated rumors of incredible feats of American hacking and cracking with not a single source willing to go on the record I realized I wasn’t up to the challenge.
Perlroth’s new book This Is How They Tell Me World Ends, is the first thing I’ve read about cyberwarfare that made me seriously consider turning into a full fledged prepper to get ready for China and Russia to turn off the grid, open the floodgates, and knock the world back to the 1850s. The book is a modern history of how the world’s spies and criminals have amassed an arsenal of “exploits” that can turn an iPhone into a tracking device, lock nuclear power plant technicians out of a reactor’s control systems, infest the firmware and programmable logic controllers that spin Iranian centrifuges, open and close American hydroelectric dams, sneak backdoors into popular apps and nearly drain the national reserves of Bangladesh by hacking into the SWIFT financial network.
I read the book in the week leading up to Russia’s invasion of Ukraine, the country Perlroth portrays as a sandbox for Russia’s state sponsored hackers’ to test out new DDOS attacks and malware, where the wiping of entire networks has been going on for years. The book is a grim lesson in how cyberwar is waged and underlined by long-held belief that privacy and the concept of secrecy is a fiction, that anything can be hacked, and unless software developers stop “moving fast and breaking things” and figure out how to ship unhackable code, the best a person can do it turn on two-factor authentication and start changing their passwords from the minimum requirements to scrambled sentences of nonsense.
I don’t ordinarily recommend a lot of books on this blog or post review on Goodreads or Amazon, but I think this book is important as it reveals the secret, sordid history of cyberweapons, the irony of how those weapons were developed in some cases by the American intelligence community only to be hacked and unleashed on the world for any repressive regime to use. The story of former American intelligence community hackers becoming hired guns and hacking the First Lady’s phone and email for a Middle-East regime, of the impact of Snowden, of the software industry prosecuting hackers who brought bugs and flaws to their attention to now paying them bounties for testing and probing and finding exploits that, on the black market, could sell for well over $250,000 and wind up in the hands of anyone with the money and ambition to stock their own arsenal with weapons that have already been used to extort, defraud, and destroy with incredible speed and ferocity.
Up until this book, the hidden market for zero day exploits has been covered in bits and pieces, but it’s Perlroth’s dogged reporting that breaks through the code of lies and silence and clearly lays out for the layperson the extent of the threat, the misadventures and ignorance that got us to where we are today, and unfortunately little in the way of speculation of what we’re supposed to do if the lights go out and the data is lost and the supply chains and the grids and their fundamentals of civilization get knocked off line and stay off line.
