This Is How They Tell Me the World Ends | Nicole Perlroth

Summary of: This Is How They Tell Me the World Ends: The Cyberweapons Arms Race
By: Nicole Perlroth

Introduction

Delve into the thrilling and alarming world of cyberweapons and global cyber warfare in ‘This Is How They Tell Me the World Ends’ by Nicole Perlroth. The book reveals the intricate dynamics of the cyberweapons arms race, the zero-day market, and their far-reaching consequences on international security. Immerse yourself in a tale of espionage, nation-state hackers, and the commodification of vulnerabilities as governments and corporations scramble to stay one step ahead in a rapidly evolving digital landscape.

Snowden’s NSA Revelation

A New York Times cybersecurity journalist’s African vacation was cut short when Edward Snowden exposed the NSA’s spying tactics. The Snowden leaks revealed that the NSA had several zero-day vulnerabilities that provided it with access to widely-used apps, social-media platforms, phones, computers, and operating systems. These vulnerabilities were either developed or bought by the NSA, which caused outrage among companies and individuals who believed their data to be encrypted through digital security measures. The author presents an eye-opening and concerning look at the morally dubious marketplace for zero-day vulnerabilities.

Uncovering the Zero-Day Market

The book explores the world of zero-day exploits, with a particular focus on the buying and selling of these vulnerabilities. The author recounts her experience at a hacker convention where she attempted to learn about the zero-day market, only to be met with silence. She later uncovers the existence of nondisclosure agreements that often govern these dealings. The book also explores the evolution of the zero-day market, from hackers posting their exploits on message boards to the emergence of iDefense, a security outfit that offered hackers money for their zero-days. However, government-intelligence agencies with bigger budgets soon entered the market, keeping these vulnerabilities under wraps for espionage purposes. The book sheds light on how taxpayers’ dollars are being spent to keep these vulnerabilities secret from the very people they affect.

The Hidden Dangers of Zero-day Market

The zero-day market is a perilous world where the lack of transparency between buyers and sellers creates an environment built on trust. While buyers need to verify that their purchases work, sellers have no way of estimating the fair price of their work or how their product will be used. The risks of multiple sales and decreased morality are ever present. The market is known to cultivate an unspoken code of silence akin to that of the mafia. Although some seek solely to expose flaws in programs, others see the gargantuan sums of money offered for zero-day exploits as reason enough to sell their works for unknown purposes. As a result, the safety of the world is put at risk as liberties are eroded and breaches of security become rampant.

The Zero-Day Market

Meet Charlie Miller, a hacker who uncovered a zero-day vulnerability in the Linux operating system and sold it to an unnamed government agency. Despite being urged to keep his mouth shut, Miller exposed the problems in the market through an academic paper entitled “The Legitimate Vulnerability Market: Inside the Secretive World of Zero-Day Exploit Sales”. By doing so, he showed that hackers weren’t just criminals, and their work was worth something. But when he found another zero-day for the new Android operating system, he brought it to Google, and they tried to get him fired. This prompted Miller to start a No More Free Bugs campaign that caught on like wildfire, proving that treating hackers like the enemy only led them to sell their zero-days elsewhere.

Cyber Weaponry: An International Liability

This summary presents the story of how the proliferation of cyber weapons has become an international liability. With the advancement of technology, countries are equipped with the same hardware and software, making the development, ownership, and use of cyber weapons a grave danger to the global cyber community. The summary recounts the story of Operation Olympic Games, where the US developed and used a cyber weapon against Iran’s nuclear facilities, causing its unintended spread to a hundred countries and infecting tens of thousands of machines. It highlights how the incident created a domino effect, where the development and use of cyber weapons are no longer limited to state actors. It concludes that fueled by nationalism or other motives, individuals, groups, and even businesses may procure, develop and use their own cyber weapons, causing more unpredicted havoc on the global cyber infrastructure.

Want to read the full book summary?

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.
You need to agree with the terms to proceed