What is a zero-day? You may have heard news involving zero-days or zero-day exploits without actually reading those words, or you actually have read about zero-days, such as the Pegasus Project and the NSO Group? Someone clicks on a link in a text or message and voila! they’re hacked. The device is spied upon and/or controlled by someone else. Apparently, this someone doesn’t even need to click anymore. An unseen text or message is sent to your device and it’s no longer really yours anymore.
Nicole Perlroth is an American journalist focused on cybersecurity and digital espionage and did recently release her first book, This is how they tell me the world ends.
A zero-day is an unknown (security) flaw in software, like an operating system or program. This flaw can be exploited by someone, most likely to hack into this operating system or program. Mostly she writes about the invisible market and marketplace for zero-days, “the blood diamonds” of the security trade coveted by actors: nation-states, companies, developers, criminal networks. There are terrifying aspects to these exploits, some of which I’ll never tell friends or family, involve developing really nasty spyware or weapons to sabotage elevators, cars, jet fighters, the electric grid, power plants and you name it. A well-planned attack can send a country back to the analogue age. A well-planned and well-executed attack can annihilate enough date to destroy the state itself.
Perlroth’s way of writing is that of a thriller and she revels in it. I find it refreshing, though I think the reader needs to be aware of how she portrays the people she meet, talks to, the details they reveal to her. There’s no protagonist to save us from impending, lurking doom. Instead Perlroth is present, almost like a character in this real-life thriller guiding us through how Ukraine has been attacked by (terrifying) NotPetya, the (fascinating) Project Gunman, (the amazing) Stuxnet – it’s all here, like classic novels. How China breached Google, the perpetual Russian intrusions and the Shadow Brokers stealing the arsenal of National Security Agency (NSA) are also told. She traveled to Ukraine to witness repercussions of cyber warfare. She talked to former bosses at the NSA, American secretaries of defense, the Finnish president, companies attempting to create a proper market for zero-days (or the fixes of them), mercenary coders working for the United Arab Emirates, Argentinian hackers in Buenos Aires. She went to congregations with men selling zero-day exploits, encountering the fucking salmon – that which should not be brought into the light.
What she finds is also an expanding interest for zero-days, the intelligence and security agencies desire to breach cybersecurity of hostiles and friends, and nation-states willing to arm themselves with digital weapons. Details may be missing, words exaggerated, but I can accept them. Writing for laymen is difficult and overall it’s the sum of the parts that matter: the system, the sophistication, the evolution.
Writing about tech can easily evolve into thrillers because of technical details, opaque and mystified to most people, and the thrill of spies and people lurking in shadows, forbidden spaces. I’m not one to read thrillers, but this thriller-like book I like. It’s long, intriguing, exciting, disturbing and in the shadows lurk horrible things that do happen and can happen. And if you happen to be interested in the zero-days market, there’s virtually no other book to read. So, go ahead.
You – Regard, Troye Sivan & Tate McRae