danni naeil

Tag: Cyberespionage

  • Book review: Fancy Bear Goes Phishing

    Book review: Fancy Bear Goes Phishing

    As soon as I noticed a book published with this savvy title (and cover, created by Rodrigo Corral) this year, I knew I had to read it: Fancy Bear Goes Phishing: The Dark History of the Information Age, in five Extraordinary Hacks. Authored by Scott J. Shapiro, professor of law and philosophy at Yale Law School. In his youth, Shapiro spent much time with computers, but later chose a career in philosophy and law. When writing about cyberwar, he returned to computers, re-learning programming, computer science and the lingo: Evil maid attack, bald butler attack, bluesnarfing, phishing, spear phishing, whaling…

    Attempting to answer the simple questions of why the Internet is insecure, how do hackers exploit insecurity and how they can be prevented, or at least decreased in numbers, Shapiro takes us on a journey with five stops, from the late 1980’s to the hacks of the Democratic National Committee and the Minecraft wars 30 years later.

    One of Shapiro’s main arguments is the distinguishment between upcode and downcode. Upcode is the human aspect of cybersecurity, such as regulation, law, and organizational norms, whereas downcode is the technical programming and operating of programs, operative systems and alike. His consistent argument is that upcode regulates downcode. Thus, he opposes solutionism, the view that “technology can and will solve our social problems”. I’ve written about the tech elite earlier in 2023, their engineering-like focus on all issues, they being able to solve everything with math and algorithms, as if reality can be reduced to technicalities. Shapiro continues, with his fantastic sense of humour: “Great news! We can reverse centuries of imperialism, revolution, and poverty with our cell phones.” This connects to Bruce Schneier’s angle on cybersecurity too: focus on the humans primarily.

    Another sentence deeply related to Cathy O’Neil is “Most problems do not have solutions that are reducible to finite procedures.” Solutionism cannot succeed, because it relies on (Alan) Turing’s physicality principle: changes in the digital realm presupposes changes in the physical realm, which means computation, when all is said and done, is a physical process, and relies on control over the physical world, such as cables, servers, and routers.

    The almost inherent insecurity of the Internet of Things (IoT) is quite obvious, another connection to Schneier, who claims the same thing. IoT-devices have very rudimentary operating systems, meaning they’re usually really poorly designed. They have a singular, or few, purposes, rendering them with attack vectors. So, your refrigator might be part of a zombie-net controlled by some angry teenager playing Minecraft, using your very refrigator attacking another server running Minecraft.

    Solutionism dominates so much, represented by ignoration and non-comprehension among programmers and computer scientists, disguised as the common resentment and claims that politics is unfit to kepp up with things technical. The sentiment of solutionism Shapiro compresses in one sentence:

    “Politics becomes engineering; moral reasoning becomes software development.”

    Cybersecurity – it’s a human thing

    Shapiro connects law and legal discussions in the cases the tells. What are the implications judiciously for the hackers, how does the hackers think, and the legal system perceive these acts. In cases where the perpetrator is sentenced, how does the legal system reason?

    I appreciate how he considers gaming and programming culture as overtly (white) male, rendering women targets usually for misogynic hatred, or at least suspicious activites by men against women (and other gender identities, might I add). This touched briefly on the deeply ingrained meritocratic aspects of programming/hacking culture, as covered by Gabriella Coleman in Coding Freedom: The Ethics and Aesthetics of Hacking.

    Shapiro also provides us with the combination of basic computers science terms and programming functions, such as the difference between data and code, and how operating systems work. If you don’t understand how very rudimentary programming functions, Shapiro will inform you how it actually works to prove his points, and easen the complexities of cyberspace somewhat. Knowledge will calm you more than ignorance, he reasons, and I concur.

    Mainly he presents various ways hackers exploit humans via their cognition: visuality, irrationality, probability, and time. Hackers are great cognitions and really social beings, at least virtually, and comprehend how some people will be fooled.

    The sense of humour!

    Regarding the oh, so common Nigerian prince/general/rich person mail, Shapiro regularly depicts issues and technicalities through diagrams or pictures, and provides proper examples the reader can understand, such as:

    “This Nigerian Astronaut pushes this internet scam to eleven.”

    Anyone who comprehends this sentence, will enjoy reading a serious book on a serious subject.

    It goes up to eleven

    Of all the books on technology I’ve read, this is the best one. Were I to give people a recommendation on one single book they could read to better grasp the cyber realm, Fancy Bear Goes Phishing it is.

  • The debate on refugee espionage

    Refugee espionage, according to Swedish law, is when a person unlawfully, secretly and systematically, over time, gathers information about someone else in order to provide a foreign power this information. It’s been part of Swedish law since the 1940’s and Sweden is one of the few countries to actually prohibit this action.

    There’s research on transnational repression and digital transnational repression, for instance by The Citizen Lab, Marcus Michaelsen, and Siena Anstis and Sophie Barnett. Authoritarian countries spend resources and time to repress diasporas, dissidents and vocal ex-citizens, whether by physically collecting information and threatening them, or by using the Internet.

    How does the Swedish parliament and media debate refugee espionage since 2014, when the law was revised? Does the debate connect refugee espionage to the digital ways of surveilling and repressing people? What does it say about national security and Swedish sovereignty?

    This is my bachelor’s thesis in political science. You can find it here, although it’s only available in Swedish.

  • Book review: How to lose the information war

    Book review: How to lose the information war

    I first noticed Nina Jankowicz while reading the report Malign Creativity: How Gender, Sex, and Lies are Weaponized against Women Online. However, I didn’t know Nina was specialized in Central and Eastern Europe, that she has been stationed in Ukraina and knows Russian (thus also being able to understand Polish, Czech and Slovak). Her second book is focused on that same geographical region and, as the title implies, information warfare, directed by Russia. But she weaves the information war of the Czech Republic, Estonia, Georgia, Poland and Ukraine with that of the US, and concentrates on the way to loose information war, but also how to try and tackle it.

    “With the advent of the internet and social media, individual citizens are now ‘news’ outlets themselves.” This fact countries like Russia uses against democracies in order to spread false narratives. In the introduction Nina gives us a more thorough dive into The Mueller Report about Russia’s interference prior under during to the presidental election of 2016. It was far more insidious and elaborate than arranging one protest and counterprotest at the same time and location. The Internet Research Agency (IRA) managed to run popular Facebook pages like Blacktivist and Being Patriot, as well as arrange unseemlingly fun and popular protests in Washington D.C.

    Nina takes us to five countries that in different ways have tried, and are trying, to fight against Russian information warfare: the Czech Republic, Estonia, Georgia, Poland and Ukraine. In discussions with government officials, politicians and alternative media, she paints a picture of the different ways these countries try to combat Russian interference and pressure. These could provie the US with lessons on how to lose the information war.

    The lesson of lessons

    When it’s in front of you, it’s completely obvious. You ask yourself why you never saw it or verbally was able to say it out loud. Nina does just this. In the chapter of Estonia, she delves into the issue of the Russian minority, how it’s discriminated against and can’t be part of the Estonian society. This Russia uses to its advantage, to cast doubt on the Estonian government and majority. How to solve?

    Whenever we discuss issues related to technology, we tend to see technical solutions. Probably because the tech industry wants it no other way. Probably because we are entranced by technology, living in a technoreligious society, believing in technology as a good force in itself. So, why not simply throw in a tech solution to a tech problem? Like she writes: “How can any administration that intends to protect free speech censor the authentic opinions of its own citizens?”

    Why not solve this societal issue with a societal solution instead? Simply put: restore trust in government, give the minority chances to become part of the society as a whole. Try not to evoke bad feelings and animosity between people, heal the rifts. Two important pillars of media literacy (that Taiwan has tried) are schools, as in Finland, and public libraries and the powerful information and searchability librarians hold to guide citizens in the endless stream of information and literature. Thus Russia can no longer use this issue to splinter relations between people and create even bigger rifts. Because one thing Russia does is never to invent new issues, but use the old societal problems to sow discord and splinter society and the nation.

    Downsides

    Four downsides with the book:

    It was published just after Joe Biden was installed as president of the Unites States, thus missing the Biden administration’s take on cyber warfare, dual-use technologies, spyware and transnational repression. It differs from previous administrations.

    It was published one year before the Russian war against Ukraina in 2022, which renders some of the politics described obsolete. For instance, Estonia has once more turned more suspicious of the Russian minority, meaning that, for instance, the chapter on Estonia is not up to date, although it’s still relevant as a historical lesson. Settings for information warfare have changed rather drastically in one year.

    Somehow, I really dislike fictional writings “capturing” a technology and its implication in the present or future. Carissa Véliz does it in Privacy is power. Nina does it, and it’s erroneous, partly because it’s written before Biden’s presidency, partly because it’s the usual bleak, dry, predictable onset to an issue now, set in 2028.

    In the chapter about Ukrainian efforts to provide positive aspects of Ukraine in the Dutch election about EU-legislation should have been problematized more. Even though the Russians seemed to have played a part in negative campaigning, the Ukrainian part could also be considered foreign interference in an election. Julia Slupska’s piece on election interference is well-worth a read.

    Summary

    The book is true to its’ title. Information warfare pervades the book, and it doesn’t confuse information warfare with espionage or cyber warfare. Terms here are very important and so are the differences between them. Although Russia is the focal point, which narrows the scope of information warfare, that’s an advantage here. To write about information warfare in general or include Chinese, Iranian, American or any other country, would water it down. One can’t cover everything to make a topic or an issue interesting.

    Lessons from the book are important and relevant. Countries must learn from one another, can’t hide from information warfare, and develop a battery of counter measures. And those counter measures are seldom technological, but rather societal, economical and political. That’s the most important things I learned reading this book.

  • Book review: Click here to kill everybody

    Book review: Click here to kill everybody

    For those who don’t know of Bruce Schneier, he’s one of the world’s most famous and prominent cybersecurity experts. If there’s one person you’d like to guide you and hold your hand while in need, Schneier is the one. This book is about basics of cybersecurity, not the technical aspects, but rather about security on the Internet and the Internet+, the interconnected world of the Internet of things.

    Driverless cars, thermostats, drones, locks on doors, baby dolls and monitors, and pacemakers are interconnected – without any concern for security. Virtually all companies except for Apple and Microsoft sell inadequate and incomplete consumer products without testing, whereas in the the airplane industry a line of code can cost millions of dollars and pass through very rigorous testing before being applied in reality.

    “Click here to kill everybody” is a thorough and deep book about how this neglect of cybersecurity has consequences for people, society, companies and governments/authorities. It depends on rushed incentives and meddling from many governments.

    I love the metaphor “The Four Horsemen of the Internet Apocalypse – terrorists, drug dealers, pedophiles, and organized crime” that states and companies use to frighten people. If we standardize encryption in texting, telephone calls, files on your phone, the dark sides will become even stronger and the good forces will fail at catching and prosecuting villains (is the usual comments). The paradox is that states use front companies to do some of these works as well, like North Korea and organized crime and drugs. Even China (companies connected to the People’s Liberation Army), Russia (Internet Research Agency, under the now-well-known-name Yevgeny Prigozhin) and the US (the military-industrial complext and NSA-connected entrepreneurs) are all engaging companies to do their bidding, no strings attached.

    The situation we’re in: From bad to worse

    An entire chapter is named “Everyone favors insecurity”, a telling title. What it basically comes down to, is that companies are unwilling to pay for security, very much like ecofriendly products are more expensive, because taking ecological consideration into account costs more than not caring. Apple and Microsoft are two of the very few companies that actually pay attention to security, making sure that products are released when they’re as secure as possible. Most companies follow the former Facebook motto “Move fast and break things” and release rather delay and miss the launch.

    What people, and companies and authorities, then miss is the fact that our overall security is decreased, in peril, simply because it’s considered too expensive or too troublesome.

    Security should default, like encryption should be default, not optional or thought of in clear hindsight. When products are ready for sale, they should be as complete as possible. The ideal of move fast and break things should be abolished.

    Regulation

    Authorities need more transparency, less secrecy, more oversight and accountability, Schneier argues (and he isn’t alone). FBI, NSA and others don’t want encryption and want backdoors. This is completely contradictory security-wise. If the population is being preyed upon, if rogue elements can infect and steal from people, companies and authorities will also be easier targets. The more people who risk being infected and preyed upon, the more who will be in peril. Less security for civil society and people means states are less secure, although authorities want to weaken encryption, install backdoors – everyone gains access to damage, everyone looses.

    An argument often lost in the debate on regulation is that losing parties in this debate of regulation are small companies without assets or time on their side, and favour big corporations, who can much easier adapt. Big corporations are also prone to being in the attention span of the regulators and tended too, whereas smaller companies are seldom even seen, mostly overlooked. I think this is one of the most important aspects of the entire book.

    Another issue with regulation is its tendency to focus on particular technologies. Schneier’s suggestions is to “focus on human aspects of the law” instead of technologies, apps, or functions. Also, it’s better to aim for a result and let experts work to achieve that result rather than, again, focus on a specific technology.

    Summary

    Rights of the computers scientists / software developers / programmers are still very strong and they can develop pretty much what they want. We’re too short-sighted and can’t, or refuse to, see possible outcomes and changes from longer perspectives. “We accepted it because what they decided didn’t matter very much. Now it very much matters, and I think this privilege needs to end.” Just because products are digital doesn’t mean they have more right to exist, and living in a society where technology has become some kind of religious belief doesn’t mean technology is impervious to critic or bad things.

    Schneier argues that only states should have the capability to confront cyber attacks, not companies or other organizations. Considering they industry of spyware (or mercenary spyware as it’s called) I concur, though companies can help being part of cyber defense.

    One of Schneier’s guesses is that the security issues with “Internet+ will creep into their networks” in unexpected ways. Someone brings a device to work, which connects to the Internet and starts to leak data. Suddenly a company or authority realizes it has serious issues with real life implications.

    If you need a basic book about cybersecurity, without any technical details or prerequisites, this is a book for you. It’ll teach you what cybersecurity is about.

  • Time to decide again

    It’s been two years and finally it’s time to study some more. In roughly one month, we’ll begin writing our bachelor thesis. Mine will (unless some pivotal change occurs) be about digital transnational repression in Sweden. There’s isn’t much research on this issue regarding Sweden. There’s scant research internationally too, except for Freedom House, The Citizen Lab and a few researchers specialized in the field, like Marcus Michaelsen. I’m about to dive into their research more thoroughly, choose my material wisely and formulate questions.

  • Book review: Reset

    Book review: Reset

    “We can reclaim the internet for civil society. The principle of restraint should be our guide.”

    The end.

    Basically, I could stop here and write no more. These are the last two sentences of the book Reset: Reclaiming the Internet for Civil Society of Ronald J. Deibert and the profound solution to problems with internet, social media, tech companies, surveillance, espionage, cyberwars, is about.

    Deibert founded The Citizen Lab in 2001 as a research group with a mission he had came up with: the dirty backside of the Internet. For once I read a boo by an author who doesn’t need to restort to the creepiest descriptions and depictions on what could happen – he controls this subject totally. You can read it between the lines, see it in the examples given, often from the research of the Citizen Lab and from various other sources, not the usual ones, he doesn’t inundate you with details and a massive amount of examples about everything that is inherently wrong with internet (for that, listen to Grumpy old geeks), and because of the chapters he’s chosen to focus on. He knows this stuff without the restless need to show how well he has (begun) to master this subject after a couple of years. The combination of chapters are his strength.

    Causes

    Surveillance capitalism as a concept is the first subject Deibert touches, writing about the omnipresent tech in our lives, the gadgets we surround ourselves with day and night, for most reasons. This has been covered by Carissa Veliz, Adam Alter (review coming) and (obviously) Shushana Zuboff (review coming), to name a few. Deibert writes about different absurd apps, ideas to capture more personal data and dangerous paths taken by companies, paths that can easily lead to authoritarian perspectives on society and societal change.

    How our addictive machines are used to spread propaganda, disinformation, misinformation, to destabilize societies, divide and rule among foreign adversaries is another bleak chapter. Companies, state actors, organisations are playing a very perilous game with democratic states and risking all progress on human rights. Insititutions are seemlingly falling apart, or at least being unable to thwart a slide towards more fragile societies.

    Thirdly, intrusive powers is about how technology is used to circumvent human rights and deliberation by (nation) states. Abuses of power become harder to track, inhibit and hold accountable. Technology is more often used to suppress minorities and people rather than elevate them.

    Aspects of climate and environment are usually completely excluded from books written by tech-related authors. The link to the natural world is many times exempt from being questioned. Two of the few eexceptions are Kate Crawford and Tung-Hui Hu, both of whom I’ll cover in time.

    I worked in politics for almost seven years and I concur with Deibert that “material factors play a major role in shaping political outcomes”, must be taken into account and politics should, at times, adapt to societal changes rather than neglecting them. Sometimes you simply follow, not lead. And tech is very much physical, material.

    No other expert, that I have encountered, has been able to combine all these issues and subjects into one coherent text about the state of the internet and democracy. A fellow Canadian and political scientist at that, Taylor Owen (yes, listen to his podcast), is the closest one we’ve got.

    Solutions

    Deibert’s a political scientist at heart, although you might think (or decieve yourself) he’s a computer scientist, and it shows when he delves into solutions. He presents the ideas and theory of republicanism, the theory “to tie down and restrain the exercise of power not only domestically, but also across borders.” Politics usually move rather slowly in democratic states and rightfully so, argues Deibert and the republicans, because decisions should take time and deliberation is necessary so as not to react emotionally or irrationally due to some fancy. Deliberation has become a word with negative connotations. Things should be decided quickly, without thoughtful processes, almost impulsively. Deibert argues that deliberation offers restraint, inhibits decisions to be simple (and often stupid) reactions to very contemporary issues. As such, restraint should be exhibited much more, in social media, in politics, on technologically related decisions. Deliberation should be a guideline, not an insult.

    At first my thoughts were similar to my reading of Beijmo’s De kan inte stoppa oss – basically, we’re f*cked. After a while I actually feel hope. For once, here’s a person with vast experience and knowledge of how bad things have turned for more than two decades, who can show us real adequate and suitable actions on a systemic level. Here are no individual recommendations on “block cookies”, “encrypt all your communications” or “refuse to use social media”. Deibert has spent more time than most humans on these issues, so what he writes is very much what we should do. We should move slower, more deliberately, in order to reclaim internet for civil society, not for states or companies.

    Conclusion

    If there’s one book to rule them all, this is the one.

  • Book review: The Perfect Weapon

    Book review: The Perfect Weapon

    The New York Times has journalists (often called reporters, correspondents or writers) devoted to dedicated, limited subjects/topics, such as White House correspondent, lead consumer technology reporter, or national security correspondent, like David E. Sanger. He happens to be a colleague of Nicole Perlroth, author of This is how they tell me the world ends [min egen länk], and this book a kind of sibling. While she covers cybersecurity and digital espionage, he mainly covers national security, and one must read the book with that perspective.

    “The Perfect Weapon is the startling inside story of how the rise of cyberweapons transformed geopolitics like nothing since the invention of the atomic bomb” it says on the back cover, and Sanger dives into cyberweapons and their implications on national and international security. American-Israeli Operation Olympic Games is the starting shot of cyberattacks on nation-states about 15 years ago. Preparations of Operation Nitro Zeus, of which I knew nothing previously, was the second, although it was never deployed. In short, Nitro Zeus was supposed to entirely shut down Iran if the US needed to bomb the country in case of attacks on Israel, by infiltrating virtually everything digital in Iran.

    Sanger explains some of the cyber warfare infrastructure of the US, such as TAO (Tailored Access Operation) and US Cyber Command, as well as the immense offensive capabilities of the US. Then he explains the infamous (and famous?) Russian hack of the Democratic National Committee is covered, unflattering as it is in his depiction of incompetence, laziness and inertness. Likewise depicted is the very serious hack of the Office of Personnel Management, when China took personal data on approximately 21,5 million American citizens (an astounding amount of personal data on people with security clearance) and 5,6 million fingerprints of important personnel in the US.

    Barack Obama managed to accomplish a kind of truce with Xi Jinping after attacks, which lasted until the Trump administration chose trade war with China. In his now famous annual address on New Year’s Eve for 2018, Xi Jinping had two books on artificial intelligence on display, carefully chosen as symbols of ambitions and interests of the Communist party the coming years. Some believe the data stolen from the US is a way to train AI, mapping both people and country.

    What the US taught its adversaries through cyberattacks and cyber espionage was how imperative this capability is, at a low cost to boot. North Korea was not a power to be reckoned with before American meddling, but now it is, just like Iran. Instead of limiting attacks and espionage to state organizations, adversaries attack and or spy on civilian (or soft) targets: municipalities, companies, large corporations, journalists, politicians, activists.

    Sanger also draws conclusions I have barely encountered before, however logical they are once read, stemming from his focus on national security. In the trove of data Edward Snowden collected and shared with a few chosen people was information on how the National Security Agency (NSA) installed their own equipment in companies’ products (like Cisco). This, not the ways NSA accessed the tech giants’ servers to spy on its own population, was the real important find. This damaged US national security and has had very serious implications in geopolitics. One aspect of this is the trade-technology-war between the US and China. Why would Americans let Chinese companies build infrastructure in the US when they knew exactly what they themselves would do, were they to build infrastructure in China? And why would the Chinese not attempt to build backdoors and make attempts to spy on the Americans at every turn, when it was proven the Americans did exactly this?

    Like Perlroth, Sanger concludes that the US is mostly to blame itself. It showed the world cyberweapons are useful. It amassed the most encompassing espionage apparatus ever, with amazing offensive capabilities. But it cannot defend itself. The US is wide open for most attackers.

    Since the release of the book, Joe Biden has become president and his administration has showed a much more ambitious approach of beginning to cybersecurity than his predecessors. The administration is deeply engaged in cyber defense and security, making it a priority in the infrastructure bill (cyber is mentioned 319 times in the Infrastructure Investment and Jobs Act), participation in conferences and speeches. The lid is off.

    Seldom have I come across a book so outstanding and worthwhile, it’s absolutely teeming with information on cyberweapons and warfare. If you’re to choose one book to read on these topics, it’s The Perfect Weapon. Besides, how could I not like a book with chapter titles like From Russia, With Love and Pandora’s Inbox?

  • Book review: This is how they tell me the world ends

    Book review: This is how they tell me the world ends

    What is a zero-day? You may have heard news involving zero-days or zero-day exploits without actually reading those words, or you actually have read about zero-days, such as the Pegasus Project and the NSO Group? Someone clicks on a link in a text or message and voila! they’re hacked. The device is spied upon and/or controlled by someone else. Apparently, this someone doesn’t even need to click anymore. An unseen text or message is sent to your device and it’s no longer really yours anymore.

    Nicole Perlroth is an American journalist focused on cybersecurity and digital espionage and did recently release her first book, This is how they tell me the world ends.

    A zero-day is an unknown (security) flaw in software, like an operating system or program. This flaw can be exploited by someone, most likely to hack into this operating system or program. Mostly she writes about the invisible market and marketplace for zero-days, “the blood diamonds” of the security trade coveted by actors: nation-states, companies, developers, criminal networks. There are terrifying aspects to these exploits, some of which I’ll never tell friends or family, involve developing really nasty spyware or weapons to sabotage elevators, cars, jet fighters, the electric grid, power plants and you name it. A well-planned attack can send a country back to the analogue age. A well-planned and well-executed attack can annihilate enough date to destroy the state itself.

    Perlroth’s way of writing is that of a thriller and she revels in it. I find it refreshing, though I think the reader needs to be aware of how she portrays the people she meet, talks to, the details they reveal to her. There’s no protagonist to save us from impending, lurking doom. Instead Perlroth is present, almost like a character in this real-life thriller guiding us through how Ukraine has been attacked by (terrifying) NotPetya, the (fascinating) Project Gunman, (the amazing) Stuxnet – it’s all here, like classic novels. How China breached Google, the perpetual Russian intrusions and the Shadow Brokers stealing the arsenal of National Security Agency (NSA) are also told. She traveled to Ukraine to witness repercussions of cyber warfare. She talked to former bosses at the NSA, American secretaries of defense, the Finnish president, companies attempting to create a proper market for zero-days (or the fixes of them), mercenary coders working for the United Arab Emirates, Argentinian hackers in Buenos Aires. She went to congregations with men selling zero-day exploits, encountering the fucking salmon – that which should not be brought into the light.

    What she finds is also an expanding interest for zero-days, the intelligence and security agencies desire to breach cybersecurity of hostiles and friends, and nation-states willing to arm themselves with digital weapons. Details may be missing, words exaggerated, but I can accept them. Writing for laymen is difficult and overall it’s the sum of the parts that matter: the system, the sophistication, the evolution.

    Writing about tech can easily evolve into thrillers because of technical details, opaque and mystified to most people, and the thrill of spies and people lurking in shadows, forbidden spaces. I’m not one to read thrillers, but this thriller-like book I like. It’s long, intriguing, exciting, disturbing and in the shadows lurk horrible things that do happen and can happen. And if you happen to be interested in the zero-days market, there’s virtually no other book to read. So, go ahead.

    You – Regard, Troye Sivan & Tate McRae