Amazing book on the world of zero-day exploits, cyberwars and how scared you should be of the next cyber attacks.

Ska du läsa en icke-teknisk bok om hackning, läs denna! Skrämmande läsning men också mycket intressant.

I appreciated Perlroth's in-depth analysis of what the cyberweapons arms race has come to. We are no longer innovating for the sake of discovery, but now we are forced to innovate (and steal information) to keep up with the rest of the world. This is already a bit laughable because the United States is comically behind the rest of the world regarding cyberweaponry. We are used to seeing the U.S. as an authority and leader in many fields, but here we fall short. However, Perlroth offers personal anecdotes and experiences from years in the cyber world to tell her story. She has traveled all over the world and spoken to a variety of people in order to glean the information she shares in this novel. I particularly enjoyed the section titled "Cyber Gauchos," which details Perlroth's time in Argentina at a hacker convention. On this same journey, she meets up with a man who has done more for cybersecurity than he will ever receive recognition for. Overall an interesting read - but it is easy to get lost due to the technical terminology (this was a curve I personally had to account for!).

Who should read it: probably anyone living in the modern world. Especially people working in tech, in cyber or info security, in security in general, in politics.

Perlroth, from her well positioned view as the NY Times Cyber Security reporter, traces the origin of cyber-exploits or hacking back to its multi-root origins, hobbyist hackers and phone phreakers, US and Soviet Spies tapping eachother's communication including the aamazing story of a major analog cyber exploit.
She moves forward through the bug bounty programs growing out of the security industry, the gradual realization of some players that there is a gray to black market for these vulnerabilities and chained exploits.
She covers how the Snowden disclosures (on which she worked in a windowless closet) gave high level of the "What" but the STUXNET attack gave live fire demonstration of the attack capability (the "how." Then she shows how the shadowbrokers stole and disclosed the enabling of the "how" stockpiles of 0 days and chained attacks. And what happened next. How criminals and surely spies of our adversaries leveraged these.
Why ransomeware is constantly in the news now.
Why Russia hacks Ukraine for practice, and how they're deep in the US electrical grid, and nipping at the electoral system.
How it may be impossible to truly secure systems fully, but how unforgivable it is that we arent trying harder, more holistically as a nation and even tactically as an industry.

It'll make you paranoid. And you probably should be.
Get a strong password manager and a hardware key for MFA.