IniciGrupsConversesMésTendències
Cerca al lloc
Aquest lloc utilitza galetes per a oferir els nostres serveis, millorar el desenvolupament, per a anàlisis i (si no has iniciat la sessió) per a publicitat. Utilitzant LibraryThing acceptes que has llegit i entès els nostres Termes de servei i política de privacitat. L'ús que facis del lloc i dels seus serveis està subjecte a aquestes polítiques i termes.
Hide this

Resultats de Google Books

Clica una miniatura per anar a Google Books.

This Is How They Tell Me the World Ends: The…
S'està carregant…

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race (edició 2021)

de Nicole Perlroth (Autor)

MembresRessenyesPopularitatValoració mitjanaMencions
701297,309 (4.33)1
Membre:ChetBowers
Títol:This Is How They Tell Me the World Ends: The Cyberweapons Arms Race
Autors:Nicole Perlroth (Autor)
Informació:Bloomsbury Publishing (2021), Edition: 1, 528 pages
Col·leccions:La teva biblioteca
Valoració:
Etiquetes:currently-reading

Detalls de l'obra

This Is How They Tell Me the World Ends: The Cyber Weapons Arms Race de Nicole Perlroth

No n'hi ha cap
S'està carregant…

Apunta't a LibraryThing per saber si aquest llibre et pot agradar.

No hi ha cap discussió a Converses sobre aquesta obra.

» Mira també 1 menció

We’ve all heard about the theft of passwords, personal data and the takeover of systems. How ransomware is crippling the budgets of towns across the country. How hospitals and utilities are caught up in it. But Nicole Perlroth, a New York Times reporter whose beat is cybersecurity, shows how they are all tied together. In her remarkable book that reads like a secret agent thriller, she proves It all boils down to a handful of shady players. And most of them are countries, not criminal masterminds.

In This Is How They Tell Me The World Ends, Perlroth demonstrates with great flair and endless drama that it is Russia, China, Iran and North Korea that are behind almost all the mayhem. And they got all the tools from the United States, which created a market for zero-day exploits, and promptly lost control to the rest of the world. Everyone is using “secret” American tools to invade American systems.

The book traces the birth and development of a strange, disorganized, inefficient and largely unknown market. It trades in software defects that allow anyone to break into a website or a computer system or individual computer, never be noticed, and take control of it from within. This happens in the USA every 39 seconds, she says.

And it is not limited to computers. It works in cellphones, industrial equipment, newer cars, and all the gadgets that make up the Internet of Things, from thermostats to baby cameras, smart doorbells to refrigerators. Even printers can be hacked. Governments can sit and watch documents being printed in a piece of equipment most administrators never worry about.

Hackers can take control of cars from anywhere in the world, wipe hard drives clean, steal address books and passwords, lock up the whole system, change the password to shut out the owner, shut off the electricity while changing all passwords so engineers can’t get back in… it is endless fun in our rush to digitize absolutely everything. Without adequate security.

When the power goes out, the economy stops. ATMs don’t work, bank accounts can’t be checked, credit and debit cards don’t work in stores. Neither will gas pumps, electric rechargers, medical histories, traffic lights, elevators or refrigerators. And if the hackers choose to cripple the power generating facilities and not just turn them off, it could take as long as two years for them to come back online, because electrical substations and generators are all custom designed and built. There is no way to replace them quickly. We are that close to total disaster, all day long.
This is not just theory. Russia does this to Ukraine, at will. It is a reminder of who is running their world, as well as a real world training ground for the hackers back in Moscow. The USA has seen fit to at least threaten this sort of action too, if only to try to stop others from using it on America. It’s another instance of mutually assured destruction, like we needed another one. This one is child’s play and costs essentially nothing. And anyone can participate. It is frightening to Perlroth, and she works hard to make readers feel it too. She succeeds only too well.

The hottest area of hacking is zero-day. Zero-day defects are holes that hackers discover by trying to break into systems. Once they succeed, they need to pretty up the package for sales, making the exploit easy to use, reliable, repeatedly usable, and which keeps the intruder invisible to the IT departments overseeing the target systems. Buyers want exclusivity so no one else can get in, and certainly not the company that made the software or the IT system, as that would spoil the fun when they patched it.

It all began before there was an internet, at the American Embassy in Moscow. The Russians managed to plant small, anonymous-looking bars inside the IBM Selectric typewriters the Americans were so proud of. The bars were transmitters, sending every keystroke made right to Russian intelligence. It meant the Russians didn’t have to bother over sophisticated American encryption, because they saw all the information before it was encrypted. This went on for years until some Selectrics were sent back to the US for inspection.

It was a wakeup call for American intelligence, which correctly saw itself as way behind. Its overreaction was to create numerous spy agencies dedicated to both defense - making sure this never happened again - and offense – doing it to others.

By 1967, there were already official warnings that “computers in an open environment could offer no safety whatsoever.” But the government never acted to change that by regulating computers. Instead, everything became a race to be first, and security be damned. It didn’t matter how buggy the software was; the main thing was to get it out there. The result is a global colander of unreliability. The US government did not insist on quality; anything a company wanted to sell was okay with Washington.

In the early days before mass hacking, it seemed unnecessary to worry about the bugs. Market share was all that mattered, and speed was of the essence (Move fast and break things, Facebook said).

Nothing changed the surveillance game more than Apple’s unveiling of the first iPhone in 2007. “[NSA –ie. government] hackers developed ways to track an iPhone user’s “every keystroke, text message, email, purchase, contact, calendar, appointment, location and search, and even capture live audio and video of her life by hijacking her phone camera or hot-miking her microphone,” Perlroth says.

It is only in the past few years that the biggest companies in the world have woken up to how insecure their products are. For example, Apple famously got out of the password business, leaving it entirely and securely in the hands of the customer. When a terrorist shot up a bar in San Bernardino, Apple refused to help the FBI break into his phone. The Bureau took Apple to court to force it to help. But then the FBI suddenly withdrew its suit, because a hacker supplied it with a zero-day exploit to get around the iOS password system. And the FBI refused to share it with Apple. It liked having exclusive access (The FBI has fewer of these tools than most other agencies, so snagging the Apple exploit was a coup it would not give up for the mere good of all).

The various security agencies (as I recall there are 17 of them, maybe more by now) compete rather than co-operate. They are in a race to stockpile zero-day exploits, hire hackers, and stay ahead of the other agencies. It’s an absurd system that is causing hacker salaries and payments for exploits to skyrocket – all at the expense of the taxpayer.

Sadly, everyone else has plunged in as well. So-called allies like Saudi Arabia and the Emirates are among the most active government hackers invading US systems.
-The Chinese have stolen billions in intellectual property, manufacturing processes, design and patents, by hacking into untold numbers of systems across the country. They tapped Google’s undersea cables to steal tens of millions of passwords, address books, and documents.
-Russia prefers meddling in elections, giving Americans real insecurity about what is true anymore. They are enjoying the wild west of social media and fake news. This has had the (desired) result of making people forego voting altogether.
-The North Koreans are in it for the cash thanks to American embargoes of everything it does. The massive ransomware campaigns that cripple institutions have cost the US economy billions, with most of the cash goes into bitcoin for North Korea. It’s American money that keeps North Korea going.

Mike McConnell, former director of national intelligence put it this way: “In looking at any computers of consequence – in government, in Congress, at the Department of Defense, aerospace, companies with valuable trade secrets – we have not examined one yet that has not been infected.”

As usual, there is constant hypocrisy throughout. For all the noise the USA makes about Huawei telephone equipment providing personal data to the Chinese government, “NSA was doing everything it accused Beijing of doing, and then some.” Perlroth says.

The book becomes overwhelming, which accurately represents Perlroth’s feelings about what she has found. Anyone could tip the whole house of cards over with an errant keystroke. Damage and retaliatory strikes could easily wipe society blank overnight. Perlroth has made sense of it all, dividing the exploits among the players, showing their persistence in damaging the USA, thanks to the USA’s own tools.

It was Edward Snowden who revealed the extent of US aggression. It even hacked Chancellor Angela Merkel’s phone. With friends like the USA, morality has lost all meaning. Soon, hackers were forming companies to sell their services to government agencies. Some dumped exploits publicly, showing the power they had accumulated, and so providing secret tools of the NSA and others to the entire world for free. They have since been used extensively – against the USA.

What is probably most valuable in the book is Perlroth’s assembling of the steps that got the world here. When hackers started finding bugs, they would report them to the company. But rather than gratitude, companies threatened to sue the hackers, for things like copyright infringement. It took a long time for them to realize the hackers were actually doing them a favor. Middlemen began to appear, offering to buy zero-day exploits for a pittance. But in those days, any payment at all was an improvement. As time went on, government began to outbid the middlemen, raising prices substantially. Then at long last, the makers themselves got in on the action, paying even more. They had to, because the government agencies hoarded the exploits for themselves. The last thing government wanted was for the companies to patch the holes. The American government had its own plans for the weaknesses people brought in. And none of it was beneficial to Americans. All along, the companies and their customers lost billions of dollars to invaders and ransomware exploits.

Here’s how it took shape:
-discovering how sophisticated the Russians were in bugging the US embassy.
-taking hackers onboard and purchasing zero-day exploits from them.
-developing offensive weapons like Olympic Games’ Stuxnet to destroy Iranian nuclear production equipment.
-watching as Stuxnet escaped and infected equipment all over the world.
-bored civil service hackers into quitting government and starting their own consultancies, replicating their work for governments and business all over the world, spreading their knowledge over scores of countries.
-working for foreign clients, American hackers broke into First Lady Michelle Obama’s computer, received copies of all her correspondence as it was sent, opening a new era of zero morality and anything for a buck.

Possibly the most famous incident was Stuxnet, a worm created in the USA to pacify the Israelis, who wanted to bomb the uranium enrichment plant Iran had built 30 feet underground. The worm worked beautifully. It caused vast numbers of centrifuges to spin out of control and break down. Because the machines were not very reliable anyway, it took the Iranians a while to realize there was something more wrong than usual. And then it backfired. The worm escaped, infecting every machine it could find, doing all kinds of damage all over the world. America had unleashed the first cyber plague, all by itself.

There are truly idiotic passages in the book, in which hackers, middlemen, agencies and manufacturers decide who should see the exploits, who should be allowed to buy them and who should hire themselves out to redeploy them for the new buyers. Their bizarre rationales and attempts to be moral are laughable. Who is trustworthy, who is an ally, whose policies are moral are all ephemera. How is a hacker to judge who would be an acceptable client? What is to prevent that acceptable client from then passing it on to an unacceptable accomplice? And will the client still be acceptable tomorrow? (It reminds me of a Mort Sahl line: “Anyone who consistently holds a foreign policy position in this country must eventually be tried for treason.”)

The bigger players all understand their power: “The most likely way for the world to be destroyed is by accident. That’s where we come in; we’re computer professionals. We cause accidents,” one major player told Perlroth. And back in the USA, the competing agencies are so narrowly focused, they have missed the forest: “We are looking through straws at a much bigger problem,” she quotes John Hultquist, threat analyst and director of intelligence at FireEye.

Perlroth is not having a good time with all this. Her life seems to be a series of chases and investigations every time a break in occurs somewhere. It could be Iranians trying to take over the controls of a dam, the Chinese inside a nuclear power plant, Russians playing with the banking system, or North Koreans extorting money from a hospital. This is her daily grind and it is stressful and depressing. She begs readers several times to download and install the patches companies are forever offering, no matter how often, and how big a pain they are. It is necessary and it is critical. Everything is at risk.

On the other hand, she says one of the most sophisticated ways hackers have of invading systems is by piggybacking on automatic updates and installing their malware as part of the update download.

One important takeaway for Perlroth is that online voting should be banned right now before it takes hold anywhere. It would be the fattest target for thousands of hackers worldwide, and nothing can be done to make it secure at this time. Vendors claiming their systems are totally secure clearly can’t be trusted.

The USA is entirely at fault. Perlroth says it “spawned and sponsored” the hacker market for decades. It never devised a national policy on cybersecurity. There are no laws or regulations to follow. Donald Trump closed down the only vestige – the Office of Cybersecurity Co-ordination – in 2018. America does not require companies to certify the security of their wares. It does not regulate the sale of discovered flaws. No one speaks for the United States in the field of cybersecurity. It is anarchy – everyone going in their own direction. The market is a joke, with prices for exploits going from two digits to seven. Everyone is waiting to take advantage of young hackers, too.

Perlroth says other countries, even more digitized than the USA, suffer far fewer attacks because they regulate and require testing. Norway, Denmark, Sweden, Finland and Japan are the best at it. The USA is everyone’s favorite target, because it’s so easy, and the pickings so rich.

One thing that’s missing from Perlroth’s excellent and fast-reading account is the very nature the people making all the discoveries. They are not Phds, rocket scientists or math whizzes. They are almost always kids and young men. They are often unemployed or working gigs or menial jobs. In other words, there are no qualifications to get into this business. There is no certificate. There is no internship. The barrier to entry is lying in a ditch. Anyone can do it. For government agencies to be bidding against each other for these bugs and exploits and hackers is madness.

Mandate every company to employ a team to run penetration tests and spend the rest of their time trying to break into their own systems. That would go a long way to stopping the chicanery in advance. Patching purchased flaws is a billion dollar business that should not even exist. But the USA won’t play. Sadly, its agencies see too much benefit in keeping it chaotic.

Last but not least, Perlroth feels vulnerable herself – physically. It used to be that the USA would protect and defend its investigative journalists. It had their backs. Snatching an American journalist off the streets would automatically have created an international incident. It was, she says, invisible armor. No more. Journalists are on their own. Don’t bother calling. In the shady world of international hacking, this adds untold risk.

Such is the state of the miasma the USA has created for the whole planet in cybersecurity.

David Wineberg ( )
3 vota DavidWineberg | Oct 23, 2020 |
Sense ressenyes | afegeix-hi una ressenya
Has d'iniciar sessió per poder modificar les dades del coneixement compartit.
Si et cal més ajuda, mira la pàgina d'ajuda del coneixement compartit.
Títol normalitzat
Títol original
Títols alternatius
Data original de publicació
Gent/Personatges
Llocs importants
Esdeveniments importants
Pel·lícules relacionades
Premis i honors
Epígraf
Dedicatòria
Primeres paraules
Citacions
Darreres paraules
Nota de desambiguació
Editor de l'editorial
Creadors de notes promocionals a la coberta
Llengua original
CDD/SMD canònics

Referències a aquesta obra en fonts externes.

Wikipedia en anglès

No n'hi ha cap

No s'han trobat descripcions de biblioteca.

Descripció del llibre
Sumari haiku

Dreceres

Cobertes populars

Valoració

Mitjana: (4.33)
0.5
1
1.5
2
2.5
3
3.5 1
4 2
4.5 1
5 2

Ets tu?

Fes-te Autor del LibraryThing.

 

Quant a | Contacte | LibraryThing.com | Privadesa/Condicions | Ajuda/PMF | Blog | Botiga | APIs | TinyCat | Biblioteques llegades | Crítics Matiners | Coneixement comú | 158,925,371 llibres! | Barra superior: Sempre visible