This Is How the World Will End
It is no secret that I am a big fan of technology. I recently had a conversation with a friend where she was recounting to me an incident where she left her phone at the gym, walking away for a good 20-minutes before she realized what she had left behind. My immediate response to that was “I am amazed that people can leave places without their phones." Asked to explain that sentiment, I elaborated that I do almost everything on my phone. I use it to listen to music, it is my source of news, and it is the multi-factor authentication key to all of my accounts. My friend’s only comment at all of that was just that she didn’t like how we have all become so reliant on our phones.
Unfortunately though, like it or not we have become reliant on our phones. And as the world continues on this path of digitization, we will continue to become more reliant on our phones, computers, and technology in general.
But in an age where headlines frequently consist of companies being hit by ransomware attacks, products being exploited, and new zero days being found; we need to be conscious of the risks to this trend. As well as what we can do to mitigate them where possible.
This is what Nicole Perlroth’s book, "This Is How They Tell Me the World Ends: The Cyberweapons Arms Race", seeks to accomplish. In it, Pelroth undertakes the herculean task of disentangling and explaining the opaque zero day cyberarms market.
A “zero day” is a "[vulnerability] in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it." Zero days are valuable because they can give bad actors (i.e. hackers) the ability to access any target system remotely, and do whatever they want within that system.
Think of everything in the world that runs on a computer. Hospitals, power generators, dams, nuclear reactors, and nuclear missiles. Now think about what would happen if even one of these things were hacked and were to go awry in some way shape or form. The scary truth of the matter however, is that these things have already happened (click on the links). And that we are lucky that the damage hasn’t been as large as it could have been. But our luck could eventually run out.
Pelroth’s deep dive into the murky world of cybersecurity is both illuminating and absolutely terrifying. Up until reading this book I did not fully realize the size and dynamism of the zero day exploit market. Think of any piece of technology, and dollars to donuts, someone has probably developed an exploit to hack into it. And depending on the specific piece of technology, that developer was probably paid anywhere from a few thousand to a few million USD for that exploit.
This is the zero day market. And in her book, Pelroth goes into detail as to the origins of this market; one that was almost single-handedly developed by the US government. The new players in this market; Russia, China, North Korea, Saudi Arabia, and Iran to name a few. The full extent and impact of a zero day exploit on everyday people; a huge of impact. And the level of understanding and control that those wielding these cyberweapons have on their own stockpile; not a lot. Perhaps the most terrifying revelation is that it is easily believable that any state could accidentally start World War III following an “oops” moment due to an unforeseen behavior in their own exploit.
The book is simultaneously informative and a cautionary tale on the dangers of technology. And I would definitely recommend it for anyone that is looking to get a better understanding of how the cybersecurity to our 21st century infrastructure works.
As far as the implications of what Pelroth’s book go. As a tech-head, after reading this, I am definitely much more conscious about what data I put out there in the world, even on my own systems. But it isn’t enough to get me to forsake technology. Technology is the way forward. But we need to be responsible and secure in the way that we use that technology.