For years, I’ve followed Andy Greenberg’s excellent reporting on “Sandworm,” a set of infrastructure-targeted cyberattacks against Ukraine widely presumed to be of Russian origin, some of which escaped their targeted zone and damaged systems around the world.
Greenberg has turned that work into a book-length cyber-whodunit, Sandworm, that comes out today. I reviewed it for the LA Times, where I described it as: “a tour through a realm that is both invisible and critical to the daily lives of every person alive in the 21st century.”
One of the weirdest conversations I ever had was about this matter. It was a decade ago, and I was on a holiday in the Caribbean and the only other guests at the hotel were a family of “State Department” people. Dad had been with USAID when the Soviet tanks rolled in Hungary, his sons worked for undisclosed agencies within State. Hereditary spooks. One day, one of these second-gen spooks and I were by the pool and we got to talking about cyberwar, which he was very bullish on. I spent about an hour trying to explain to him that cyberwar and cyberweapon were imperfect analogies, so imperfect as to be terribly misleading. It was clear that he thought a cyberweapon was like a digital bomb: a tool that somehow projected force over an adversary’s digital infrastructure.
But a cyberweapon isn’t that at all. A cyberweapon, is, at root, a secret. Specifically, it’s a secret about a defect in a piece of software, preferably software that is in wide usage. When an agency or private cyberweapons dealer or criminal discovers one of these defects (also known as a “vulnerability” or “vuln”), they make the decision not to divulge its existence to the vendor (who would then update the software to eliminate the defect), and instead they write tools that exploit this defect in order to compromise the system.
A cyberweapon is a defect you discover in a system that your enemy uses, but we don’t have “good guy” software and “bad guy” software. Defects in widely used operating systems like Windows, or the embedded systems inside of the actuators and sensors that control power plants and other critical systems, are used by everyone, all around the world, leaving all of those systems vulnerable to attack by anyone who learns or discovers the secret.
Review: ‘Sandworm’ is an essential guide to a shadowy world [Cory Doctorow/LA Times]
In 2017, a month after Trump named Rudy Giuliani to be his cybersecurity officer, Giuliani locked himself out of his iPhone. So he waited in line at a San Francisco Apple store to get the Genius Bar to unlock his phone. Last night when NBC broke the news of this, Giuliani idiotically compared what he […]
Frank Wu writes, “Brianna Wu (US Congressional candidate in MA-8 and cybersecurity expert) has a brand new article in The Boston Globe about election security. People think electronic voting machines are the biggest problem. They’re wrong. The electronic VOTER ROLLS are the largest attack surface for hackers. 2% of all ballots cast (enough to sway […]
Runa Sandvik (previously) is a legendary security researcher who spent many years as a lead on the Tor Project; in 2016, the New York Times hired her as “senior director of information security” where she was charged with protecting the information security of the Times’s newsroom, sources and reporters. Yesterday, the Times fired her, eliminating […]
There’s nothing like snuggling up under a good blanket, especially when that blanket can snuggle you back. As the popularity of the Gravity Blanket testifies, there’s more to a good bedcover than just soft material. These blankets incorporate subtle weights to create a swaddling effect that can ease you to sleep, and they’re all on […]
There are times when you don’t have access to coffee or tea, but you still need a caffeine buzz. Or many you just don’t like the taste of coffee or tea. That’s what Verb Energy bars are for. Each 90-calorie bar contains core ingredients like almond butter and agave. They come in flavors like Coconut […]
Games like Red Dead Redemption 2 and Call of Duty: Modern Warfare offer hours of cinematic gameplay. They’re so engaging you might not want to play anything else, which is great because with all the disk space they take up, you might not have room to download other titles on your console. That’s why a […]