Página InicialGruposDiscussãoMaisZeitgeist
Pesquisar O Sítio Web
Este sítio web usa «cookies» para fornecer os seus serviços, para melhorar o desempenho, para analítica e (se não estiver autenticado) para publicidade. Ao usar o LibraryThing está a reconhecer que leu e compreende os nossos Termos de Serviço e Política de Privacidade. A sua utilização deste sítio e serviços está sujeita a essas políticas e termos.
Hide this

Resultados dos Livros Google

Carregue numa fotografia para ir para os Livros Google.

This Is How They Tell Me the World Ends: The…
A carregar...

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race (edição 2021)

por Nicole Perlroth (Autor)

MembrosCríticasPopularidadeAvaliação médiaMenções
903236,836 (4.32)1
Membro:Abiquail
Título:This Is How They Tell Me the World Ends: The Cyberweapons Arms Race
Autores:Nicole Perlroth (Autor)
Informação:Bloomsbury Publishing (2021), Edition: 1, 528 pages
Colecções:A sua biblioteca
Avaliação:
Etiquetas:to-read

Pormenores da obra

This Is How They Tell Me the World Ends: The Cyber Weapons Arms Race por Nicole Perlroth

Nenhum(a)
A carregar...

Adira ao LibraryThing para descobrir se irá gostar deste livro.

Ainda não há conversas na Discussão sobre este livro.

» Ver também 1 menção

Mostrando 3 de 3
Putin loves his hackers, comparing them to artists who feel great in the morning and immediately start work on some new masterpiece. He told them, feel free to hack away, just anywhere except the homeland, and if your hacks coincide with Russian goals, well so much the better.

They went at it with a vengeance in 2014 and Ukraine became a testing ground for election interference, disinformation campaigns, interference and destruction of infrastructure, and cast doubt on the election process. There was little Ukraine could do to retaliate, given it history and geographic dependence on Russia.
The hackers were wildly successful and our 2016 campaign reflected many of their techniques. The Mueller report has laid out exactly how they went about it.

One interesting chapter examines the market for zero-day exploits, how it works and how it has changed from companies suing hackers who find bugs, to actively soliciting and paying for bugs and especially the zero-day exploits. ( A zero-day exploit is a vulnerability that has yet to be discovered and patched, making it extremely valuable for anyone with malicious intent. The Stuxnet worm created by the U.S. and Israel to destroy the Iranian centrifuges used several.) Paying for the bugs meant a rise in prices, from mere hundreds of dollars to many thousands and countries found themselves competing against bad actors, other countries, and companies for the zero-day exploits.

The Stuxnet exploit is discussed in more detail than I had read before. Of particular interest were the policy determinations and the effect of the Iraq war on those decisions. Deaths of American soldiers in Iraq ere at their highest level when the Israelis, wanting to repeat their successful attack on the Syrian nuclear reactor strike (see ShadowStrike) insisted they wanted the U.S. to bomb the Iranian facility. Bush couldn't afford such a provocative action, one the military's war games revealed would result in WW III. So he authorized the unique and first-ever cyber strike to result in physical destruction of an opponent's infrastructure. It used an unheard-of seven zero-day exploits, and the preparation was boosted by an Iranian intelligence error of Trumpian proportions when the Iranian leader bragged to the press about the facility and gave them a tour, allowing pictures, of their centrifuges. This gave the Stuxnet planners all the information they needed about the brand and type of centrifuges being used allowing them to target those directly with the Stuxnet malware. The Israelis were kept informed and must have assisted because Bush could not have them operating unilaterally.
Stuxnet showed the world the power and destructiveness of the cyber-world, and soon the value of zero-day exploits exploded as smaller countries and those without a large military realized that with little expense they could equal the United States and China in offensive capability. The attack on Saudi Arabia's oil network** that destroyed thousands of their computers and disrupted oil networks, used some of the same code the U.S. had utilized in an attack a few months prior and was clearly retaliation for that attack. The hackers got in through an email someone in ARAMCO had opened.

One of the mantras I try to inculcate in my students is to NEVER click on a link in an email. If you have reason to believe it might be valid, go to the web site and investigate there, never via a link in an email. The Russian hack of the DNC email resulted in a typo error. Podesta got an email purportedly from gmail claiming he needed to reset his password. He ran it by their IT guy who meant to write back that the link was ILlegitimate but left off the initial IL. What the IT guy should have insisted on besides noting it was illegitimate was to hammer away at the danger of clicking on email links. So Podesta, thinking it was legit, click on it and gave the Russian hackers instant access to the DNC's emails.

The chapter on how the WannaCry ransomware was unleashed on the world and its origin is alone worth the price of the book. The role of the NSA in hiding its zero-day exploits rather than alerting Microsoft so they could be patched was highlighted by Brad Smith, Microsoft's CEO, in an essay. "We have seen vulnerabilities stored by the CIA show up on Wikileaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage." Ironically, the ransomware, garnered little in the way of financial rewards for the North Korean malefactors, but it caused billions in damage to computers around the world, especially because the originators had not built in a workable way to pay the ransom. In another travesty, the teenager who discovered a built-in kill switch to the malware, was arrested by the FBI for hacking! (see the Wikipedia article for more information.)

An important book. I recommend reading it along with Cyberspies by Gordon Corera. ( )
  ecw0647 | Jul 15, 2021 |
After I finished reading “This Is How They Tell Me the World Ends” by Nicole Perlroth I was tempted to throw my iPhone into the toilet. Of course that is not really an option in the modern world and that is one of the themes of this very well researched and written book, since complete abstinence is not an option what CAN we do? Not as much as you might like is the answer. Her book is sprawling and the writing is brisk, but I think I have a little bit of fatigue about this subject as I’ve read individual books about Stuxtnet and some of the Russian troll groups so those sections felt warmed over to me. I think though that this is a book that it would be very useful for all of us to read just to alert us all to the dangers and to provide the things one can do to maximize our security. She knows her stuff and she is able to summarize complex ideas pretty succinctly. She also avoids the idiocy of false equivalence and states things as they are, such as “Even the Russian trolls back in St. Petersburg couldn’t believe the Americans were so gullible” and “In any other political climate, anyone pushing this fringe theory would be diagnosed as certifiably insane. Not in the age of Trump.” In the end, what is needed is for the major systems such as operating systems and the programs that control major infrastructure to be made more secure, and that is out of the hands of regular citizens like you and me. Still, letting the perfect be the enemy of the good is not the way to go here and if I could decree one thing to make our security and our country better it would be real media literacy education so we could end the influence of idiotic online lies. Dream on Mark. ( )
  MarkMad | Jul 14, 2021 |
We’ve all heard about the theft of passwords, personal data and the takeover of systems. How ransomware is crippling the budgets of towns across the country. How hospitals and utilities are caught up in it. But Nicole Perlroth, a New York Times reporter whose beat is cybersecurity, shows how they are all tied together. In her remarkable book that reads like a secret agent thriller, she proves It all boils down to a handful of shady players. And most of them are countries, not criminal masterminds.

In This Is How They Tell Me The World Ends, Perlroth demonstrates with great flair and endless drama that it is Russia, China, Iran and North Korea that are behind almost all the mayhem. And they got all the tools from the United States, which created a market for zero-day exploits, and promptly lost control to the rest of the world. Everyone is using “secret” American tools to invade American systems.

The book traces the birth and development of a strange, disorganized, inefficient and largely unknown market. It trades in software defects that allow anyone to break into a website or a computer system or individual computer, never be noticed, and take control of it from within. This happens in the USA every 39 seconds, she says.

And it is not limited to computers. It works in cellphones, industrial equipment, newer cars, and all the gadgets that make up the Internet of Things, from thermostats to baby cameras, smart doorbells to refrigerators. Even printers can be hacked. Governments can sit and watch documents being printed in a piece of equipment most administrators never worry about.

Hackers can take control of cars from anywhere in the world, wipe hard drives clean, steal address books and passwords, lock up the whole system, change the password to shut out the owner, shut off the electricity while changing all passwords so engineers can’t get back in… it is endless fun in our rush to digitize absolutely everything. Without adequate security.

When the power goes out, the economy stops. ATMs don’t work, bank accounts can’t be checked, credit and debit cards don’t work in stores. Neither will gas pumps, electric rechargers, medical histories, traffic lights, elevators or refrigerators. And if the hackers choose to cripple the power generating facilities and not just turn them off, it could take as long as two years for them to come back online, because electrical substations and generators are all custom designed and built. There is no way to replace them quickly. We are that close to total disaster, all day long.
This is not just theory. Russia does this to Ukraine, at will. It is a reminder of who is running their world, as well as a real world training ground for the hackers back in Moscow. The USA has seen fit to at least threaten this sort of action too, if only to try to stop others from using it on America. It’s another instance of mutually assured destruction, like we needed another one. This one is child’s play and costs essentially nothing. And anyone can participate. It is frightening to Perlroth, and she works hard to make readers feel it too. She succeeds only too well.

The hottest area of hacking is zero-day. Zero-day defects are holes that hackers discover by trying to break into systems. Once they succeed, they need to pretty up the package for sales, making the exploit easy to use, reliable, repeatedly usable, and which keeps the intruder invisible to the IT departments overseeing the target systems. Buyers want exclusivity so no one else can get in, and certainly not the company that made the software or the IT system, as that would spoil the fun when they patched it.

It all began before there was an internet, at the American Embassy in Moscow. The Russians managed to plant small, anonymous-looking bars inside the IBM Selectric typewriters the Americans were so proud of. The bars were transmitters, sending every keystroke made right to Russian intelligence. It meant the Russians didn’t have to bother over sophisticated American encryption, because they saw all the information before it was encrypted. This went on for years until some Selectrics were sent back to the US for inspection.

It was a wakeup call for American intelligence, which correctly saw itself as way behind. Its overreaction was to create numerous spy agencies dedicated to both defense - making sure this never happened again - and offense – doing it to others.

By 1967, there were already official warnings that “computers in an open environment could offer no safety whatsoever.” But the government never acted to change that by regulating computers. Instead, everything became a race to be first, and security be damned. It didn’t matter how buggy the software was; the main thing was to get it out there. The result is a global colander of unreliability. The US government did not insist on quality; anything a company wanted to sell was okay with Washington.

In the early days before mass hacking, it seemed unnecessary to worry about the bugs. Market share was all that mattered, and speed was of the essence (Move fast and break things, Facebook said).

Nothing changed the surveillance game more than Apple’s unveiling of the first iPhone in 2007. “[NSA –ie. government] hackers developed ways to track an iPhone user’s “every keystroke, text message, email, purchase, contact, calendar, appointment, location and search, and even capture live audio and video of her life by hijacking her phone camera or hot-miking her microphone,” Perlroth says.

It is only in the past few years that the biggest companies in the world have woken up to how insecure their products are. For example, Apple famously got out of the password business, leaving it entirely and securely in the hands of the customer. When a terrorist shot up a bar in San Bernardino, Apple refused to help the FBI break into his phone. The Bureau took Apple to court to force it to help. But then the FBI suddenly withdrew its suit, because a hacker supplied it with a zero-day exploit to get around the iOS password system. And the FBI refused to share it with Apple. It liked having exclusive access (The FBI has fewer of these tools than most other agencies, so snagging the Apple exploit was a coup it would not give up for the mere good of all).

The various security agencies (as I recall there are 17 of them, maybe more by now) compete rather than co-operate. They are in a race to stockpile zero-day exploits, hire hackers, and stay ahead of the other agencies. It’s an absurd system that is causing hacker salaries and payments for exploits to skyrocket – all at the expense of the taxpayer.

Sadly, everyone else has plunged in as well. So-called allies like Saudi Arabia and the Emirates are among the most active government hackers invading US systems.
-The Chinese have stolen billions in intellectual property, manufacturing processes, design and patents, by hacking into untold numbers of systems across the country. They tapped Google’s undersea cables to steal tens of millions of passwords, address books, and documents.
-Russia prefers meddling in elections, giving Americans real insecurity about what is true anymore. They are enjoying the wild west of social media and fake news. This has had the (desired) result of making people forego voting altogether.
-The North Koreans are in it for the cash thanks to American embargoes of everything it does. The massive ransomware campaigns that cripple institutions have cost the US economy billions, with most of the cash goes into bitcoin for North Korea. It’s American money that keeps North Korea going.

Mike McConnell, former director of national intelligence put it this way: “In looking at any computers of consequence – in government, in Congress, at the Department of Defense, aerospace, companies with valuable trade secrets – we have not examined one yet that has not been infected.”

As usual, there is constant hypocrisy throughout. For all the noise the USA makes about Huawei telephone equipment providing personal data to the Chinese government, “NSA was doing everything it accused Beijing of doing, and then some.” Perlroth says.

The book becomes overwhelming, which accurately represents Perlroth’s feelings about what she has found. Anyone could tip the whole house of cards over with an errant keystroke. Damage and retaliatory strikes could easily wipe society blank overnight. Perlroth has made sense of it all, dividing the exploits among the players, showing their persistence in damaging the USA, thanks to the USA’s own tools.

It was Edward Snowden who revealed the extent of US aggression. It even hacked Chancellor Angela Merkel’s phone. With friends like the USA, morality has lost all meaning. Soon, hackers were forming companies to sell their services to government agencies. Some dumped exploits publicly, showing the power they had accumulated, and so providing secret tools of the NSA and others to the entire world for free. They have since been used extensively – against the USA.

What is probably most valuable in the book is Perlroth’s assembling of the steps that got the world here. When hackers started finding bugs, they would report them to the company. But rather than gratitude, companies threatened to sue the hackers, for things like copyright infringement. It took a long time for them to realize the hackers were actually doing them a favor. Middlemen began to appear, offering to buy zero-day exploits for a pittance. But in those days, any payment at all was an improvement. As time went on, government began to outbid the middlemen, raising prices substantially. Then at long last, the makers themselves got in on the action, paying even more. They had to, because the government agencies hoarded the exploits for themselves. The last thing government wanted was for the companies to patch the holes. The American government had its own plans for the weaknesses people brought in. And none of it was beneficial to Americans. All along, the companies and their customers lost billions of dollars to invaders and ransomware exploits.

Here’s how it took shape:
-discovering how sophisticated the Russians were in bugging the US embassy.
-taking hackers onboard and purchasing zero-day exploits from them.
-developing offensive weapons like Olympic Games’ Stuxnet to destroy Iranian nuclear production equipment.
-watching as Stuxnet escaped and infected equipment all over the world.
-bored civil service hackers into quitting government and starting their own consultancies, replicating their work for governments and business all over the world, spreading their knowledge over scores of countries.
-working for foreign clients, American hackers broke into First Lady Michelle Obama’s computer, received copies of all her correspondence as it was sent, opening a new era of zero morality and anything for a buck.

Possibly the most famous incident was Stuxnet, a worm created in the USA to pacify the Israelis, who wanted to bomb the uranium enrichment plant Iran had built 30 feet underground. The worm worked beautifully. It caused vast numbers of centrifuges to spin out of control and break down. Because the machines were not very reliable anyway, it took the Iranians a while to realize there was something more wrong than usual. And then it backfired. The worm escaped, infecting every machine it could find, doing all kinds of damage all over the world. America had unleashed the first cyber plague, all by itself.

There are truly idiotic passages in the book, in which hackers, middlemen, agencies and manufacturers decide who should see the exploits, who should be allowed to buy them and who should hire themselves out to redeploy them for the new buyers. Their bizarre rationales and attempts to be moral are laughable. Who is trustworthy, who is an ally, whose policies are moral are all ephemera. How is a hacker to judge who would be an acceptable client? What is to prevent that acceptable client from then passing it on to an unacceptable accomplice? And will the client still be acceptable tomorrow? (It reminds me of a Mort Sahl line: “Anyone who consistently holds a foreign policy position in this country must eventually be tried for treason.”)

The bigger players all understand their power: “The most likely way for the world to be destroyed is by accident. That’s where we come in; we’re computer professionals. We cause accidents,” one major player told Perlroth. And back in the USA, the competing agencies are so narrowly focused, they have missed the forest: “We are looking through straws at a much bigger problem,” she quotes John Hultquist, threat analyst and director of intelligence at FireEye.

Perlroth is not having a good time with all this. Her life seems to be a series of chases and investigations every time a break in occurs somewhere. It could be Iranians trying to take over the controls of a dam, the Chinese inside a nuclear power plant, Russians playing with the banking system, or North Koreans extorting money from a hospital. This is her daily grind and it is stressful and depressing. She begs readers several times to download and install the patches companies are forever offering, no matter how often, and how big a pain they are. It is necessary and it is critical. Everything is at risk.

On the other hand, she says one of the most sophisticated ways hackers have of invading systems is by piggybacking on automatic updates and installing their malware as part of the update download.

One important takeaway for Perlroth is that online voting should be banned right now before it takes hold anywhere. It would be the fattest target for thousands of hackers worldwide, and nothing can be done to make it secure at this time. Vendors claiming their systems are totally secure clearly can’t be trusted.

The USA is entirely at fault. Perlroth says it “spawned and sponsored” the hacker market for decades. It never devised a national policy on cybersecurity. There are no laws or regulations to follow. Donald Trump closed down the only vestige – the Office of Cybersecurity Co-ordination – in 2018. America does not require companies to certify the security of their wares. It does not regulate the sale of discovered flaws. No one speaks for the United States in the field of cybersecurity. It is anarchy – everyone going in their own direction. The market is a joke, with prices for exploits going from two digits to seven. Everyone is waiting to take advantage of young hackers, too.

Perlroth says other countries, even more digitized than the USA, suffer far fewer attacks because they regulate and require testing. Norway, Denmark, Sweden, Finland and Japan are the best at it. The USA is everyone’s favorite target, because it’s so easy, and the pickings so rich.

One thing that’s missing from Perlroth’s excellent and fast-reading account is the very nature the people making all the discoveries. They are not Phds, rocket scientists or math whizzes. They are almost always kids and young men. They are often unemployed or working gigs or menial jobs. In other words, there are no qualifications to get into this business. There is no certificate. There is no internship. The barrier to entry is lying in a ditch. Anyone can do it. For government agencies to be bidding against each other for these bugs and exploits and hackers is madness.

Mandate every company to employ a team to run penetration tests and spend the rest of their time trying to break into their own systems. That would go a long way to stopping the chicanery in advance. Patching purchased flaws is a billion dollar business that should not even exist. But the USA won’t play. Sadly, its agencies see too much benefit in keeping it chaotic.

Last but not least, Perlroth feels vulnerable herself – physically. It used to be that the USA would protect and defend its investigative journalists. It had their backs. Snatching an American journalist off the streets would automatically have created an international incident. It was, she says, invisible armor. No more. Journalists are on their own. Don’t bother calling. In the shady world of international hacking, this adds untold risk.

Such is the state of the miasma the USA has created for the whole planet in cybersecurity.

David Wineberg ( )
3 vote DavidWineberg | Oct 23, 2020 |
Mostrando 3 de 3
sem críticas | adicionar uma crítica
Tem de autenticar-se para poder editar dados do Conhecimento Comum.
Para mais ajuda veja a página de ajuda do Conhecimento Comum.
Título canónico
Título original
Títulos alternativos
Data da publicação original
Pessoas/Personagens
Locais importantes
Acontecimentos importantes
Filmes relacionados
Prémios e menções honrosas
Epígrafe
Dedicatória
Primeiras palavras
Citações
Últimas palavras
Nota de desambiguação
Editores da Editora
Autores de citações elogiosas (normalmente na contracapa do livro)
Língua original
DDC/MDS canónico

Referências a esta obra em recursos externos.

Wikipédia em inglês

Nenhum(a)

Não foram encontradas descrições de bibliotecas.

Descrição do livro
Resumo Haiku

Ligações Rápidas

Capas populares

Avaliação

Média: (4.32)
0.5
1
1.5
2
2.5
3
3.5 1
4 5
4.5 2
5 3

É você?

Torne-se num Autor LibraryThing.

 

Acerca | Contacto | LibraryThing.com | Privacidade/Termos | Ajuda/Perguntas Frequentes | Blogue | Loja | APIs | TinyCat | Bibliotecas Legadas | Primeiros Críticos | Conhecimento Comum | 160,583,909 livros! | Barra de topo: Sempre visível