Coffee and book
"This is How They Tell Me the World Ends" By, Nicole Perlroth

Reading: 'This is How They Tell Me The World Ends'

I'm only early pages into "This is How They Tell Me the World Ends", a readable tour through the 0-day market and the quickly escalating cyber war between states and sometimes non-state groups, by New York Times journalist Nicole Perlroth. and will update this post later with a full review. But highly recommend it if you want to read along with me.

What it's got going for it: It's readable and fast paced and Perlroth has a relatable narrative voice and also makes for a good central character navigating from one technology nightmare to the next for the NYT. She's good at avoiding the technical jargon where it's not needed and explaining it where it's unavoidable. I think her short-cuts to educating readers on what are sometimes really complicated topics will be like fingernails on a chalkboard to experts in cyber security fields, but this book isn't aimed at that audience, and so far her descriptions are at least hitting the dartboard if not always the bullseye.

There's a very in-depth review of the book here, but don't let it put you off if you're generally interested in how the U.S., Russia, China along with other countries and a growing cast of non-state groups are taking aim at power grids, telecommunications services and anything that keeps a nation running, all of it, more or less, managed over the same internet you're using to read these words.

The good bits so far

  • It's got a good voice, tone and pace. Perlroth makes for a good character to hold the chapters together, and it's kind of useful for the reader that she's not coming from anything related to a cyber security background.
  • There's a lot of inside baseball about the New York Times and how it operates on these kinds of stories, and how it plays well, or doesn't play well, with others. the book starts off with her involvement in reporting on the Snowden leaks of NSA programs, and there's no shortage of snark about The Guardian.
  • To be honest, if the book can make a general audience more interested in these kinds of issues, then I think that's a good thing overall.

The rough bits

  • I'd agree with the above linked review on some things: Their's a really strong bias toward America being a bit too clean, at the start. I'd add that there's also too much of a bias that the NYT can do no wrong. She cites Glenn Greenwald and Edward Snowden's disgust with the Guardian for collaborating with the Times on the NSA files, noting Snowden still didn't trust the Times because it had sat on another story for nearly a year about NSA mass surveillance of phones. But she dismisses this as no reason to not trust the Times now. Why? That would be a perfect reason to not trust it. (Greenwald still acted like an ass, though, in holding back files, which essentially is pretty hypocritical given the reason why he did it).
  • There is too much of a focus on 0-day exploits in general, but that's not necessarily this book's fault, and the 0-day market is what it's about, so if you don't want to know about that, then this isn't your book. 0-days are bugs in a system that no one new existed. Hackers finding these have immediate and often damaging access. These incredibly problematic of course, but they're also not the most common cyber problem that can destroy the world. The more frightening aspect is also more mundane: that a lot of systems managing life-impacting infrastructure is built on flawed, poorly designed systems and often these systems aren't even updated to have the security patches that exist. Often hackers don't need 0-days, just time to find the holes that are known. Just two out of too many examples to list:
    • The cyber attack on the NHS didn't need a 0-day exploit, just old versions of Windows and an easily tricked member of staff.
    • The Florida water systems hack didn't need a 0-day exploit. The hacker found an insecure web page with settings that allowed them to change acidity levels in the water treatment to lethal levels (thankfully someone was paying attention when it happened).

It's interesting that the book has already been optioned for film or television treatment. Good for her, I say, take the money and run. I'm a bit concerned that it could turn out to be something like "Homeland" but for the cybers, and so, you know, awful. But thus far the book is a readable, guided tour through the complex systems that are growing more fragile and hard to control and yet more responsible for not wiping a lot of us out in one go. Highly recommend. Enjoy.

This article was updated on 27 February 2021