WHAT A BOOK! (Note: in no way is this a professional review. I'm just so excited after reading it that I had to share my thoughts!)
Written by Nicole Perlroth, a seasoned cybersecurity New York Times Journalist, I was pleasantly surprised by how simple her breakdown of relatively complex and technical incidents/topics. Don't get me wrong, I was still overwhelmed by the sheer amount of incidents covered, but that is more of a problem on my side as a beginner.
The main topic is the savage and cutthroat world of zero day markets, the places where cybersecurity exploits not yet known are sold and traded. Through her stories of being 'on the ground' in foreign zero-day markets to the stories from Google employees during the Operation Aurora attack, I was thoroughly enthralled and felt like I was reading a fantastic Jack Reacher or Tom Clancy novel, only to realize that the people, places, and events mentioned are 100% real.
For example, I recognized Army General Nakasone, the Command of U.S. Cyber Command (CYBERCOM)/Director of the National Security Agency (NSA), from his talk at the 2023 Billington Cybersecurity Conference. The formation and struggles of the relatively new Cybersecurity and Infrastructure Agency (CISA) within the Department of Homeland Security (DHS) was also mentioned. Did I mention how excited I was to have my book and conference experience build upon each other?
I was appalled to hear about the punitive culture for finding bugs in the recent past. It blew my mind that not that long ago, companies were embarrassed to the point where they threatened the hackers who came forward and offered (often freely) discovered vulnerabilities.
In regards to Operation Olympic Games/Stuxnet: I had no clue how important this event was in the history of cyberwarfare. I had no idea that this attack lead to almost every major copycat since, used by other nations against the United States. We as a community have opened Pandora's Box.
The zero day market is an unregulated one, most of which is hidden in the dark. Anyone who attempts to establish ethics in the current market fails because the source of the zero days could be anyone and the usage by nation-states and private actors are unchecked by the very nature of these exploits.
Take a look at some of the topics the book introduced below. I encourage you to do a quick search if you aren't already aware of the topic!
- Project Gunman: USSR spyware in U.S. embassy typewriters
- Operation Shotgiant: NSA infiltration of Huawei servers
- NSA Tailor Access Operations Unit (TAO): The superpowerhouse of elite offensive hackers who created stockpiles of zero days
- Ukraine Cyberattack of 2015: (BlackEnergy by Sandworm aka GRU's Unit 74455)
- Israeli Unit 8200, Legion Yankee, PLA Unit 61398, Energetic Bear (attacked power grid), Cozy Bear (SVR), Fancy Bear (attacked Democratic National Convention-Hilary's emails), The Shadow Brokers, Legion Amber, FSB's Evil Corp, PLA Strategic Support Force: Various foreign hacking groups
- Citizen Lab at Munk School of Global Affairs at University of Toronto
- Pegasus spyware in iPhones: a sneaky and devastating spyware
- BSI-Germany's NSA; GCHQ-Great Britain's NSA
- OPM hack: I remember this when it was reported. I didn't pay too much attention at the time.
- Deep sea cables can be tapped for info
- Court case of Apple's iPhone encryption of San Bernardino active shooter: I remember this too! I had NO idea how much impact this case was in raising questions about privacy
- Iranian Attack of Bowden Dam and Sands Casino: devastating attacks with widespread deadly implications
- North Korea's Hack of Sony: The victims (Sony) were victimized from media attention from the released scandalous data, taking away from the fact that North Korea had blatantly hacked a private company
- (FUD) Fear, Uncertainty, Doubt: How cybersecurity is sold to companies
- NSA's Eternal/EternalBlue/EternalBluescreen: family of exploits used in combination with others to produce devastating attacks. Released in the wild, these tools are now used against us.
- Russian trolls in 2016 election: "Internet Research Agency" and "Translator Project"
- NSA Counter-Intel arm: Q Group
- 2017 WannaCry-affected not just hospitals around the world by NK's Lazarus. The hacker who found a way to overcome the attack was (in poor timing) arrested by the FBI on an unrelated charge. Initiated from pirated software. Russia GRU learned for future attacks from North Korea's clumsiness.
- 2017 NotPetya: EternalBlue, EternalRomance, MiniKatz. Not ransomware, only total destruction affecting worldwide entities who had any interaction with Ukraine. Insurers for Merck and Mondelez claimed 'war exemption' and denied claims.
- North Korea has a history of hacking crypto exchanges as the cryptocurrency is converted into cash.
- Chinese government crackdown and spyware on Five Poisons' phones from visiting webpage (watering hole attack) using 14 zero days. Five Poisons= Taiwanese independence, Tibetan independence, Xinjiang separatists, the Falun Gong, Chinese democracy movement
- Nitro Zeus: Cyber Command's time bombs in Iran's critical infrastructure. Cyber back and forth with attacks on cargo ships.
- Bezos was hacked through Whatsapp following Washington Post's journalist murder
- Russia's IRA Project Lakhta: Attack on 2016 Presidential election
- 2018 Pentagon authorized decision making for offensive cyber attacks-->Cyber Command/NSA. Previously all attacks required Prez approval. National Security Presidential Memorandum 13
- CISA was created to protect 2020 elections. Struggled because fed agencies had to be invited at local levels.
- Trickbot: Russian attack configured for only non-Russia. Sold infected access to criminals
"Data breaches have become so commonplace that we now accept them as a way of life"-a rough quote summarization from Brad Smith (President of Microsoft) at UN in Geneva
