A New York Times cybersecurity writer delivers a sobering account of a thoroughly hacked and cyberattacked world.
Perlroth opens with the 2017 attack of Ukraine’s infrastructure on the part of Russian hackers who, employed directly by Vladimir Putin, had only two rules to follow: They couldn’t attack inside Russia, and “when the Kremlin calls in a favor, you do whatever it asks.” Apart from that, they were free to do as they pleased, and they detonated cyberbombs across the neighboring nation, bringing the power grid down, closing supply chains, and crashing computers, phones, and ATMs. As Perlroth writes, they attacked with poorly guarded tools developed by the American intelligence community. In the end, Russia could have done far worse “with the access it had and the American weapons at its disposal.” But there are other players with the same tools, including Iran and China, who have the wherewithal to wreak greater havoc on the infrastructure of a thoroughly unprepared America. Some of Perlroth’s interlocutors are rightfully paranoid while others are open in defying demands to make private information available to government agencies through back doors into those very tools—a recipe for a police state. One old-school hacker whom the author interviewed in Buenos Aires lamented a change of culture. “We were sharing exploits as a game,” he tells her. “Now the next generation is hoarding them for a profit.” Perlroth suggests that these latter-day hackers are capable of great evil against vulnerable nations—the U.S. foremost among the list of prime targets, not least because America is so addicted to technology. “There wasn’t a single area of our lives that wasn’t touched by the web,” writes the author. “We could now control our entire lives, economy, and grid via a remote web control. And we had never paused to think that, along the way, we were creating the world’s largest attack surface.”
A powerful case for strong cybersecurity policy that reduces vulnerabilities while respecting civil rights.