Thoughts on — Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon

Countdown to Zero Day by Kim Zetter

Another audiobook from my walks.

Cyber warfare. It sounds like a movie plot or a good science fiction book. But it is real, very real as it turns out. Computer hacking has matured from hackers turning on sprinklers inside schools after falling for the “Did you see the swimming pool on the roof?” prank. Hacking has moved from pranks, to stealing identities and funds, to now destroying the infrastructures of nations. Once again, it is America that launched a weapon capable of mass destruction first with Stuxnet.

The story starts with a small group at Symantec who run across an inquiry about a laptop that kept shutting down and rebooting in an endless cycle. They got a copy of the file causing the problems and began investigating. The virus, however, had limited circulation and fell from the interest of the computer security world. The small group at Symantec continued to work and on the virus thinking it was something more than it appeared and as it turned out, it was huge. Here was a virus more complex than expected and it had a very narrow mission. It worked quietly and slowly inflicting its damage on the Iranian nuclear program while limiting nearly all collateral damage.

This is a cyber attack that seemed to walk out of an X-Files episode. While investigating the virus no one interfered with the group. When approaching US government agencies, they all seemed interested but denied knowledge in a convincing way. This appeared to be the first digital attack directed at a nation and it came with a great deal of stealth and surprise. In fact, the target didn’t even realize it was being attacked.

Much of the United States infrastructure, like the power industry, is controlled by computers with an internet connection and probably a Windows operating system which means it can be hacked, or corrupted with a USB flash drive. The attack’s origin can hidden or made to appear to come from elsewhere. For example, the recent attack on Sony has been blamed on North Korea. Although North Korea was happy to take credit for the attack, security experts doubt it came from North Korea and the FBI evidence is far from convincing.

I will admit that I never heard of Stuxnet before listening to this book. Perhaps that is part of my surprise and interest in the book. I guess too, I really should not be surprised that governments, my own included, are involved in, buying zero-day exploits. I also think I would be happier if more was done in closing security holes rather than using them as weapons. Here firewalls and virus protection do not work because they search for known issues and behaviors, not new ones. As we become more dependent on computers for just about every aspect of our lives, the more they become a target from not only hostile nations, but hostile groups. A terrorist group may not have the technology or materials to build a nuclear weapon, but building a digital weapon is another matter and can be equally as destructive. A digital weapon can be completely anonymous or blame can easily and convincingly pointed elsewhere.

The true story told in the book is great. The information provided is enlightening and shows what governments are doing. If it wasn’t for a couple of guys with suspicion, Stuxnet probably could have run undetected a great deal longer. The genie is out of the bottle and now we wait and see if it’s an Ifrit.


Leave a comment

Filed under Book Review

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s