Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers | Book Review

I read this book because it was recommended on my favorite podcast, Darknet Diaries!


I read this book because it was recommended on my favorite podcast, Darknet Diaries!

About the Book

Title: Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers

Author: Andy Greenberg

Published: 2019

Series: (standalone)

Genre: nonfiction, tech, politics, cybersecurity, true crime

My Rating: 4/5 stars

My Thoughts

Sandworm chronicles the cyberattacks carried out by the Russian GRU-affiliated hacking group dubbed Sandworm, most notably the 2017 NotPetya ransomware which bricked an estimated 10% of computers in Ukraine and cost the world $10 billion in damages.

The book starts out with an overview of the long history of Russian aggression against Ukraine, which, being a dumb American, I was only vaguely aware of until February. This part was really sad to read as we all know what is going on right now.

Then it goes into the history of cyberwarfare, as perpetuated by Russia and other state actors, starting with the 2007 DDoS attacks on Estonia, to Stuxnet, 2016 election interference, Industroyer, Mimikatz, Shadow Broker’s NSA leaks, WannaCry, NotPetya, and several others.

A couple things in particular stuck out to me while reading:

1) Reading this gave me a lot more context to understanding the current Russia-Ukraine conflict.

I was really young when Russia annexed Crimea and I didn’t pay much attention to international situations until relatively recently, so I was shocked when I woke up one day and there was a war. Although this wasn’t really the point of this book in particular I think that I have a much clearer understanding about the situation now, and I’m much more aware that Russia has been acting aggressive towards Ukraine for longer than just the past few months.

2) I didn’t realize it was possible to use hacking like a physical weapon to sabotage other countries.

This just never occurred to me. For example, Stuxnet was an allegedly US/Israel-developed virus that was designed to infect Iranian nuclear facilities and cause their centrifuges to spontaneously spin so fast they would basically self destruct, apparently to stop Iran from making a nuke. And Russia has messed up power grids in Ukraine several times.

3) I was again struck by how weird it is that governments just go around hacking each other, like all the time.

And there’s nothing you can do about it, because you can’t just arrest people without an extradition order. What is also funny is how the Russian state hackers would try disguising themselves by doing things like copying the “FSociety” thing from the Mr. Robot TV Show for their malware or pretending to be a Romanian teenager. And some of the incidents are so petty it seems strange that a government of a country would invest time into them.

The book ends on a sort of ominous note that cyberspace is going to be the epicenter of a new arms race— and an arms race that we’ve already walked into.

The author of the book muses about the US government’s reluctance to denounce Russia until after NotPetya, even though Russia had been interfering with Ukraine’s power grids which affected civilians for a while before that— and one of the supposed reasons as to why is because no one wants to relinquish the power to conduct a similar campaign in the future.

Instead of scaling back what is allowed by countries, it seems that everyone is content to continue trying to one-up each other as to who can cause the most damage with their cyberattack arsenal. The implications are a bit worrisome.

On the internet, we are all Ukraine. In a dimension of conflict without borders, we all live on the front line. And if we fail to heed the borderland’s warnings, we may all share its fate.

The Verdict

All in all, this was a pretty interesting book and I’d recommend it if you are at all interested in cybersecurity. (I’d also recommend the Darknet Diaries podcast)

I believe I’ve mentioned here before that I am going to be studying for a computer science degree, and I’m also going to be in a cybersecurity program in my university.

Have you read this book? Anything similar? Do computers interest you too? Let me know in the comments!

If you liked this post, consider subscribing to Frappes & Fiction. I post about the books I read, the books I think YOU should read, and anything else on my mind.

(I’m also on social media!)

6 comments on “Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers | Book Review”

  1. Your review came out at the perfect time because I just started listening to Darknet Diaries!

    I’m sure you’ll learn more about it with your cybersecurity degree (which sounds so cool!) but there’s a lot of really interesting, and kind of scary, academic research out there about computers and how they relate to physical warfare. If you’re interested in this, I’d recommend seeing if your university offers any security studies classes through the political science department.

    What you wrote reminds me of the security dilemma, which is an international relations theory usually not applied to cyberspace. It basically argues that states respond to other states. If one state increases its own security, then other states fear for their security too and take steps to protect themselves. However, this action will make other states worried and respond, and the cycle continues.

    How well it applies to cybersecurity, I don’t know, but maybe you’ll have a chance to learn more about this question in your program!

    Liked by 1 person

  2. I have not read this. I worked for the federal government for years, and they are always on the lookout for attacks, especially when I worked for the Department of Defense.

    Liked by 1 person

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.