I read this book because it was recommended on my favorite podcast, Darknet Diaries!
About the Book
Title: Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers
Author: Andy Greenberg
Genre: nonfiction, tech, politics, cybersecurity, true crime
My Rating: 4/5 stars
Sandworm chronicles the cyberattacks carried out by the Russian GRU-affiliated hacking group dubbed Sandworm, most notably the 2017 NotPetya ransomware which bricked an estimated 10% of computers in Ukraine and cost the world $10 billion in damages.
The book starts out with an overview of the long history of Russian aggression against Ukraine, which, being a dumb American, I was only vaguely aware of until February. This part was really sad to read as we all know what is going on right now.
Then it goes into the history of cyberwarfare, as perpetuated by Russia and other state actors, starting with the 2007 DDoS attacks on Estonia, to Stuxnet, 2016 election interference, Industroyer, Mimikatz, Shadow Broker’s NSA leaks, WannaCry, NotPetya, and several others.
A couple things in particular stuck out to me while reading:
1) Reading this gave me a lot more context to understanding the current Russia-Ukraine conflict.
I was really young when Russia annexed Crimea and I didn’t pay much attention to international situations until relatively recently, so I was shocked when I woke up one day and there was a war. Although this wasn’t really the point of this book in particular I think that I have a much clearer understanding about the situation now, and I’m much more aware that Russia has been acting aggressive towards Ukraine for longer than just the past few months.
2) I didn’t realize it was possible to use hacking like a physical weapon to sabotage other countries.
This just never occurred to me. For example, Stuxnet was an allegedly US/Israel-developed virus that was designed to infect Iranian nuclear facilities and cause their centrifuges to spontaneously spin so fast they would basically self destruct, apparently to stop Iran from making a nuke. And Russia has messed up power grids in Ukraine several times.
3) I was again struck by how weird it is that governments just go around hacking each other, like all the time.
And there’s nothing you can do about it, because you can’t just arrest people without an extradition order. What is also funny is how the Russian state hackers would try disguising themselves by doing things like copying the “FSociety” thing from the Mr. Robot TV Show for their malware or pretending to be a Romanian teenager. And some of the incidents are so petty it seems strange that a government of a country would invest time into them.
The book ends on a sort of ominous note that cyberspace is going to be the epicenter of a new arms race— and an arms race that we’ve already walked into.
The author of the book muses about the US government’s reluctance to denounce Russia until after NotPetya, even though Russia had been interfering with Ukraine’s power grids which affected civilians for a while before that— and one of the supposed reasons as to why is because no one wants to relinquish the power to conduct a similar campaign in the future.
Instead of scaling back what is allowed by countries, it seems that everyone is content to continue trying to one-up each other as to who can cause the most damage with their cyberattack arsenal. The implications are a bit worrisome.
“On the internet, we are all Ukraine. In a dimension of conflict without borders, we all live on the front line. And if we fail to heed the borderland’s warnings, we may all share its fate.“
All in all, this was a pretty interesting book and I’d recommend it if you are at all interested in cybersecurity. (I’d also recommend the Darknet Diaries podcast)
I believe I’ve mentioned here before that I am going to be studying for a computer science degree, and I’m also going to be in a cybersecurity program in my university.
Have you read this book? Anything similar? Do computers interest you too? Let me know in the comments!
If you liked this post, consider subscribing to Frappes & Fiction. I post about the books I read, the books I think YOU should read, and anything else on my mind.
(I’m also on social media!)