By I read this book because it was recommended on my favorite podcast, Darknet Diaries!
About the Book
Title: Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers
Author: Andy Greenberg
Published: 2019
Series: (standalone)
Genre: nonfiction, tech, politics, cybersecurity, true crime
My Rating: 4/5 stars
My Thoughts
Sandworm chronicles the cyberattacks carried out by the Russian GRU-affiliated hacking group dubbed Sandworm, most notably the 2017 NotPetya ransomware which bricked an estimated 10% of computers in Ukraine and cost the world $10 billion in damages.
The book starts out with an overview of the long history of Russian aggression against Ukraine, which, being a dumb American, I was only vaguely aware of until February. This part was really sad to read as we all know what is going on right now.
Then it goes into the history of cyberwarfare, as perpetuated by Russia and other state actors, starting with the 2007 DDoS attacks on Estonia, to Stuxnet, 2016 election interference, Industroyer, Mimikatz, Shadow Broker’s NSA leaks, WannaCry, NotPetya, and several others.
A couple things in particular stuck out to me while reading:
1) Reading this gave me a lot more context to understanding the current Russia-Ukraine conflict.
I was really young when Russia annexed Crimea and I didn’t pay much attention to international situations until relatively recently, so I was shocked when I woke up one day and there was a war. Although this wasn’t really the point of this book in particular I think that I have a much clearer understanding about the situation now, and I’m much more aware that Russia has been acting aggressive towards Ukraine for longer than just the past few months.
2) I didn’t realize it was possible to use hacking like a physical weapon to sabotage other countries.
This just never occurred to me. For example, Stuxnet was an allegedly US/Israel-developed virus that was designed to infect Iranian nuclear facilities and cause their centrifuges to spontaneously spin so fast they would basically self destruct, apparently to stop Iran from making a nuke. And Russia has messed up power grids in Ukraine several times.
3) I was again struck by how weird it is that governments just go around hacking each other, like all the time.
And there’s nothing you can do about it, because you can’t just arrest people without an extradition order. What is also funny is how the Russian state hackers would try disguising themselves by doing things like copying the “FSociety” thing from the Mr. Robot TV Show for their malware or pretending to be a Romanian teenager. And some of the incidents are so petty it seems strange that a government of a country would invest time into them.
The book ends on a sort of ominous note that cyberspace is going to be the epicenter of a new arms race— and an arms race that we’ve already walked into.
The author of the book muses about the US government’s reluctance to denounce Russia until after NotPetya, even though Russia had been interfering with Ukraine’s power grids which affected civilians for a while before that— and one of the supposed reasons as to why is because no one wants to relinquish the power to conduct a similar campaign in the future.
Instead of scaling back what is allowed by countries, it seems that everyone is content to continue trying to one-up each other as to who can cause the most damage with their cyberattack arsenal. The implications are a bit worrisome.
“On the internet, we are all Ukraine. In a dimension of conflict without borders, we all live on the front line. And if we fail to heed the borderland’s warnings, we may all share its fate.“
The Verdict
All in all, this was a pretty interesting book and I’d recommend it if you are at all interested in cybersecurity. (I’d also recommend the Darknet Diaries podcast)
I believe I’ve mentioned here before that I am going to be studying for a computer science degree, and I’m also going to be in a cybersecurity program in my university.
Have you read this book? Anything similar? Do computers interest you too? Let me know in the comments!
If you liked this post, consider subscribing to Frappes & Fiction. I post about the books I read, the books I think YOU should read, and anything else on my mind.
(I’m also on social media!)
Frappes and Fiction 
Your review came out at the perfect time because I just started listening to Darknet Diaries!
I’m sure you’ll learn more about it with your cybersecurity degree (which sounds so cool!) but there’s a lot of really interesting, and kind of scary, academic research out there about computers and how they relate to physical warfare. If you’re interested in this, I’d recommend seeing if your university offers any security studies classes through the political science department.
What you wrote reminds me of the security dilemma, which is an international relations theory usually not applied to cyberspace. It basically argues that states respond to other states. If one state increases its own security, then other states fear for their security too and take steps to protect themselves. However, this action will make other states worried and respond, and the cycle continues.
How well it applies to cybersecurity, I don’t know, but maybe you’ll have a chance to learn more about this question in your program!
LikeLiked by 1 person
Yay I’m so glad you’re listening to it!
And yes it looks like that question really does apply to cybersecurity, more than I would have originally thought
LikeLiked by 1 person
I think that we all need to go into the future with our eyes wide open as to the horrors that some governments / people go to for power.
LikeLiked by 1 person
Definitely
LikeLike
I have not read this. I worked for the federal government for years, and they are always on the lookout for attacks, especially when I worked for the Department of Defense.
LikeLiked by 1 person
Ooh, that is really cool!
LikeLike