More on this book
Community
Kindle Notes & Highlights
Read between
April 4 - April 6, 2022
The Kremlin had cleverly timed the attack to Ukraine’s Constitution Day in 2017—the equivalent of our Fourth of July—to send an ominous reminder to Ukrainians. They could celebrate their independence all they wished, but Mother Russia would never let them out of its grip.
fracturing support for Western democracy and, ultimately, NATO
There was no financial profit to be gleaned from turning off the power.
Shadow Brokers started trickling out NSA hacking tools and code for any nation-state, cybercriminal, or terrorist to pick up and use in their own cyber crusades.
The public’s understanding of what was transpiring was—to put it mildly—a mismatch to the gravity of the situation,
On June 27, 2017, Russia fired the NSA’s cyberweapons into Ukraine in what became the most destructive and costly cyberattack in world history.
I was to find out how far the world’s top intelligence agencies had come in cracking digital encryption.
the NSA’s expansive catalog meant that they could break into and spy on devices when they were offline, or even turned off.
nobody in cybersecurity actually uses “cyber” anymore. It’s “information security,” or preferably “infosec.”
There were many people and institutions that did not want this story to be told. I came to believe that the only way to contain the spread of the world’s most secretive, invisible market was to shine a big fat light on
The position most big companies—Hewlett-Packard, Microsoft, Oracle, Sun Microsystems—took at the time was that anyone who drew attention to a flaw in their products should be prosecuted or sued for tampering. Microsoft executives called it “information anarchy” and at one point compared hackers who dropped bugs on BugTraq and at hacking conventions to terrorists “who throw pipe bombs into children’s playgrounds.”
James and Endler contemplated turning these bugs away. But they knew they needed to build trust, so that hackers would
Hackers, McManus explained, aren’t in it for money. At least, not in the beginning. They are in it for the rush, the one that comes with accessing information never meant to be seen. Some do it for power, knowledge, free speech, anarchy, human rights, “the lulz,” privacy, piracy, the puzzle, belonging, connection, or chemistry, but most do it out of pure curiosity.
gray market for zero-days, but the fact that these contractors
“If you’re coconspiring with the government to leave gaping holes in core technology used by your customers, you’re inherently working against your customers.”
It wasn’t abnormal, Sabien said, to find multiple nation-states listening in on the same machine
potential for an all-out cyberwar. “It’s like having cyber nukes in an unregulated market that can be bought and sold anywhere in the world without discretion,”
zero-day exploit in the Jeep Cherokee that allowed them to seize control of the steering wheel, disable the brakes, screw with the headlights, indicators, wipers, and radio and even cut the engine from a remote computer thousands of miles away.
If efficient markets require high levels of transparency and free flows of information, then the zero-day market was just about the least efficient model you could imagine.
his white paper—academically titled “The Legitimate Vulnerability Market: Inside the Secretive World of Zero-Day Exploit Sales.”
Unbeknownst to Charlie, Google had gone behind his back. Executives had called his boss and informed him that his employee was illegally breaking into Google’s newfangled mobile system. They were now BCC’ing Charlie’s boss on every email they traded with him.
analysts never wondered why the Soviets treated their own typewriters with such paranoia.
exploitation, espionage, and destruction.
One Sandia study found that between 1950 and 1968, at least twelve hundred nuclear weapons had been involved in “significant” accidents.
1954 test of a hydrogen bomb in the Bikini atoll produced a yield of fifteen megatons—triple the amount America’s nuclear scientists anticipated—blanketing hundreds of square miles in the Pacific—and, as a result, America’s own
arrived in the small city of fifty buildings, each its own Faraday cage, its walls and windows shielded with copper mesh to keep any signals from leaving the building.
TAO’s implants to strategically placed NSA servers around the globe, many of them operated by front companies in China or the tiny, geographically well-situated nation of Cyprus. Separate
Russian hackers inside their classified networks. When analysts traced back to the source of the breach, they discovered that Russian spies had scattered infected USB drives around the parking lot of a U.S. army base in the Middle East.
All this took place under utmost secrecy. Americans only caught their first glimmer of what the NSA was up to when San Antonians started complaining on neighborhood forums that their garage doors were opening and closing at random. Some filed police reports, believing neighborhood thieves were to blame. But the cops were at a loss. The incidents forced the NSA to make a rare admission that a rogue agency antenna was to blame. It was inadvertently interacting with old makes of garage door openers.
By 2008 the NSA feverishly began removing human decision-making—and with it any complicated moral calculus—from their work. A highly classified NSA software program code-named Genie began aggressively embedding implants not just in foreign adversaries’ systems but in nearly every major make and model of internet router, switch, firewall, encryption device, and computer on the market.
the NSA was doing everything it accused Beijing of doing, and then some.
The NSA’s answer to this moral hazard was more secrecy. So long as its tradecraft was highly classified and invisible, the agency could keep kicking the can down the road.
“The NSA’s fatal flaw is that it came to believe it was smarter than everyone else,”
It was checking to make sure the rotors ran at speeds between 800 and 1100 hertz, the exact frequency range used by Natanz’s centrifuges. (Frequency converters that operate past 1000 hertz are actually bound by U.S. export controls because they are primarily used for uranium enrichment.)
Their leading theory was that the Israelis—impatient with the worm’s progress—introduced a new spreading mechanism that led to its escape. But to this day, that theory has never been confirmed.
Langner was also struck by one number that kept popping up in the payload: 164. He told his assistant to get him a list of centrifuge experts, and see if this number held any resonance with them. It did: at Natanz’s enrichment facility, operators bundled centrifuges into cascades in groups of 164. Bingo!
TED Talks; the entire concept behind it is antithetical to everything Germans stand for. Germans don’t do small talk, and they don’t do bullshit. Feel-good messages and blatant self-promotion have no place in Germany.
The NSA had started test-driving a game-changing new robot, code-named Turbine, to take over management of its vast implant apparatus.
It would now be up to this automated robot to decide whether to use an implant to hoover up raw data or inject malware that, like a digital Swiss Army knife, could do almost any job the NSA needed to get done.
The agency’s diverse arsenal of malware tools—many described in leaked NSA documents but many more that were not—could steal phone conversations, text threads, emails, and industrial blueprints. Other malware could hot-mic an infected computer and capture any conversations in close proximity. Still other tools could steal screenshots, deny a target access to certain websites, shut down computers remotely, corrupt or delete all their data, and grab their keystrokes, search terms, browsing histories, passwords, and any keys necessary to unscramble encrypted data.
There was Monkeycalendar, an exploit that relayed a target’s geolocation back to the agency via invisible text message;
Surlyspawn, the modern-day equivalent of the Russian typewriter exploit in Gunman, could grab keystrokes off computers that were not even connected to the internet.
Dropoutjeep, the TAO exploit developed specifically for the iPhone, the one that could do all the usual text, phone call, and location monitoring, hot-miking and photo snapping, even when the iPhone was offline.
Cottonmouth I that looked like any old USB stick, but contained a miniature radio transceiver that passed data to yet another NSA gadget—dubbed Nightstand—miles away.
The NSA faced a quandary: its solution to dealing with the bad actors in the world was escalating an arms race that only made the United States more vulnerable to attack.
The NSA’s answer to this problem was a system called Nobody But Us (NOBUS). The premise behind NOBUS was that low-hanging fruit—vulnerabilities that could easily be discovered and abused by American adversaries—should be fixed and turned over to vendors for patching. But more advanced exploitation—the kind of advanced zero-days the agency believed only it had the power, resources, and skills to exploit—would remain in the agency’s stockpile
Increasingly it was losing its best hackers and analysts to higher-paying jobs at private defense contractors like Booz Allen, Northrop Grumman, Raytheon, Lockheed, and Harris, and at boutique zero-day hunting and development firms around the Beltway.
roughly a quarter of zero-day exploits will be discovered within a year and a half. Earlier studies determined that the average life-span of a zero-day is ten months.
With Trump’s strange affinity for dictators, his inability to hold Russia’s feet to the fire for its 2016 election interference, his abandonment of the Kurds, one of America’s closest allies, and his refusal to clearly condemn the Saudis’ gruesome killing of Washington Post columnist Jamal Khashoggi, America was losing its moral authority.
poured their money into giant “fuzz farms”—tens of thousands of computers in virtual server farms—that threw terabytes of junk code at VRL’s tools to ensure that nothing they sold intelligence agencies would crash in the course of an operation,
