Essential guide to shadowy world
Andy Greenberg’s ‘Sandworm’ tracks the evolution of cyberwar and how huge our vulnerabilities truly are
Sandworm
A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers
By Andy Greenberg
Doubleday: 368 pages; $28.95
Andy Greenberg is a senior writer for Wired magazine, and he covered the unfolding stories of both Stuxnet and “Sandworm,” as the alleged Russian cyberwar unit linked to the Ukraine attacks was dubbed.
Greenberg took a book leave to write “Sandworm,” a comprehensive look at the technical, military and political stories of this new hidden war. The result is an essential guide to help us make sense of what will surely be an increasingly consequential form of military, criminal and insurgent aggression.
This book comes at a crucial juncture in the evolving doctrine and practice of cyberwar, a practice that confounds the intuition of the traditional military and foreign policy establishment.
One of the weirdest conversations I ever had was about this matter. It was a decade ago, and I was on a holiday in the Caribbean and the only other guests at the hotel were a family of “State Department” people. Dad had been with USAID when the Soviet tanks rolled in Hungary, his sons worked for undisclosed agencies within State. Hereditary spooks.
One day, one of these secondgen spooks and I were by the pool and we got to talking about cyberwar, which he was very bullish on. I spent about an hour trying to explain to him that cyberwar and cyberweapon were imperfect analogies, so imperfect as to be terribly misleading. It was clear that he thought a cyberweapon was like a digital bomb: a tool that somehow projected force over an adversary’s digital infrastructure.
But a cyberweapon isn’t that at all. A cyberweapon, is, at root, a secret. Specifically, it’s a secret about a defect in a piece of software, preferably software that is in wide usage. When an agency or private cyberweapons dealer or criminal discovers one of these defects (also known as a “vulnerability” or “vuln”), they make the decision not to divulge its existence to the vendor, and instead they write tools that exploit this defect to compromise the system.
A cyberweapon is a defect you discover in a system that your enemy uses, but we don’t have “good guy” software and “bad guy” software. Defects in widely used operating systems like Windows, or the embedded systems inside of the actuators and sensors that control power plants and other critical systems, are used by everyone, all around the world, leaving all of those systems vulnerable to attack by anyone who learns or discovers the secret.
Thus, deliberately choosing secrecy about defects to leave your adversary’s infrastructure in a vulnerable state means also leaving your own infrastructure vulnerable. It’s a posture that is purely offensive, so much so that it leaves you defenseless.
That guy in the hotel pool didn’t get it. Neither did others in the military-industrial complex.
The world is becoming a computer. A voting machine is a computer we put fragile democracies inside of. A power plant is a computer we put flaming coal inside of. A car is a fast-moving computer we put easily damaged people inside of. The computer is the most salient feature of these systems because without the computer, they become inert, useless or even deadly.
Depending on whom you ask, the defects in these systems are either terrifying (because they make you and everyone you love terribly vulnerable) or terribly exciting (because they make your enemies just as vulnerable).
In “Sandworm,” Greenberg explores and explains this evolving, shadowy world in a work of indepth, personal investigative journalism. He profiles the U.S., Russian and Ukrainian technologists and generals at the center of the tale to humanize the abstract business of cyberwar.
In 2014, Russia annexed Crimea from Ukraine. The back story to this event is complicated, but the annexation was attended by a series of information warfare strikes.
Greenberg makes the telling into a whodunit, following private security firms and military/government investigators seeking to conclusively attribute the Sandworm attacks (and other, possibly related, attacks), not just to Russia but to specific Russian military units. This is more than a formal exercise: Greenberg and his U.S. and Ukrainian contacts are palpably infuriated that both the Obama and Trump administrations chose to treat the attacks on Ukraine as local affairs and did not intervene until very late in the day.
Greenberg contends that official inaction served to establish a new norm: that this type of cyberwar is fair game, despite the massive toll it takes on civilian populations and people far from the field of battle whose systems happen to be caught in the malware’s unpredictable blast radius.
The author notes that these hacker attacks were seemingly designed to be limited to Ukraine but spread outside of the country, doing billions of dollars in damage all around the world.
“Sandworm” is much more than a true-life techno-thriller. It’s a tour through a realm that is both invisible and critical to the daily lives of every person alive in the 21st century. Understanding cybersecurity isn’t just for those who write the ciphers and configure the firewalls. It’s a civic literacy that equips you to evaluate the actions taken on your behalf by the governments that you elect. As Greenberg so aptly demonstrates, you may not be interested in cybersecurity, but it is certainly interested in you.