- You'll save an extra 5% on Books purchased from Amazon.ca, now through July 29th. No code necessary, discount applied at checkout. Here's how (restrictions apply)
Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon Hardcover – Nov 11 2014
Special Offers and Product Promotions
Frequently Bought Together
Customers Who Bought This Item Also Bought
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.
To get the free app, enter your mobile phone number.
"Immensely enjoyable...Zetter turns a complicated and technical cyber- story into an engrossing whodunit...The age of digital warfare may well have begun."
"An authoritative account of Stuxnet’s spread and discovery...[delivers] a sobering message about the vulnerability of the systems—train lines, water-treatment plants, electricity grids—that make modern life possible."
"Exhaustively researched...Zetter gives a full account of this “hack of the century,” as the operation has been called, [but] the book goes well beyond its ostensible subject to offer a hair-raising introduction to the age of cyber warfare."
--Wall Street Journal
“Part detective story, part scary-brilliant treatise on the future of warfare…an ambitious, comprehensive, and engrossing book that should be required reading for anyone who cares about the threats that America—and the world—are sure to be facing over the coming years.”
—Kevin Mitnick, New York Times bestselling author of Ghost in the Wires and The Art of Intrusion
“Unpacks this complex issue with the panache of a spy thriller…even readers who can’t tell a PLC from an iPad will learn much from Zetter’s accessible, expertly crafted account.”
—Publishers Weekly (starred)
“A true techno-whodunit [that] offers a sharp account of past mischief and a glimpse of things to come…Zetter writes lucidly about mind-numbingly technical matters, reveling in the geekery of malware and espionage, and she takes the narrative down some dark electronic corridors… Governments, hackers and parties unknown are launching ticking computer time bombs every day, all coming to a laptop near you.”
"An exciting and readable story of the world's first cyberweapon. Zetter not only explains the weapon and chronicles its discovery, but explains the motives and mechanics behind the attack -- and makes a powerful argument why this story matters."
--Bruce Schneier, author of Secrets and Lies and Schneier on Security
About the Author
KIM ZETTER is an award-winning journalist who covers cybercrime, civil liberties, privacy, and security for Wired. She was among the first journalists to cover Stuxnet after its discovery and has authored many of the most comprehensive articles about it. She has also broken numerous stories over the years about WikiLeaks and Bradley Manning, NSA surveillance, and the hacker underground.See all Product Description
What Other Items Do Customers Buy After Viewing This Item?
Top Customer Reviews
Most Helpful Customer Reviews on Amazon.com (beta)
Instead of a dry, factual presentation that just leaves the reader bored, this book reads more like a novel – except that it’s true. It starts with a fascinating account of how Stuxnet was first discovered and describes in some detail how it exploited the operating system, what mechanisms it used to replicate itself, how it targeted the systems it was designed to find and it gives a fair estimate of just how much damage it caused before it was ultimately uncovered. The book goes on from there to discuss the implications Stuxnet has had on the digital world and how it has helped to redefine modern warfare.
The main text is written very much like a novel, but it makes heavy use of footnotes. These footnotes inject interesting facts relating to the point being made but would otherwise mar the chain of thought for the reader. This was a smart editing decision as it makes taking the side tracks optional.
One thought kept coming to mind as I got deeper into the material and learned more about the birth of this malware and how it all came into being – I had absolutely no clue just how deep the rabbit hole went, both militarily and politically.
For those interested in cybersecurity, those with an interest in electronic warfare or even those who are just downright curious about what is without question the most complex and sophisticated digital weapon known to date, this book is full of interesting information and because it’s written almost like fiction it’s a fast and engrossing read.
Stuxnet, et. al. presented the security industry with a huge problem - and the implications are still being sorted out to this day. Government use of malware, and how the industry should handle it when discovered are topics that are still being debated on a daily basis. Kim does a great job on explaining the issues, and giving readers plenty to think about.
From a technical perspective, the book goes into enough detail so that those of us familiar with the topic know exactly what is being discussed and it's implications, while not going overboard and overloading non-technical users with incomprehensible details. The book has a good narrative style, while covering technical detail and including details on the sources for information. Throughout the book are footnotes that list source information, additional notes that explain context, or provide additional details that don't fit in the narrative telling - I strongly suggest that you read the footnotes, as they offer very useful information.
All in all, I strongly recommend the book, well worth it.
Much has changed in nearly 20 years and Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon has certainly upped the ante for accurate computer security journalism.
The book is a fascinating read and author Kim Zetter's attention to detail and accuracy is superb. In the inside cover of the book, Kevin Mitnick describes this as an ambitious, comprehensive and engrossing book. The irony is not lost in that Mitnick was dogged by misrepresentations in Markoff’s book.
For those that want to know the basics about Stuxnet, its Wikipedia entry will suffice. For a deeper look, the book take a detailed look at how the Stuxnet worm of 2010 came to be, how it was written, discovered and deciphered, and what it means for the future.
The book provides nearly everything that can be known to date about Stuxnet. The need to create Stuxnet was the understanding that a nuclear Iran was dangerous to the world. The book notes that it just wasn’t the US and Israel that wanted a nuclear-free Iran; Egypt and Saudi Arabia were highly concerned about the dangers a nuclear Iran would bring to the region.
What is eminently clear is that Iran chronically lied about their nuclear intentions and actions (chapter 17 notes that former United Kingdom Prime Minister Gordon Brown told the international community that they had to do something over Iran’s serial deception of many years) and that the United Nations International Atomic Energy Agency (IAEA) was powerless to do anything, save for monitoring and writing reports.
While some may debate if Stuxnet was indeed the world's first digital weapon, it’s undeniable that it is the first piece of known malware that could be considered a cyber-weapon. Stuxnet was unlike any other previous malware. Rather than just hijacking targeted computers or stealing information from them, it created physical destruction on centrifuges the software controlled.
At just over 400 pages, the book is a bit wordy, but Zetter does a wonderful job of keeping the book extremely readable and the narrative enthralling. Writing about debugging virus code, descriptions about the Siemens industrial programmable logic controllers (PLCs) and Step7 software (which was what Stuxnet was attacking) could easily be mind-numbingly boring, save for Zetter’s ability to make it a compelling read.
While a good part of the book details the research Symantec, Kaspersky Lab and others did to debug Stuxnet, the book doesn’t list a single line of code, which makes it quite readable for the non-programmer. The book is technical and Zetter gets into the elementary details of how Stuxnet operated; from reverse engineering, digital certificates and certificate authorities, cryptographic hashing and much more. The non-technical reader certainly won’t be overwhelmed, but at the same time might not be able to appreciate what went into designing and making Stuxnet work.
As noted earlier, the book is extremely well researched and all significant claims are referenced. The book is heavily footnoted, which makes the book much more readable than the use of endnotes. Aside from the minor error of mistakenly calling Kurt Gödel a cryptographer (he was a logician) on page 295, Zetter’s painstaking attention to detail is to be commended.
Whoever wrote Stuxnet counted on the Iranians not having the skills to uncover or decipher the malicious attacks on their own. But as Zetter writes, they also didn’t anticipate the crowdsourced wisdom of the hive – courtesy of the global cybersecurity community that would handle the detection and analysis for them. That detection and analysis spanned continents and numerous countries.
The book concludes with chapter 19 Digital Pandora which departs from the details of Stuxnet and gets into the bigger picture of what cyber-warfare means and its intended and unintended consequences. There are no simple answers here and the stakes are huge.
The chapter quotes Marcus Ranum who is outspoken on the topic of cyber-warfare. At the 2014 MISTI Infosec World Conference, Ranum gave a talk on Cyberwar: Putting Civilian Infrastructure on the Front Lines, Again. Be it the topic or Marcus being Marcus, a third of the participants left within the first 15 minutes. They should have stayed, as Ranum, agree with him or not, provided some riveting insights on the topic.
The book leave with two unresolved questions; who did it, and how did it get into the air-gapped Nantanz enrichment facility.
It is thought the US with some assistance from Israel created Stuxnet; but Zetter also writes that Germany and Great Britain may have done the work or at least provided assistance.
It’s also unknown how Stuxnet got into the air-gapped facility. It was designed to spread via an infected USB flash drive. It’s thought that since they couldn’t get into the facility, what needed to be done was to infect computers belonging to a few outside firms that sold devices that would in turn be connected to the facility. The book identified a few of these companies, but it’s still unclear if they were the ones, or the perpetrators somehow had someone on the inside.
As to zero day in the title, what was unique about Stuxnet is that it contained 5 zero day exploits. Zero day is also relevant in that Zetter describes the black and gray markets of firms that discover zero-day vulnerabilities who in turn sell them to law enforcement and intelligence agencies.
Creating Stuxnet was a huge challenge that took scores of programmers from a nation state many months to create. Writing a highly readable and engrossing book about the obscure software vulnerabilities that it exploited was also a challenge, albeit one that few authors could do efficaciously. In Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon, Kim Zetter has written one of the best computer security narratives; a book you will likely find quite hard to put down.
The weaknesses: repetitive, not well-organized, and at times uses excessive hype. The author talks about the great difficulty in organizing and writing a book about this complex subject while telling a compelling tale. It is difficult, and unfortunately I don't think the author succeeded. It jumps back and forth again and again from background to the detective work to uncover what Stuxnet does, to the nuclear situation in Iran. This makes it repetitive and a boring read. Also, comparisons of Stuxnet with Hiroshima and nuclear weapons strain credibility. Stuxnet did not kill over 100,000 people. Yes, Stuxnet is a new type of weapon, as were nuclear weapons, but so was gunpowder, or the cross-bow, Being a new weapon is not equivalent to a nuclear weapon.
Whether it remains, like 9/11, a ‘once in a generation’ event is debatable, but what’s not is the digital arms race it ushered in with little public discussion of the consequences as our internet of Windows-dominated PCs evolves towards an internet of things, and automated control systems play increasingly larger roles in our lives.
The opening chapters of ‘Countdown to Zero Day’ are as riveting as any techno thriller I’ve read – with the added element of being true and portending an all-too-plausible future of government – and non-state actor - sponsored cyberwar, provocation, and surveillance we’re in part already living in.
There’s no actually code in the book, per se, but enough discussion of drivers, reverse engineering, cryptographic hashing, hooking of APIs, DLLs and CAB files, ladder stacks, and certificate authorities to feel credible to anyone who has coded Windows and embedded systems such as Programmable Logic Controllers (PLCs) at the C and assembler levels.
If you haven’t, fortunately, Zetter’s writing is especially clear and crisp and the book by no means requires a technical background - although a ‘technical inclination’ will serve readers well. On balance this isn’t high-level executive summary stuff.
What made Stuxnet such a milestone was the specificity of its targeting and the relative sophistication of its attack: novel code injection techniques and the ability to hide in plain sight by presenting the illusion of normality to engineers programming the industrial control systems it was designed to subvert.
While the discovery and subsequent reverse engineering of Stuxnet by employees of cyber-security firms is the main focal point and provides the narrative juice of the story, there’s ample discussion of research into industrial control vulnerabilities and the emergence of cyberwar as an increasingly ‘viable concept’ as the proliferation of automated control and critical infrastructure systems blanket the planet in a web of interconnected vulnerabilities.
Particularly fascinating (if disturbing) was the description of the gray market in zero-day software vulnerabilities – uncovered bugs yet to be reported and/or patched that provide the most effective entry points for attacks. The existence of firms whose sole purpose is uncovering and marketing ‘zero days’ is both depressing – like something out of a William Gibson dystopia – yet oddly inevitable given the relentless commodification and capitalization of virtually every aspect of our lives we’re increasingly subject to.
If I have a criticism of the book, its narrative flow is a bit uneven: The 35-page chapter, ‘Industrial Controls Out of Control’ really sapped the momentum of what was until then a genuine page-turner as the initial impact of Stuxnet first hit the radar of a small security firm in Belarus.
The author seems to have intended a history of research into vulnerabilities in industrial control systems to show from where Stuxnet came, along with examples of sabotage including an Australian sewage treatment plant. While no doubt an important backstory, it could have been done just as effectively in far fewer words.
In addition, once the scope and details of Stuxnet are revealed (at about the three quarter mark of the book), the narrative shifts towards the political context under which the attack was developed and deployed, as well as the analytical work to determine its actual effectiveness – including much detail about centrifuges and the uranium enrichment process.
While the detail remained fascinating for the most part, the mystery element of the story was gone, replaced by physical engineering and UN monitoring cat-and-mouse games, along with some highly ironic in retrospect political revelations. The same span of time was visited from a different perspective – it might make for an interesting fiction technique, but here it felt somewhat anti-climatic.
I’ll admit I’m obsessive about footnotes, in spite of the fact most books don’t justify the effort. The voluminous footnotes in ‘Countdown to Zero Day’ – many with active links – amount to a terrific multimedia accompaniment to the text. You could spend weeks and even months poring over source documents and images. It really lends an engrossing context to an already gripping story.
The lengthy concluding chapter, ‘Digital Pandora’ presents the big picture of cyber warfare and the moral and ethical consequences that remain far from resolved (or even adequately discussed) both in the public realm, as well as ‘behind closed doors’ among competing interests within the U.S. government and internationally.
A core issue revolves around how knowledge of zero day vulnerabilities can be used for both defensive and offensive purposes by different parties acting in their own best interests.
Two of the more disturbing aspects of the Stuxnet involved the subversion of digital signing certificates and the client-side hijacking of the Windows Update process on target machines. The ramifications of compromising such high-trust elements of the digital infrastructure are obviously enormous. Yet Zetter implies the discussion is too often dominated by those who favor the offensive weaponization of cyber tools without considering their profound differences from conventional or even traditional non-conventional weapons when it comes to potential retaliation.
Just as today’s criminal hacking enterprises make the prior generation’s lone teenage hacker seem quaint by comparison, the emergence of state-sponsored cyber warfare may leave us all pining for these ‘good old days’ of key loggers, popup ads and mass-email viruses.
‘Countdown to Zero Day’ is intelligently-written and well-sourced and maintains a sober and objective keel in the face of facts and events that in other hands could easily be milked for maximum political/conspiratorial benefit. Sadly, in this day and age, such reporting has become scarce and we’re all poorer as a result.
Look for similar items by category
- Books > Business & Investing > Industries & Professions > E-commerce
- Books > Computers & Technology > History & Culture > History
- Books > Computers & Technology > Security & Encryption > Viruses
- Books > History > Middle East > Iran
- Books > History > Middle East > Israel
- Books > History > Military > Intelligence & Espionage
- Books > Politics & Social Sciences > Politics > International > Security