It’s difficult to make computer code interesting, much less gripping. Even when you’re dealing with Stuxnet, the world’s first digital weapon, it’s so easy for an author to slip into techno gabble. On previous occasions I’ve tried reading stuff on Stuxnet and it’s associated malware (Flame, Duqu, etc) and most often it’s brought on exhaustion and boredom. I’m not the most knowledgeable about tech.
Which is why Kim Zetter’s new book, Countdown to Zero Day, is such an achievement. She’s taken a story that could so easily descend into a tale of bytes and techno-jargon and brought it to life.
This is not to say that there isn’t any discussion of the technology behind the remarkable malware detailed in the book. As a journalist for Wired Magazine, Kim clearly knows her stuff. But at no point did I find myself overwhelmed, in fact quite the opposite. I found myself fascinated by how the various viruses and their makers found cunning new ways – buffer overflows, Windows certification, dynamic link libraries – to outwit the security software makers build into their products, the anti-virus software firms, and ultimately achieve the most alarming real-world effects on an industrial plant (Iran’s uranium enrichment centrifuges). I also found myself alarmed to learn just how vulnerable industrial control software is to cyber attack.
Kim’s book sets all this in the wider context of both the evolution of malware – from teenage hacker in his bedroom, through cybercrime, and onto state actors – and the West’s battle to stop Iran gaining an atomic bomb. To say this was a pleasant or relaxing read would be an over statement. A running thread throughout the book is now the US has fired the first shot, it will be difficult for anyone to complain if someone else uses a cyber weapon, to say, knock out a power station. It’s a scary thought. This is an important book and I would recommend it.