cybersecurity reporter for the Times, and
her book makes a kind of Hollywood en-
trance, arriving when the end of the world
is nigh, at least in the nightmare that,
every night, gains on the day.
Perlroth is interested in one particu-
lar plague—governments using hacking
as a weapon of war—but her book raises
the question of whether that’s the root
of a lot of other evils. For seven years,
Perlroth investigated the market in “zero-
days” (pronounced “oh-days”); her book
is the story of that chase, and telling that
story, which gets pretty technical, requires
a good bit of decoding. “A zero-day is a
software or hardware flaw for which there
is no existing patch,” she explains. Zero-
days “got their name because, as with Pa-
tient Zero in an epidemic, when a zero-
day flaw is discovered, software and
hardware companies have had zero days
to come up with a defense.” A flaw can
be harmless, but zero-days represent vul-
nerabilities that can be turned into weap-
ons. And, as Perlroth demonstrates, gov-
ernments have been buying them and
storing them in vaults, like so many vials
of the bubonic plague.
It’s tempting to say either I can’t worry
about this right now or Didn’t we already
know this? For all the sensationalism of
“This Is How They Tell Me the World
Ends”—not least the title—much here
fails to surprise: all code has bugs; it’s
virtually impossible and prohibitively
expensive to write perfect code; and bad
actors can exploit those bugs to break
into everything from your iPad to the
Hoover Dam. Companies and govern-
ments therefore pay hackers to find bugs,
so that they can be fixed, or exploited.
What other choice do they have? you ask.
Perlroth’s reply is It’s a lot worse than you
think and If there aren’t other choices, it’s
time to invent some.
Perlroth’s storytelling is part John
le Carré and more parts Michael Crich-
ton—“Tinker, Tailor, Soldier, Spy” meets
“The Andromeda Strain.” Because she’s
writing about a boys’ club, there’s also a
lot of “Fight Club” in this book. (“The
first rule of the zero-day market was:
Nobody talks about the zero-day mar-
ket. The second rule of the zero-day mar-
ket was: Nobody talks about the zero-day
market.”) And, because she tells the story
of the zero-day market through the story
of her investigation, it’s got a Frances
McDormand “Fargo” quality, too; in one
sequence, Perlroth, pregnant, questions
Italian hackers in Miami bars. (They tell
her that they live by a samurai code of
honor. “Bushido, I thought. More like
Bullshit,” she writes.) Reading how Perl-
roth found out about what’s going on is
spellbinding, but it can obscure what
happened when. Here, as I read it, is that
sequence of events, the spell, unbound.I
n the nineteen-sixties, computers,
which had been used to store and pro-
cess information, became communica-
tions devices. “Life will be happier for
the on-line individual,” J. C. R. Licklider,
the visionary behind ARPANET, predicted
in 1968. But, for all the benefits this de-velopment would bring, it struck many
people as having unknowable effects—
“What all this will do to the world I can-
not guess,” the head of Bell Labs wrote
that year—and it struck other observers
as potentially quite dangerous. Also in
1968, the Pentagon’s Defense Science
Board Task Force on Computer Secu-
rity concluded that “contemporary tech-
nology cannot provide a secure system
in an open environment.” In a follow-up
report from 1972—the year ARPANET
was publicly demonstrated, at the D.C.
Hilton, during the first-ever meeting of
the International Conference on Com-
puter Communication—the lead author,
James P. Anderson, argued that commu-
nication by computers offered a “unique
opportunity” for espionage and sabotage;
virtually undefended and “totally inad-
equate to withstand attack,” computers
were “a uniquely attractive target for ma-
licious (hostile) action,” and, because of
the growing connections among com-
puters, a single attack could take down
an entire network.
American intelligence agencies had
long preferred offense to defense. As Perl-
roth writes, “Unimaginable volumes of
nation-state secrets—previously relegated
to locked file cabinets—were suddenly
being transmitted in ones and zeroes and
freely available to anyone with the cre-
ativity and skill to find them.” In the
nineteen-seventies, in a project run jointly
by the U.S. Navy, the National Security
Agency, and the C.I.A., divers placed a
tap on a Soviet cable on the ocean floor
north of Japan; they leeched information
out of it until the breach was discovered,
in 1981. Two years later, the French Em-
bassy in Moscow discovered that the So-
viets had bugged its teleprinters. Then,
in 1984, an N.S.A. project that involved
taking apart and replacing every single
piece of electrical equipment in the Amer-
ican Embassy in Moscow discovered an
almost undetectable bug in the Embas-
sy’s I.B.M. Selectric typewriters: a single
extra coil on the power switch, contain-
ing a miniature magnetometer. Every tap
of every key was being collected and com-
municated by radio.
Meanwhile, computer programs got
longer and longer, from tens of lines of
code to tens of millions, controlling ships
and airplanes and missiles. American
intelligence agencies began to consider
the possibility of catastrophic breaches.“I finally got the popcorn kernel out of my molar,
so my schedule just opened right up.”