Review of “This Is How They Tell Me the World Ends: The Cyber-Weapons Arms Race” by Nicole Perlroth


The Internet of Things has become the Internet of Everything.

Cyberwar will destroy it all.

The end.

Maybe not. But probably.

This is how Nicole Perlroth tells me the world ends in her explosively revelatory book of (nearly) the same name, published in 2021.

Before I get to my usual wordy, pedantic reflections on whatever book I happen to be reviewing, let me first say clearly: Read this book now. It doesn’t matter how technologically unsophisticated you are. Perlroth has written it for the non-specialist. If you can read a newspaper, you can read This Is How They Tell Me the World Ends. (Perlroth writes for the New York Times.)

And you should read it, especially if you are a U.S. citizen. It’s part of our story. Once upon a time, the made-in-America internet connected computers that “talked” to one another. And they only talked. They would send emails, documents, pictures; or perhaps if you worked in a scientific or technical field, they would pass more extensive, specialized data. (Remember, the internet was developed by the U.S. Department of Defense as a system for communicating military orders and instructions.)

Today the internet connects things. From your hotel room in Munich, you can adjust your refrigerator in Muncie to vacation mode, because of course you forgot. You can visually identify your cat-sitter at the front door, unlock for them, watch them feed Fluffy, then lock the door behind them when they leave. Maybe chat and say thanks on the house intercom before they go.

Or try this on for size: If you are the Israel Defense Force, you can stealthily insert code into the computer network that interfaces with uranium-refining centrifuges in Iran’s most advanced nuclear research facility. You can accelerate or decelerate the spin rate of the centrifuges to look like random anomalies, and you can even insert falsified performance data into the computers the Iranians use to monitor the facility’s work. Then, when you want, you can increase the spin rate to a catastrophic level and blow the bejeezus out of a whole bank of centrifuges, setting Iran’s nuclear dreams back by several years.

This is, in rough outline, what the IDF did in 2010, using a virus called Stuxnet.

Stuxnet is the hinge around which we can understand the evolution of cyber security–the collection of threats that could crash our whole global system of computers that talk to one another and do all the things that keep life going at its 21st-century pace–our banking, heating, cooling, manufacturing, health care management, and too many other things to mention. Oh yes, also our jobs for the large part of the labor force that now works from home.

Without telling an overly reductivist story, Perlroth plots a clear throughline from the U.S. government’s first discoveries of isolated ‘exploits’ in the 1990s that gave highly specialized intruders access to the internet’s computer networks to today’s looming cyber-apocalypse brought on the the bonanza of exploits that our own ‘defensive’ hacking corps originally developed. Now everyone has an exploit. (To most of us non-specialists, ‘hack’ would be a perfectly suitable synonym for ‘exploit’, but as Perloth explains, hacks are a much fuzzier thing, really any kind of technological shortcut, which in itself is neither good nor evil. Exploits are always unwelcome and sneaky. They are why you get software updates for your phone, browser, and what have you–to patch in defenses against the latest sneakery.)

In the years before Stuxnet, the U.S. government’s thinking about exploits was driven by two ideas that both eventually proved to be fanciful. The first was ‘NOBUS’, the conceit, as it turned out, that American hacking was so far ahead of everyone else, and had the resources to stay far ahead, that ‘nobody but us’ could do intrusion at the same level we could. And so U.S. security agencies used Americans’ tax dollars to develop exploits that we thought no one else could devise. (Or steal. That happens too.)

As things turned out, large nation states did indeed match our skills. Chinese hackers caught up to us and, by exfiltrating commercial and R&D data from thousands of American networks throughout the early 2000s, achieved what is fairly uncontroversial known as the largest transfer of wealth in human history. They stole the knowledge that powered the only great leap forward China has actually achieved. So that happened.

And, I know this will be a shocker, but because exploits are basically intelligible to individual specialists who can either grow their expertise in splendid isolation or swap it in virtual communities without borders, loners and unaffiliated groups have created some of the most advanced exploits out there. You don’t need the edifice of a nation state behind you to be a highly effective cyber warrior. Perlroth includes a trenchant chapter on the flourishing hacker community of Argentina. Poor, under-serviced by commerce in the supposedly globalizing 1990s, but highly educated, “[i]f Argentines wanted something that normal business channels didn’t provide, they had to hack it.” And so Argentina has produced a generation of “Cyber Gauchos,” one of scores of little-known groups who make constant contributions to cyber chaos. They don’t fight for Argentina; they fight for themselves. There re many others out there.

The chaos that confronts us goes deeper than data, networks and digitization. It is part of the post-truth world, where technology folds back on itself to turn plain realities–in which we put our daily trust–into halls of mirrors.

An isolated but horrifying example: In November 2019 Alabama held a gubernatorial election. Three months before the vote, Evil Corps, a hacker group in Russia’s Federal Security Agency (FSB), breached the network of Louisiana’s Secretary of State, the office responsible for counting votes and certifying elections, and held its data hostage in a classic ransomware attack. Only by a stroke of luck had the Secretary of State kept a copy of Louisiana’s voters rolls off line. Otherwise, the FSB could have done whatever it wanted to the state’s official voter roster, such as changing names or addresses or just deleting the whole thing. It would have ruined the election. So Louisiana dodged a bullet, aimed from the Kremlin.

But wait, there’s more. In the 2016 presidential election, Russian trolls had already discovered that is was “far more efficient to amplify American-made disinformation than create their own.” About this merger of hacking and disinformation, Perloth gives us first the bad news and then the worse. The bad news: Russian hackers have produced definitive proof that you can’t trust the integrity of the voting system. As long as the machinery of voting is hackable, it is vulnerable to theft, fraud or disruption. So if you’ve been comforting yourself with the mantra that voter fraud is actually rare, that’s only part of the story. There remain lots of ways to corrupt the system.

And the worse news? Even if they wanted to, FSB could not outdo Americans for promoting the Kremlin’s narrative on the demise of popular democracy. The GOP and much of its support base wants you to believe exactly what the FSB was trying to get you to believe in November 2019–that you can’t trust the system; inside men are already there manipulating the voter rolls and vote counts. And therefore democracy isn’t really democracy.

In this post-truth hall of mirrors we ask, Is an external enemy attacking us or are we attacking ourselves? And the answer is yes.

Unsurprisingly, Perlroth closes TIHTTMTWE with a mixed message. She lives off the grid much of the time and communes occasionally with some likeminded old computer geniuses who helped build the wondrous, fragile system we have. But most of us have to stay in this networked world with all its promise, risks and flaws. We humans innovated our way into cyber-chaos, and we will have to innovate our way–well, is out the right word? We’ll have to innovate our way to a manageable level of risk, if there is such a thing. Perlroth knows we can’t all live off the grid; so she makes a to do list. Read the book.