Hacker News Comments on
This Is How They Tell Me the World Ends: The Cyberweapons Arms Race
·
6
HN comments
- This course is unranked · view top recommended courses
Hacker News Stories and Comments
All the comments and stories posted to Hacker News that reference this book.If you are interested in a detailed account of the cyberarms race, check out "This Is How They Tell Me the World Ends: The Cyberweapons Arms Race" by New York Times reporter Nicole Perlroth. While the books tends to get a tad repetitive after a while, and definitely skirts many of the technicalities, its definitely provides a lot of insight into the underground zero-day exploits markets and the cyberarms race that we are in right now.https://www.amazon.com/This-They-Tell-World-Ends/dp/16355760...
I will just add, the author of the NYT piece has a book out on this subject. The book is decent, has some cringe worthy descriptions of technical things if you are a technical person, but overall I learned a huge amount reading it.A lot of the commentary, accusations, and opinions in the comments here would be addressed or better colored if you're interested enough to read her book (https://www.amazon.com/This-They-Tell-World-Ends/dp/16355760...).
Also, just to be clear, one of the reasons I like the book is because it's written by a person that doesn't understand all the deep technical aspects of these things.
⬐ threeseed> has some cringe worthy descriptions of technical thingsPar for the course when trying to explain things to non-technical people.
People joke but you can see the thought process in explaining to a politician that the internet is a "series of tubes" for example.
⬐ sam-2727⬐ josephgReminds me of when the Oracle v. Google case was argued in front of the Supreme Court on a series of metaphors, among other things comparing Java to football teams: https://www.theverge.com/2020/10/9/21506172/oracle-google-ja...⬐ ls612The justices clearly boned up on the technical aspects of the case though as their opinion shows a good grasp of what is going on in the underlying dispute over Android.If you want a more technical perspective, The Darknet Diaries did an episode a couple months ago about the NSO group:https://overcast.fm/+PMNc5Hr8c
I discovered darknet diaries listening to that episode. It’s very accessible and excellent storytelling.
⬐ edge17I've listened to a bunch of those episodes. I agree, the host/creator does a fantastic job.⬐ martyvisYou actually want to listen to the previous episode to get context first https://darknetdiaries.com/episode/99/
Just finished reading https://www.amazon.com/This-They-Tell-World-Ends/dp/16355760... which is a great book about the zero-day market and how it evolved over the years.The basic issue is that every nation is actively buying and using zero-days and doesn't want to stop. And companies like NSO aren't really (so they say at least) hacking anybody. They just develop and license hacking tools to governments to use for "lawful" law enforcement purposes. So nobody wants to ban the zero-day market because every country is a huge buyer of zero-days themselves and it is hard to ban selling zero-days to sovereign governments who are using them in accordance with their own laws (even if the regimes in question are terrible and using them to violate their citizens basic human rights). After all, it would be a bit awkward for the US to demand that the NSO Group stop selling it's hacking tools to Saudi Arabia while we have a multi-billion dollar defense industry selling the Saudis all sorts of advanced weaponry.
There's an entire "gray market" of exploit brokers. NSO group is one of the many players. There's a good chance this is an off-the-shelf exploit.The podcast Darknet Diaries had an episode about the topic recently: https://darknetdiaries.com/episode/98/
(that episode is tied to this book: https://www.amazon.com/gp/product/1635576059/ about the topic)
Also, I like that podcast in general - highly recommend it if you're into infosec stuff!
⬐ myself248That goes very well with this prior episode as background info: https://darknetdiaries.com/episode/28/⬐ thinkharderdevJust read that book after listening to the DND episode with the author and it is really great.⬐ ThisIsTheWayEpisode 100 is specifically about NSO and dives deeper into Pegasus. Highly recommended listening after episodes 98 and 99.⬐ trolliedSaw the thread title & clicked through to post exactly the same :)It's a great set of episodes. This is without a doubt my favourite podcast. 2nd favourite being Knowledge Fight, which debunks Alex Jones and the nonsense that he spews on a daily basis.
This won't really work. Many governments and intelligence agencies will pay an extreme premium for 0days and basically hoard them for future use. How do you stop the CIA or NSA from buying 0days? How do you prevent foreign governments or actors from buying them?The ability to inflict massive damage to a nations infrastructure is now part of modern weaponry. It's akin to asking militaries to stop buying weapons. We have basically split the atom here, we aren't going back.
If you don't want people hacking into your systems you need to go full Galactica, disabling networks and have stopgap measures on every critical device.
There's a great book that talks about this ecosystem (of buying bugs, vulnerabilities, and other 0days), among other cyber security related things:
This Is How They Tell Me the World Ends: The Cyberweapons Arms Race
https://www.amazon.com/This-They-Tell-World-Ends/dp/16355760...
After reading "This Is How They Tell Me the World Ends" [1], I feel the world working normally is rather a sheer luck. (Probably I'm very late to realize this, but anyway )To me the only reasonable survival strategy is redundancy, but I have no idea how we can reach there.
[1] https://www.amazon.com/This-They-Tell-World-Ends/dp/16355760...