HN Books @HNBooksMonth

The best books of Hacker News.

Hacker News Comments on
This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

Nicole Perlroth · 6 HN comments
HN Books has aggregated all Hacker News stories and comments that mention "This Is How They Tell Me the World Ends: The Cyberweapons Arms Race" by Nicole Perlroth.
View on Amazon [↗]
HN Books may receive an affiliate commission when you make purchases on sites after clicking through links on this page.
Amazon Summary
“Part John le Carré and more parts Michael Crichton . . . spellbinding.” – The New Yorker From The New York Times cybersecurity reporter Nicole Perlroth, the untold story of the cyberweapons market-the most secretive, invisible, government-backed market on earth-and a terrifying first look at a new kind of global warfare. Zero day: a software bug that allows a hacker to break into your devices and move around undetected. One of the most coveted tools in a spy's arsenal, a zero day has the power to silently spy on your iPhone, dismantle the safety controls at a chemical plant, alter an election, and shut down the electric grid (just ask Ukraine). For decades, under cover of classification levels and non-disclosure agreements, the United States government became the world's dominant hoarder of zero days. U.S. government agents paid top dollar-first thousands, and later millions of dollars- to hackers willing to sell their lock-picking code and their silence. Then the United States lost control of its hoard and the market. Now those zero days are in the hands of hostile nations and mercenaries who do not care if your vote goes missing, your clean water is contaminated, or our nuclear plants melt down. Filled with spies, hackers, arms dealers, and a few unsung heroes, written like a thriller and a reference, This Is How They Tell Me the World Ends is an astonishing feat of journalism. Based on years of reporting and hundreds of interviews, The New York Times reporter Nicole Perlroth lifts the curtain on a market in shadow, revealing the urgent threat faced by us all if we cannot bring the global cyber arms race to heel.
HN Books Rankings
  • Ranked #30 this year (2022) · view

Hacker News Stories and Comments

All the comments and stories posted to Hacker News that reference this book.
If you are interested in a detailed account of the cyberarms race, check out "This Is How They Tell Me the World Ends: The Cyberweapons Arms Race" by New York Times reporter Nicole Perlroth. While the books tends to get a tad repetitive after a while, and definitely skirts many of the technicalities, its definitely provides a lot of insight into the underground zero-day exploits markets and the cyberarms race that we are in right now.

I will just add, the author of the NYT piece has a book out on this subject. The book is decent, has some cringe worthy descriptions of technical things if you are a technical person, but overall I learned a huge amount reading it.

A lot of the commentary, accusations, and opinions in the comments here would be addressed or better colored if you're interested enough to read her book (

Also, just to be clear, one of the reasons I like the book is because it's written by a person that doesn't understand all the deep technical aspects of these things.

> has some cringe worthy descriptions of technical things

Par for the course when trying to explain things to non-technical people.

People joke but you can see the thought process in explaining to a politician that the internet is a "series of tubes" for example.

Reminds me of when the Oracle v. Google case was argued in front of the Supreme Court on a series of metaphors, among other things comparing Java to football teams:
The justices clearly boned up on the technical aspects of the case though as their opinion shows a good grasp of what is going on in the underlying dispute over Android.
If you want a more technical perspective, The Darknet Diaries did an episode a couple months ago about the NSO group:

I discovered darknet diaries listening to that episode. It’s very accessible and excellent storytelling.

I've listened to a bunch of those episodes. I agree, the host/creator does a fantastic job.
You actually want to listen to the previous episode to get context first
Just finished reading which is a great book about the zero-day market and how it evolved over the years.

The basic issue is that every nation is actively buying and using zero-days and doesn't want to stop. And companies like NSO aren't really (so they say at least) hacking anybody. They just develop and license hacking tools to governments to use for "lawful" law enforcement purposes. So nobody wants to ban the zero-day market because every country is a huge buyer of zero-days themselves and it is hard to ban selling zero-days to sovereign governments who are using them in accordance with their own laws (even if the regimes in question are terrible and using them to violate their citizens basic human rights). After all, it would be a bit awkward for the US to demand that the NSO Group stop selling it's hacking tools to Saudi Arabia while we have a multi-billion dollar defense industry selling the Saudis all sorts of advanced weaponry.

There's an entire "gray market" of exploit brokers. NSO group is one of the many players. There's a good chance this is an off-the-shelf exploit.

The podcast Darknet Diaries had an episode about the topic recently:

(that episode is tied to this book: about the topic)

Also, I like that podcast in general - highly recommend it if you're into infosec stuff!

That goes very well with this prior episode as background info:
Just read that book after listening to the DND episode with the author and it is really great.
Episode 100 is specifically about NSO and dives deeper into Pegasus. Highly recommended listening after episodes 98 and 99.

Saw the thread title & clicked through to post exactly the same :)

It's a great set of episodes. This is without a doubt my favourite podcast. 2nd favourite being Knowledge Fight, which debunks Alex Jones and the nonsense that he spews on a daily basis.

This won't really work. Many governments and intelligence agencies will pay an extreme premium for 0days and basically hoard them for future use. How do you stop the CIA or NSA from buying 0days? How do you prevent foreign governments or actors from buying them?

The ability to inflict massive damage to a nations infrastructure is now part of modern weaponry. It's akin to asking militaries to stop buying weapons. We have basically split the atom here, we aren't going back.

If you don't want people hacking into your systems you need to go full Galactica, disabling networks and have stopgap measures on every critical device.

There's a great book that talks about this ecosystem (of buying bugs, vulnerabilities, and other 0days), among other cyber security related things:

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

After reading "This Is How They Tell Me the World Ends" [1], I feel the world working normally is rather a sheer luck. (Probably I'm very late to realize this, but anyway )

To me the only reasonable survival strategy is redundancy, but I have no idea how we can reach there.


HN Books is an independent project and is not operated by Y Combinator or
~ [email protected]
;laksdfhjdhksalkfj more things ~ Privacy Policy ~
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.