My review of Sandworm: an essential guide to the new, reckless world of "cyberwarfare"

For years, I've followed Andy Greenberg's excellent reporting on "Sandworm," a set of infrastructure-targeted cyberattacks against Ukraine widely presumed to be of Russian origin, some of which escaped their targeted zone and damaged systems around the world.

Greenberg has turned that work into a book-length cyber-whodunit, Sandworm, that comes out today. I reviewed it for the LA Times, where I described it as: "a tour through a realm that is both invisible and critical to the daily lives of every person alive in the 21st century."

One of the weirdest conversations I ever had was about this matter. It was a decade ago, and I was on a holiday in the Caribbean and the only other guests at the hotel were a family of "State Department" people. Dad had been with USAID when the Soviet tanks rolled in Hungary, his sons worked for undisclosed agencies within State. Hereditary spooks.

One day, one of these second-gen spooks and I were by the pool and we got to talking about cyberwar, which he was very bullish on. I spent about an hour trying to explain to him that cyberwar and cyberweapon were imperfect analogies, so imperfect as to be terribly misleading. It was clear that he thought a cyberweapon was like a digital bomb: a tool that somehow projected force over an adversary's digital infrastructure.

But a cyberweapon isn't that at all. A cyberweapon, is, at root, a secret. Specifically, it's a secret about a defect in a piece of software, preferably software that is in wide usage. When an agency or private cyberweapons dealer or criminal discovers one of these defects (also known as a "vulnerability" or "vuln"), they make the decision not to divulge its existence to the vendor (who would then update the software to eliminate the defect), and instead they write tools that exploit this defect in order to compromise the system.

A cyberweapon is a defect you discover in a system that your enemy uses, but we don't have "good guy" software and "bad guy" software. Defects in widely used operating systems like Windows, or the embedded systems inside of the actuators and sensors that control power plants and other critical systems, are used by everyone, all around the world, leaving all of those systems vulnerable to attack by anyone who learns or discovers the secret.

Review: 'Sandworm' is an essential guide to a shadowy world [Cory Doctorow/LA Times]