Sandworm

Author: Andy Greenberg

Unless you’re a certified Luddite, you would have heard about at least one of WannaCry, NotPetya, Bad Rabbit, Black Energy or Guccifer2.0. What you may not know is the extent of damage that these hacks have unleashed on their victims. This book ties all of these and many more cyber crimes together, and takes us on a quest to find out who is behind all these attacks and why they might be doing it.

First, I have to disclose that I am in the cybersecurity industry and the material in this book is of extreme interest to me. Nevertheless, the descriptions of the technical aspects of the attacks are very brief and I do believe that the book will appeal to a general audience. Mr. Greenberg takes us on a wild ride as he is on a quest to find out who is behind some of these really nasty cyber attacks. He structures the narrative like a thriller as he describes the cataclysmic failures that result from the attacks and gives us a glimpse of the detective work that goes into reverse engineering the malware.

The book starts out by explaining the choice for the title “Sandworm”. It turns out that the authors of the malware were big fans of Frank Herbert’s epic novel Dune, and have chosen the many different characters in the book for their user handles. This turns out to be a lucky find as it helps security researchers identify the relationship between many different attacks and if the same group is behind them. 

Ukraine is the epi-center for most of these cyber-attacks and Mr. Greenberg does a great job of describing the political landscape in Ukraine. Unfortunately, they are at the receiving end of Russia’s cyber wrath and the author makes their dire plight very clear. Given how interconnected we all are with the internet, it is not a big leap to imagine that the US could suffer similar (or worse) consequences if these attacks were unleashed on us.

The final chapter is a thought provoking discussion on what we can do about all of this. While the US may be harder to attack, our reliance on technology will make it very hard for us recover quickly from an attack. The author quotes Dan Geer an elder statesman in the cybersecurity industry as saying, “It may be time to no longer invest further in lengthening the time between failures, but instead on shortening the meantime to repair”.