Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon

This book is very well written. You can tell that Kim Zetter has a strong background in investigative journalism, and that she worked very hard to compile a thorough and well thought out narrative. This book is also very well edited, which is helpful when slogging through a somewhat dense topic like this.One thing I will say up front is that this book isn't quite so much about the Iranian nuclear program and the sabotage thereof as it is about a specific area of cyber warfare that uses the Iranian program as a backdrop. If you are keen to read technical details about other countries covert uranium enrichment and weaponization processes, there are better books out there for that. But, if you want a good timeline and summary on how the world reacted to the Iranian program and dealt with it on many levels - something along the lines of a good Frontline episode - then this is your book.But perhaps the even more praise-worthy aspect of this book is it's description of how cyber warfare blossomed from it's furtive beginnings in the 80's to what we see today. The description of the book's namesake - zero day exploits - is excellent. I thought I knew the material well enough for a layman, but Ms. Zetter explained it out in great if not scary detail. Then she takes that topic as first introduced with the Stuxnet virus launched against the Iranian nuclear program and relates it to the world's infrastructure that is controlled by SCADA systems - a truly scary situation we are all in. She also provides a history of earlier, less destructive cyber attacks around the world and how we first tested how a virus could manifest into a physical act of destruction. And finally some insight how the white hats and black hats of the hacker world work today, including those in our government.This book is also a good investigation story. We see how researchers with Symantec and Kaspersky (and some smaller firms) all battled this virus, probing it, dissecting it, until they unlocked it's method and then it's purpose. Very informative, very logical - like a good detective story. And then right when you think they got this thing - you find out that Stuxnet was just the tip of the iceberg! Duqu and Flame come into the light and a whole new chapter on the Iranian sabotage unfolds.And finally, I would say that if you have absolutely no knowledge at all about how computers works - for example if the terms root kit or buffer overflow or *.dll files all are utterly foreign to you - then you might want to find another book on this topic. That being said, it is written towards the general computer user so I think most people can get the gist of the more technical details.

"Countdown to Zero Day" reads like a spy novel but contains a wealth of information about how Stuxnet, Flame, and other cyberweapons deployed by the U.S. and Israel worked, how cybersecurity researchers discovered them and deciphered their inner workings, and what leaders in government and the private sector have to say about the possible future consequences of cyber warfare.While the book is well researched and engaging, the frequent and verbose footnotes are a bit distracting and it seems much of the content in the footnotes could have been included in the main text.While a lot has changed since 2014, this book is still relevant and worth reading for anyone working in cybersecurity or technology, or for anyone who wants to know more about that state of modern warfare.

In 2010 Richard A. Clarke authored a work entitled: Cyber War. It warned of the dangers of cyber warfare, especially the vulnerability to the U.S. grid. Many of the critics of the work scoffed. It can't happen. There is too much protection and we haven't seen such a thing anywhere. Of course Stuxnet was already at work in Iran, as early as 2005, though it was not known what was causing the problem with the Iranian centrifuges at the time.Kim Zetter reveals the launch of "The world's first digital weapon" and shows us it CAN happen here. The work is a great and fascinating study of how digital technology can and is being used just as effectively as kinetic weapons (e.g. bombs). Since the work was published North Korea (allegedly) attacked the Sony Corporation for creating a film that belittled North Korean leader Kim Jung-un. Shortly thereafter the North Korean Internet "disappeared." Naturally, neither North Korea or the US. claimed any responsibility.The salient point of the work is that as ingenious as the attack by the U.S. and Israel was, it eventually was discovered due to flaws in its design, with the result that others now have the code available and can use it for different reasons. Until quantum cryptography is developed and refined, any computer-based system is vulnerable. The development of operating systems has led to the situation where many of the world’s extremely sensitive systems are controlled by the MS operating system: Windows. There are always likely to be zero day vulnerabilities in that OS. These are those that are not known by the developer, but discovered often by malevolent sources.The Stuxnet worm was designed to attack very specific Siemens controllers. Its aim was to shut down or slow Iran's ability to produce weapons-grade uranium. Success was partial and transient, as is always the case in all warfare. But it could just as easily target a grid or other systems that advanced countries depend on. What would happen if the grid in the U.S. were shut down for even a month? Let your imagination run with that thought.The author's final thought was: "Stuxnet still holds the distinction of being the only known case of cyber warfare on record. But that can change any time, now that Pandora's digital box has been opened."It already has changed. A next target may well be the U.S. grid. Are we prepared? Can we be? What would be the result of all-out cyber warfare? Food for thought...

Muito instigante. Uma historia muito legal, vale a pena.

The book is superbly researched and well told.Do not expect technical details, though.One example: "But the digital warheads used an obscure programming language, unique to teh Siemens PLC, called STL." Well, STL is Siemens' dialect of IL (Instruction List), one of the five programming language for PLCs defined by IEC 61131-3.

Grande interesse per il primo episodio di utilizzo "bellico" di un virus informatico. Assolutamente da non perdere, per capire cosa ci aspetta in futuro.

Just pages and pages of light comments about the investigation of different antivirus companies in the technical content of the virus with some link to what was going on in Iran, some pages with a very rough description of the structure of Stuxnet and a final bunch of pages about the risks of someone launching an updated version of Stuxnet ...

This is well written, very accessible narrative of Stuxnet. That will appeal to the more technical reader. I was impressed by the detailed description that Zetter included, without hurting the narrative of the book. The length of the reviews on the page is evidence enough that people read it carefully and felt the need to share. Hugely recommended.