You are here: American University School of International Service Centers Security, Innovation, and New Technology Book Review: Sandworm - A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers


Book Review - Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers

By  | 

In our hyper-connected world, everything from the international energy trade to consumer shopping relies on the internet, and the entire global economy is at the mercy of malicious actors who can create destructive software. Nearly everyone in the developed world has either experienced or heard about the scourge of hacking and cyberattacks. Even the most ignorant observer knows that cyberattacks are growing in sophistication and frequency, while national governments seem unwilling or unable to decisively mitigate the threat.

In Sandworm, Andy Greenberg explores the alarming evolution of cyberattacks through the eyes of a diverse international cast of cybersecurity analysts and experts, revealing the growing dangers of cyber warfare while providing plausible explanations for U.S. government inaction in the face of increasing cyber-aggression. Mr. Greenberg uses the story of “Sandworm,” the name of a destructive rogue hacking group that in 2017 brazenly shut down the Ukrainian economy and multiple international corporations using malware known as “NotPetya” to highlight the growing risks to international stability and to frame the “global cyber arms race” between the United States and Russia. As a senior writer for Wired, Andy Greenberg has extensive experience covering cybersecurity and is adept at offering persuasive theories about cyberattacks. Through his colorful depictions of individuals on the frontlines of cybersecurity, Greenberg maps the brief history of cyberwarfare and asks compelling questions about where this form of asymmetric conflict may be heading in the coming years. 

In 2017, Russian hackers broke into an innocent piece of Ukrainian tax software, and within hours they both shut down the global operations of commercial shipping giant Maersk and fried critical software used in multiple American hospitals. Incredibly this monumental cyberattack, described in intricate detail in Sandworm, barely registered with the U.S. national media. Greenberg demonstrates that this was partly due to intentional downplaying by the U.S. government; but also the American public’s unfamiliarity with the nuts and bolts of cybersecurity meant the historic “NotPetya” cyberattack was overlooked. Any attempt to understand recent developments in cybersecurity is daunting without sufficient historical context and knowledge of the wonky jargon used by hackers and cybersecurity experts, such as, “zero-day vulnerabilities,” “SCADA systems,” and “M.E.Doc updates.” For the novice reader, Greenberg illuminates all this unfamiliar terminology.

Part of Greenberg’s brilliance is his knack for explaining dense tech terminology with clever analogies, which are peppered throughout Sandworm and help make this book readable to anyone who has ever sent an email or posted on Facebook. Greenberg weaves in and out of the recent history of cyber warfare in a nonlinear fashion while maintaining an extremely focused overarching narrative of the NotPetya cyberattack by dividing Sandworm into five sections of roughly six chapters each. The first two sections reveal the emergence of Russian cyberattacks on Ukraine and the origins of sophisticated malware capable of destroying physical infrastructures anywhere. Greenburg then provides a history lesson on the evolution of cyberattacks during both the Ukrainian “War in the Donbas” and the 2016 U.S. Presidential Election. The last sections of Sandworm are an autopsy of the NotPetya attack and an overview of the inherent difficulties of determining attribution and setting international “rules of the game” for cyberwarfare.

While Greenberg describes key cyberattacks through the eyes of cybersecurity professionals and industry leaders who experienced them firsthand, he also regularly includes his own personal analysis. Inserting himself into the story may weaken the book’s objectivity, but it yields an effective narrative tool that helps make Sandworm an exciting read. Greenberg attempts to toe a fine line between his critical coverage of Russian hacking and U.S. government inaction, but his commentary and the views of many of his sources almost exclusively condemn the reckless cyberattacks carried out by Putin’s regime.

Sandworm would also have benefited from including additional accounts of U.S. government cybersecurity personnel and hackers who perpetrate cyberattacks; but due to the highly classified nature of cyber warfare and the intentional anonymity of those fighting in the trenches, this was largely impossible. Also, despite the usefulness of Greenberg’s unique nonlinear approach in explaining specific case studies of cyberwarfare, this approach occasionally muddles the reader’s chronological understanding of events. This downside is particularly acute when Greenberg non-chronologically explores the WannaCry ransomware, NotPetya hack, and Olympic Destroyer malware, events that occurred in fairly rapid succession from 2017 through early 2018.

Additionally, Greenberg establishes a critical view of the U.S. government's response to Russian cyberattacks by mainly presenting events through the experiences of private-sector cybersecurity analysts, who may suffer from an anti-government institutional bias. However, Greenberg helpfully includes the views of J. Michael Daniel, the top cybersecurity official in the Obama Administration, and Tom Bossert, the former Trump Administration homeland security advisor, to flesh out the reasoning behind Obama and Trump policies in response to cyberattacks.

I highly recommend Sandworm to anyone interested in enhancing their understanding of the complex world of cybersecurity, but who lacks significant technical expertise or contextual background on the subject. Although cyberwarfare is constantly evolving and new hacks are reported every month, I believe Sandworm will age well due to the combination of the book’s historical analysis of the origins of early 21st-century cyber warfare and Greenberg’s compelling argument that the NotPetya hack represents a foreboding paradigm shift as the first large scale cyberattack on civilian infrastructure. Much like New York Times journalist David Sanger’s acclaimed book on cyber warfare The Perfect Weapon, Sandworm is a thrilling read that balances accessibility with accurate and detailed information about cybersecurity. Greenberg’s final analogy in Sandworm compares the vulnerability of all internet users to Ukraine’s vulnerability to Russian aggression. Greenberg ends this cautionary tale with both a warning and  an optimistic proposal about improving internet resiliency to bounce back from future cyberattacks.


Cover of Book -  Sandworm


About the Author: 

Michael Buttner is a first-year student studying for his MA in International Affairs in the US Foreign Policy and National Security (USFP) program at the American University School of International Service (SIS). His academic interests include great power competition, emerging threats, and international public policy. He currently works as a Senate staffer covering defense, veterans, foreign policy, and human rights issues. He is originally from Charlotte, North Carolina, and currently lives in Washington, D.C.