Nicole Perlroth’s This Is How They Tell Me the World Ends is a cautionary tale of cyber weapons, underground markets, state sanctioned cyber-attacks, and the West’s vulnerability in an increasingly interconnected digital world. Her firsthand accounts of interviews with cyber arms dealers, corporate security specialists, and even some of the nation’s top spies draw the reader into a seedy underworld of hackers and states exploiting zero-day vulnerabilities and waging war around the globe. Perlroth has traveled the world from Washington D.C., to Ukraine, Argentina, and beyond conducting interviews with the people at the leading edge of the technological arms race. An award-winning cybersecurity journalist with The New York Times, Perlroth meticulously outlines the history and future of our nation’s digital space leaving no stone unturned.

Perlroth breaks the book down into seven parts. The prologue and Parts I and II set the stage and immediately pull the reader into the story. Opening in Kyiv during the winter of 2019, Perlroth ‘s book recounts what years of constant Russian cyber-attacks have done to the country’s infrastructure and people. At best, the devastating attacks left thousands of Ukrainians without power, while at their worst they shut down the country’s internet-connected services, changing their victims’ lives forever. She then takes the reader back to July 2013 when The New York Times asked her to analyze the Snowden leaks along with colleagues from The Guardian. Sifting through thousands of documents in a small windowless closet, Perlroth learns of the National Security Agency’s (NSA) terrifying capabilities, a stockpile of zero-day vulnerabilities that offer cybercriminals “digital superpowers.” She sets out to find out how the NSA was able to accrue their arsenal, leading her to some of the pioneers in the cybersecurity industry. Through interviews with J.P. Watters, owner of a cybersecurity firm, and ‘Jimmy Sabien,’ a cyber exploit broker, she pieces together the early days of a digital black market, where the United States’ intelligence agencies were the biggest customers.

Parts III, IV, and V of the book are aptly named ‘The Spies,’ ‘The Mercenaries,’ and ‘The Resistance’, and they chronicle the NSA’s never-ending quest to collect information about America’s enemies. From hunting down some of the earliest digital bugs placed by Soviets in the U.S. Embassy in Moscow to building the government’s vulnerability discovery program, the NSA was often the world’s leading cyber power. The 2007 cyber-attack against Iran’s fledgling nuclear weapons program, and the subsequent escape of Stuxnet into the world’s digital ecosystem, brought global attention to offensive cyber capabilities. 

In the years before the release of Stuxnet, cyber mercenaries were already looking for zero-day exploits to sell to the highest bidder, regardless of who that was or what they intended to do with them. After the 2010 debut of Stuxnet, the black market for zero-day exploits grew exponentially and anonymous brokers were bringing in millions of dollars for single exploits. States like Russia, China, Iran, and the Emirates actively sought zero-day exploits to build their arsenals, with devastating implications for the future. Despite this, Perlroth highlights an emerging group of cybersecurity professionals and corporations that stepped up to the plate to secure the nation’s digital infrastructure despite ever more frequent attacks by foreign states since the release of nearly two dozen NSA exploits in 2017.

In the final two parts of the book, Perlroth describes the factors that contribute to the United States’ weakness in the cyber domain. Infrastructure reliant on digital connectivity, smart cities, the Internet of Everything, and even partisanship in Congress have hindered America’s ability to secure itself. Perlroth describes Russian and Iranian cyber-attacks and a massive data leak in 2016 that gave the United States’ adversaries its most devastating cyber weapons to date. Her accounts of the ensuing race to contain the damage caused by the 2016 and 2017 ‘Shadow Brokers’ leaks keep the reader engaged as hospitals, nuclear reactors, and everything in between become victims of the worst cybersecurity breach in history.

Perlroth’s skill as a writer for The New York Times shines through in This Is How They Tell Me the World Ends. The book is written for any reader, regardless of their knowledge of cybersecurity, current events, or jargon for that matter.  She captures the reader’s attention through intimate accounts of her exploits and interviews with some of the world’s most prominent cybersecurity specialists and dangerous hackers and brokers. Even those more familiar with cybersecurity will appreciate Perlroth’s ability to tell an engaging story, as she recalls how Microsoft went on the offensive against China or how the NSA made every effort to downplay their role in the proliferation of cyber weapons.

Although a thoroughly enjoyable book, it is noticeably Eurocentric in the stories told. Perlroth focuses extensively on the effects of cyber-attacks on the United States and Europe, but only gives a handful of details regarding effects in Russia, China, and even Iran after Stuxnet. Additionally, she closes the book with her assessment of what actions the United States government should take to reduce their risk to cyber warfare. Recommending compulsory federal service to graduates in the IT field or to Americans who excel in cybersecurity seems extremely optimistic, as is the idea that hackers would sell zero-day exploits to the NSA with exclusive rights and non-disclosure agreements. But these minor missteps should not deter anyone from picking up and enjoying this excellent read.

Overall, This Is How They Tell Me the World Ends is an exciting page turner full of stories and details that make the book hard to put down. If you enjoyed Kim Zetter’s Countdown to Zero Day or Andy Greenberg’s Sandworm, you will want to pick up a copy of This Is How They Tell Me the World Ends. The book opened my eyes to the implications of the NSA’s actions in the cyber realm and drove home just how serious the threat of cyber-annihilation really is.