Zero Day – a book by Kim Zetter. A review from a cyber security enthusiast!

I bought this book on Audible, and finished it in a week during the COVID19 lockdown, during my morning and evening workouts J.

After the American Kingpin, this is the next book I read on cybercrimes and the scale is massive and plot so complex!

The book starts with observations by overhead satellites that confirm that the centrifuges in Iran’s nuclear reactors are being replaced – due to damange or wear and tear – more frequently than usual. And IAEA – the agency that is tasked with keeping Iran’s nuclear ambitions in check – notices this anomaly.

The author then pans the focus to discuss work being done by anti-virus researchers in Belarus, who have stumbled upon this malware, and are surprized by its huge size and complexity…and who then collaborate with researchers at McAfee to get into more details of the malware they are deconstructing.

And then the author gets to what all this is really about…the geopolitics of Iran and its covert nuclear program. The opposition group in Iran comes out with allegations, in a press conference, that the ruling coalition is making Uranium enrichment facilities that can make weapons-grade Uranium. That seems to be in line with what the inspectors at IAEA will discover later.

Since the topic of Stuxnet may be too complicated for most layman readers, the author goes into details around how computers work, what malwares are, the role of antivirus researchers, reverse engineering these codes, and above all, in great depth, the definition, existence, the market for and use of Zero Day exploits. And then there is the angle of industrial control systems, and various possible, and actual cyber attacks that have happeend on them. That too is a new area the author explores in reasonable depth…including attacks on water plants responsible for providing water supply to a city, and the Siemens Step 7 PLC that were the actual targets in the Iraniun nuclear enricnment facilities. I being an Instrumentation Engineer (yes, that is a thing, and these engineers are in high demand in the petroleum and allies industries) thoroughly enjoyed reading this bit.

And then of course there is the detailed analysis of the various versions of the Stuxnet virus, and the armament of tools that it was part of, its modus oprandi and the amazing specificity of its target environment that the virus would check first, before unleashing its ‘payload’, and finally the potential list of countries that could be responsible for development and deployment of this malware, basis the prevelant geopolitical scenario at that time.

Overall, the author has managed to get into great depth into all areas of cyber warfare, and taking the Stuxnet example as the backdrop, been able to educate the readers into the various facets of the new era of cyber warfare, the tools of trade in such a war, and the key players.

A great read indeed for the techie in me!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.