Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon

I know quite a few of the researchers that were involved in reverse engineering Stuxnet and Flame - so I was able to watch the story unfold with a behind the scenes view - what's presented in here is a very accurate, and insightful view of one of the most important security discoveries in recent years.Stuxnet, et. al. presented the security industry with a huge problem - and the implications are still being sorted out to this day. Government use of malware, and how the industry should handle it when discovered are topics that are still being debated on a daily basis. Kim does a great job on explaining the issues, and giving readers plenty to think about.From a technical perspective, the book goes into enough detail so that those of us familiar with the topic know exactly what is being discussed and it's implications, while not going overboard and overloading non-technical users with incomprehensible details. The book has a good narrative style, while covering technical detail and including details on the sources for information. Throughout the book are footnotes that list source information, additional notes that explain context, or provide additional details that don't fit in the narrative telling - I strongly suggest that you read the footnotes, as they offer very useful information.All in all, I strongly recommend the book, well worth it.

This book is superbly researched and is written clearly and interestingly. It is quite outstanding in these two respects. To follow it, you will need to know a little bit about how computers and the internet work, but you don't need to know the technical parts. You do need to be a person who can cope with the technical terms and processes that are presented and described as you read along. Given that most readers will know how the story turned out, the author does a great job of maintaining the suspense of how the investigators (and the creators) did their work.Toward the end I found it a little less interesting, but that was o.k. I had learned so much more than I set out to learn.The Kindle version is very well implemented. You can check a footnote or a definition and go back to the text.I am going to repeat myself and say that this book is a model of both research and of technical writing.

This book is an examination of Stuxnet and related tools such as Duqu and Flame. In that capacity it is detailed and exhaustive--perhaps to a fault. On the whole, however, the story is fascinating and Kim Zetter does a great job telling it.But more than just Stuxnet, the book examines the intersection of infrastructure and malware, and the growing military-cyber complex. This area of focus leads to perhaps the most interesting sections of the book. The chapter on vulnerabilities in US infrastructure is a real eye-opener.Either one of these topics would make the book a must-read for those interested or involved in security and cyber warfare. Having both of them together, marshaled by an excellent author, is a real treat.

Great, great detail on Stuxnet...3/4ths the book is centered around that, but it also covers Flame, DQ, and other related cyberwar malware. Great, great, coverage. Awesome writing. A few small technical details were wrong in some areas...the author isn't a cybersecurity expert...but she gets 99% of the details right and tells a great, compelling story. Perhaps my only bigger criticism is there is way too much use of long footnotes. She often includes paragraphs of footnotes on a page...and anything you're writing paragraphs you usually should include that information in the regular text. She has extensive, extensive footnoting...it's distracting...hard to read the tiny font, and really, again, just stuff that should have gone into the regular text. But the author is so, so, awesome at everything else that I would give her six starts if I could. Just a terrifically well down, well researched book. I'm glad I read it. I learned a lot...and I've been in the cybersecurity world for 33 years and I thought I knew a lot about Stuxnet and cyberwarfare. I stand corrected. I only knew a little.

if . . . you are a computer engineer or true hacker! Otherwise, be prepared to throw in the towel about 2/3's of the way in.I'm no computer engineer, but I'm a pretty smart guy with an IQ of 137 and I can follow some pretty technical stuff, but I was glazed over by all the jargon that only has meaning to specialists in the fields.Fortunately, my curiosity about the plot kept me going for as long as it did. But, too many pages read with too little motion in the storyline per pages. Gets bogged down in computerese.I think if the book cut the jargon by half, and filled that space with more narrative around the plot and players, this would be an easy 5-star book.So, I'm serious, this is a really good book for someone with the technical expertise to "enjoy" the detailed jargon. But for the average, intelligent reader, . . . you'll lose interest.

This book tells the story – or at least part of the story – of Stuxnet, the malware that was employed allegedly by the US and Israeli intelligence services to disrupt Iran’s nuclear enrichment programme in the late 2000s. Some have described it as the first case of cyberwar, but actually, it was more the first spectacular case of international state-on-state cybersabotage, and part of a wider campaign against the Iranian programme that also included the targeted assassination of Iranian physicists and the imposition of sanctions. In the end, Stuxnet was only one piece in the jigsaw puzzle that led to the June 2015 diplomatic accord temporarily closing the road to an Iranian nuclear bomb.Kim Zetter does a superb job in telling how Stuxnet was detected, analysed, dismantled and neutralised. An accomplished journalist for WIRED, the technology newspaper cum blog, she clearly excels at unfolding this intriguing and captivating narrative. The book is well researched, and Zetter is at her best when she is explaining complex technicalities such as ripping apart and reverse-engineering a malware code. The true heroes of her book are the analysts and researchers of Symantec, Kaspersky and other security research firms. These sections of the book are highly readable; and she writes with a lay, and not an expert audience in mind – which adds to the readability. Woven into this first part of the book is an excellent chapter on how the zero-day market came about in the first place. Zetter also does a good job when highlighting how these valiant private sector cyberwarriors had to strike a balance between protecting their clients – i.e., neutralising Stuxnet – and avoiding the cross-fire of a state-on-state confrontation.Zetter’s story is so sound and authentic as she can draw extensively on interviews she held with the heroes of her book. The story becomes much thinner when it comes to the “other side”, i.e., the manufacturers and distributors of the malware – or, for that, its targets, i.,e, the computer and machinery operators in Iran. There, she entirely relies on public sources and on what others have already written about the topic. She does that diligently and exhaustively, after proper research, as it befits a good journalist. And given the fact that this deals with the murky world of intelligence where interviews are not lightly given, she probably had no alternatives. Yet, as a consequence, these parts of book lack the authenticity that has the part outlining the story of Stuxnet proper. She closes the book with a highly readable chapter on assessing the success of the malware. She concludes that Stuxnet was a qualified success in the sense that it contributed to slowing down the Iranian enrichment programme, which bought diplomats time to negotiate. Yet, it remains unclear whether this was actually the goal of Stuxnet, or whether it did not have a further purpose, such as forcing the total shutdown of the Iranian enrichment programme. Given her limited access to government sources, Zetter cannot answer this question. She also concludes that this ‘qualified success’ of slowing down Iran’s programme came at the price of exposing the US as a reckless promoter of cyberwar, thus undermining her own credibility on the international stage on the one hand and –more importantly – undermining the trust of users in the safety and security of the internet on the other hand. Maybe this is a bridge too far, as most people outside the US would already have a view of the US being rather double-minded when it comes to the internet and the utility of cyberwar, but regardless to the depth of international cynicism, she clearly has a point here.The book has a few weaknesses. First, it is too long. On many instances, the narrative could be shorter and crisper. Sometimes, one gets a bit the feeling she wanted to make as much use of her interview material as possible. Secondly, and this may be related to the first point, the structure of the book is somewhat repetitive. A great part of chapters in the first part follows the same pattern: introducing a technie nerd, describing him (they are always “hims”) and his physical appearance and dress a bit, adding a few sprinkles about his private life (mostly on girl friends), and then delve into that part of the technical dissection of Stuxnet which this chapter is about– and this deep dive is then deep indeed. This makes the reading attractive at the beginning, as it gives a very low entry barrier to the average reader, but it becomes somewhat tiring further down the road. These are weaknesses you can easily live with as a reader. A worthwhile, highly recommendable read in any case.

I bought this because I wanted to know more about the Stuxnet virus and the potential implication that it was created by western government(s) to sabotage the Iranian nuclear program. Incredibly interesting, and seemingly very few stones left unturned (as others have said, many references provided throughout).I somewhat sat on the fence to start with, erring on the side of caution that governments could create such things and the dangers they could unleash. As I read on though, I couldn't help but be impressed at the ingenuity that these people must have gone to. Iran seems to be perceived in the media as a hard done by nation that's always being picked on. However, if your nation is having to hide nuclear complexes from the IAEA, design them to make them missile proof or if you conveniently 'forget' you had specific centrifuges then you probably deserve all you get...This book doesn't seem to be a negative take on the issue of cyber-weapons, and remains impartial and well balanced. It is all the better for it. It discusses the business of zero day exploits and how they are (may?) traded between persons and government, with many hacks being held back for whatever reasons.Brinksmanship for a new age.

Excellent book. I first saw a documentary about the subject and I just had to learn more about Stuxnet. I have read a couple of books on US foreign policy towards Iran (and its main enemy Saudi Arabia) and this book complimented those books very well. It amazes me after all these years that US and western media still presents Iran as a threat to world peace even though US and Israel actions - which are described in this book - are nothing more than acts of war.

A real eye opener - could have been straight out of a Bond novel but with the chilling reality that it still amounted to war between Iran and those countries that oppose it. But for once a war that did not mean the deaths on many innocents.It is refreshing to discover that there are brilliant code writers at work, but also that the AV community did not flinch at putting themselves in harms way to make sure that their customesrs stayed free from these attacks.Big Brother is without question here to stay.

This book reads like a thriller. What I was most impressed about was the amount of notes cited after each chapter. It just shows how much effort went into the whole book. The other aspect which is brilliant is that it doesn't just focus on the Stuxnet virus and that's it: it literally uses references from all the important people that had been brought into contact with it. This enables you to get a complete understanding about the virus's creators; what happened once the virus was released and most importantly - the implications from it.Honestly if you've just heard of Stuxnet you really would want to read this: you'll be blown away by it (metaphorical joke there).