This is how they tell me the world ends
This is how they tell me the world ends
The Most Serious Security Risk Facing the United States
Send any friend a story
As a subscriber, you have 10 gift articles to give each month. Anyone can read what you share.
Give this article
When you purchase an independently reviewed book through our site, we earn an affiliate commission.
By Jonathan Tepperman
THIS IS HOW THEY TELL ME THE WORLD ENDS
The Cyberweapons Arms Race
By Nicole Perlroth
Sometime last year, a shadowy group of hackers — now thought to be Russians working for that country’s foreign intelligence service — broke into digital systems run by Solar Winds, an American tech firm, and inserted malware into the code. When the company then sent out its next regular software update, it inadvertently spread the virus to its clients — more than 18,000 of them, including huge corporations, the Pentagon, the State Department, Homeland Security, the Treasury and other government agencies. The hack went undetected for months, until the victims started discovering that enormous amounts of their data — some of it very sensitive — had been stolen.
Solar Winds may have been the biggest cyberattack on the United States in years, if not ever. But it was hardly a singular event. In the last half decade or so, American corporations have suffered billions of dollars of losses in similar incursions. Between 2019 and 2020, more than 600 towns, cities and counties were hit by ransomware attacks, shutting down hospitals, police departments and more. America’s adversaries — Russia, China, Iran and North Korea — have by now thoroughly infiltrated the computer systems that run some of the United States’ most important infrastructure, including not just power grids and dams but also nuclear plants.
All of which raises the question: Why does this keep happening? After all, the United States isn’t just the most formidable and intimidating military power in the world; it’s also the most sophisticated cyber power. The country’s conventional arsenal has proved remarkably effective at scaring off any would-be attackers; these days, no nation on the planet would dream of going toe-to-toe with the United States military. So why doesn’t the same logic work in the cyber realm, where Washington could just as easily inflict biblical vengeance on anyone who messed with it?
There are two basic answers. The first is that deterring cyberattacks turns out to be much, much harder than deterring conventional ones, for a long list of reasons. Among them: Despite all its offensive power, the United States, as one of the most wired nations on earth, is also more vulnerable to such attacks than many of its less-connected enemies. Cyberattacks are also relatively cheap, while cyberdefense is expensive and painstaking. And then there’s the problem of attribution: Given how hard it often is to spot digital incursions in the first place (remember, the Solar Winds hack went undetected for months), and the tendency of countries to rely on private hackers only loosely connected to the government to do their dirty work, figuring out whom to retaliate against can be very difficult. Unlike nuclear missiles, hacks rarely come stamped with a clear return address.
In “This Is How They Tell Me the World Ends,” Nicole Perlroth provides another explanation for the ever-expanding cyberassaults on the United States: the way that Washington, in its careless rush to dominate the field, has created and hypercharged a wildly lucrative, entirely unregulated gray market for insanely dangerous digital weapons that private hackers develop and then sell to the highest bidder. Which only sometimes is the United States.
Perlroth, a cybersecurity reporter at The New York Times, has written an intricately detailed, deeply sourced and reported history of the origins and growth of that market and the global cyberweapons arms race it has sparked. As she describes her book, “it is the story of our vast digital vulnerability, of how and why it exists, of the governments that have exploited and enabled it and the rising stakes for us all.”
This is no bloodless, just-the-facts chronicle. Written in the hot, propulsive prose of a spy thriller, Perlroth’s book sets out from the start to scare us out of our complacency — and (on my part, at least) it succeeds. As a narrator, Perlroth comes at the reader hard, like an angry Cassandra who has spent the last seven years of her life (which is both the length of her career at The Times and more or less the time she spent working on the book) unmasking the signs of our impending doom — only to be ignored again and again.
As for who’s most to blame for our current state of cyberinsecurity — in which all of us are targets and the tech we, our government and our infrastructure providers rely on is now penetrated at will by foreign actors — Perlroth has little doubt. Sure, the hackers who actually create all those nasty little tools and then sell them to whatever government will pay the most — no questions asked — bear primary responsibility. And sure, the foreign states who use these tools against us or their own people are guilty too. But none of this would have happened, Perlroth argues, if Washington hadn’t decided years ago to neglect cyberdefense and focus instead on paying programmers around the world to find and weaponize vulnerabilities in existing software — gaps known as “zero days” in the industry — that grant those that wield them “digital superpowers.” (The term “zero days” comes from the fact that when a tech company finds such a flaw in its software or hardware, it has zero days to fix it or suffer the consequences.)
If enabling this market was Washington’s original sin, its second catastrophic blunder, according to Perlroth, was Stuxnet: the computer worm the United States allegedly used to destroy a fifth of the centrifuges at Iran’s Natanz nuclear enrichment plant in 2009-10. While the worm, a stunning technological breakthrough, may have forestalled an Israeli attack on Iran, set back Tehran’s weapons program and driven the mullahs to the bargaining table, it also shattered a basic norm: It was the first time one government had digitally infiltrated the networks of another and used its access not for spying — which everyone does — but to wreak physical havoc. Once that gentlemen’s rule was broken, Perlroth argues, it became open season for America’s enemies to try to do the same to it; and now it’s only a matter of time, she concludes, till we face a digital Pearl Harbor.
This is all compelling stuff, and Perlroth makes a strong, data-driven case for action. Writing the story from Silicon Valley, as she does, gives her lots of advantages as an author: It means she has good access to the programmers, the hackers, the cyberarms merchants, the security experts and the tech firms that play central roles in the story and that are profiled in great (sometimes a little too great) detail. She also boasts a very good command of the technical details, which she’s able to explain with admirable clarity. I wish, though, that she’d spent more time on the other coast, in Washington, D.C., which often feels like a black box located very far from her account. That distance forces readers to guess at or make assumptions about the choices the government makes — and that Perlroth denounces — in the course of her narrative.
Still, Perlroth has done a valuable service in highlighting the need for big changes in how America approaches its cybersecurity — which, these days, means its security, period. Let’s hope that the people charged with doing something about it read this book and are persuaded.
This Is How They Tell Me the World Ends: The Cyberweapons Arms Race
From The New York Times cybersecurity reporter Nicole Perlroth, the untold story of the cyberweapons market-the most secretive, invisible, government-backed market on earth-and a terrifying first look at a new kind of global warfare.
Zero day: a software bug that allows a hacker to break into your devices and move around undetected. One of the most coveted tools in a spy’s arsenal, a zero day has the power to silently spy on your iPhone, dismantle the safety controls at a chemical plant, alter an election, and shut down the electric grid (just ask Ukraine).
For decades, under cover of classification levels and non-disclosure agreements, the United States government became the world’s dominant hoarder of zero days. U.S. government agents paid top dollar-first thousands, and later millions of dollars- to hackers willing to sell their lock-picking code and their silence.
Then the United States lost control of its hoard and the market.
Now those zero days are in the hands of hostile nations and mercenaries who do not care if your vote goes missing, your clean water is contaminated, or our nuclear plants melt down.
Filled with spies, hackers, arms dealers, and a few unsung heroes, written like a thriller and a reference, This Is How They Tell Me the World Ends is an astonishing feat of journalism. Based on years of reporting and hundreds of interviews, The New York Times reporter Nicole Perlroth lifts the curtain on a market in shadow, revealing the urgent threat faced by us all if we cannot bring the global cyber arms race to heel.
T h i s I s H o w T h e y T e l l M e T h e W o r l d E n d s T h i s I s H o w T h e y T e l l M e T h e W o r l d E n d s T h i s I s H o w T h e y T e l l M e T h e W o r l d E n d s
The Cyber Weapons Arms Race
From New York Times cybersecurity reporter Nicole Perlroth, THIS IS HOW THEY TELL ME THE WORLD ENDS is the untold, bestselling account of the cyber arms trade-the most secretive, invisible, government-backed market on earth-and a terrifying first look at a new kind of global warfare.
SHORTLISTED FOR THE FT MCKINSEY BUSINESS BOOK OF THE YEAR PRIZE 2021
McKinsey and The Financial Times
«Perlroth’s storytelling is part John le Carré and more parts Michael Crichton—“Tinker, Tailor, Soldier, Spy” meets “The Andromeda Strain.” Because she’s writing about a boys’ club, there’s also a lot of “Fight Club” in this book. (“The first rule of the zero-day market was: Nobody talks about the zero-day market. The second rule of the zero-day market was: Nobody talks about the zero-day market.”) And, because she tells the story of the zero-day market through the story of her investigation, it’s got a Frances McDormand “Fargo” quality, too. spellbinding.»
The New Yorker
«Perlroth dives into the shadowy and frightening world of cyberwarfare. a fast-paced account of the U.S. government’s digital vulnerability, how it has been exploited and why the stakes couldn’t be higher.»
The New York Times
Booklist, Starred review
“A stemwinder of a tale of how frightening cyber weapons have been turned on their maker. Perlroth takes a complex subject that has been cloaked in techspeak and makes it dead real for the rest of us.”
Kara Swisher, Host of the New York Times podcast «Sway»
Garrett M. Graff, Wired, author of New York Times bestseller THE ONLY PLANE IN THE SKY
“The definitive history of cyberwarfare. Nicole Perlroth connects the dots and the behind the scenes action of every serious intrusion, cyberattack and cyberespionage revelation in the last decade, offering recommendations for stopping the cyberwar none of us want to see.”
Clint Watts, Author of MESSING WITH THE ENEMY
“Nicole Perlroth does what few other authors on the cyber beat can: she tells a highly technical, gripping story as if over a beer at your favorite local dive bar. A page-turner.”
Nina Jankowicz, author of HOW TO LOSE THE INFORMATION WAR
“Usually, books like this are praised by saying that they read like a screenplay or a novel. Nicole Perlroth’s is better: her sensitivity to both technical issues and human behavior give this book an authenticity that makes its message—that cybersecurity issues threaten our privacy, our economy, and maybe our lives—even scarier.”
Steven Levy, author of HACKERS and FACEBOOK
A must-read tale of cloak-and-dagger mercenary hackers, digital weapons of mass destruction and clandestine, ne’er-do-well government agencies. Perlroth’s intrepid reporting shows why the consequences could be frightening.
Lawrence Ingrassia, author of BILLION DOLLAR BRAND CLUB
“Reads like a modern-day John le Carré novel, with terrifying tales of espionage and cyber warfare that will keep you up at night, both unable to stop reading, and terrified for what the future holds.”
Nick Bilton, Vanity Fair, author of AMERICAN KINGPIN
«Easily an early contender for a «best of the year» award, and it is by far one of the best books on cyber warfare and espionage out there today. pulls the reader fully into the narrative from the first page.»
Diplomatic Courier
«One of the most absorbing books I’ve encountered in a long time. superbly organized, written, and edited. What a story Perlroth has to tell.»
Kent Anderson, The Geyser
A b o u t t h e A u t h o r A b o u t t h e A u t h o r A b o u t t h e A u t h o r
Nicole Perlroth spent a decade as the lead cybersecurity, digital espionage and sabotage reporter for The New York Times. Her investigations rooted out Russian hacks of nuclear plants, airports, elections, and petrochemical plants; North Korea’s cyberattack against movie studios, banks and hospitals; Iranian attacks on oil companies, banks, critical infrastructure, and presidential campaigns; and thousands of Chinese cyberattacks against America’s critical infrastructure and businesses, including a months-long hack of The Times. Her investigations, and outing of hacking divisions within China’s People’s Liberation Army, helped compel the first United States hacking charges against members of the Chinese military, and earned her the prestigious “Best in Business Award” from the Society of American Business Editors and Writers. Her co-investigation of the use of commercial spyware in Mexico was nominated for the Pulitzer Prize.
She is the author of the New York Times bestselling book “This Is How They Tell Me The World Ends,” about the global cyber arms race, which was recently shortlisted for the 2021 McKinsey and Financial Times’ Business Book of the Year Award and has been translated into nine languages. The book and several of her Times articles have been optioned for television.
Ms. Perlroth has been widely cited and published, beyond The Times, in The New Yorker, The New York Review of Books, New York Magazine, The Economist, Wired Magazine, Forbes Magazine, CNN, PBS, NPR, Bloomberg, The Wall Street Journal, The Washington Post, Al Jazeera, The Christian Science Monitor, C-SPAN, NBC’s “Meet The Press,” MSNBC’s “The Rachel Maddow Show,” “Dan Rather’s America,” Axios, CBS, CNBC, USA Today, Recorded Futures, Lawfare, the Times’ podcast «Sway,» «The Daily,» and VOX’s «Pivot.»
She has delivered keynotes and speeches for the United States State Department, the World Bank, the Munich Security Conference, RSA, the Council on Foreign Relations, World Affairs Council, Washington D.C. Metropolitan Club, Stockholm Forum on Peace and Development, How To Academy, In-Q-Tel, Track ii Diplomacy, the Friedrich Naumann Foundation Defense Policy Advisors, Hack the Capitol, the Center for European Policy Analysis and the CIOSExchange, an invite-only gathering of Fortune 50 Chief Information Officers.
She has lectured at Stanford University, including the Stanford Graduate School of Business, where she co-authored a case study on the hack of Home Depot. She has also lectured at Princeton University, Columbia University, Cornell University, Harvard Kennedy School, Hult International Business School, The Fletcher School at Tufts University, the Naval War College, Fordham Law, the University of California, Berkeley, John Hopkins Medical School, Cornell University Medical School and was selected as the inaugural “Journalist in Residence” for the University of Texas Strauss Center’s Journalism and World Affairs program and the Jeanette Pontacq Investigative Journalism Fellow.
Before joining the Times, Ms. Perlroth worked as a deputy editor at Forbes Magazine, an analyst at the Corporate Executive Board, a subsidiary of Gartner, and worked for the late Senator Ted Kennedy. She serves on the board of the Searle Scholars Program, which offers grants to support independent biomedical sciences and chemistry research of exceptional young faculty. Among Searle Scholars was Dr. Jennifer Doudna, of the University of California, Berkeley, who won the Nobel Prize in Chemistry for her groundbreaking work developing the CRISPR.
Ms. Perlroth is a graduate of Princeton University (B.A.), Stanford University (M.A.)
Recent Bylines
R e v i e w s R e v i e w s R e v i e w s
«Perlroth’s storytelling is part John le Carré and more parts Michael Crichton—“Tinker, Tailor, Soldier, Spy” meets “The Andromeda Strain.” Because she’s writing about a boys’ club, there’s also a lot of “Fight Club” in this book. (“The first rule of the zero-day market was: Nobody talks about the zero-day market. The second rule of the zero-day market was: Nobody talks about the zero-day market.”) And, because she tells the story of the zero-day market through the story of her investigation, it’s got a Frances McDormand “Fargo” quality, too. spellbinding.»
The New Yorker
The New York Times Book Review
“Perlroth’s terrifying revelation of how vulnerable American institutions and individuals are to clandestine cyberattacks by malicious hackers is possibly the most important book of the year. Perlroth’s precise, lucid, and compelling presentation of mind-blowing disclosures about the underground arms race a must-read exposé.”
Booklist, Starred Review
“A powerful case for strong cybersecurity policy that reduces vulnerabilities while respecting civil rights.”
Kirkus Reviews
«Scarier than the scariest sci-fi movie, “This Is How They Tell Me The World Ends: The Cyberweapons Arms Race,” Ms. Perlroth’s stunningly detailed, must-read book tells the untold story of what may well be the clearest and most present danger facing the world.»
Pittsburgh Post-Gazette
“An essential cautionary tale [that] exposes the motivations and misgivings of the people helping governments hack into our devices. After Perlroth’s incisive investigation, there’s no excuse for ignoring the costs of the cyber arms race. Indeed, we are already deeply vulnerable.”
Sarah Frier, Bloomberg
“100% gripping. For anyone interested in cybersecurity, whether as student, policymaker, or citizen, it is well worth your read.”
P.W. Singer, author of LIKEWAR
“A wonderfully readable new book. Underlying everything Perlroth writes is the question of ethics: what is the right thing to do? Too many of the people she describes never seemed to think about that; their goals were short-term or selfish or both. a rip-roaring story of hackers and bug-sellers and spies that also looks at the deeper questions.”
Steven M. Bellovin, Professor of Computer Science, Columbia University
«When the weaknesses of a system can be bought and sold, the results can be calamitous, as This Is How They Tell Me the World Ends shows … Engaging and troubling … This secretive market is difficult to penetrate, but Perlroth has dug deeper than most and chronicles her efforts wittily.»
The Economist
“From one of the literati, a compelling tale of the digerati: Nicole Perlroth puts arresting faces on the clandestine government-sponsored elites using 1s and 0s to protect us or menace us-and profit.”
Glenn Kramon, The New York Times
“The murky world of zero-day sales has remained in the shadows for decades, with few in the trade willing to talk about this critical topic. Nicole Perlroth has done a great job tracing the origin stories, coaxing practitioners into telling their fascinating tales and explaining why it all matters.”
Kim Zetter, author of COUNTDOWN TO ZERODAY
“Reads like a thriller. A masterful inside look at a highly profitable industry that was supposed to make us safer, but has ended up bringing us to the brink of the next world war.”
John Markoff, The New York Times
“A whirlwind global tour that introduces us to the crazy characters and bizarre stories behind the struggle to control the internet. It would be unbelievable if it wasn’t all so very true.”
Alex Stamos, Director of the Stanford Internet Observatory and former head of security for Facebook
“This is not a book to read if you want to relax. Told in an enthrallingly cinematic style Perlroth takes us through some of the worst cyber-security breaches in history. revealing just how vulnerable our reliance on digital convenience has made us, both individually and as a society. This is How They Tell Me the World Ends is a stark, necessary, thoroughly reported reminder that no matter how strong the safe is, there’ll always be someone who can come along and crack it.”
Jonny Diamond, Lit Hub Editor-in-Chief
The Diplomatic Courier
«Written in the hot, propulsive prose of a spy thriller, Perlroth’s book sets out from the start to scare us out of our complacency. an intricately detailed, deeply sourced and reported history of the origins and growth of that market and the global cyberweapons arms race it has sparked.»
The New York Times
«New York Times cybersecurity reporter Perlroth debuts with a colorful rundown of threats to the world’s digital infrastructure. Perlroth’s searing account of the role American hubris played in creating the zero-day market hits the mark.»
Publisher’s Weekly
«Sizzling. Her insider accounts provide texture and context. [Her] storytelling skills make them scarier, particularly because of the collateral damage.»
Edward Lucas, The Times of London
«This big, smart but entirely intelligible book. is lively and enjoyable, scary until it’s (somewhat) calming, and mind-clearing.»
George Ernsberger, About Books
“Riveting. You will be hooked in the first few pages.”
Dave Pell, Next Draft
“The New York Times cybersecurity reporter lifts the curtain on the cyberweapons market, revealing a terrifying look at a new kind of global arms race.”
This Is How They Tell Me the World Ends: The Cyberweapons Arms Race
From The New York Times cybersecurity reporter Nicole Perlroth, the untold story of the cyberweapons market-the most secretive, invisible, government-backed market on earth-and a terrifying first look at a new kind of global warfare.
Zero day: a software bug that allows a hacker to break into your devices and move around undetected. One of the most coveted tools in a spy’s arsenal, a zero day has the power to silently spy on your iPhone, dismantle the safety controls at a chemical plant, alter an election, and shut down the electric grid (just ask Ukraine).
For decades, under cover of classification levels and non-disclosure agreements, the United States government became the world’s dominant hoarder of zero days. U.S. government agents paid top dollar-first thousands, and later millions of dollars- to hackers willing to sell their lock-picking code and their silence.
Then the United States lost control of its hoard and the market.
Now those zero days are in the hands of hostile nations and mercenaries who do not care if your vote goes missing, your clean water is contaminated, or our nuclear plants melt down.
Filled with spies, hackers, arms dealers, and a few unsung heroes, written like a thriller and a reference, This Is How They Tell Me the World Ends is an astonishing feat of journalism. Based on years of reporting and hundreds of interviews, The New York Times reporter Nicole Perlroth lifts the curtain on a market in shadow, revealing the urgent threat faced by us all if we cannot bring the global cyber arms race to heel.
This Is How They Tell Me the World Ends: The Cyberweapons Arms Race
From The New York Times cybersecurity reporter Nicole Perlroth, the untold story of the cyberweapons market-the most secretive, invisible, government-backed market on earth-and a terrifying first look at a new kind of global warfare.
Zero day: a software bug that allows a hacker to break into your devices and move around undetected. One of the most coveted tools in a spy’s arsenal, a zero day has the power to silently spy on your iPhone, dismantle the safety controls at a chemical plant, alter an election, and shut down the electric grid (just ask Ukraine).
For decades, under cover of classification levels and non-disclosure agreements, the United States government became the world’s dominant hoarder of zero days. U.S. government agents paid top dollar-first thousands, and later millions of dollars- to hackers willing to sell their lock-picking code and their silence.
Then the United States lost control of its hoard and the market.
Now those zero days are in the hands of hostile nations and mercenaries who do not care if your vote goes missing, your clean water is contaminated, or our nuclear plants melt down.
Filled with spies, hackers, arms dealers, and a few unsung heroes, written like a thriller and a reference, This Is How They Tell Me the World Ends is an astonishing feat of journalism. Based on years of reporting and hundreds of interviews, The New York Times reporter Nicole Perlroth lifts the curtain on a market in shadow, revealing the urgent threat faced by us all if we cannot bring the global cyber arms race to heel.