Andy Greenberg’s “Sandworm” details the discovery of a Russian GRU hacking unit by way of its developed exploits and attacks in Eastern Europe. The story is an extension of Greenberg’s work with WIRED magazine, which detailed the NotPetya attack that crippled Ukraine’s infrastructure and cascaded across the world causing more than $10 billion in damages.
And while the story gives a considerable amount of attention to NotPetya, “Sandworm” examines a slew of other state-sponsored cyber-attacks:
- Moonlight Maze: Russian cyber-espionage operation in the 90s that pilfered U.S. government secrets; accredited by Greenberg as being one of the first state-on-state cyber-spying campaigns of its kind.
- Stuxnet: U.S. and Israeli cyber-weapon linked to destroying nuclear enrichment centrifuges within Iran. Famed for its sophisticated implementation and kill chain. Propagated well beyond its target, infecting computers in over a hundred countries worldwide.
- Olympic Destroyer: Russian denial-of-service cyber attack on the 2018 Winter Olympics IT backbone. Notable for its extensive obfuscation efforts to mask its origin and pose as a North Korean led attack instead.
- Eternalblue: NSA-developed cyber-weapon stolen and dumped online by the anonymous “Shadow Brokers”. The exploit targeted CVE-2017-0144, a flaw that allows remote attackers to execute arbitrary code on a target system; this led to the destructive rise of the WannaCry ransomware and NotPetya.
- BlackEnergy: Cyber-crime tool originally developed by Russian hacker Dmytro Oleksiuk for the creation/proliferation of a botnet – one used for distributed denial-of-service (DDOS) attacks. Taken up and re-tooled by Russia as a cyber-spying mechanism embedded in Microsoft Word and Powerpoint documents distributed throughout Ukraine.
At its core, “Sandworm” opens readers to the prospect of cyberwar – what it is and what it could mean for international relations in the future. Cyberwar, as Greenberg contends, is less like the autonomous Terminator-esque vision of robotic conflicts and more in line with a more digital conflict. Still deadly, just less conspicuous and far more difficult to lay attribution to. In Greenberg’s terms:
“This is what cyberwar looks like: an invisible force capable of striking out from an unknown origin to sabotage, on a massive scale, the technologies that underpin civilization.”
These kinds of conflicts give rise to interesting and terrible questions for national policy and ethics. Cyberwars may be considered less violent and lethal as a form of military combat, but they also are indiscriminate; “Sandworm” spells out in plain language the dystopian direction the world is headed with these advancements:
“If cyberwar escalation continues unchecked, the victims of state-sponsored hacking could be on a trajectory for even more virulent and destructive worms. The digital attacks first demonstrated in Ukraine hint at a dystopia on the horizon, one where hackers induce blackouts that last days, weeks, or even longer – intentionally inflicted deprivations of electricity that could mirror the American tragedy of Puerto Rico after Hurricane Maria, causing vast economic harm and even loss of life. Or one where hackers destroy physical equipment at industrial sites to cause lethal mayhem. Or, as in the case of NotPetya, where they simply wipe hundreds of thousands of computers at a strategic moment to render brain-dead the digital systems of an enemy’s economy or critical infrastructure.”
This book is well-written and thoroughly researched. Anyone familiar with InfoSec will recognize the events Greenberg touches upon throughout the book, but few will have plumbed the depths of their origins or spoken to as many first-hand sources. While “Sandworm” doesn’t concern itself with explaining the technical minutiae behind these incidents, it does guide the reader through some of the high-level details to understand the gravity behind them. As such, those looking for a more in-depth post-mortem of the malware behind the attacks will find the book wanting. However, “Sandworm” will provide an excellent contextualization of recent advancements in cyberwar.