Book review: Countdown to Zero Day

Posted by   Virus Bulletin on   Dec 18, 2014

Kim Zetter's book on Stuxnet is a must-read for anyone interested in malware - or in 21st century geopolitics.

There is a tendency among the media to call every hack 'advanced', to blame every attack on a nation state, and to label every industrial failure as 'cyber'. It is good to approach such stories with a healthy dose of scepticism, yet that doesn't mean that such cases only exist in the realm of fantasy.

Enter Stuxnet: malware written by the NSA, probably with the help of Israel's intelligence agencies, which found its way onto the air-gapped computer systems of a nuclear plant in Iran, where it did serious damage to the centrifuges and thus ultimately to the country's uranium enrichment program.

It was Mikko Hyppönen who said that, with Stuxnet, computer science lost its innocence - like nuclear science had done in August 1945 when nuclear bombs were dropped on Hiroshima and Nagasaki. After that day, the atom bomb was no longer something that could happen: it was something that actually had happened. Likewise, a destructive malware attack on an industrial facility isn't something that could theoretically happen: it is something that has happened, and Stuxnet was the first time we learned about it.

It was thus with much eagerness that I looked forward to reading Kim Zetter's book on Stuxnet, Countdown to Zero Day, which came out last month.

Kim Zetter - Countdown to Zero Day

In her book, the Wired journalist tells the story of Stuxnet from its discovery by Sergey Ulasen (then of VirusBlokAda) and takes us through the slow unravelling of the malware by security researchers, who gradually discovered Stuxnet's purpose.

In doing so, the book focuses not only on the technical details, but it also takes a human interest view by focusing on the researchers themselves. As such, we're taken to Liam O'Murchu's birthday party and to the apartment belonging to Costin Raiu's parents, which was nearly blown up by a young Costin's chemistry experiments (leading to his parents buying him a PC instead, which ultimately led to him becoming one of the world's most brilliant anti-virus researchers).

For that reason alone, the book is worth reading. Stuxnet remains unique among known cases of malware, and understanding what happened is as essential for those working in IT security as the stories of Hiroshima and Nagasaki are for nuclear physicists.

Yet unique as it may be (or not, as there is a real possibility that there are other 'Stuxnets' out there that have not yet been discovered), Stuxnet doesn't exist in a void. Countdown to Zero Day also tells the broader story, providing a number of contexts in which the malware exists.

First, there were the worries of Western nations - in particular those of the United States and Israel - about Iran's nuclear ambitions. I am not the biggest fan of United States foreign policy, but after reading the book I came to understand the challenges US intelligence was facing - wanting to prevent Iran from building nuclear weapons, yet trying to avoid dropping bombs on uranium enrichment facilities. At least I came to understand why the decision to build Stuxnet was made.

While Stuxnet was designed only to target one specific facility, the principle of the malware can easily be turned around and it would be possible for rogue actors to use malware to target 'our' industrial control systems, for various definitions of 'our'. Zetter's book contains a chapter on the history of the security (or, often, lack thereof) of industrial control systems, as well as possible attacks on them.

Those who have followed the story of Stuxnet will know of Duqu ('son of Stuxnet') and related attacks such as Flame and Gauss, each of which gets ample attention in the book. Yet what made Stuxnet stand out, even from these equally advanced pieces of malware, was that it was actually destructive - making it one of the few cases for which that so often misused term 'cyberwar' can be used with some justification.

Zetter describes the long history of cyberwar, which goes back more than two decades, and doesn't fail to mention the heated debate surrounding the sale of zero-day vulnerabilities. Stuxnet contained four such vulnerabilities.

I had high expectations of this book, given both the subject matter and Zetter's reputation as a journalist covering cybersecurity. Yet these expectations were easily surpassed, not just because the book puts Stuxnet in a very broad context, but also because of the style in which it is written, which makes it read like a novel. I was reading the book on a plane and I was the last person to get up from my seat when it landed, I was so eager to learn what happened next.

What helps make it such a good read is the fact that the book contains many footnotes that provide background information to the story, without interrupting the text.

To paraphrase the book's final words: now that Pandora's digital box has been opened, other cases of destructive cyber attacks may appear at any time. If only because of this, Countdown to Zero Day is essential reading for anyone interested in cybersecurity. Or, for that matter, in geopolitics.

Countdown to Zero Day is published by The Crown Publishing Group, a subsidiary of Random House.

  Symantec's Liam O'Murchu on stage during VB2010 demonstrating Stuxnet with the help of a balloon. Photo: Andreas Marx.

Posted on 18 December 2014 by Martijn Grooten


Latest posts:

VB2019 paper: APT cases exploiting vulnerabilities in region-specific software

At VB2019, JPCERT/CC's Shusei Tomonaga and Tomoaki Tani presented a paper on attacks that exploit vulnerabilities in software used only in Japan, using malware that is unique to Japan. Today we publish both their paper and the recording of their…

New paper: Detection of vulnerabilities in web applications by validating parameter integrity and data flow graphs

In a follow-up to a paper presented at VB2019, Prismo Systems researchers Abhishek Singh and Ramesh Mani detail algorithms that can be used to detect SQL injection in stored procedures, persistent cross-site scripting (XSS), and server‑side request…

VB2020 programme announced

VB is pleased to reveal the details of an interesting and diverse programme for VB2020, the 30th Virus Bulletin International Conference.

VB2019 paper: Cyber espionage in the Middle East: unravelling OSX.WindTail

At VB2019 in London, Jamf's Patrick Wardle analysed the WindTail macOS malware used by the WindShift APT group, active in the Middle East. Today we publish both Patrick's paper and the recording of his presentation.

VB2019 paper: 2,000 reactions to a malware attack – accidental study

At VB2019 cybercrime journalist and researcher Adam Haertlé presented an analysis of almost 2000 unsolicited responses sent by victims of a malicious email campaign. Today we publish both his paper and the recording of his presentation.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.