Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers
“Andy Greenberg’s Sandworm has achieved what I thought was no longer possible,” said Richard Stiennon in Forbes.com. “It scares me.” Even after covering the cybersecurity industry as an analyst for years, I was underestimating the threat posed by the world’s most destructive cyberwarfare unit and others like it. Sandworm, one of several hacker groups inside Russia’s military intelligence agency, the GRU, has been blamed for cutting off power to Ukraine to support Russia’s annexation of Crimea, for hacking U.S. election systems, and for unleashing NotPetya, a piece of malicious software that in 2017 caused a record-setting $10 billion in damage worldwide. The scariest thing about Sandworm, though, is that its methods make people throughout the world vulnerable to harm, even when the intended target is an unrelated nation.
“NotPetya was a turning point,” said Brian Nussbaum in Nature. The attack showed how the vulnerabilities in a widely used software app—in this case, a Ukrainian tax-preparation tool—can be exploited to rapidly spread destruction. One infected computer belonged to an employee of Maersk, the Danish shipping giant, and within minutes desktops all over the company’s headquarters were rendered useless. It also spread to FedEx, to Merck, and to many other companies around the world providing critical services.
“Sandworm is much more than a true-life techno thriller,” though it is partly that, said Cory Doctorow in the Los Angeles Times. Greenberg, an expert Wired reporter, introduces us to U.S., Russian, and Ukrainian generals and techies who play the tale’s criminals or sleuths, making the drama relatable. But Greenberg’s book also offers “a tour through a realm that is both invisible and critical to the daily lives of every person alive.” Understanding cybersecurity is now necessary to civic literacy. “As Greenberg so aptly demonstrates, you may not be interested in cybersecurity, but it is certainly interested in you.” ■