In weniger als einer Minute können Sie mit dem Lesen von Countdown to Zero Day auf Ihrem Kindle beginnen. Sie haben noch keinen Kindle? Hier kaufen oder mit einer unserer kostenlosen Kindle Lese-Apps sofort zu lesen anfangen.

An Ihren Kindle oder ein anderes Gerät senden

 
 
 

Kostenlos testen

Jetzt kostenlos reinlesen

An Ihren Kindle oder ein anderes Gerät senden

Der Artikel ist in folgender Variante leider nicht verfügbar
Keine Abbildung vorhanden für
Farbe:
Keine Abbildung vorhanden
 

Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon [Kindle Edition]

Kim Zetter
4.0 von 5 Sternen  Alle Rezensionen anzeigen (1 Kundenrezension)

Kindle-Preis: EUR 12,99 Inkl. MwSt. und kostenloser drahtloser Lieferung über Amazon Whispernet

Kostenlose Kindle-Leseanwendung Jeder kann Kindle Bücher lesen  selbst ohne ein Kindle-Gerät  mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.

Geben Sie Ihre E-Mail-Adresse oder Mobiltelefonnummer ein, um die kostenfreie App zu beziehen.

Weitere Ausgaben

Amazon-Preis Neu ab Gebraucht ab
Kindle Edition EUR 12,99  
Gebundene Ausgabe EUR 20,95  
Taschenbuch EUR 13,95  
Hörbuch-Download, Ungekürzte Ausgabe EUR 0,00 im Audible-Probeabo

Kunden, die diesen Artikel gekauft haben, kauften auch

Seite von Zum Anfang
Diese Einkaufsfunktion wird weiterhin Artikel laden. Um aus diesem Karussell zu navigieren, benutzen Sie bitte Ihre Überschrift-Tastenkombination, um zur nächsten oder vorherigen Überschrift zu navigieren.

Produktbeschreibungen

Pressestimmen

"Immensely enjoyable...Zetter turns a complicated and technical cyber- story into an engrossing whodunit...The age of digital warfare may well have begun."
--Washington Post

"An authoritative account of Stuxnet’s spread and discovery...[delivers] a sobering message about the vulnerability of the systems—train lines, water-treatment plants, electricity grids—that make modern life possible."
--Economist

"Exhaustively researched...Zetter gives a full account of this “hack of the century,” as the operation has been called, [but] the book goes well beyond its ostensible subject to offer a hair-raising introduction to the age of cyber warfare."
--Wall Street Journal

“Part detective story, part scary-brilliant treatise on the future of warfare…an ambitious, comprehensive, and engrossing book that should be required reading for anyone who cares about the threats that America—and the world—are sure to be facing over the coming years.”
—Kevin Mitnick, New York Times bestselling author of Ghost in the Wires and The Art of Intrusion

“Unpacks this complex issue with the panache of a spy thriller…even readers who can’t tell a PLC from an iPad will learn much from Zetter’s accessible, expertly crafted account.”
Publishers Weekly (starred)

“A true techno-whodunit [that] offers a sharp account of past mischief and a glimpse of things to come…Zetter writes lucidly about mind-numbingly technical matters, reveling in the geekery of malware and espionage, and she takes the narrative down some dark electronic corridors… Governments, hackers and parties unknown are launching ticking computer time bombs every day, all coming to a laptop near you.”
--Kirkus

"An exciting and readable story of the world's first cyberweapon. Zetter not only explains the weapon and chronicles its discovery, but explains the motives and mechanics behind the attack -- and makes a powerful argument why this story matters."
--Bruce Schneier, author of Secrets and Lies and Schneier on Security


From the Hardcover edition.

Kurzbeschreibung

Top cybersecurity journalist Kim Zetter tells the story behind the virus that sabotaged Iran’s nuclear efforts and shows how its existence has ushered in a new age of warfare—one in which a digital attack can have the same destructive capability as a megaton bomb.
 
In January 2010, inspectors with the International Atomic Energy Agency noticed that centrifuges at an Iranian uranium enrichment plant were failing at an unprecedented rate. The cause was a complete mystery—apparently as much to the technicians replacing the centrifuges as to the inspectors observing them.
 
Then, five months later, a seemingly unrelated event occurred: A computer security firm in Belarus was called in to troubleshoot some computers in Iran that were crashing and rebooting repeatedly.
 
 At first, the firm’s programmers believed the malicious code on the machines was a simple, routine piece of malware. But as they and other experts around the world investigated, they discovered a mysterious virus of unparalleled complexity.
 
They had, they soon learned, stumbled upon the world’s first digital weapon. For Stuxnet, as it came to be known, was unlike any other virus or worm built before: Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak actual, physical destruction on a nuclear facility. 
 
In these pages, Wired journalist Kim Zetter draws on her extensive sources and expertise to tell the story behind Stuxnet’s planning, execution, and discovery, covering its genesis in the corridors of Bush’s White House and its unleashing on systems in Iran—and telling the spectacular, unlikely tale of the security geeks who managed to unravel a sabotage campaign years in the making.
 
But Countdown to Zero Day ranges far beyond Stuxnet itself. Here, Zetter shows us how digital warfare developed in the US. She takes us inside today’s flourishing zero-day “grey markets,” in which intelligence agencies and militaries pay huge sums for the malicious code they need to carry out infiltrations and attacks. She reveals just how vulnerable many of our own critical systems are to Stuxnet-like strikes, from nation-state adversaries and anonymous hackers alike—and shows us just what might happen should our infrastructure be targeted by such an attack.
 
Propelled by Zetter’s unique knowledge and access, and filled with eye-opening explanations of the technologies involved, Countdown to Zero Day is a comprehensive and prescient portrait of a world at the edge of a new kind of war.

Produktinformation


Mehr über den Autor

Entdecken Sie Bücher, lesen Sie über Autoren und mehr

Welche anderen Artikel kaufen Kunden, nachdem sie diesen Artikel angesehen haben?


Kundenrezensionen

5 Sterne
0
3 Sterne
0
2 Sterne
0
1 Sterne
0
4.0 von 5 Sternen
4.0 von 5 Sternen
Die hilfreichsten Kundenrezensionen
4.0 von 5 Sternen True story, but reads like fiction 20. Dezember 2014
Format:Gebundene Ausgabe|Verifizierter Kauf
Excerpts from this book appeared in WIRED magazine a while ago, with a focus on the bare facts. This book tries to give a face to the people behind STUXNET, and gives a comprehensive overlook on the 'Why' and 'How' of this attack. Easy to read, comes with a host of bookmarks for further reading.
War diese Rezension für Sie hilfreich?
Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)
Amazon.com: 4.7 von 5 Sternen  163 Rezensionen
41 von 44 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Excellent, Fascinating Read 23. September 2014
Von Matt Morgan - Veröffentlicht auf Amazon.com
Format:Gebundene Ausgabe|Vine Kundenrezension eines kostenfreien Produkts (Was ist das?)
Being in the IT field (in particular working with OS design and administration) I took an interest when Stuxnet came to light a few years back. The last time I remembered such a stir created in the media about propagating malware was when the Morris worm surfaced in the late 1980’s. I did not know too much about Stuxnet other than what was shared in news reports so I was eager to learn more. This book definitely delivers the goods.

Instead of a dry, factual presentation that just leaves the reader bored, this book reads more like a novel – except that it’s true. It starts with a fascinating account of how Stuxnet was first discovered and describes in some detail how it exploited the operating system, what mechanisms it used to replicate itself, how it targeted the systems it was designed to find and it gives a fair estimate of just how much damage it caused before it was ultimately uncovered. The book goes on from there to discuss the implications Stuxnet has had on the digital world and how it has helped to redefine modern warfare.

The main text is written very much like a novel, but it makes heavy use of footnotes. These footnotes inject interesting facts relating to the point being made but would otherwise mar the chain of thought for the reader. This was a smart editing decision as it makes taking the side tracks optional.

One thought kept coming to mind as I got deeper into the material and learned more about the birth of this malware and how it all came into being – I had absolutely no clue just how deep the rabbit hole went, both militarily and politically.

For those interested in cybersecurity, those with an interest in electronic warfare or even those who are just downright curious about what is without question the most complex and sophisticated digital weapon known to date, this book is full of interesting information and because it’s written almost like fiction it’s a fast and engrossing read.
21 von 21 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Excellent telling of a very complex story 16. November 2014
Von Adam Caudill - Veröffentlicht auf Amazon.com
Format:Kindle Edition|Verifizierter Kauf
I know quite a few of the researchers that were involved in reverse engineering Stuxnet and Flame - so I was able to watch the story unfold with a behind the scenes view - what's presented in here is a very accurate, and insightful view of one of the most important security discoveries in recent years.

Stuxnet, et. al. presented the security industry with a huge problem - and the implications are still being sorted out to this day. Government use of malware, and how the industry should handle it when discovered are topics that are still being debated on a daily basis. Kim does a great job on explaining the issues, and giving readers plenty to think about.

From a technical perspective, the book goes into enough detail so that those of us familiar with the topic know exactly what is being discussed and it's implications, while not going overboard and overloading non-technical users with incomprehensible details. The book has a good narrative style, while covering technical detail and including details on the sources for information. Throughout the book are footnotes that list source information, additional notes that explain context, or provide additional details that don't fit in the narrative telling - I strongly suggest that you read the footnotes, as they offer very useful information.

All in all, I strongly recommend the book, well worth it.
22 von 24 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen You won’t be able to put down this outstanding narrative about Stuxnet 11. November 2014
Von Ben Rothke - Veröffentlicht auf Amazon.com
Format:Gebundene Ausgabe
A word to describe Takedown: The Pursuit and Capture of America's Most Wanted Computer Outlaw was hyperbole. While the general storyline from the 1996 book was accurate, filler was written that created the legend of Kevin Mitnick. This in turn makes the book a near work of historical fiction.

Much has changed in nearly 20 years and Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon has certainly upped the ante for accurate computer security journalism.

The book is a fascinating read and author Kim Zetter's attention to detail and accuracy is superb. In the inside cover of the book, Kevin Mitnick describes this as an ambitious, comprehensive and engrossing book. The irony is not lost in that Mitnick was dogged by misrepresentations in Markoff’s book.

For those that want to know the basics about Stuxnet, its Wikipedia entry will suffice. For a deeper look, the book take a detailed look at how the Stuxnet worm of 2010 came to be, how it was written, discovered and deciphered, and what it means for the future.

The book provides nearly everything that can be known to date about Stuxnet. The need to create Stuxnet was the understanding that a nuclear Iran was dangerous to the world. The book notes that it just wasn’t the US and Israel that wanted a nuclear-free Iran; Egypt and Saudi Arabia were highly concerned about the dangers a nuclear Iran would bring to the region.

What is eminently clear is that Iran chronically lied about their nuclear intentions and actions (chapter 17 notes that former United Kingdom Prime Minister Gordon Brown told the international community that they had to do something over Iran’s serial deception of many years) and that the United Nations International Atomic Energy Agency (IAEA) was powerless to do anything, save for monitoring and writing reports.

While some may debate if Stuxnet was indeed the world's first digital weapon, it’s undeniable that it is the first piece of known malware that could be considered a cyber-weapon. Stuxnet was unlike any other previous malware. Rather than just hijacking targeted computers or stealing information from them, it created physical destruction on centrifuges the software controlled.

At just over 400 pages, the book is a bit wordy, but Zetter does a wonderful job of keeping the book extremely readable and the narrative enthralling. Writing about debugging virus code, descriptions about the Siemens industrial programmable logic controllers (PLCs) and Step7 software (which was what Stuxnet was attacking) could easily be mind-numbingly boring, save for Zetter’s ability to make it a compelling read.

While a good part of the book details the research Symantec, Kaspersky Lab and others did to debug Stuxnet, the book doesn’t list a single line of code, which makes it quite readable for the non-programmer. The book is technical and Zetter gets into the elementary details of how Stuxnet operated; from reverse engineering, digital certificates and certificate authorities, cryptographic hashing and much more. The non-technical reader certainly won’t be overwhelmed, but at the same time might not be able to appreciate what went into designing and making Stuxnet work.

As noted earlier, the book is extremely well researched and all significant claims are referenced. The book is heavily footnoted, which makes the book much more readable than the use of endnotes. Aside from the minor error of mistakenly calling Kurt Gödel a cryptographer (he was a logician) on page 295, Zetter’s painstaking attention to detail is to be commended.

Whoever wrote Stuxnet counted on the Iranians not having the skills to uncover or decipher the malicious attacks on their own. But as Zetter writes, they also didn’t anticipate the crowdsourced wisdom of the hive – courtesy of the global cybersecurity community that would handle the detection and analysis for them. That detection and analysis spanned continents and numerous countries.

The book concludes with chapter 19 Digital Pandora which departs from the details of Stuxnet and gets into the bigger picture of what cyber-warfare means and its intended and unintended consequences. There are no simple answers here and the stakes are huge.

The chapter quotes Marcus Ranum who is outspoken on the topic of cyber-warfare. At the 2014 MISTI Infosec World Conference, Ranum gave a talk on Cyberwar: Putting Civilian Infrastructure on the Front Lines, Again. Be it the topic or Marcus being Marcus, a third of the participants left within the first 15 minutes. They should have stayed, as Ranum, agree with him or not, provided some riveting insights on the topic.

The book leave with two unresolved questions; who did it, and how did it get into the air-gapped Nantanz enrichment facility.

It is thought the US with some assistance from Israel created Stuxnet; but Zetter also writes that Germany and Great Britain may have done the work or at least provided assistance.

It’s also unknown how Stuxnet got into the air-gapped facility. It was designed to spread via an infected USB flash drive. It’s thought that since they couldn’t get into the facility, what needed to be done was to infect computers belonging to a few outside firms that sold devices that would in turn be connected to the facility. The book identified a few of these companies, but it’s still unclear if they were the ones, or the perpetrators somehow had someone on the inside.

As to zero day in the title, what was unique about Stuxnet is that it contained 5 zero day exploits. Zero day is also relevant in that Zetter describes the black and gray markets of firms that discover zero-day vulnerabilities who in turn sell them to law enforcement and intelligence agencies.

Creating Stuxnet was a huge challenge that took scores of programmers from a nation state many months to create. Writing a highly readable and engrossing book about the obscure software vulnerabilities that it exploited was also a challenge, albeit one that few authors could do efficaciously. In Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon, Kim Zetter has written one of the best computer security narratives; a book you will likely find quite hard to put down.
16 von 19 Kunden fanden die folgende Rezension hilfreich
5.0 von 5 Sternen Equal Parts Terrifying and Educational 12. Oktober 2014
Von frankp93 - Veröffentlicht auf Amazon.com
Format:Gebundene Ausgabe|Vine Kundenrezension eines kostenfreien Produkts (Was ist das?)
While software viruses and worms have existed in some form since the 1950’s, the attack on Iran’s uranium enrichment facility at Natanz by the Stuxnet worm is acknowledged as the first instance of state-sponsored cyberwar resulting in physical destruction of industrial infrastructure.

Whether it remains, like 9/11, a ‘once in a generation’ event is debatable, but what’s not is the digital arms race it ushered in with little public discussion of the consequences as our internet of Windows-dominated PCs evolves towards an internet of things, and automated control systems play increasingly larger roles in our lives.

The opening chapters of ‘Countdown to Zero Day’ are as riveting as any techno thriller I’ve read – with the added element of being true and portending an all-too-plausible future of government – and non-state actor - sponsored cyberwar, provocation, and surveillance we’re in part already living in.

There’s no actually code in the book, per se, but enough discussion of drivers, reverse engineering, cryptographic hashing, hooking of APIs, DLLs and CAB files, ladder stacks, and certificate authorities to feel credible to anyone who has coded Windows and embedded systems such as Programmable Logic Controllers (PLCs) at the C and assembler levels.
If you haven’t, fortunately, Zetter’s writing is especially clear and crisp and the book by no means requires a technical background - although a ‘technical inclination’ will serve readers well. On balance this isn’t high-level executive summary stuff.
What made Stuxnet such a milestone was the specificity of its targeting and the relative sophistication of its attack: novel code injection techniques and the ability to hide in plain sight by presenting the illusion of normality to engineers programming the industrial control systems it was designed to subvert.

While the discovery and subsequent reverse engineering of Stuxnet by employees of cyber-security firms is the main focal point and provides the narrative juice of the story, there’s ample discussion of research into industrial control vulnerabilities and the emergence of cyberwar as an increasingly ‘viable concept’ as the proliferation of automated control and critical infrastructure systems blanket the planet in a web of interconnected vulnerabilities.

Particularly fascinating (if disturbing) was the description of the gray market in zero-day software vulnerabilities – uncovered bugs yet to be reported and/or patched that provide the most effective entry points for attacks. The existence of firms whose sole purpose is uncovering and marketing ‘zero days’ is both depressing – like something out of a William Gibson dystopia – yet oddly inevitable given the relentless commodification and capitalization of virtually every aspect of our lives we’re increasingly subject to.
If I have a criticism of the book, its narrative flow is a bit uneven: The 35-page chapter, ‘Industrial Controls Out of Control’ really sapped the momentum of what was until then a genuine page-turner as the initial impact of Stuxnet first hit the radar of a small security firm in Belarus.

The author seems to have intended a history of research into vulnerabilities in industrial control systems to show from where Stuxnet came, along with examples of sabotage including an Australian sewage treatment plant. While no doubt an important backstory, it could have been done just as effectively in far fewer words.

In addition, once the scope and details of Stuxnet are revealed (at about the three quarter mark of the book), the narrative shifts towards the political context under which the attack was developed and deployed, as well as the analytical work to determine its actual effectiveness – including much detail about centrifuges and the uranium enrichment process.

While the detail remained fascinating for the most part, the mystery element of the story was gone, replaced by physical engineering and UN monitoring cat-and-mouse games, along with some highly ironic in retrospect political revelations. The same span of time was visited from a different perspective – it might make for an interesting fiction technique, but here it felt somewhat anti-climatic.

I’ll admit I’m obsessive about footnotes, in spite of the fact most books don’t justify the effort. The voluminous footnotes in ‘Countdown to Zero Day’ – many with active links – amount to a terrific multimedia accompaniment to the text. You could spend weeks and even months poring over source documents and images. It really lends an engrossing context to an already gripping story.

The lengthy concluding chapter, ‘Digital Pandora’ presents the big picture of cyber warfare and the moral and ethical consequences that remain far from resolved (or even adequately discussed) both in the public realm, as well as ‘behind closed doors’ among competing interests within the U.S. government and internationally.
A core issue revolves around how knowledge of zero day vulnerabilities can be used for both defensive and offensive purposes by different parties acting in their own best interests.

Two of the more disturbing aspects of the Stuxnet involved the subversion of digital signing certificates and the client-side hijacking of the Windows Update process on target machines. The ramifications of compromising such high-trust elements of the digital infrastructure are obviously enormous. Yet Zetter implies the discussion is too often dominated by those who favor the offensive weaponization of cyber tools without considering their profound differences from conventional or even traditional non-conventional weapons when it comes to potential retaliation.

Just as today’s criminal hacking enterprises make the prior generation’s lone teenage hacker seem quaint by comparison, the emergence of state-sponsored cyber warfare may leave us all pining for these ‘good old days’ of key loggers, popup ads and mass-email viruses.

‘Countdown to Zero Day’ is intelligently-written and well-sourced and maintains a sober and objective keel in the face of facts and events that in other hands could easily be milked for maximum political/conspiratorial benefit. Sadly, in this day and age, such reporting has become scarce and we’re all poorer as a result.
5 von 5 Kunden fanden die folgende Rezension hilfreich
3.0 von 5 Sternen Excellent information, but a flawed, slow read. 24. Januar 2015
Von Michael McGurrin - Veröffentlicht auf Amazon.com
Format:Kindle Edition
The strengths: the book is comprehensive and complete. It covers Stuxnet, related attacks, how information came to be public, the exhaustive analysis that anti-virus and similar companies went through to determine what the software did and how it did it, and a good discussion on what's different about generating physical damage using software, and items like PLCs. If you're looking for information on this topic, this will have it, along with extensive references.
The weaknesses: repetitive, not well-organized, and at times uses excessive hype. The author talks about the great difficulty in organizing and writing a book about this complex subject while telling a compelling tale. It is difficult, and unfortunately I don't think the author succeeded. It jumps back and forth again and again from background to the detective work to uncover what Stuxnet does, to the nuclear situation in Iran. This makes it repetitive and a boring read. Also, comparisons of Stuxnet with Hiroshima and nuclear weapons strain credibility. Stuxnet did not kill over 100,000 people. Yes, Stuxnet is a new type of weapon, as were nuclear weapons, but so was gunpowder, or the cross-bow, Being a new weapon is not equivalent to a nuclear weapon.
Waren diese Rezensionen hilfreich?   Wir wollen von Ihnen hören.
Kundenrezensionen suchen
Nur in den Rezensionen zu diesem Produkt suchen

Ähnliche Artikel finden