书籍 Countdown to Zero Day的封面

Countdown to Zero Day

Kim Zetter

出版社

Crown

出版时间

2014-11-11

ISBN

9780770436179

评分

★★★★★

标签

互联网

书籍介绍

In January 2010, inspectors with the International Atomic Energy Agency noticed that centrifuges at a uranium enrichment plant in Iran were failing and being replaced at an unprecedented rate. The cause of their failure was a complete mystery.

Five months later, a seemingly unrelated event occurred. A computer security firm in Belarus was called in to troubleshoot some computers in Iran that were caught in a reboot loop—crashing and rebooting repeatedly. At first, technicians with the firm believed the malicious code they found on the machines was a simple, routine piece of malware. But as they and other experts around the world investigated, they discovered a virus of unparalleled complexity and mysterious provenance and intent. They had, they soon learned, stumbled upon the world’s first digital weapon.

Stuxnet, as it came to be known, was unlike any other virus or worm built before: It was the first attack that reached beyond the computers it targeted to physically destroy the equipment those computers controlled. It was an ingenious attack, jointly engineered by the United States and Israel, that worked exactly as planned, until the rebooting machines gave it all away.

And the discovery of Stuxnet was just the beginning: Once the digital weapon was uncovered and deciphered, it provided clues to other tools lurking in the wild. Soon, security experts found and exposed not one but three highly sophisticated digital spy tools that came from the same labs that created Stuxnet. The discoveries gave the world its first look at the scope and sophistication of nation-state surveillance and warfare in the digital age.

Kim Zetter, a senior reporter at Wired, has covered hackers and computer security since 1999 and is one of the top journalists in the world on this beat. She was among the first reporters to cover Stuxnet after its discovery and has authored many of the most comprehensive articles about it. In COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World’s First Digital Weapon, Zetter expands on this work to show how the code was designed and unleashed and how its use opened a Pandora’s Box, ushering in an age of digital warfare in which any country’s infrastructure—power grids, nuclear plants, oil pipelines, dams—is vulnerable to the same kind of attack with potentially devastating results. A sophisticated digital strike on portions of the power grid, for example, could plunge half the U.S. into darkness for weeks or longer, having a domino effect on all other critical infrastructures dependent on electricity.

用户评论
非常棒的一本书。很有启发。
好看,全是我的茶。书名改成"bytes or bombs“也许更切题,没有硝烟的战事,很多地方细思恐极。
搭配纪录片《Zero.Days.零日漏洞》一起食用,效果更佳。 江湖夜雨十年灯
回想今年读完的书,跟工作最相关的当属这一本。由Stuxnet 而将APT概念、以及网络战场中国家力量支配性地位引入了公众视野。APT的使用和发现是整个2010s年代高价值网络战场中的主角和焦点,在可预见的下一个10年,仍将如此。随着AI技术的发展和在各行各业的渗透,网络价值只能会越来越高,攻防对抗将会愈加激烈。AI带来了价值的提升,带来了攻击手段的进化,而真正起作用的防御,也只能取之于AI。
安全牛连载翻译作品,详细讲解震网、火焰、高斯等系列病毒的发现、分析过程,美以针对伊朗核设施发起的首次网络动能打击战争。
酣畅淋漓
故事还行,就是作者废话有点多,看不下去了
震撼人心的佳作,读完只想把《零日》纪录片直降两颗星。根据新近披露的情况,荷兰情报部门在帮助CIA破获卡迪尔·汗(汗的离心机知识来自于荷兰参股的欧洲离心机技术供应商Urenco)对伊朗和利比亚的核网络之后,继而同摩萨德、CIA三边合作,由荷兰间谍在2005-2007年间接近纳坦兹核设施,用U盘拷进离心机网络,持续收集信息,帮助NSA完成2007年9月24日的第一轮417攻击代码(控制六氟化铀气体进入离心机和级联系统的阀门)。到2008年,荷兰特工难以回到纳坦兹。8200部队随即在2010年3月推出无差别攻击的新版本,最终被赛门铁克破译。所谓奥林匹克行动,也正是参加行动的美国、以色列、荷兰、德国和法国(提供工业控制系统和离心机细节)五国“五环”合作的代称。