zero day

back to index

88 results

Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon

by Kim Zetter  · 11 Nov 2014  · 492pp  · 153,565 words

Case of the Centrifuges 1. Early Warning 2. 500 Kilobytes of Mystery 3. Natanz 4. Stuxnet Deconstructed 5. Springtime for Ahmadinejad 6. Digging for Zero Days 7. Zero-Day Paydays 8. The Payload 9. Industrial Controls Out of Control 10. Precision Weapon 11. A Digital Plot Is Hatched 12. A New Fighting Domain 13

genius. Not only was it using a skillful rootkit to cloak itself and make it invisible to antivirus engines, it was using a shrewd zero-day exploit to propagate from machine to machine—an exploit that attacked a function so fundamental to the Windows operating system, it put millions of computers

seal the intruders out, while antivirus firms like Ulasen’s add signatures to their scanners to detect any exploits that try to attack the vulnerabilities. Zero-day exploits, however, aren’t ordinary exploits but are the hacking world’s most prized possession because they attack holes that are still unknown to

UPX—short for “Ultimate Packer for eXecutables”—that was easily identified and eliminated. Given the sophisticated nature of the rest of the threat—the zero-day exploit and the stolen digital certificates—it seemed an odd choice for Stuxnet’s creators to make. So O’Murchu assumed their primary reason for

’s military. 44 International Institute for Strategic Studies, Iran’s Strategic Weapons Programmes: A Net Assessment (London: Routledge, 2005), 33. CHAPTER 6 DIGGING FOR ZERO DAYS It was a Friday evening in late August, and Liam O’Murchu was celebrating his thirty-third birthday at a swanky rooftop lounge in Venice

connections. Based on this, it appeared the attackers were targeting systems they knew were not connected to the internet and, given the unprecedented number of zero-day exploits they used to do it, they must have been aiming for a high-value, high-security target. But this roundabout way of reaching

wanted without displaying any warnings or asking for an actual administrator’s approval. 2 Microsoft and Kaspersky Lab began publishing information about the three other zero-day vulnerabilities in mid-September. 3 A hard-coded password is one that the software maker embeds in their code so that the system can

eventually get caught. 15 The attackers could have retrieved the log remotely from an infected system that contacted their command servers. CHAPTER 7 ZERO-DAY PAYDAYS Stuxnet’s zero-day exploits raised a lot of troubling questions about the burgeoning role of governments in the secret sale and use of such exploits—questions that

in public debate, despite evidence that the practice is creating dangerous vulnerabilities for corporations, critical infrastructure, and individual computer users alike. Although the market for zero-day vulnerabilities and exploits has been around for more than a decade, until recently it was fairly small and lurked in the closed, underground world of

skills and wares to the highest bidder instead of handing information about software holes over to vendors to be fixed. Before putting his Windows Excel zero day on the auction block, fearwall did disclose information about the vulnerability to Microsoft, as “responsible” researchers were expected to do, but the software giant

The bidding reached only $60 before eBay yanked the listing. But the aborted sale was a foreshadowing of things to come. Today the markets for zero-day vulnerabilities and exploits are legion—from the white-market bug bounty programs offered by software makers and website owners themselves to the thriving underground black

security holes in their software, and have made the companies more responsive about fixing them. Third-party security firms like HP TippingPoint also pay for zero days, which they use to test the security of customer networks and protect them against attacks. TippingPoint discloses the vulnerabilities privately to software vendors so they

customers from attacks that they don’t know about yet. The thriving underground black market that caters to crooks and corporate spies sells not just zero-day vulnerabilities and exploits but also the payloads to weaponize the exploits—Trojan horses, spy kits, and other malicious tools designed to steal online banking

and the Zlob Trojan before it, used. But the underground criminal sales—troubling as they are—are rapidly being eclipsed by the newest market for zero-day vulnerabilities and exploits, one that critics predict will soon have a more serious effect on security than the criminal market. This is the flourishing gray

market of digital arms dealers—defense contractors and private marketeers—whose government customers have driven up the price of zero days and enticed sellers away from the vendor bounty programs where the holes will be fixed and into the arms of people who only want to

misuse them to spy on political opponents and activists or pass them to another government that will. Even if a government agency is using a zero day for a legitimate national security purpose, vulnerabilities sold on the gray market are not disclosed to vendors for patching, which leaves anyone who doesn’

Hacking Team in Italy and the Gamma Group in the UK both sell surveillance tools for law enforcement and intelligence agencies that use zero-day exploits to get installed. The zero-day work of Endgame Systems, a Georgia-based firm, was a badly kept secret in the security community for years but wasn’t

packages Endgame offered, called Maui, Cayman, and Corsica. For $2.5 million a year, the Maui package provided buyers with a bundle of twenty-five zero-day exploits. The Cayman package, which cost $1.5 million, provided intelligence about millions of vulnerable machines worldwide already infected with botnet worms like Conficker and

to this effect. While Endgame made a concerted effort to hide its exploit business, one company that’s positively garrulous about its role in the zero-day trade is VUPEN Security, based in Montpellier, France. VUPEN bills itself as a boutique security firm creating and selling exploits to intelligence agencies and

law enforcement for offensive cyber security operations and lawful intercept missions. Originally launched in 2008 to protect government clients from zero-day attacks, the company began creating exploits for offensive operations two years later. In 2011, it earned $1.2 million in revenue, nearly 90 percent

won’t say how many exploits they’ve sold since they began this part of their business, but says they discover hundreds of zero days a year. “We have zero days for everything,” he says. “We have almost everything for every operating system, for every browser, for every application if you want.” How

also offers a Threat Protection Program that provides detailed research on exclusive vulnerabilities discovered by its researchers to allow customers “to reduce their exposure to zero-day attacks,” according to a company brochure that got leaked to WikiLeaks.9 Both of these programs are described as if they’re meant to

help customers defensively protect themselves from zero-day attacks—zero-day exploits can be used to test a system for its vulnerability to an attack—but the information provided in them can also be used

don’t want to have such things.” Subscribers to their exploit service have access to a portal, where they can shop a menu of existing zero days, or special-order exploits for a specific operating system or application. Exploits are priced at four levels, according to the brochure. Subscribers purchase a

that make oppressive surveillance and cyberwarfare possible—putting everyone at risk in the process.11 He acknowledges that governments would make and use their own zero days whether or not companies like VUPEN sold them, but says the free-market sellers are a “ticking bomb” because there’s no control over

enforcement agency’s network and steals one of these weaponized exploits?”12 In 2013, initial steps were taken to try to regulate the sale of zero days and other cyberweapons. The Wassenaar Arrangement—an arms-control organization composed of forty-one countries, including the United States, the UK, Russia, and Germany

activities, financial means, diplomatic engagement, and such other means as the President considers appropriate.” But it’s unclear exactly how such controls would work, since zero days and other digital weapons are much more difficult to monitor than conventional weapons, and such controls requiring export licenses for the foreign sale of exploits

May 6, 2007, available at weis2007.econinfosec.org/papers/29.pdf. 3 Author interview with Charlie Miller, September 2011. 4 Ibid. 5 Greenberg, “Shopping for Zero-Days: A Price List for Hackers’ Secret Software Exploits.” 6 Tonya Layman, “Rouland’s Tech Security Firm Growing Fast,” Atlanta Business Chronicle, June 11, 2011. 7

He had no interest in general computer security and couldn’t care less about announcements warning of the latest viruses and worms infecting PCs. Even zero-day exploits held no allure for him. So when Stuxnet first made headlines in the technology press and became the subject of extensive chatter on security

McGurk says, they had catalogued some 4,000 functions in the code—more than most commercial software packages contained—and had also uncovered the four zero-day exploits that Symantec and Kaspersky would later find. ICS-CERT released an advisory on July 20 announcing to control-system owners that malware targeting the

of software vulnerabilities” from private vendors—that is, the boutique firms and large defense contractors who compose the new industrial war complex that feeds the zero-day gray market.35 This trend in government outsourcing of offensive cyber operations is visible in the job announcements that have sprung up from defense contractors

public or privately to the vendor in question so that patches can be distributed to computer users. But when military and intelligence agencies need a zero-day vulnerability for offensive operations, the last thing they want to do is have it patched. Instead, they keep fingers crossed that no one else

Iran, a hacker or nation-state cyberwarrior from another country was exploiting them too. “It’s pretty naïve to believe that with a newly discovered zero-day, you are the only one in the world that’s discovered it,” Howard Schmidt, former cybersecurity coordinator for the White House and former executive

in US systems so that they can be exploited in foreign ones creates a schism in the government that pits agencies that hoard and exploit zero days against those, like the Department of Homeland Security, that are supposed to help secure and protect US critical infrastructure and government systems. In his

discovered; they had put in extensive work to deconstruct the Windows portion of the attack and had been the first private researchers to discover additional zero days in Stuxnet and report them to Microsoft. But beyond its menagerie of exploits, they hadn’t considered Stuxnet a particularly interesting threat. The unfamiliar

on USB flash drives to drop its malicious cargo. But the CrySyS Lab had found no dropper on machines at Bartos’s company and no zero-day exploits, either. After Symantec published its paper about Duqu, however, Chien asked Bencsáth to have the Hungarian victim search their systems again for anything

gave the attackers escalated privileges on infected machines by exploiting a buffer-overflow vulnerability in the wallpaper feature of Windows. The vulnerability had been a zero day when the attackers created the exploit in February 2009, but by the time they released Stuxnet four months later that June, Microsoft had patched

for launching their attack. The switch to the Duqu platform likely occurred because the missile portion of the variant Stuxnet 2010, with all of its zero-day exploits and additional spreading mechanisms, was much more complicated and required more code. And the Tilde-d platform was a much simpler and more

were never found because this version was much more tightly controlled than later ones and only infected a limited number of machines. Instead of using zero-day exploits to spread, it spread in just one way—by infecting Siemens Step 7 project files. These were the files that programmers shared among

the next wave of Stuxnet struck. The payload was identical to the one unleashed the previous June, but this version included the larger collection of zero-day exploits and other spreading mechanisms, including the .LNK exploit that ultimately led to its discovery. Despite all of these extra bells and whistles, however,

wanted to take out. Six cascades of 164 centrifuges each added up to 984 centrifuges. The Israelis apparently added the final touches—the extra zero days and other spreading mechanisms—in order to supersize it. Sanger reports that sources told him that the worm was launched inside Natanz and escaped when

than missiles, with the ability to arrive at their destination in seconds, and can be tweaked on the fly to combat counterdefenses. If a zero-day vulnerability gets patched, attackers can draw from a reserve of alternative exploits—as Stuxnet’s developers did—or change and recompile code to alter its

to the pool of tools and techniques that criminal hackers and hacktivists would adopt. Nor did they ask about the ethics and consequences of stockpiling zero-day exploits and withholding information about security vulnerabilities from US system owners so the government can use them to attack the systems of adversaries. Michael Hayden

specifically addressed this issue and recommended that the National Security Council establish a process for reviewing the government’s use of zero days. “US policy should generally move to ensure that Zero Days are quickly blocked, so that the underlying vulnerabilities are patched on US Government and other networks,” the review board wrote,

noting that only “in rare instances, US policy may briefly authorize using a Zero Day for high priority intelligence collection, following senior, interagency review involving all appropriate departments.”39 In almost all instances, they wrote, it is “in the national

government is to defend.”40 In a speech addressing the review board’s report, President Obama ignored both of the panel’s recommendations for handling zero days and for conducting oversight. But during a confirmation hearing for Vice Adm. Michael Rogers in March 2014 to replace the retiring General Alexander as

Command and the NSA to provide examples of circumstances under which they would use cyberweapons, or explain the circumstances under which they hoard information about zero-day vulnerabilities versus when they might allow disclosure of information about a security hole to get it fixed. And it would be important to know,

Heart of the Machine: Our Future in a World of Artificial Emotional Intelligence

by Richard Yonck  · 7 Mar 2017  · 360pp  · 100,991 words

knowledge and skill available to all at very affordable prices. Distributed denial of service (DDOS) attacks, SQL injections, brute force password cracking, botnet services, and zero-day exploits are all hacking methods that once required sophisticated expertise to perform. Today anyone with money and an Internet connection can access the “Dark Web

Confessions of a Bookseller

by Shaun Bythell  · 8 Aug 2019  · 335pp  · 95,549 words

total number of books that went out today was eight: total value £99. Unusually high for our online sales, but it compensates for the two zero days we’ve had in the past week. At 10 a.m. a young Italian woman came in to discuss life in a bookshop for an

Social Democratic America

by Lane Kenworthy  · 3 Jan 2014  · 283pp  · 73,093 words

private-sector firms offer employees some paid sickness days, and a few cities and states have a public program, one in three employed Americans gets zero days of paid sick leave.7 FIGURE 3.1 Health expenditures and life expectancy, 1960–2010 The data points are years. The lines are loess curves

Cryptoeconomics: Fundamental Principles of Bitcoin

by Eric Voskuil, James Chiang and Amir Taaki  · 28 Feb 2020  · 365pp  · 56,751 words

both upgrade of the client [469] and upgrade of an external dependency [470] have resulted in unintended chain splits and material financial loss [471] . Additionally, zero-day [472] flaws in this implementation have been published without notice [473] and could have produced a global stall. A single implementation would produce a weakness

The Driver in the Driverless Car: How Our Technology Choices Will Create the Future

by Vivek Wadhwa and Alex Salkever  · 2 Apr 2017  · 181pp  · 52,147 words

. Kim Zetter, “An unprecedented look at Stuxnet, the world’s first digital weapon,” WIRED 3 November 2014, https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet (accessed 21 October 2016) 3. “What happened,” U.S. Office of Personnel Management (undated), https://www.opm.gov/cybersecurity/cybersecurity-incidents (accessed 21 October

Blood and Oil: Mohammed Bin Salman's Ruthless Quest for Global Power

by Bradley Hope and Justin Scheck  · 14 Sep 2020  · 339pp  · 103,546 words

one but three $50 million annual subscriptions for different intelligence-related organizations in its government. The high cost came down to NSO’s use of “zero-day” exploits, a term for loopholes in widely used software that even big companies like Microsoft, Google, and Apple don’t know about. Its researchers work

Nickel and Dimed: On (Not) Getting by in America

by Barbara Ehrenreich  · 2 Jan 2003  · 200pp  · 72,182 words

-lives? More to the point, I am wondering what the two-job way of life would do to a person after a few months with zero days off. In my writing life I normally work seven days a week, but writing is ego food, totally self-supervised and intermittently productive of praise

Messing With the Enemy: Surviving in a Social Media World of Hackers, Terrorists, Russians, and Fake News

by Clint Watts  · 28 May 2018  · 324pp  · 96,491 words

access. APTs use a range of techniques, from the simple to the complex, employing all forms of social engineering and specifically tailored malware known as “zero days.” The Russian APTs were known in the cybersecurity world as APT28 (code name: Fancy Bear) and APT29 (Cozy Bear). Cozy and Fancy Bear represented competing

DarkMarket: Cyberthieves, Cybercops and You

by Misha Glenny  · 3 Oct 2011  · 274pp  · 85,557 words

Krebs; Bruce Schneier’s newsletter, Crypto-gram; the blog of F-Secure, the Finnish Computer Security company; and, finally, Dancho Danchev and Ryan Naraine’s Zero Day blog on Znet. ACKNOWLEDGEMENTS Writing this book presented many challenges which I could never have met had it not been for the generous assistance I

Going Dark: The Secret Social Lives of Extremists

by Julia Ebner  · 20 Feb 2020  · 309pp  · 79,414 words

We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency

by Parmy Olson  · 5 Jun 2012  · 478pp  · 149,810 words

Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet

by Joseph Menn  · 26 Jan 2010  · 362pp  · 86,195 words

The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data

by Kevin Mitnick, Mikko Hypponen and Robert Vamosi  · 14 Feb 2017  · 305pp  · 93,091 words

CTOs at Work

by Scott Donaldson, Stanley Siegel and Gary Donaldson  · 13 Jan 2012  · 458pp  · 135,206 words

The Debian Administrator's Handbook, Debian Wheezy From Discovery to Mastery

by Raphaal Hertzog and Roland Mas  · 24 Dec 2013  · 678pp  · 159,840 words

The Future of War

by Lawrence Freedman  · 9 Oct 2017  · 592pp  · 161,798 words

A Hacker's Mind: How the Powerful Bend Society's Rules, and How to Bend Them Back

by Bruce Schneier  · 7 Feb 2023  · 306pp  · 82,909 words

Dark Mirror: Edward Snowden and the Surveillance State

by Barton Gellman  · 20 May 2020  · 562pp  · 153,825 words

Pax Technica: How the Internet of Things May Set Us Free or Lock Us Up

by Philip N. Howard  · 27 Apr 2015  · 322pp  · 84,752 words

The System: Who Owns the Internet, and How It Owns Us

by James Ball  · 19 Aug 2020  · 268pp  · 76,702 words

The New Digital Age: Transforming Nations, Businesses, and Our Lives

by Eric Schmidt and Jared Cohen  · 22 Apr 2013  · 525pp  · 116,295 words

Our Final Invention: Artificial Intelligence and the End of the Human Era

by James Barrat  · 30 Sep 2013  · 294pp  · 81,292 words

Rewired: The Post-Cyberpunk Anthology

by James Patrick Kelly and John Kessel  · 30 Sep 2007  · 571pp  · 162,958 words

Immortality, Inc.

by Chip Walter  · 7 Jan 2020  · 232pp  · 72,483 words

Ghost in the Wires: My Adventures as the World's Most Wanted Hacker

by Kevin Mitnick  · 14 Aug 2011

There's a War Going on but No One Can See It

by Huib Modderkolk  · 1 Sep 2021  · 295pp  · 84,843 words

Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground

by Kevin Poulsen  · 22 Feb 2011  · 264pp  · 79,589 words

Little Brother

by Cory Doctorow  · 29 Apr 2008  · 398pp  · 120,801 words

Active Measures: The Secret History of Disinformation and Political Warfare

by Thomas Rid

The Great Firewall of China

by James Griffiths;  · 15 Jan 2018  · 453pp  · 114,250 words

Smart Cities: Big Data, Civic Hackers, and the Quest for a New Utopia

by Anthony M. Townsend  · 29 Sep 2013  · 464pp  · 127,283 words

The Autonomous Revolution: Reclaiming the Future We’ve Sold to Machines

by William Davidow and Michael Malone  · 18 Feb 2020  · 304pp  · 80,143 words

New Laws of Robotics: Defending Human Expertise in the Age of AI

by Frank Pasquale  · 14 May 2020  · 1,172pp  · 114,305 words

The Coming Wave: Technology, Power, and the Twenty-First Century's Greatest Dilemma

by Mustafa Suleyman  · 4 Sep 2023  · 444pp  · 117,770 words

Underground

by Suelette Dreyfus  · 1 Jan 2011  · 547pp  · 160,071 words

Connectography: Mapping the Future of Global Civilization

by Parag Khanna  · 18 Apr 2016  · 497pp  · 144,283 words

Ghost Fleet: A Novel of the Next World War

by P. W. Singer and August Cole  · 28 Jun 2015  · 537pp  · 149,628 words

When Computers Can Think: The Artificial Intelligence Singularity

by Anthony Berglas, William Black, Samantha Thalind, Max Scratchmann and Michelle Estes  · 28 Feb 2015

Halting State

by Charles Stross  · 9 Jul 2011  · 350pp  · 107,834 words

Financial Independence

by John J. Vento  · 31 Mar 2013  · 368pp  · 145,841 words

Beautiful security

by Andy Oram and John Viega  · 15 Dec 2009  · 302pp  · 82,233 words

Cyber War: The Next Threat to National Security and What to Do About It

by Richard A. Clarke and Robert Knake  · 15 Dec 2010  · 282pp  · 92,998 words

Flash Boys: Not So Fast: An Insider's Perspective on High-Frequency Trading

by Peter Kovac  · 10 Dec 2014  · 200pp  · 54,897 words

Masters of Scale: Surprising Truths From the World's Most Successful Entrepreneurs

by Reid Hoffman, June Cohen and Deron Triff  · 14 Oct 2021  · 309pp  · 96,168 words

Permanent Record

by Edward Snowden  · 16 Sep 2019  · 324pp  · 106,699 words

Network Security Through Data Analysis: Building Situational Awareness

by Michael S Collins  · 23 Feb 2014  · 446pp  · 102,421 words

The One Device: The Secret History of the iPhone

by Brian Merchant  · 19 Jun 2017  · 416pp  · 129,308 words

Black Code: Inside the Battle for Cyberspace

by Ronald J. Deibert  · 13 May 2013  · 317pp  · 98,745 words

Age of Discovery: Navigating the Risks and Rewards of Our New Renaissance

by Ian Goldin and Chris Kutarna  · 23 May 2016  · 437pp  · 113,173 words

The New Rules of War: Victory in the Age of Durable Disorder

by Sean McFate  · 22 Jan 2019  · 330pp  · 83,319 words

Culture & Empire: Digital Revolution

by Pieter Hintjens  · 11 Mar 2013  · 349pp  · 114,038 words

Reset

by Ronald J. Deibert  · 14 Aug 2020

The Ransomware Hunting Team: A Band of Misfits' Improbable Crusade to Save the World From Cybercrime

by Renee Dudley and Daniel Golden  · 24 Oct 2022  · 392pp  · 114,189 words

The Millionaire Fastlane: Crack the Code to Wealth and Live Rich for a Lifetime

by Mj Demarco  · 8 Nov 2010  · 386pp  · 116,233 words

The Seventh Sense: Power, Fortune, and Survival in the Age of Networks

by Joshua Cooper Ramo  · 16 May 2016  · 326pp  · 103,170 words

How Music Got Free: The End of an Industry, the Turn of the Century, and the Patient Zero of Piracy

by Stephen Witt  · 15 Jun 2015  · 315pp  · 93,522 words

The Big Nine: How the Tech Titans and Their Thinking Machines Could Warp Humanity

by Amy Webb  · 5 Mar 2019  · 340pp  · 97,723 words

Machine, Platform, Crowd: Harnessing Our Digital Future

by Andrew McAfee and Erik Brynjolfsson  · 26 Jun 2017  · 472pp  · 117,093 words

Working: People Talk About What They Do All Day and How They Feel About What They Do

by Studs Terkel  · 1 Jan 1974  · 926pp  · 312,419 words

Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World

by Bruce Schneier  · 3 Sep 2018  · 448pp  · 117,325 words

Hacker, Hoaxer, Whistleblower, Spy: The Story of Anonymous

by Gabriella Coleman  · 4 Nov 2014  · 457pp  · 126,996 words

Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World

by Bruce Schneier  · 2 Mar 2015  · 598pp  · 134,339 words

The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics

by Ben Buchanan  · 25 Feb 2020  · 443pp  · 116,832 words

How Money Became Dangerous

by Christopher Varelas  · 15 Oct 2019  · 477pp  · 144,329 words

Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World

by Joseph Menn  · 3 Jun 2019  · 302pp  · 85,877 words

Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks

by Scott J. Shapiro  · 523pp  · 154,042 words

Area 51: An Uncensored History of America's Top Secret Military Base

by Annie Jacobsen  · 16 May 2011  · 572pp  · 179,024 words

Site Reliability Engineering: How Google Runs Production Systems

by Betsy Beyer, Chris Jones, Jennifer Petoff and Niall Richard Murphy  · 15 Apr 2016  · 719pp  · 181,090 words

Army of None: Autonomous Weapons and the Future of War

by Paul Scharre  · 23 Apr 2018  · 590pp  · 152,595 words

Cybersecurity: What Everyone Needs to Know

by P. W. Singer and Allan Friedman  · 3 Jan 2014  · 587pp  · 117,894 words

Building Secure and Reliable Systems: Best Practices for Designing, Implementing, and Maintaining Systems

by Heather Adkins, Betsy Beyer, Paul Blankinship, Ana Oprea, Piotr Lewandowski and Adam Stubblefield  · 29 Mar 2020  · 1,380pp  · 190,710 words

The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats

by Richard A. Clarke and Robert K. Knake  · 15 Jul 2019  · 409pp  · 112,055 words

The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age

by David E. Sanger  · 18 Jun 2018  · 394pp  · 117,982 words

Seeking SRE: Conversations About Running Production Systems at Scale

by David N. Blank-Edelman  · 16 Sep 2018

The Nature of Software Development: Keep It Simple, Make It Valuable, Build It Piece by Piece

by Ron Jeffries  · 14 Aug 2015  · 444pp  · 118,393 words

Pegasus: How a Spy in Your Pocket Threatens the End of Privacy, Dignity, and Democracy

by Laurent Richard and Sandrine Rigaud  · 17 Jan 2023  · 350pp  · 115,802 words

Financial Modelling in Python

by Shayne Fletcher and Christopher Gardner  · 3 Aug 2009  · 246pp  · 16,997 words

@War: The Rise of the Military-Internet Complex

by Shane Harris  · 14 Sep 2014  · 340pp  · 96,149 words

Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It

by Marc Goodman  · 24 Feb 2015  · 677pp  · 206,548 words

Engineering Security

by Peter Gutmann

Dark Territory: The Secret History of Cyber War

by Fred Kaplan  · 1 Mar 2016  · 383pp  · 105,021 words

Spies, Lies, and Algorithms: The History and Future of American Intelligence

by Amy B. Zegart  · 6 Nov 2021

Dawn of the Code War: America's Battle Against Russia, China, and the Rising Global Cyber Threat

by John P. Carlin and Garrett M. Graff  · 15 Oct 2018  · 568pp  · 164,014 words

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers

by Andy Greenberg  · 5 Nov 2019  · 363pp  · 105,039 words

Construction Project Management

by S. Keoki Sears  · 7 Feb 2015

Seveneves

by Neal Stephenson  · 19 May 2015  · 945pp  · 292,893 words

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

by Nicole Perlroth  · 9 Feb 2021  · 651pp  · 186,130 words