This Is How They Tell Me the World Ends
The Cyberweapons Arms Race
Nicole Perlroth's reporting on the global zero-day market: how exploits get bought, by whom, and how the gray-then-black market shapes which vulnerabilities get fixed and which get hoarded.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Nicole Perlroth
- Published
- 2021
- Publisher
- Bloomsbury Publishing
- Pages
- 528
- Language
- English
Read this if
Anyone who needs to argue about responsible disclosure, vulnerability equity, or the ethics of offensive cyber work, with stakes the policy debate usually keeps abstract. Strong prerequisite for security leadership conversations with policy and legal teams.
Skip this if
Practitioners who already work in vulnerability research; the book covers terrain they live in and may find some passages overstated. The framing is journalistic and uncomfortable rather than measured, by design.
Key takeaways
- The zero-day market is a mature, multi-billion-dollar industry with brokers, escrow, exclusivity terms, and after-sales support; it stopped being underground a decade ago.
- The vulnerability-equity question (disclose vs. retain) is a policy decision that crosses every government's NSC; the book makes the tradeoffs legible to non-specialists.
- Most public attribution of "sophisticated" attacks has the same handful of vendor/broker fingerprints in the supply chain; the market is smaller than it looks.
Notes
Treat as a strong starting point that will provoke debate among practitioners, not a final word. Pair with Andy Greenberg's Sandworm and Tracers in the Dark for the operational view, and with the Microsoft/Citizen Lab forensic reports on NSO and Candiru for primary sources. Read with the awareness that several specific industry claims have been pushed back on by named actors; that disagreement is part of why the book matters.
What to read before
What to read before This Is How They Tell Me the World Ends →Beginner · 2019
Sandworm
Long-form journalism on the GRU's hacking operations, the best non-technical book on what state-level cyber actually looks like.
Beginner · 2020
The Hacker and the State
Ben Buchanan's argument that state-on-state cyber operations are not deterrence-shaped (like nuclear) but signaling-shaped: countries use cyber to shape the environment, not to threaten escalation. Builds the case from declassified incidents.
Beginner · 2014
@War
Shane Harris on the entanglement of US military doctrine, the intelligence community, and private contractors after cyberspace was declared the fifth warfighting domain.
What to read next
What to read after This Is How They Tell Me the World Ends →Intermediate · 2011
A Bug Hunter's Diary
Tobias Klein walks through seven real vulnerabilities he found and exploited, in the form of personal lab notes, what he tried, what failed, and what eventually shipped to vendors.
Beginner · 2019
Sandworm
Long-form journalism on the GRU's hacking operations, the best non-technical book on what state-level cyber actually looks like.
Beginner · 2020
The Hacker and the State
Ben Buchanan's argument that state-on-state cyber operations are not deterrence-shaped (like nuclear) but signaling-shaped: countries use cyber to shape the environment, not to threaten escalation. Builds the case from declassified incidents.
Explore similar books
Alternatives to This Is How They Tell Me the World Ends →Beginner · 2020
The Hacker and the State
Ben Buchanan's argument that state-on-state cyber operations are not deterrence-shaped (like nuclear) but signaling-shaped: countries use cyber to shape the environment, not to threaten escalation. Builds the case from declassified incidents.
Beginner · 2019
Sandworm
Long-form journalism on the GRU's hacking operations, the best non-technical book on what state-level cyber actually looks like.
Beginner · 2016
Dark Territory
Fred Kaplan's policy-side history of US cyber capability, from Reagan-era panic about WarGames to the institutional buildup of NSA's offensive arm and the political fights over its use.