Krishna
The book’s subject matter is interesting. This is about the Iranian clandestine program to acquire nuclear status and the covert operation by what proved to be American and Israeli intelligence to disrupt it.
We of course learn of this gradually. The book’s story started with Iranians facing a larger number of reactor failures which surprised the westerners who came to know about it. The numbers were really high, even granting the inexperience of the scientists for whom all this was new.
.Later, they figured out the cause. The Studnext virus. It was found by a Swedish virus hunting company. Ulasen, a Swedish rootkit analyst and hacker was surprised at the sophistication of the virus infecting the Iranian machines. There is a very interesting account of how a zero day virus differs from other viruses and how it can hide inaccessible to even the most sophisticated antivirus and anti rootkit programs.
But the description may be too technical for a lay man but for an IT person, it is easily understandable, even if you are not an expert in that field. No, not that it is heavily technical and not that you need a deep understanding of computers to get it, and I am not trying to be a snob but to me, it sounds like it is filled with some techie jargon and wondered how much a person with very little computer programming knowledge would have gotten otu of it.
It appears that the virus is using a legitimate certificate but when the owner of the certificate and Microsoft did not respond to Ulasen’s queries, he publishes the story in his security blog and it creates a storm immediately as the world braces for a new attack. When they figure that it seems to only target an obscure Siemens CNC controller, everyone relaxes. Except for some security experts who refuse to go away.
They track the spread of the virus to an unusual pattern – most in Iran, followed by India and China (the latter two of which are the biggest trading partners to Iran). The book then goes on to track Iran’s nuclear ambitions from the time of Shah.
Nice descriptions of how great code and sloppy code were both found on the virus during the analysis. They look for clues in the path names and the dates and they seem to point to Israel originated virus.
The description of legal sales by companies to governments and others of unknown software vulnerabilities that the clients can attack is as shocking as it is riveting. Who knew that there was a legitimate business in bugs that is not widely known?
There is also description on control systems for machines and how they evolved. This is a very thorough description, with computer technical concepts very well explained for the sake of lay folk.
The description of how vulnerable control systems including the smart meters are is truly shocking and is a must read for all those worried about computer security. The book goes into very interesting details of the vulnerabilities and the exposure in a way that it holds the interest of both techie types and laymen, which is an astonishingly good achievement.
Good descriptions. Nice details. Good, interesting way of describing what could have been a boring geeky world of cyberhacking and spy warfare in software. Good job by Kim overall.
The intrigues of the Bush 
administration and Obama’s subsequent decisions add additional colour to the narration and make it even more enjoyable. Frankly, when I started the book, I did not think that I would enjoy reading the details of the affair so much. I took it up for the information it would contain but the enjoyable ride along the way is a huge bonus.
The final analysis of the implications of this attack, that too from US which has the most to lose through a counterstrike, are fascinating. It is very hard to keep the book both very informative and enjoyable at the same time. It is harder to keep the tempo and pace going throughout the book once you understand the basic subject matter and the premise. Kim does both very well and proves to be a skilful writer of non fiction.
8/10
– – Krishna