Book Review | Countdown to Zero Day

 By Abraham Martin
Countdown to Zero Day by Kim Zetter

Countdown to Zero Day, written by Kim Zetter, is about Stuxnet, malware or virus designed to roll back and stop Iran’s nuclear program. The first cyber weapon the world had ever seen could have led to another war between countries. After discovering Stuxnet, all eyes were on the U.S. and Israel, keeping in mind the tensions between these countries and Iran. There were many uncertainties around who was to be blamed and what happened as the U.S. and Israel never wanted Iran to possess nuclear weapons. Stuxnet was a significant speed breaker which Iran had to go through. Countdown to Zero day tries to answer all the prevailing uncertainties present around Stuxnet.

The book has nineteen chapters in total, and the first five chapters of the book focus on the origin of Stuxnet and its effect. The book begins as a multifaceted secret. In Natanz, Iran, the centrifuges were falling oddly flat at a remarkable rate, requiring substitution. Stuxnet was an incredibly refined computer worm that destroyed and pre-violated various obscure Windows zero-day weaknesses to infect computers and spread. Its goal was to contaminate P.C.s as well as to cause real impacts.

The Stuxnet was a software that could self-generate throughout a network. It was named for the record extensions found in its code. It immediately turned out to be intensely studied by various scientists and security organizations. The following chapters indirectly state who is to be blamed for Stuxnet’s operation and reveals the advanced forms of Stuxnet malware. Now it is believed that U.S. and Israeli governments planned Stuxnet as an instrument to destroy, or at the very least delay, Iran’s nuclear weapons promotion program. The Bush and Obama administration admitted that if Iran were on the verge of creating nuclear weapons, Israel would launch airstrikes against Iranian atomic offices in a move that could have sparked territorial conflict and war. Operation Olympics was seen as another peaceful option through which Stuxnet was introduced and given the decision between bombing nations at an unexpected cost or wiping out structures and executing individuals and mounting a digital assault at a much lower price; it’s no wonder the military has chosen this way. The U.S. could not afford another war but at the same time wanted to stop Iran from acquiring nuclear weapons; thus, Stuxnet was the best option.

Stuxnet was a high-level cyber-attack that could be connected to different bits of malware. In particular, various bits of malware can be exploited from a similar encoding structure and be used for entirely other purposes. Later, another malware was recognized and named Duqu, and the extension code found was identical to that of Stuxnet. Duqu and Stuxnet were not the same but had differences. To corrupt a framework with Duqu, attackers would send a phishing email to the target. Instead of four zero-days like those found in Stuxnet, Duqu just used one zero-day, which was an adventure depending on the weakness of Microsoft Word’s text styles.

Stuxnet contamination assessments are venturing well into one lakh areas in Iran, India, Europe, and the United States. Unlike this rapid illness style, Duqu had to infect its intended targets and was planned as a Remote Access Trojan (RAT). Rodent-type malware has been used in targeted digital attacks before, with the particular motivation behind the digital covert activity. Stuxnet spread from computer to computer, chasing the one who controlled Natanz’s axes. A flaw in Stuxnet’s code caused it to spread further than expected, contaminating more than a lakh of different machines worldwide, and the same has been observed in India. Ten thousand Indian computers were affected. Fifteen were located in what is called ‘critical infrastructure.’ These included the electricity boards of Gujarat and Haryana in India and a CGSB oil rig. While the fault caused Stuxnet to arrive on these computers, fortunately, it did not initiate itself on them. As such, India was a few faulty lines of code away from seeing its strength and oilfields hurt. Stuxnet has awakened public authority to India’s weakness to digital assaults.

Author Kim Zetter’s malware record in Countdown to Zero Day is incredible. It is a profoundly fascinating, innovative investigative story. The book takes one into the dark and deep universe of zero-day, its weaknesses, and explores the reasonable questions around this training. There is an actual irreconcilable situation that requires more open discussion. One cannot forget the 2016 budget of the United States as President Obama wanted to invest and spend money on cybersecurity. The book’s final section is interesting because it focuses on the morals and global approaches behind cyber-attacks, especially those supported by governments and their political plans. Interestingly, the book has accepted that the United States and Israel are behind the creation and execution of Stuxnet, where the U.S. poured in the maximum of the resources. The U.S. involvement was apparent as in the year 2012, NBC, in their article titled “Obama, Bush Behind Stuxnet Worm,” stated that they had evidence from unnamed sources that President Obama had asked Joe Biden (the then Vice- President) that “Should we shut this thing down?” after the discovery of Stuxnet.

On a personal note, I find author Kim Zetter has articulated and expressed her views and thoughts in a manner that is easy to understand. However, the book is a stunner when it comes to reviewing the procedure and the thinking behind such activity. The media could conclude it by stating it as another military activity. Still, a few of the codes passing the web and target frameworks going undetected, with the added benefit of not having the ability to track the onset of the onslaught. This is what makes all of Stuxnet’s business so intriguing.

Thus, “Countdown to Zero Days” is a compelling book on digital or cyber-warfare that unfolds like a shocking investigator’s tale and showcases that security systems that are guaranteed can be vulnerable and compromised at times and a matter of concern in the days to come.