“It was their twenty-first-century Chernobyl. And at the old nuclear plant, some ninety miles north of Kyiv, the computers went ‘black, black, black,’ Sergei Goncharov, Chernobyl’s gruff tech administrator told me.

Goncharov was just returning from lunch when the clock struck 1:12 P.M., and twenty-five hundred computers went dark over the course of seven minutes. Calls started flooding in; everything was down.”

In this passage, Perlroth uses a barrage of facts and figures to present a precise and accurate account of the NotPetya attack. The use of numbers provides an objective account of the scale and rapidity of the attack, emphasizing its severity. This severity is also compounded by the comparison between this attack and the Chernobyl disaster, the globally infamous meltdown of a Soviet nuclear power station that spread radioactive fallout over Ukraine and other regions of Europe in 1986. The repetition in the firsthand testimony from Goncharov (“black, black, black”) creates a sense of urgency by directly conveying the powerful effect that the attack had on real individuals.

“If anything, we were more exposed. Worse, our own cyberweapons were coming for us. The Ukrainians knew it. Our enemies certainly knew it. The hackers had always known it.

This is how they tell me the world ends.”

Perlroth uses epistrophe, a form of parallel structure wherein words are repeated at the end of a succession of phrases. By ending a series of sentences with the phrase “knew it,” the author creates a sense of balance and repetition that adds emphasis and renders the passage more impactful. The use of short, simple sentences further contributes to the punchiness of this paragraph, as does the direct invocation of the book’s title. An ominous mood is built through Perlroth’s use of negative comparative language, which gives the impression of a mounting threat.

“I was still covered in dust when my editors told me to surrender my devices, take an oath of silence, and step into Arthur Sulzberger’s storage closet in July of 2013.”

This dramatic opening to the book’s first chapter relies upon descriptive storytelling techniques to convey the author’s own expertise in the realm of cybersecurity. Perlroth thus borrows the literary technique known as in medias res—the practice of beginning a significant scene without any of the necessary context or explanation to make sense of it. This technique creates an immediate sense of intrigue and mimics Perlroth’s own feelings of unpreparedness when she was thrust abruptly into the aftermath of the Snowden Leaks. This abruptness is also highlighted by the disconnect between Perlroth’s unkempt state and the dramatic, secretive ceremony of her induction.

“After several tense moments, Luigi finally murmured, ‘I could answer your question, but I would much rather talk about my salmon.’ […]

‘These men are young. They have no idea what they are doing. All they care about is money. They have no interest in learning how their tools will be used, or how badly this will end.’

Then shifting his gaze back to Luigi, he said, ‘But go ahead. Tell us. Tell us about your fucking salmon.’

Six weeks in a storage closet in the summer of 2013, and all of them with the fucking salmon playing and replaying itself in my head. The phrase became my own code word for everything anyone who played in the cyberarms trade refused to tell me.”

Perlroth uses direct reported speech to dramatize a key conversation that illustrates the ethical issues involved in selling zero-day exploits. Told in a tone of immediacy and clarity, the passage utilizes profanity to create a visceral sense of the high tension involved in the scene, and the story also establishes the meaning of a phrase that is then employed throughout the text to concisely convey Perlroth’s exasperation with the secrecy of the industry.

“Under what conditions will we use them?

Under what conditions will we not?

How are we protecting them?

What if they get out?

Who else knows about this?

How much money are hackers making?

How are they spending it?

Is anyone trying to stop them?

Who else is asking these questions?

How does anyone sleep at night?

How will I?”

This long litany of rhetorical questions is presented without any expectation of an actionable answer. Instead, the barrage of philosophical and practical considerations reflects the extent of Perlroth’s uncertainties at the outset of her investigation, and her queries are also designed to inspire deeper consideration of the issues that she presents. The implication of this quote is that the book will attempt to provide answers to these questions.

“That was a heck of a lot less than he paid to engrave his initials—J.P.W.—on the crocodile cowboy boots he wore […] Six feet tall and pushing 250 pounds, he did not resemble the emaciated hackers […] Watters didn’t do suits. His standard uniform was a Tommy Bahama shirt, cowboy boots, blade sunglasses if the sun was shining—a little colorful for men who wore black T-shirts and preferred to work in windowless dungeons. Their diet consisted of sandwiches and Red Bull. Watters preferred Miller Lite and Texas rib eye.”

In this quote, Perlroth describes Watters’s habits and physical appearance in order to create a more concrete, immediate sense of the largely abstract issues that the text presents. By treating her key figures as vividly realized characters, Perlroth makes use of storytelling tactics to address the human aspects of the concepts she discusses. Notably, her descriptions of Watters’s’ wealth, Texan upbringing, and distinctive style highlight the differences between him and the hackers with whom he is working. The juxtaposition between Watters and the archetypal hacker echoes the stark difference between Watters’s approach and the norms of the information security industry.

“It wasn’t abnormal, Sabien said, to find multiple nation-states listening in on the same machine—especially in the case of high-profile targets, diplomats, government shell companies, arms dealers, and the like. There was one well-known exploit in HP printers that for years, Sabien told me, was utilized by ‘government agencies all over the world.’ The exploit allowed anyone with knowledge of its existence to scrape any files that passed through HP’s printers and offered spies a foothold in their target’s network, where IT administrators would least suspect.”

In this quote, Perlroth provides a specific example of how zero-day exploits can be used in digital espionage to clearly illustrate the dangers and opportunities posed by these bugs. To show the ubiquity of these unscrupulous methods, she uses strategic vocabulary choices that emphasize the extent and frequency of the data breaches: “multiple,” “well-known,” “agencies all over the world,” “anyone,” and “any files.”

“The iPhone exploit—had Charlie sold it—would have easily netted a six-figure payout on the underground market. But he wasn’t interested in the cash. Charlie was in it for the intellectual curiosity and the street cred. This time, he’d tipped off Apple to what he’d found, and helped the company’s engineers come up with a patch. Another eight months later, he did it again, hacking Apple’s MacBook Air in less than two minutes. He changed his Twitter bio to ‘I’m that Apple 0day guy.’”

The value and significance of Charlie’s exploits is made clear when Perlroth discusses their price tag on the black market, adding to the impact of his decision not to sell them for cash. The juxtaposition between Charlie’s pursuit of knowledge and his so-called “street cred”—and the pecuniary motives of many who sell exploits—show the wide range of ethics and goals that motivate hackers. The fact that Charlie repeatedly replicates his extraordinary feats highlights his exceptional skills.

“From its founding in 1952, the nation’s preeminent spy agency, the NSA—‘No Such Agency’ or ‘Never Say Anything,’ in the old joke—was America’s chief eavesdropper and codebreaker.”

This quote uses a wryly comedic tone to introduce the NSA and its purview. The jokes reimagine the source of the agency’s initialization to make reference to the secrecy and dishonesty for which the NSA is known. By using a humorous presentation, the author creates a more easily accessible introduction to a highly specialized and complex topic.

“Perhaps Michael Hayden, the former NSA director, put it best when he said, ‘This has a whiff of August 1945,’ the month and year the United States dropped the world’s first ever atomic bomb on Hiroshima. ‘Somebody just used a new weapon, and this weapon will not be put back in the box.’”

Perlroth uses a direct quote from an expert source to clearly convey the gravity of the cyberattack in question. Hayden compares the USA’s deployment of cyberweaponry with the nation’s use of nuclear weapons at the end of World War II. This pointed parallel emphasizes the destructive potential of cyberweapons like Stuxnet by implying that they too could act as weapons of mass destruction. The ironic use of the word “somebody,” when in both instances the perpetrator was clearly the United States government, highlights America’s culpability in being the first nation to deploy such weapons. The idiomatic expression “will not be put back in the box” conveys the idea that the first deployment of cyberweaponry invites further uses.

“Its sparse website posed the question ‘Why haven’t you heard of us?’ and then answered it: ‘VRL does not advertise. We hold all business relationships in the strictest of confidence.’ The only hint that the company played any role in weaponizing the digital universe was its motto, borrowed from the ancient Chinese philosopher Sun Tzu: ‘Know thy enemy and know yourself; in a hundred battles you will never be in peril.’”

The website quoted by Perlroth uses hypophora—a question that is asked and then immediately answered by the asker—to provide information to the potential customer with authority, preempting and allaying any potential uncertainty. VRL’s motto is a quote from The Art of War, a globally famous treatise on warfare written by Sun Tzu in the fifth century BC. The quote emphasizes the importance of information, understanding, and espionage when facing an opponent and is very pertinent to the work of a company dealing in offensive information security.

“Eren needed me to understand why he had gotten into hacking and exploit development, and why—as more unsavory governments entered the exploit market—he had to get out.

He turned to hacking in college as a form of political resistance […]

Eren was becoming one of the web’s early ‘hacktivists.’”

Eren began hacking in the name of social justice and is guided by his morals to such an extent that Perlroth uses the vocabulary of compulsion “needed” and “had to”) to show that his actions are dictated by his ethics. She also uses the portmanteau “hacktivist”—a mash-up of the words hacker and activist—to precisely describe the combination of his hacking methods and his motives of political resistance.

“The leaked emails also made clear just how little serious thought was given to the potential abuse of Hacking Team’s products. In one email in which Vincenzetti seemed to predict the future, he joked, ‘Imagine this: a leak on WikiLeaks showing YOU explaining the evilest technology on earth! [smiley face emoji]’”

The levity of the quoted email juxtaposes the severity and gravity of the human rights abuses that Hacking Team facilitated. The use of an emoji is designed to be particularly galling because it immediately follows an ironic but nonetheless accurate recognition of culpability (“YOU”) and immorality (“evilest”). The email is intended to evoke indignation by showing the disconnect between the blasé attitude of the hackers and the human suffering that their lack of scruples caused.

“His administration, he warned, would ‘apply the law against those who have levelled false accusations against the government.’ Peña Nieto’s underlings later backtracked. The president had misspoken and had not intended to threaten Azam and me, or the New York Times.

But for months afterward, I knew better than to click on the dozens of strange text messages pinging my phone, beckoning me to click.”

Perlroth’s account of the threats and retribution that she faced for her journalism clearly illustrates the high stakes associated with cyber espionage and highlights the dangers she faced in the line of duty. There is also a darkly ironic humor in the explicitness of Peña Nieto’s threats and the obvious way they were carried out, especially when they are juxtaposed with the reported denials of his staff and his claims that Perlroth’s accusations were “false.” These efforts to stifle and gain leverage over Perlroth ironically vindicate her findings.

“Most assumed he had been executed. Many had been tortured and killed for far less. As Beijing woke that morning, many made their way to Google headquarters to leave flowers outside in a show of gratitude or mourning for what everyone knew was likely to be Google’s imminent exit.”

The use of violent language (“executed,” “tortured,” and “killed”) emphasizes the human rights abuses attributed to the Chinese government, as well as the high stakes of Google’s defiance against the regime. The leaving of flowers is a strong use of imagery that illustrates the intense emotions of sorrow and gratitude felt by those affected by Google. The gesture, commonly marking tragedies and loss of life, further reinforces the association between Google’s defiance and subsequent expulsion, with the martyrdom of the Tank Man in Tiananmen Square.

“In a window to how Valley’s engineers think, Downey made the obligatory Lord of the Rings reference: ‘It’s just a little like coming home from War with Sauron, destroying the One Ring, only to discover the NSA is on the front porch of the Shire chopping down the Party Tree and outsourcing all the hobbit farmers with half-orcs and whips.’”

This quote references the final book in J.R.R. Tolkien’s Lord of the Rings trilogy. The NSA’s perceived betrayal of civil liberties is likened to the disillusionment felt by the hobbit characters when they return home from arduous and harrowing adventures to save the world, only to find the haven of their hometown violated and brutalized. This reference to a well-known and famous moment in literature emphasizes the emotional and ideological fallout of the revelations and is a key moment in Perlroth’s presentation of The Impact of Digital Espionage on Privacy and Civil Liberties.

“Cook was famously private himself. He had grown up gay in conservative Alabama, a fact he kept private until 2014, the year after the Snowden revelations dropped. In Alabama, his lingering childhood memory was watching Klansmen burn a cross on the lawn of a black family in his neighborhood while chanting racial slurs. He’d screamed at the men to stop, and when one of them men lifted his white hood, Cook recognized him as the deacon of a local church. Civil liberties were a matter of urgency for him, and he took the Snowden revelations as a personal affront. As Cook saw it, there were few things more precious than privacy.”

Perlroth uses anecdotes from Tim Cook’s personal life and childhood to illustrate the importance of privacy in the face of socially sanctioned hate and discrimination. Cook’s confrontation with Klansmen is described using evocative imagery to create a powerful visual of childhood innocence standing against prejudice. Privacy was important to Cook’s safety when he was a child, but this same privacy was willingly discarded by the Klansman who chose to remove his own hood, showing that those who refute the need for privacy are often aligned with oppressive forces.

“It was the first of many times I would hear those three little words—atado con alambre—over the next week. It was Argentine slang for ‘held together with wire’ and encompassed the MacGyver-like nature of so many here who managed to get ahead with so little. It was Argentina’s hacker mantra.”

Perlroth quotes the Argentine mantra “atado con alambre” which is used in local Spanish slang and represents local hacker’s attitudes and methodologies. The phrase “MacGyver-like” references the 1985-1994 American TV show MacGyver, an action series in which the eponymous protagonist is a secret agent who uses everyday items to finagle unorthodox solutions to problems in his line of work.

“What oil is to the Saudis, so finance is to the American economy. A little more than a month after the Aramco attacks, Iranian hackers put US banks in their crosshairs. Executives at Bank of America, J.P. Morgan, Citigroup, Fifth Third Bank, Capital One, and the New York Stock Exchange could only watch helplessly as, one by one, their banking sites crumbled or where forced offline by a deluge of Iranian internet traffic.”

Perlroth’s listing of well-known banks emphasizes the high number of affected companies, as well as their pedigree. The phrase “in their crosshairs” is a metaphor that illustrates the targeted violence of the attacks by comparing them to gunshots. She also uses negative language such as “forced,” “crumble,” and “deluge” to communicate the extent of the damage inflicted, likening the attack to a major catastrophe or a natural disaster.

“My daily commute […] was festooned with FUD billboards that screamed some variation on the following messages: You are being watched! Do you know where your intellectual property is? Because China does! Do you know Russian cybercriminals? Because they know your Social Security number! Hide your kids. Hide your wife. The Internet is going to blow up your life. Unless, of course, you buy this one thing we are selling.”

FUD stands for “fear, uncertainty, and doubt,” and the term refers to a  common scare tactic used to manipulate people, particularly in matters of information security. Corporate entities commonly and shamelessly use FUD in marketing campaigns to promote their products, weaponizing a real and serious issue against an unsuspecting public for their own selfish ends. In this passage, Perlroth parodies typical billboards in an exaggerated impression that excessively uses persuasive rhetorical techniques. Such techniques include repetition (“Hide your kids. Hide your wife.”) and rhetorical questions (“Do you know Russian cybercriminals?”) along with exclamation marks and short emphatic sentences to create an emotional impact.

“‘It was here in Geneva in 1949 that the world’s governments came together and pledged that they would protect civilians even in times of war.’ Smith told government officials from around the globe. ‘And yet let’s look at what is happening. We’re seeing nations attack civilians even in times of peace.’”

The gravity of cyberattacks and the extent of the potential damage they could cause are highlighted by the comparison between cyberwarfare and the more conventional forms of warfare. The latter are restricted and legislated by international humanitarian laws, such as those established in the 1949 Geneva Convention in the aftermath of World War II. However, no such legislation restricts the use of cyberweapons against civilian populations, since the digital tools of the 21st century were developed long after these accords were ratified.

“We must lock down the code. Nobody will bother to invest in making the higher-up layers more secure if our basic foundations are still weak. We can’t redo the internet or swap out the world’s code, nor should we try. But we can significantly raise the bar for cybercriminals and nation-states looking to profit and wreak havoc on our infrastructure.”

Perlroth uses the imperative “must” to lend force and authority to her arguments in favor of these proposed reforms. She also lays out her reasoning in simple declarative statements full of negative language in order to clearly convey the direness of the current situation. Her repeated use of the inclusive first person plural pronoun creates a sense of camaraderie and connection and communicates that everyone shares in The Responsibility to Safeguard Digital Infrastructure.

“If there is any good to have come out of the past few years of headline-grabbing attacks, it may be the new phrase I saw graffitied on the wall on a recent visit to Facebook. Someone had crossed out ‘Move fast and break things’ and replaced it with ‘move slowly and fix your shit.’”

In this quote, the Facebook motto “Move fast and break things” is subverted by graffiti that declares the exact opposite: “Move slowly and fix your shit.” This idea shows changing attitudes toward cybersecurity, which involves a public that is increasingly willing to hold tech companies accountable for shoddy practices and priorities.