61 pages • 2-hour read
This Is How They Tell Me the World Ends: The Cyberweapons Arms Race
A modern alternative to SparkNotes and CliffsNotes, SuperSummary offers high-quality Study Guides with detailed chapter summaries and analysis of major themes, characters, and more.
Part 4Chapter Summaries & Analyses
Part 4: “The Mercenaries”
Part 4, Chapter 11 Summary: “The Kurd”
David Aitel is a former NSA hacker known for authoring an influential hacking manual titled The Shellcoder’s Handbook. In 2002, he began a penetration testing company called Immunity Inc., which used an automatic exploitation tool called Canvas to test the security measures protecting a particular system. His team was also frequently hired to train security contractors on how to use zero-day exploit techniques. Aitel’s first employee was a Kurdish hacker named Sinan Eren, who had moved to the United States from his native Turkey. Eren had used hacking techniques to fight government oppression as a hacktivist in Turkey, and he frequently expressed reservations about the morality of teaching hacking techniques to government agencies—even American allies—who might then use them to spy on their own people. He outright refused to work with representatives from the Turkish military, and he eventually left Immunity Inc. in 2009 so that he could be more discerning about his clients. In 2015, Aitel left his career in offensive hacking entirely and dedicated himself to developing apps to help users evade government surveillance.
Another former NSA hacker, David Evendon, was recruited to work for an Emeriti security company called CyberPoint in 2014. He soon saw red flags in the operation of the company, which ordered him to lie about his job description and hack foreign nations such as Qatar—supposedly in pursuit of terrorist connections. Only when he found himself hacking the emails of American First Lady Michelle Obama did he heed the warning signs and speak up, though higher-ups in the company dismissed his concerns. When CyberPoint offered to either repatriate workers from Abu Dhabi to the USA or recruit them into Dark Matter, a different company with less oversight, Evendon was among the 50% of workers who chose to leave. He warns other former NSA hackers to be discerning about potential employers abroad and to heed any warning signs early on.
Part 4, Chapter 12 Summary: “Dirty Business”
Adriel Desautels was one of the foremost brokers in the early zero-day market. He began by selling exploits that he discovered himself. Then he moved on to helping friends to sell their discoveries; this endeavor soon expanded to become a business. Desautels gave excellent terms to hackers who were willing to sign nondisclosure agreements (NDAs), and he was confident in his innate ability to judge the trustworthiness and morality of a person within minutes of meeting them—his so-called “sniff test.” Desautels’s work relied on a Bushido code of honor, which eventually became incompatible with the ever-expanding and increasingly less discerning zero-day market. He tried to sell only to reputable sources from the USA and to American allies, but he slipped up when he failed to do due diligence on an Italian company called HackingTeam. In 2015, Desautels’s company was hacked, and leaks showed that HackingTeam had been selling exploits to groups perpetrating grave human rights abuses. Horrified, Desautels closed his business immediately. Although Perlroth reported on the HackingTeam story herself at the time in an effort to hold those involved accountable, she came to regret the role that such media attention played in the publicization of the zero-day market, as this endeavor alerted other interested parties.
Part 4, Chapter 13 Summary: “Guns for Hire”
In 2015, Perlroth reported on a major Israeli spyware company called NSO Group that had hitherto kept itself completely out of public notice, with practically no online presence. Perlroth received information from an anonymous source that NSO Group had the ability to install sophisticated spyware on any smartphone, and that they’d developed an untraceable tool known as Pegasus, which was capable of hacking a phone remotely and with no action on the part of the phone’s user. Pegasus hardware cost millions of dollars to install, with each target costing hundreds of thousands of dollars more. It had already earned its creators tens of millions of dollars, particularly from buyers in the United Arab Emirates (UAE) and Mexico.
Ethical “white hat” hackers in the security watchdog organization CitizenLab contacted Perlroth when they discovered the first evidence of Pegasus in the wild, putting her in contact with the target, the so-called “Million Dollar Dissident” Ahmed Mansoor. Mansoor was a poet from UAE who criticized the Emeriti royal family and had therefore been subject to consistently brutal persecution by the state. He was practically under house arrest, perpetually under surveillance, and was regularly harassed, arrested, and attacked. Despite these hardships, he was unwilling to leave his native country because he wanted to fight for his principles. (In 2018, he was sentenced to 10 years in prison for causing damage to “social harmony.” At the time Perlroth’s book was written, he was still suffering solitary confinement, regular beatings, and other privations in prison.)
In 2016, NSO flatly denied Perlroth’s accusations in an absurdly unconvincing interview. Perlroth and her colleague at the New York Times broke a major story about the president of Mexico Enrique Peña Nieto’s use of Pegasus to hack his political opponents. Targets included anticorruption activists, influencers commenting on the recent soda tax, and any journalists critical of the president. The news story sparked major protests in Mexico and caused Perlroth herself to become a target of the same cyberespionage tactics.
Part 4 Analysis
This section thoroughly addresses The Impact of Digital Espionage on Privacy and Civil Liberties. By invoking the concept of “mercenaries” to frame this section, Perlroth draws attention to the escalation of security concerns as specific hackers weaponize zero-day exploits for government agencies in exchange for financial compensation. With the rise of cyberwarfare, hackers essentially become arms dealers and mercenaries fighting for unethical causes in the name of profit. Some, such as NSO Group, do so seemingly without scruples, while others like Eren and Desautels are eventually forced out of the industry by their moral objections to the more sinister aspects of the industry’s evolution.
Notably, the quote preceding this part is taken from the HBO drama series The Wire, in which the fictional criminal, Omar Little, observes that a person must live by some moral code; within the relatively lawless realm of cyberwarfare, this quote becomes deeply ironic, given that many of the companies and individuals in even the legal side of hacking work without any such constraints. Perlroth includes the quote as a form of wry, cynical humor, implying that a petty criminal like Little is more conscious of ethical codes than the white-collar workers who sell zero-day exploits and spyware without any concern for the consequences. By contrast, Desautels and Eren are like Little; they hold onto their personal moral standards even as they work within an industry that encourages bad behavior. Through personal narratives such as Mansoor’s persecution and Perlroth’s conflicts with the president of Mexico, Perlroth presents a strong case for the real human toll of digital espionage.
Unlock all 61 pages of this Study Guide
Get in-depth, chapter-by-chapter summaries and analysis from our literary experts.
- Grasp challenging concepts with clear, comprehensive explanations
- Revisit key plot points and ideas without rereading the book
- Share impressive insights in classes and book clubs