Summary of Andy Greenberg's Sandworm

By IRB Media

Please note: This is a companion version & not the original book.

Book Preview: #1 iSight Partners, a private intelligence firm, had a team that specialized in software vulnerability research. In 2014, they discovered a secret security flaw in Microsoft Office that allowed hackers to break out of the confines of the software application and begin to execute their own code on a target computer.

#2 iSight’s Ukrainian staff found the email, and Hultquist, the company’s loud and bearish army veteran, made a point of periodically shouting from his desk into the bull pen. He burst out of his office and into the room, briefing the room and assigning tasks to triage what would become one of the biggest finds in the small company’s history.

#3 The hackers had used the feature to carefully plant two chunks of data within the presentation. The first was loaded into a temporary folder on the target computer. The second took advantage of PowerPoint’s animation feature: when the presentation loaded that animation file, it would run an automated script that right-clicked on the first file and click install on the resulting drop-down menu, giving that code a foothold on the computer without tipping off its user.

#4 Zero days do have authors. When Erickson had first begun to pull apart the attack in his blacked-out workshop that morning, he hadn’t simply been studying some naturally occurring, inanimate puzzle. He was admiring the first hints of a remote, malevolent intelligence.

• Language: English
• Publisher: IRB Media
• Release date: Mar 11, 2022
• ISBN: 9781669358411

IRB Media

With IRB books, you can get the key takeaways and analysis of a book in 15 minutes. We read every chapter, identify the key takeaways and analyze them for your convenience.

Book preview

Insights on Andy Greenberg's Sandworm

Contents

Insights from Chapter 1

Insights from Chapter 2

Insights from Chapter 3

Insights from Chapter 4

Insights from Chapter 5

Insights from Chapter 6

Insights from Chapter 1

#1

iSight Partners, a private intelligence firm, had a team that specialized in software vulnerability research. In 2014, they discovered a secret security flaw in Microsoft Office that allowed hackers to break out of the confines of the software application and begin to execute their own code on a target computer.

#2

iSight’s Ukrainian staff found the email, and Hultquist, the company’s loud and bearish army veteran, made a point of periodically shouting from his desk into the bull pen. He burst out of his office and into the room, briefing the room and assigning tasks to triage what would become one of the biggest finds in the small company’s history.

#3

The hackers had used the feature to carefully plant two chunks of data within the presentation. The first was loaded into a temporary folder on the target computer. The second took advantage of PowerPoint’s animation feature: when the presentation loaded that animation file, it would run an automated script that right-clicked on the first file and click install on the resulting drop-down menu, giving that code a foothold on the computer without tipping off its user.

#4

Zero days do have authors. When Erickson had first begun to pull apart the attack in his blacked-out workshop that morning, he hadn’t simply been studying some naturally occurring, inanimate puzzle. He was admiring the first hints of a remote, malevolent intelligence.

#5

Once the initial frenzy surrounding the zero day had died down, questions remained: Who had written the attack code. Whom were they targeting with it, and why. Those questions fell to Drew Robinson, a malware analyst at iSight.

#6

In late 2007, the security firm Arbor Networks counted more than thirty botnets built with BlackEnergy, mostly aiming their attacks at Russian websites. But on the spectrum of cyberattack sophistication, distributed denial-of-service attacks were largely crude and blunt.

#7

The use of BlackEnergy by these hackers was no longer for indiscriminate theft, but for precise spy operations.

#8

The BlackEnergy malware had a so-called campaign code that identified it as having come from the Ukrainian hackers. Robinson was able to decipher the malware’s configuration settings, which contained a so-called campaign code that was immediately recognized by Robinson as being from his private life as a science fiction nerd: arrakis02.

#9

The setting of Dune, a book by Frank Herbert, is the desert planet Arrakis, where the novel takes place. Arrakis is the planet where the Fremen, a tribe of people who can ride sandworms, live.

#10

Robinson began to match the Dune references in the malware samples he found to lure documents that seemed to be targeting specific