A technical whodunit of the first order, rendered surprisingly readable without losing the scientific details.

This is probably as close we we’ll ever get to the true story of Stuxnet. It opened up a whole new era of state (and non-state) competition, as well as exposing for all to see the intertwining of military and civilian concerns. What does it mean when a government finds a vulnurability in a computer system that might affect companies worldwide – and then exploits it as an attack vector rather than warning the software vendors and users to secure their systems? How should private security firms behave when they realise that they’ve found what is effectively collateral digital damage in civilian systems from the poor targeting of a weapon aimed at the institutions of another state?

Every computer scientist will find something of interest here, as well as pointers to things they’ll want to dig into more deeply. (In my case, how to reverse-engineer a compiled piece of software that’s been written using a non-standard language or compiler.) The wider social concerns are also fascinating, and will be a staple of ethics classes in the years to come.

4/5. Finished Wednesday 25 August, 2021.

(Originally published on Goodreads.)