A booming trade in bugs is undermining cyber-security

This Is How They Tell Me The World Ends. By Nicole Perlroth. Bloomsbury; 528 pages; $21 and £14.99

IF YOU DISCOVER that a favourite vending-machine dispenses free chocolate when its buttons are pressed just so, what should you do? The virtuous option is to tell the manufacturer, so it can fix it. The temptation is to gorge. More lucrative still might be to sell the trick to others—including those with larger appetites and fewer scruples. But when the weaknesses of a system can be bought and sold, the results can be calamitous, as “This Is How They Tell Me The World Ends” shows.

Nicole Perlroth, a cyber-security correspondent for the New York Times, has produced an engaging and troubling account of “zero-day exploits”. An exploit is a piece of code that takes advantage of a vulnerability in software, typically to gain access or do harm. A zero-day exploit is rarer: it targets a hitherto undiscovered—and therefore undefended—blind spot. 

Twenty years ago, exploits for Windows software yielded “pennies on the dollar”, a former hacker recalls. But as software became ubiquitous—running utilities, nuclear plants and warplanes—it grew more alluring. Zero-days became the “blood diamonds of the security trade”, says Ms Perlroth, fetching six or seven figures...