Review: ‘Sandworm’ is an essential guide to a shadowy world


Andy Greenberg is a senior writer for Wired magazine, and he covered the unfolding stories of both Stuxnet and “Sandworm,” as the alleged Russian cyberwar unit linked to the Ukraine attacks was dubbed.

Greenberg took a book leave from Wired to write “Sandworm,” a comprehensive look at the technical, military and political stories of this new hidden war. The result is an essential guide to help us make sense of what will surely be an increasingly consequential form of military, criminal and insurgent aggression.

This book comes at a crucial juncture in the evolving doctrine and practice of cyberwar, a practice that confounds the intuition of the traditional military and foreign policy establishment.


One of the weirdest conversations I ever had was about this matter. It was a decade ago, and I was on a holiday in the Caribbean and the only other guests at the hotel were a family of “State Department” people. Dad had been with USAID when the Soviet tanks rolled in Hungary, his sons worked for undisclosed agencies within State. Hereditary spooks.

One day, one of these second-gen spooks and I were by the pool and we got to talking about cyberwar, which he was very bullish on. I spent about an hour trying to explain to him that cyberwar and cyberweapon were imperfect analogies, so imperfect as to be terribly misleading. It was clear that he thought a cyberweapon was like a digital bomb: a tool that somehow projected force over an adversary’s digital infrastructure.

But a cyberweapon isn’t that at all. A cyberweapon, is, at root, a secret. Specifically, it’s a secret about a defect in a piece of software, preferably software that is in wide usage. When an agency or private cyberweapons dealer or criminal discovers one of these defects (also known as a “vulnerability” or “vuln”), they make the decision not to divulge its existence to the vendor (who would then update the software to eliminate the defect), and instead they write tools that exploit this defect in order to compromise the system.

A cyberweapon is a defect you discover in a system that your enemy uses, but we don’t have “good guy” software and “bad guy” software. Defects in widely used operating systems like Windows, or the embedded systems inside of the actuators and sensors that control power plants and other critical systems, are used by everyone, all around the world, leaving all of those systems vulnerable to attack by anyone who learns or discovers the secret.

Thus, deliberately choosing secrecy about defects in order to leave your adversary’s infrastructure in a vulnerable state means also leaving your own infrastructure vulnerable. It’s a posture that is purely offensive, so much so that it leaves you defenseless. It’s a terrible idea.

That guy in the hotel pool didn’t get it. Neither did others in the military-industrial complex.


The world is becoming a computer. A voting machine is a computer we put fragile democracies inside of. A power plant is a computer we put flaming coal inside of. A car is a fast-moving computer we put easily damaged people inside of. The computer is the most salient feature of these systems because without the computer, they become inert, useless or even deadly.

Depending on whom you ask, the defects in these systems are either terrifying (because they make you and everyone you love terribly, terribly vulnerable) or terribly exciting (because they make your enemies and everyone they love just as vulnerable).

In “Sandworm,” Greenberg explores and explains this evolving, shadowy world in a work of in-depth, personal investigative journalism. He profiles the U.S., Russian and Ukrainian technologists and generals who are at the center of the tale, using their frustrations, fears and triumphs to humanize the very abstract business of cyberwar.

In 2014, Russia annexed Crimea from Ukraine. The back story to this event is complicated, but the annexation was attended by a series of information warfare strikes. These cyberattacks did enormous damage, first locking up critical systems and even rendering the computers that ran them permanently inoperable (by corrupting their low-level BIOS software) and then escalating to attacks on embedded systems in the power grid and elsewhere, literally making key pieces of power plants burst into flames, plunging much of the whole of Ukraine (not just Crimea) into freezing darkness.

Greenberg makes the telling into a whodunit, following private security firms and military/government investigators seeking to conclusively attribute the Sandworm attacks (and other, possibly related, attacks), not just to Russia, but to specific Russian military units. This is more than a formal exercise: Greenberg and his U.S. and Ukrainian contacts are palpably infuriated that both the Obama and Trump administrations chose to treat the attacks on Ukraine as local affairs and did not intervene until very late in the day (the Trump administration did eventually indict a handful of Russian intelligence agents for their alleged role in the attacks).

Greenberg contends that official inaction served to establish a new norm: that this type of cyberwar is fair game, despite the massive toll it takes on civilian populations and people far from the field of battle whose systems happen to be caught in the malware’s unpredictable blast radius.

The author notes that these hacker attacks were seemingly designed to be limited to Ukraine but spread outside of the country, locking up most of the Maersk fleet, paralyzing world shipping and doing billions of dollars in damage all around the world.

“Sandworm” is much more than a true-life techno-thriller. It’s a tour through a realm that is both invisible and critical to the daily lives of every person alive in the 21st century. Understanding cybersecurity isn’t just for those who write the ciphers and configure the firewalls. It’s a civic literacy that equips you to evaluate the actions taken on your behalf by the governments that you elect. As Greenberg so aptly demonstrates, you may not be interested in cybersecurity, but it is certainly
interested in you.

Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers

By Andy Greenberg

Doubleday: 368 pages; $28.95

Doctorow is the author of “Radicalized,” “Walkaway” and other books. He lives in Burbank.