Book Review - 'This Is How They Tell Me the World Ends’
Image credit: Bloomsbury PublishingTable of Contents
Subtitle: The Cyber-Weapons Arms Race
Author: Nicole Perlroth
Published: 2021
Bottom Line
A vital work for anyone seeking to understand how cyber weapons have fundamentally altered the risk landscape.
Executive Summary
This Is How They Tell Me the World Ends succeeds in making the shadowy zero-day market comprehensible to general audiences whilst offering genuine insights to cybersecurity professionals. Perlroth’s strength lies in revealing how cyber weapons designed for targeted operations can spiral beyond their intended scope, creating cascading effects that harm ordinary civilians. The book’s lasting contribution is its clear-eyed examination of how current policies have blurred the line between state-sponsored operations and civilian harm.
Review
This is a high-calibre work of investigative journalism exploring the largely impenetrable underground cyber weapons industry. I was initially drawn to the topic by personal interest, but it was Perlroth’s compelling, pedagogical storytelling that kept me turning pages. The book is accessible to non-technical readers and offers a thrilling glimpse into the hidden world of weaponised malicious software. Beginning in Kyiv, Ukraine, amid the digital fallout of Russia’s war of aggression, the narrative travels through hacker conferences, government backchannels, and global hotspots, showing how these cyber weapons move from labs to real-world chaos.
The Author
Nicole Perlroth spent 13 years as a cybersecurity and cyber espionage reporter at the New York Times. Since leaving journalism in 2021, she has become a venture partner at Ballistic Ventures and leads her own cyber mission fund, Silver Buckshot. Her advisory roles with CISA and the Council on Foreign Relations further underscore her credibility in this space.
The Shadow Economy: Trading in Software Exploits
The book focuses on the global trade in so-called zero-days—exploits targeting vulnerabilities unknown to software vendors, meaning no fixes exist. Perlroth’s focus isn’t on the technical mechanics of these exploits. Her interest lies in the moral, political, and societal implications. She exposes a shadow market where governments, brokers, and mercenaries compete to buy and stockpile cyber weapons. She doesn’t just describe the market—she reports from inside it. She also writes how these are deployed to attack power grids, nuclear facilities, hospitals, and civilian systems, and how their use often blurs the line between espionage and sabotage.
This blurring becomes starkly evident in her account of the NSA’s offensive capabilities, and how stolen USA cyber weapons were reused by the Russian military. This becomes a case study in how malicious software, once released, can boomerang. The zero-day market, she argues, is not just a matter of national security but a fundamental risk to civilian life. And what stands out is the sense of inevitability she conveys—that the very architecture of the internet, coupled with short-sighted policy, has created a threat surface no one control.
A ransom note from the NotPetya ransomware. The US Department of Justice has charged six Russian GRU Unit 74455 officers for this attack, which used stolen NSA exploits. Source: uain.press
She brings a global lens but roots it in the everyday. In Ukraine, a woman loses her small knitting business when the postal service goes offline. A man is turned away from a car purchase when registration systems crash. The cascade effects of offensive cyber operations are not abstract; they’re felt in daily life.
One of Perlroth’s strengths is her access: she interviews top hackers, cyber mercenaries, and government insiders. The tone is urgent but not alarmist, and the book manages to be readable, serious, and nuanced at once.
Reflections
If there are weaknesses, they lie in framing. I remain skeptical of the term “cyberwar” as used in the book. There are cyber operations with military effects, yes, but calling them “war” stretches the term too far. We don’t yet see cyber operations delivering the kinetic or political transformation we associate with actual warfare. Not in isolation at least. Also, while Russia and the USA receive extensive treatment, the book gives relatively less space to Chinese state-sponsored hacking.
Since the book’s release in 2021, the cyber landscape has evolved rapidly. Ransomware has become heavily industrialized, and artificial intelligence is beginning to reshape attack surfaces and defense strategies alike. Both the EU and USA have explored defining exploits as cyber weapons subject to export controls, though with mixed results.
Yet, none of this undermines the core insights. Perlroth’s central argument—that cyber weapons can escape their handlers and that we’re woefully unprepared for the consequences—remains alarmingly relevant.
