Preface

It was one of the toughest days in my life. I was sitting on the bus, replaying the last two years in my mind. After endless preparations and six grueling months of boot camp, I walked into the military doctor's tiny clinic and was given the news I'd been dreading: I was being kicked out of the Egoz Unit.

With the benefit of hindsight and age, this might not sound like such dramatic news, but as a young guy with his whole future ahead of him, it was the collapse of a dream. I'd dreamed of joining this elite special reconnaissance unit in the Israeli army since I was in high school. But during a shooting exercise, I'd forgotten to use earplugs and got stuck with a nonstop ringing sound in my ears. I did my best to forget about it because, as an Egoz soldier, I'd been told to overcome any difficulty, whether physical or psychological. Right at the start of my service, I'd promised myself that whatever obstacles I faced, I'd cross them and storm the finish line of our training course-but now I started to worry that avoiding treatment might permanently damage my hearing. I went for a checkup and the doctor gave me two heavy blows: first, there was no cure, and second, there was no way I could remain in combat.

After several hours of being thrown around on buses, I got back to base. I'll never forget that moment: my commander ordered me to change into my fatigues immediately and join the platoon for a routine fitness session. I changed and ran to join the exercise, which I'd always been one of the best at: rope climbing. I tried to shimmy up the rope, but I just couldn't lift myself. I tried again and again, but it was no use. Not even my commander shouting in the background-"Arvatz, get on with it!"-could pick me up an inch. I had zero motivation and zero energy because I knew it would be pointless and useless to try: I was on my way out of the unit anyway. I burst into tears.

Little could I guess this painful moment would change my life for the better.

From territorial commando to cybercommando

I was transferred to the Egoz Unit's human resources branch, but I was absolutely convinced I had so much more to give the army somewhere else. After three months of basically driving everyone around me crazy, I was finally transferred, in June 2009, to Unit 8200 in military intelligence.

Unit 8200 is the IDF unit responsible for gathering signals intelligence ("SIGINT") from cell phones, computers, and suchlike. I was still a soldier in uniform, with ranks and commanders, but in many ways I felt like I'd landed in a different army. Until then, military service had been mainly an experience of self-abnegation, endurance, and discipline. But Unit 8200 placed a completely different emphasis. Creativity, initiative, and critical thinking suddenly took center stage. Only one thing stayed the same: the mission was above all else.

What on earth did I have to do with computer technology? In high school I'd decided I had no interest in anything to do with computer science (I cared much more about physics and social activities), but suddenly at the age of 20, I now found myself devoting my every day and night to it. The human fabric at Unit 8200 was also totally unlike anything I'd known. When I arrived at the unit, I got assigned to Michal-who now lives in Silicon Valley as the CMO of a major startup-and she helped me fill the gaps in my knowledge because I hadn't gone through a proper training course before joining. What struck me immediately about Michal, like all the soldiers in the unit, was not only her extraordinary intelligence, but also her incredible passion for technology and for every new opportunity she could create to gather high-quality intel. I stuck my head in my books, but it all felt so strange to me.

Back then, Unit 8200 was under the command of Brig. Gen. Nadav Zafrir. Unlike his predecessors, he had not climbed up the unit's ranks, but rather came from the special command forces. Zafrir has always been a charismatic leader, a visionary and creative thinker. I once took part in a meeting he chaired and I pitched him one of our ideas. His sharp mind, attention to detail, and vision were striking. Maybe it was thanks to the refreshing perspective that he brought to the unit after gaining most of his military experience in other units, but he understood that in order to remain the tip of the spear of intelligence technology, 8200 would have to undergo a strategic shift.

Besides embracing new modern management methodologies, such as ways to measure the quality of intelligence, Zafrir redefined the unit's focus. Instead of intercepting telephone traffic and digital communications, we pivoted to focus much more on cybertechnologies and intelligence derived from active cyberoperations. We understood that since cyberspace was developing at a dizzying speed-more and more information transferred between computers was no longer "open" and vulnerable to interception, but sent in encrypted form, and sometimes never left computers at all-we urgently needed to shore up our ability to scoop intelligence from there.

This strategic shift set the course of the rest of my training and military service, and probably also my personal future. I became a researcher of computer networks and how they are used, and I learned more and more about cyberattacks and about how to defend against them. I understood that, unlike the picture I had in my head, cybersecurity was not all about sitting in front of a computer and writing lines of code from morning to night. It was a fascinating world of technology, offensive operations, and defensive action, open only to those who were willing to dedicate themselves to studying it in depth. It was a field I didn't think suited me at all when I was in high school, but it soon turned out to be one of the most captivating worlds that I could choose to work in.

A wonder called Stuxnet

In 2010, in the middle of my military service, the world witnessed one of the most significant cyberevents in history: the Stuxnet cyberattack. Stuxnet was a computer worm (a secret program used to penetrate computers) that was launched to hijack and remotely control software developed by Siemens-a program that operated industrial systems, including centrifuges. The worm was able to wriggle between computers plugged into the same network, and at each computer it reached, it checked whether it had this Siemens program on it. If it could not detect it, it left the computer untouched and spread onward. As soon as Stuxnet reached a computer with the right program, it kicked into action: it extracted the list of industrial machinery that the program could operate, identified the centrifuges, and sabotaged their operations to make them spin furiously, far beyond the recommended settings. Stuxnet arrived in disguise: as the centrifuges spun out of control and heated up, Stuxnet made sure that everything would look normal on the operations manager's computer screen.

Stuxnet was discovered by researchers from cybersecurity companies in June 2010, and by July, the worm's existence was public knowledge. In August 2010, the security company Symantec reported that around 60% of Stuxnet-infected computers were in Iran, suggesting that Iran was the target of an attack by the worm's developers. Only then did the scope of the damage at Iran's nuclear facilities come to light; according to estimates, thousands of Iranian centrifuges had been permanently destroyed. The worm astonished cybersecurity researchers, who scrambled to investigate it and its spread.

The experts were also astonished by the technology behind Stuxnet. Whoever had programed it had identified no fewer than four security flaws in the operating systems of the computers that controlled the centrifuges, and the worm had exploited them to glide between computers without getting any authorization to access them and without getting caught. Exploitable vulnerabilities (a subject we explore later in the book) are a rare commodity in the cyberworld. Such vulnerabilities can sell for millions of dollars on the black market, and an attack exploiting four different vulnerabilities is almost unheard of. Moreover, the computers that this worm attacked were equipped with antivirus programs, but none of them managed to detect Stuxnet because it had camouflaged itself to look like an inoffensive, legitimate program.

The researchers' conclusion was unambiguous: Stuxnet was a weapon created by a state actor to attack the Iranian nuclear program. Such capabilities could only have been the work of many years of research by some of the world's finest cybersecurity experts. Stuxnet could only have been developed by a state actor with major cyberabilities and extensive resources. It was assumed that the United States and Israel, which were already known as supremely capable cybersuperpowers, were behind the attack on Iran. Stuxnet was simply the next stage of an international conflict that had now spilled into cyberspace. Instead of sending troops to Iran by land, air, or sea, a state had launched a computer program to destroy large swaths of its nuclear program. Whereas in 1981, Israel sent warplanes to Iraq to destroy its nuclear reactor, thirty years later, a bunch of people sat at their computers in an air-conditioned room and dispatched a computer program to do essentially the same thing in Iran. Years later, according to media reports, U.S. officials confirmed that Stuxnet had been developed by researchers from the United States and...