Skip to main content

Book Review: “Zero Day (2011)” by Mark Russinovich

Executive Summary
I recommend this book for the casual reader that is interested in cyber security topics. It is not a must-read if you are already a cyber security professional. You probably already know about most of the topics covered. However, if you have friends and family that wonder what you do every day, you might hand this to them as a primer. And, if you are looking for some pretty good reading material for your next beach vacation, you could do a lot worse. “Zero Day” is a fun political thriller that shows computer security geeks saving the day. In it, Russinovich describes the nature of cyber crime and how a cyber terrorism campaign might be launched against the US. 

I appreciate what Mr. Russinovich is trying to do with this novel: Tell an exciting, “Die Hard-ish” story with interesting cyber security people and realistic tech and, at the same time, inform the general reader about how dangerous the current state of the cyber security environment is. In a presentation that Russinovich did at RSA last year to supplement this book, he quoted Senator Joe Lieberman: 

“To me it feels like it is September 10 2001. The system is blinking red – again. Yet we are failing to connect the dots – again [2].” 

One of the reasons I started this blog was to talk about novels that do this very thing. Russinovich has devoted two books to the idea. This one and the sequel called “Trojan Horse” that he published in 2012. Well done sir. He is also a geek of the highest order. He is a Microsoft Technical Fellow, a co-founder of the famous Sysinternals website [3] and he was the guy that discovered the root kit that Sony BMG installed on its music CDs back in 2005 [4]. 

The good guys in the story are a Mr. Jeff Aiken, an überkind computer security consultant with a past, and Daryl Haugen, the US CERT director and no slouch in the technical prowess department. These two fight the US government bureaucracy in an effort to defeat a follow-on 911 cyber-attack that is intended to destroy a significant portion of every data system in the US. Along the way, the reader is treated to colorful descriptions of malicious code attacking an on-board in-flight aircraft computer system causing a near-crash, adjusting the geo-positioning system on a large oil tanker that causes a harbor crash and the spillage of millions of tons of crude oil into the harbor, tinkering with the Supervisory Control and Data Acquisition (SCADA) systems in multiple nuclear power plants, and controlling multiple manufacturing robots on an assembly line that eventually causes the murder of one of the human technicians.

The main hacker in the story is Superfreak (AKA Vladmir Koscov), a Russian engineer who has found a way to make a pretty good living building elite malicious code for his benefactors. His benefactors are two Islamic brothers with ties to Osama bin Laden and who are intent on striking the US another significant blow after the first 911 attacks. One of the brothers even makes a special pilgrimage across the desert to receive his mission from Osama bin Laden personally.

Russinovich uses this Tom Clansy-ish plot to push the story forward. Along the way, he takes the time to explain the cyber security environment to the average reader. He provides decent descriptions of the classic “Salami Slice” bank hack (See the movies “Superman III” or “Office Space” or “Hackers”) [5], the game-changing Slammer Worm attack of 2003 that compromised every machine on the planet that it was going to compromise in 10 minutes (Some 75,000 victims) [6], the E-Gold Money Laundering scheme (a blackhat internet service that was popular for a few years in the 2000s) [7], and what a zero day vulnerability is [8]. He makes the point about why the US is vulnerable to the plot’s cyber terrorism evil plan compared to other nations based on how completely the US has embraced the internet for day-to-day business. This is the asymmetry problem described by Clarke in his Cyber Warfare book and the leverage that China has been taking advantage of for the past decade [9].

I first read this book when Russinovich published it back in 2011. Although I enjoyed it, I did not put it on my list of “Books I recommend to my cyber security geek friends.” The reason I did not was that the character portraits that Russinovich paints just did not ring true.

I mean all the good-guy main characters were geniuses and beautiful (men and women). He describes the two main women geeks as off-the-charts elevens (on a 1-10 scale). I have known a lot of geeks in my life. Although many were geniuses in their own right, “Beautiful” is not an adjective that would come to mind first to describe their physical appearance (present company included). Most of the geeks that I hang around with are happy just have a female in the room. Traditional Hollywood-style beauty is not normally in the equation (for both the men and the women).

The main computer geek, Jeff, had discovered that the 911 attacks were going to happen before they did (because of his “mad” computer skills) and was prevented from warning the nation because of a misguided bureaucrat. The last half of the book describes the two main characters traipsing around the world (France and Russia) on their own trying to eliminate the threat. I love my geek friends and most of us have large egos that make us believe we are way more important than we really are, but most of this is out of our comfort zone.

Finally, the straw that broke the camel’s back for me was the fact that the same evil bureaucrat that prevented Jeff from warning the nation about the 911 attacks was the guy that the terrorists in this book turned in order to gain information to launch this second wave attack. That plot point was a little too “On the nose” if you know what I mean.

On a second reading though, I have changed my mind. Russinovich is not doing anything here that is not done by other authors in other books of this political thriller genre. The heroes in all of these books (and movies) are geniuses and beautiful. It is why we like to read these things. What jarred me at the first reading was that I was not expecting to see that formula applied to my peeps. I imagine the experience is similar to what normal cops and government spies do when they see their counterparts described in books and movies. I am sure there is a lot of eye-rolling going on about what a real cop does compared to a hero cop in a novel. Russinovich did not write this book for me. He wrote it for the masses. Once I got passed this idea, it was easier for me to be less critical. 


This book is not a must-read if you are already a cyber security professional. You probably know about most of the topics covered. However, if you have friends and family that wonder what you do every day, you might hand this to them as a primer. And, if you are looking for some pretty good reading material for your next beach vacation, you could do a lot worse. “Zero Day” is a fun political thriller that shows computer security geeks saving the day. How is that not a great way to waste some time on the beach? 


Zero Day is a Cybersecurity Canon Candidate. Please visit the official page sponsored by Palo Alto Networks to read all the books from the Canon project.

[1] “Announcing Trojan Horse, the Novel,” by Mark Russinovich, Mark Russinovich’s Blog, 8 May 2012, Last Visited 6 February 2013 

[2] “ZeroDay – A non-Fiction View,” by Mark Russinovich, RSA Conference 2012, 23 March 2012, Last Visited 13 February 2013 

[3] “Windows Sysinternals,” by Mark Russinovich and Bryce Cogswell, Microsoft, , Last Visited 13 February 2013 

[4] “Sony Rootkits and Digital Rights Management Gone too Far,” by Mark Russinovich, Mark Russinovich’s Blog, 31 October 2005, Last Visited 13 February 2013 

[5] “What is Salami Slicing,” by WiseGeek, , Last Visited 13 February 2013 

[6] “Inside the Slammer Worm,” by D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford and N. Weaver, CAIDA: The Cooperative Association of Internet Data Analysis, August 2003, Last Visited 13 February 2013 

[7] “E-Gold Pleads Guilty to Money Laundering,” by Robert Lemos, Security Focus, July 2008, Last Visited 13 February 2013 

[8] “Vulnerability Trends,” by Symantec, Last Visited 13 February 2013 

[9] “Book Review: Cyber Warfare: The Next Threat to National Security and What to Do about It,” by Rick Howard, Terebrate, 21 January 2013, Last Visited 13 February 2013 

Popular posts from this blog

Books You Should Have Read By Now

When I started Terebrate back in January 2010, I always intended it to be a place to put my book reviews on whatever I was reading. Since then, a lot has happened in my professional life. I changed jobs, twice. I presented my collection of cybersecurity book reviews at the annual RSA Conference and suggested that the cybersecurity community ought to have a list of books that we all should have read by now. My current employer, Palo Alto Networks, liked the idea so much that they decided to sponsor it. We ended up creating the the Rock and Roll Hall of Fame for cybersecurity books. We formed a committee of cybersecurity experts from journalists, CISOs, researchers and marketing people who were all passionate about reading. My collection became the the candidate list and for the past two years, the committee, with the help of community voting, has selected books from the candidate list to be inducted into something we are calling the Cybersecurity Canon. It has been very exciting.

This i…

Book Review: Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen (2011)

Executive Summary
Kingpin tells the story of the rise and fall of a hacker legend: Max Butler. Butler is most famous for his epic, hostile hacking takeover in August 2006 of four of the criminal underground’s prominent credit card forums. He is also tangentially associated with the TJX data breach of 2007. His downfall resulted from the famous FBI sting called Operation Firewall where agent Keith Mularski was able to infiltrate one of the four forums Butler had hacked: DarkMarket. But Butler’s transition from pure white-hat hacker into something gray—sometimes a white hat, sometimes a black hat—is a treatise on the cyber criminal world. The author of Kingpin, Kevin Poulsen, imbues the story with lush descriptions of how Butler hacked his way around the Internet and pulls the curtain back on how the cyber criminal world functions. In much the same way that Cuckoo's Egg reads like a spy novel, Kingpin reads like a crime novel. Cyber security professionals might know the highlights of…

Book Review: The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage (1989) by Clifford Stoll

Executive Summary

This book is a part of the cyber security canon. If you are a cyber security professional, you should have read this by now. Twenty years after it was published, it still has something of value to say on persistent cyber security problems like information sharing, privacy versus security, cyber espionage and the intelligence dilemma. Rereading it after 20 years, I was pleasantly surprised to learn how pertinent that story still is. If you are not a cyber security professional, you will still get a kick out of this book. It reads like a spy novel, and the main characters are quirky, smart, and delightful.


The Cuckoo’s Egg is my first love. Clifford Stoll published it in 1989, and the first time I read it, I devoured it over a weekend when I should have been writing my grad school thesis. It was my introduction to the security community and the idea that somebody had to protect these new-fangled gadgets called computers. Back in those days, authors put their …