Skip to content
Lex Fridman PodcastLex Fridman Podcast

Nicole Perlroth: Cybersecurity and the Weapons of Cyberwar | Lex Fridman Podcast #266

Nicole Perlroth is a cybersecurity journalist and author. Please support this podcast by checking out our sponsors: - Linode: https://linode.com/lex to get $100 free credit - InsideTracker: https://insidetracker.com/lex and use code Lex25 to get 25% off - Onnit: https://lexfridman.com/onnit to get up to 10% off - ROKA: https://roka.com/ and use code LEX to get 20% off your first order - Indeed: https://indeed.com/lex to get $75 credit EPISODE LINKS: Nicole's Twitter: https://twitter.com/nicoleperlroth Nicole's Website: https://nytimes.com/by/nicole-perlroth Nicole's Book: https://amzn.to/3sOQjrs PODCAST INFO: Podcast website: https://lexfridman.com/podcast Apple Podcasts: https://apple.co/2lwqZIr Spotify: https://spoti.fi/2nEwCF8 RSS: https://lexfridman.com/feed/podcast/ Full episodes playlist: https://www.youtube.com/playlist?list=PLrAXtmErZgOdP_8GztsuKi9nrraNbKKp4 Clips playlist: https://www.youtube.com/playlist?list=PLrAXtmErZgOeciFP3CBCIEElOJeitOr41 OUTLINE: 0:00 - Introduction 0:55 - Zero-day vulnerability 6:56 - History of hackers 21:48 - Interviewing hackers 25:50 - Ransomware attack 38:34 - Cyberwar 51:42 - Cybersecurity 1:00:49 - Social engineering 1:17:42 - Snowden and whistleblowers 1:27:12 - NSA 1:36:59 - Fear for cyberattacks 1:44:30 - Self-censorship 1:48:51 - Advice for young people 1:54:08 - Hope for the future SOCIAL: - Twitter: https://twitter.com/lexfridman - LinkedIn: https://www.linkedin.com/in/lexfridman - Facebook: https://www.facebook.com/lexfridman - Instagram: https://www.instagram.com/lexfridman - Medium: https://medium.com/@lexfridman - Reddit: https://reddit.com/r/lexfridman - Support on Patreon: https://www.patreon.com/lexfridman

Lex FridmanhostNicole Perlrothguest
Feb 19, 20222h 1mWatch on YouTube ↗

At a glance

WHAT IT’S REALLY ABOUT

Inside Zero-Days: Nicole Perlroth Warns of Digital Doomsday Arms Race

  1. Nicole Perlroth explains the shadowy global market for zero‑day vulnerabilities, how governments and brokers buy and weaponize them, and why this fuels a new era of “mutually assured digital destruction.”
  2. She traces the culture and ethics of hackers, the evolution from hobbyist curiosity to lucrative offense, and the enormous collateral damage from ransomware and state cyber operations on hospitals, infrastructure, and businesses.
  3. Perlroth and Lex Fridman discuss individual security practices, structural weaknesses in U.S. critical infrastructure and regulation, and why basic defenses like multi‑factor authentication still block most attacks.
  4. They close with broader questions about surveillance, intelligence agencies, whistleblowing, the future metaverse, and why cultivating ethical defenders and authentic, informed citizens is essential to avoiding worst‑case outcomes.

IDEAS WORTH REMEMBERING

5 ideas

Zero-days are now a mature global market and core state capability.

Previously niche bugs, zero-day exploits are now routinely bought for six- and seven-figure sums by governments and brokers, putting powerful surveillance and sabotage tools into the hands of many nation-states and some authoritarian regimes.

Basic cyber hygiene still stops the majority of attacks.

Perlroth stresses that multi-factor authentication, proper patching, and not reusing passwords would prevent a huge portion of real intrusions—including headline incidents like Colonial Pipeline, which hinged on a single unprotected, old account.

Ransomware has moved from nuisance to national security threat.

Modern ransomware, increasingly using zero-days and supply-chain vectors, can shut hospitals, paralyze cities, and disrupt vaccine production; paying or not paying often presents agonizing trade-offs between funding criminals and preserving essential services.

U.S. critical infrastructure is structurally vulnerable and poorly regulated.

Because over 80% of critical infrastructure is privately owned, with minimal mandatory security standards or breach reporting, adversaries can quietly pre-position in pipelines, grids, and plants, planning leverage in future geopolitical crises.

The offense–defense imbalance and talent gap are dangerous.

Offense is sexier and better funded, drawing hackers to zero-day sales and offensive agencies; meanwhile, millions of defensive roles go unfilled globally, leaving hospitals, utilities, and companies under-protected against increasingly sophisticated attackers.

WORDS WORTH SAVING

5 quotes

We have stumbled into this new era of mutually assured digital destruction.

Nicole Perlroth

Basically, you can put an invisible ankle bracelet on someone without them knowing.

Nicole Perlroth

If you were gonna design a system to be as blind and vulnerable as possible, that's what it looks like in the United States.

Nicole Perlroth

It's always been more fun to be a pirate than be in the Coast Guard.

Nicole Perlroth

Perfect security is impossible. The name of the game is making yourself just a little bit harder to attack than the next guy.

Nicole Perlroth

Zero-day vulnerabilities, exploits, and the underground cyberweapons marketHacker culture, ethics, and the evolution from curiosity to monetizationRansomware, real-world harm, and the QNAP/Deadbolt and Colonial Pipeline casesNation-state cyber operations, critical infrastructure, and mutually assured digital destructionDefensive security: bug bounties, multi-factor authentication, and usabilitySurveillance, intelligence agencies, Snowden, and global norms in cyber conflictFuture risks: metaverse, identity, social engineering, and raising the next generation

High quality AI-generated summary created from speaker-labeled transcript.

Get more out of YouTube videos.

High quality summaries for YouTube videos. Accurate transcripts to search & find moments. Powered by ChatGPT & Claude AI.

Add to Chrome