The Hacker and the State by Ben Buchanan | Free Audiobook

Quick Take

• Narration: Christopher Grove brings composure and clarity to dense geopolitical material, keeping the analytical sections from becoming exhausting.
• Themes: State-sponsored hacking, cyber espionage as statecraft, the gap between cyber fear and cyber reality
• Mood: Measured and revelatory, like sitting down with an intelligence analyst who is finally allowed to talk
• Verdict: A precise, evidence-driven dismantling of cyber-annihilation fantasies that replaces them with something more nuanced and more troubling.

I was partway through my commute on a grey Tuesday morning when Ben Buchanan introduced what he calls the espionage-versus-attack distinction, and I ended up sitting in my car for an extra fifteen minutes in a parking garage because I did not want to stop listening. That is the particular quality that The Hacker and the State has over most books in the national security space: it does not just describe a landscape, it provides the analytical tools to read that landscape yourself.

Buchanan is a Georgetown academic who has clearly done the archival work. The book draws on declassified files, company forensic reports, and original interviews, and the sourcing gives the arguments a weight that op-ed-derived takes on cyber policy consistently lack. Christopher Grove narrates with the kind of measured authority that suits academic journalism, and the pairing works well for material that requires careful attention.

The Taxonomy That Reframes Everything

The most valuable contribution of this book is its taxonomy of what nation-states actually do in cyberspace. Buchanan sorts state hacking into three categories: espionage (stealing information), attack (disrupting or destroying systems), and destabilization (undermining trust in institutions). Most public discussion collapses these three into a single frightening blur, which produces both excessive panic about some activities and inadequate attention to others.

The destabilization category is the one that hits hardest. Buchanan’s treatment of the 2016 US election interference does not focus primarily on whether vote counts were changed. It examines how the operation was designed to erode trust in democratic processes regardless of whether specific votes were manipulated. The distinction matters enormously for policy and for public understanding, and Buchanan handles it with a precision that most accounts of the same events have failed to achieve.

Undersea Cables, Underground Centrifuges

The range of incidents Buchanan covers is genuinely impressive. The book moves from underwater cable tapping operations to nuclear centrifuge sabotage at Natanz, from the Bangladesh Bank heist attributed to North Korea to the NotPetya attack that Buchanan examines as a case study in how cyber operations with ostensibly military targets produce massive civilian collateral damage. Each incident is used not as a standalone horror story but as evidence for a broader analytical argument about how cyber tools fit into state strategy.

What Buchanan argues convincingly is that cyber attacks have been far less catastrophically destructive than the most alarming predictions suggested, while simultaneously being far more pervasive and consequential than the minimizers have claimed. The framing cuts against both the cyber-doom enthusiasts and the cyber-skeptics, which is probably why it received a mixed reception in policy circles. The people it annoys most are the ones who have built careers on one of the two extreme positions.

Where the Argument Strains

The book’s final section on what the United States should do is less satisfying than the analytical material that precedes it. The recommendations are reasonable but not surprising, and the certainty with which Buchanan frames the need for US adaptation sits somewhat uneasily next to the careful hedging that characterizes the rest of the book. A reviewer who called the material an “eye opener and primer” was right, but also implicitly identified the limitation: the book is stronger as a framework than as a policy prescription.

Grove’s narration holds up across the full length of the book, which at just over 11 hours is long enough that pacing matters. The sections on specific incidents benefit from his willingness to slow down for technical detail without making the material feel labored.

Who Should Listen, Who Should Skip

Listen if you follow national security, technology policy, or international relations and want a rigorously sourced account of how state hacking actually operates. Also recommended for anyone who found Cybersecurity and Cyberwar useful and wants to go deeper into the geopolitical dimensions.

Skip if you are looking for a practitioner’s guide to cybersecurity defense. This is a policy and history book, not a technical manual, and it will frustrate listeners looking for operational guidance.

Frequently Asked Questions

How does The Hacker and the State differ from Cybersecurity and Cyberwar in terms of depth and audience?

Singer and Friedman’s book is explicitly designed for general audiences with no prior background. Buchanan’s book assumes a bit more familiarity with the geopolitical landscape and goes considerably deeper into specific operations and their strategic logic. The two books complement each other well if you read Cybersecurity and Cyberwar first.

Does the book cover the SolarWinds hack or other more recent supply chain attacks?

The coverage extends through incidents available at time of publication. SolarWinds (discovered December 2020) and similar subsequent supply chain attacks would postdate the original manuscript, though the analytical framework Buchanan establishes is directly applicable to understanding those events.

Is the chapter on election interference balanced or does it take a particular political position?

Buchanan approaches the 2016 interference operations analytically rather than politically, focusing on the mechanics and strategic objectives of the operation rather than partisan attributions of blame. The goal is to understand what was done and why, which makes the treatment more durable than most accounts written closer to the event.

How does Christopher Grove’s narration hold up across the denser analytical sections?

Grove is a strong fit for this material. He maintains a consistent, measured register that keeps complex analytical passages legible without over-dramatizing them. The narration does not draw attention to itself, which is the right choice for a book that rewards close attention to argument.