💽 The massive Solarwinds hack, explained


December 18, 2020

PLUS: Q&A with Tim Urban (Wait But Why).
December 18, 2020
The Hustle
TOGETHER WITH
Amazon Renewed

Christmas 2020 is one week away! Get those partridges in a pear tree ready.

The Big Idea
hacker

The massive SolarWinds hack may force widespread regulatory change

Earlier this week, news of a massive hacking operation — likely Russia-sponsored — rippled through the tech community.

At the center of the storm is SolarWinds, a $5B+ IT company that manages the network infrastructure for **checks notes** everyone:

  • 425 of the US Fortune 500
  • All 10 of the top US telecom companies
  • Key US government bodies: Pentagon, State, Treasury, Commerce, NSA, DOJ, etc.

18k SolarWinds customers installed a malicious upgrade…

… sometime between March and June.

According to ThreatPost, SolarWinds was the “perfect target” because its network management software (Orion) has full visibility into an organization’s network.

SolarWinds made some comically bad mistakes in securing its critical tools:

  • Passwords: “solarwinds123” was one password for access to update servers
  • Antivirus: to make the installation process easier, the company advised customers to disable antivirus scanning

It’s not clear what was taken

But with the target list and level of access, the data — which we can only assume is more than family photos — is incredibly valuable.

Security analyst Brian Krebs writes that this breach could be an “existential event” for SolarWinds depending on how customers react.

The aforementioned Orion product accounts for ~45% of SolarWinds’ revenue, and lawsuits are almost certain.

SolarWinds’ stock has shed 20%+ this week

Additional losses will be dependent on how much the company knew. Per Krebs, researchers have told SolarWinds about its vulnerabilities for years (in fact, another tech firm — FireEye — broke the hacking news).

Further, in what can only be described as “interesting,” key SolarWinds investors unloaded $286m of stock prior to the hack disclosure.

Facebook’s former security chief Alex Stamos believes government-level change is needed to “create a mechanism to handle cyberattacks the same way [the US] reacts to failures in other complex industries.”

His suggestion: the creation of a cyber equivalent to the National Transportation Safety Board to find root causes and make recommendations on future prevention (e.g., literally any other password).

Share on Facebook Share on Twitter Send as email to a friend View on our website
Snippets
  • This SolarWinds nugget needs its own snippet: “Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach” over the past few days to exterminate the threat.
  • Vials may contain 40% more vaccine, if every drop is properly drawn. Byrne Hobart did some napkin math and concluded that 260m more people could be vaccinated, making this discovery worth $500B (if total COVID damage is estimated at $16T).
  • Unbefitting of its name, the Robinhood trading app paid the SEC $65m for misleading users on how it made money (read our Q&A with competing app, Public, which is very transparent on how it makes money).
  • TikTok’s “deal” with Oracle and Walmart is basically Schrödinger’s cat: it both exists and doesn’t exist. One sign of it existing: TikTok will do its first ever shoppable US livestream in partnership with Walmart.
  • Big Tech be Big Tech-ing: When you get to a $1T+ valuation, you need to keep finding revenue streams to move the needle. Hence, Amazon is releasing a maps service to compete with Google and Microsoft.
  • Sounds reasonable: A new satellite from Capella Space can peer inside buildings with “resolution so crisp that you can see inside individual rooms.”
  • Tesla-type rallies for 2 Chinese EV makers value them on par with GM and Ford. This year, Nio is up ~11x to $70B while Warren Buffett-backed BYD is up ~4x to $69B.
  • Google’s $2.1B deal for Fitbit was cleared by the EU, as long as Google silos the data (read our piece on the EU’s not-so-great relationship with Big Tech).
 
Moving Company
US Map

What’s behind California-to-Texas relocations? (It’s more than taxes)

We’ve mentioned the California-to-Texas tech migration a few times here, as we ourselves have moved HQ from San Francisco to Austin.

Others that keenly observed us and followed suit include: Oracle, Hewlett-Packard Enterprise, and Elon Musk’s Twitter account. 

So, what’s behind the corporate movement between the country’s 2 most populous states?

The most cited reason is taxes 

While this is certainly true, there is a bit of nuance as explained by the Wall Street Journal.

Here are key considerations: 

  • California has higher income taxes (up to 13.3% vs. 0%) and an active regulatory structure 
  • Texas has more regressive property and sales taxes but is much more hands-off on the regulatory side 

Business-level taxation is a wash, with Texas actually collecting a higher % of private sector economic activity (5%) — more than the national average (4.5%) — while California takes 4.3% per the WSJ.

Housing costs could be the X-factor 

Due to looser land-use regulations, Texas is a comparatively cheaper place to own a home. And, per one tax expert, home ownership costs are a key variable in payrolls costs.

Combine that with no state-level income tax, and wooing talent for the long-term may be easier.

The rise of remote work does make the difference a bit moot for mobile white-collar workers. Either way, come say “hi” when the world’s normal again. 👋

Share on Facebook Share on Twitter Send as email to a friend View on our website
SPONSORED

Savvy shoppers are using this Amazon tool to save money (and support sustainability)

Amazon Renewed lets smart shoppers tap into steep discounts on refurbished, like-new products. 

But don’t call it an e-thrift store… it’s far from it. 

Renewed wants to make the shopping experience as close as possible to buying new on Amazon, which is why:

  • Every item is professionally inspected prior to listing
  • Full diagnostic tests are run and any defective parts are replaced
  • Any product that doesn’t meet your expectations in any way is covered by the Amazon Renewed Guarantee

Shop smarter, save money, and never even notice the difference. 

Yeah, sounds like a good move to us. 

(Oh, and if you want to get on the other end of the equation, Amazon Second Chance shows you how to trade in products and recycle Amazon devices/packaging.) 

Shop Amazon Renewed →
Q&A

Wait But Why’s Tim Urban tells us the superpowers of being 20 and his request for a startup

Trends member Bilal Zaidi is the man behind Creator Lab, a business podcast that dives inside the minds of leading entrepreneurs & creators.

Zaidi recently had a convo with Tim Urban, author of Wait But Why and one of the internet’s most popular writers (check it out on your favorite podcast app or watch on YouTube).

Just for The Hustle readers, he asked Urban the following questions:

Do you have a request for a startup?

My wife is doing a startup in an area that I think is critically needed: innovation on what a doctor’s office should be, which hasn’t really changed since 1985.

Another: connecting supply and demand — like Uber and Airbnb — in surprising places.

Take cooking. There are people who love home cooking meals for their family, but their kids are out of the house. They can be connected to other people who want to eat home-cooked food but don’t want to cook.

What business would you launch if you were 20?

At 20, you have 2 superpowers:

  • You really have time
  • You have the freshest eyes

You can be fearless. You can dive into something that is likely to fail, which is — of course — one of the ways to create something great.

You’re on the bleeding edge of what is new and what’s possible. Zuckerberg started Facebook at 19, that’s not a coincidence.

I’d go after the 2 areas I mentioned and also probably social media. People have such a hunger to connect but no one wants to be in a toxic place.

What are your favorite Wait But Why posts?

Ones where I’m having fun and really nerding out: “Putting Time In Perspective and “7.3B People, One House.”

(Read the full Q&A here)

Share on Facebook Share on Twitter Send as email to a friend View on our website
The Hustle Says

Invest in this fast-growing app that makes trading options easy. Check out Gatsby’s SeedInvest page here to get in on the future of options trading.*

Here’s a Sporcle quiz on 2011 TV shows. (Because what else are you gonna do on a Friday, work??? Hahaha. Good one, us.)

Returning to the office isn’t a matter of if, it’s a matter of when. Check out this quick video on how Robin can help make your transition to hybrid work in 2021 possible (and easy… like, really easy).* 

Where our high school/college readers at? This one’s for you: Q-munity Vision is a conference for tiny geniuses like y’all to hear from the top minds on Blockchain, AI, Quantum Computing, Genomics, and more. Register here for free.

You don’t go to Chipotle. Chipotle goes to you. Get $0 delivery fees for an entire month from Chipotle, Chick-Fil-A, and thousands of others with this special offer from DoorDash.*

*This is a sponsored post.

Hacker of the Day
Santiago Lopez

Bug bounties are programs where large corporations pay hackers to find vulnerabilities in their code. Netscape launched the first bug bounty program in 1995, to find issues in its browser.

Since then, companies with gnarly code bases — Google, Facebook, Tesla, Microsoft, Uber, Verizon, etc. — have paid millions of dollars to “ethical” hackers.

One of the top “ethical hackers” is Santiago Lopez, who became the first person to earn $1m on HackerOne, a platform that connects hackers with bounties.

The 20-year-old Lopez lives in Buenos Aires and got interested in hacking after watching Hackers (thank god he wasn’t inspired by Breaking Bad).

He is completely self-taught via YouTube and blogs; also, it’s a full-time job, with Lopez clocking 6-7 hours a day.

Other good tidbits:

  • His first bounty was $50
  • His largest bounty was $9k
  • He’s found 1,670+ bugs in his time

Damn, SolarWinds really coulda used this guy.

Shower Thoughts

  1. Your character doesn’t blink in 1st person games
  2. You’re more likely to slip in a centimeter of water than 4 feet of water
  3. Dogs can legally be police officers, but not criminals
  4. 3.5 out of 5 seems like a lot less than 7 out of 10
  5. The most awkward thing as a kid is reading a birthday card out loud while pretending not to only care about the money inside
via Reddit
Ambassador Giveaway

Win a 3-Hour Strategy Session with Sam Parr and The Hustle Team

“A single meeting could change your life.” – A very wise person.

This month, we’re giving one lucky person the chance to learn from The Hustle, uplevel their career or business, and make a few talented friends.

See, at The Hustle we believe in a few things –

  • Invest time in yourself
  • Have a goal
  • Build relationships
  • Ask a lot of questions
  • And most importantly, execute

That’s why we’re offering a 3-hour business strategy session to one lucky Ambassador — for free.

You’ll meet with Sam Parr, founder of The Hustle, alongside leaders from our Product, Growth, and Sales teams.

Ask us anything. Our team will work with you to strategize around your specific needs — growth tactics, sticky business decisions, product direction, you name it. Our team is at your disposal.

{if compare(3,referral_count) == 1 || !referral_count}

Plus, earn {3-referral_count} more referrals, and get a free copy of Hustle Con’s Greatest Hits.

{/if} {if compare(referral_count,2)==1 && compare(5,referral_count) == 1 }

Plus, earn {5-referral_count} more referrals, and get a free pack of Sam’s Stickers.

{/if} {if compare(referral_count,4)==1 && compare(10,referral_count) == 1 }

Plus, earn {10-referral_count} more referrals, and get a free pair of our signature skate socks.

{/if} {if compare(referral_count,9)==1 && compare(15,referral_count) == 1 }

Plus, earn {15-referral_count} more referrals, and get a free signature dad hat.

{/if} {if compare(referral_count,14)==1 && compare(25,referral_count) == 1 }

Plus, earn {25 – referral_count} more referrals, and get a free Always Be Hustlin Tee.

{/if} {if compare(referral_count,24)==1 && compare(50,referral_count) == 1 }

Plus, earn {50 – referral_count} more referrals, and get a free Startup Hoodie.

{/if} {if compare(referral_count,49)==1 && compare(100,referral_count) == 1 }

Plus, earn {100 – referral_count} more referrals, and get a free subscription to Trends.

{/if} {if compare(referral_count,99)==1 && compare(1000,referral_count) == 1 }

Plus, earn {1000 – referral_count} more referrals, and we’ll fly you to The Hustle HQ in Austin, Texas.

{/if}

How to enter: Copy and paste your referral link: [LINK] and share it with as many people as you can.

Act now. The ambassador with the most referrals between Thursday, December 10th at 12AM PT and Friday, December 18th at 11:59PM PT will win.

Plus the winner (and their company) will be announced in the daily for all 1.5 million subscribers to see.

Share to Win →
How did you like today’s email?

hate it

meh

love it

Get the 5-minute roundup you’ll actually read in your inbox

Business and tech news in 5 minutes or less

100% free. We don’t spam. Unsubscribe whenever.

Psst

How'd Bezos build a billion dollar empire?

In 1994, Jeff Bezos discovered a shocking stat: Internet usage grew 2,300% per year.

Data shows where markets are headed.

And that’s why we built Trends — to show you up-and-coming market opportunities about to explode. Interested?

We’re shooting our shot…

Start your mornings with The Daily.

Get the freshly baked 5-minute newsletter every day except Saturdays.

It’s filled with the most interesting stories on business, tech, and the internet.

And written for innovators of every industry. Sign up for the news that slaps.

If you don’t like it, unsubscribe any time. Privacy policy.

[email-submission-form redirect-to-home="true" button-text="Join Free" include-trends-opt-in="true" id="main-signup-form" fail-url="" success-url="https://thehustle.co/signup" default-source="thehustleco" default-campaign="home"]
<script type="text/javascript"> var onloadCallback = function() { grecaptcha.render('verify-your-humanity', { 'sitekey' : '6LdddrcZAAAAALyttpvOqiwQGwq5BNhgDz4tMQGE' }); }; function getCookieValue(a) { var b = document.cookie.match('(^|[^;]+)\\s*' + a + '\\s*=\\s*([^;]+)'); return b ? atob(decodeURIComponent(b.pop())) : ''; } function setHiddenFieldValue(wrappingDiv, searchParams, className, utmName, cookieName, defaultValue) { var el = wrappingDiv.getElementsByClassName(className)[0]; var existingVal = el.getAttribute('value'); var newVal = searchParams.get(utmName) || getCookieValue(cookieName); if ((existingVal == null || existingVal == '' || existingVal == defaultValue) && (newVal != null && newVal != '')) { el.setAttribute('value', newVal); } } function setHiddenFieldValueFromUtm( wrappingDiv, searchParams, className, utmName, defaultValue ) { var el = wrappingDiv.getElementsByClassName(className)[0]; if (el != null) { var existingVal = el.getAttribute("value"); var newVal = searchParams.get(utmName); if (newVal != null && newVal != "") { el.setAttribute("value", newVal); } } } function initForm() { var wrappingDivs = document.getElementsByClassName('email-submission'); wrappingDivs.forEach(wrappingDiv => { var sp = new URLSearchParams(window.location.search); setHiddenFieldValue(wrappingDiv, sp, 'funnel-source', 'utm_source', 'funnel_source', 'thehustleco'); setHiddenFieldValue(wrappingDiv, sp, 'funnel-campaign', 'utm_campaign', 'funnel_campaign', 'home'); setHiddenFieldValue(wrappingDiv, sp, 'funnel-medium', 'utm_medium', 'funnel_medium', ''); setHiddenFieldValue(wrappingDiv, sp, 'funnel-referral', 'ref', 'funnel_referral', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-a', 'a', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-c', 'c', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-o', 'o', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-oc', 'oc', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-e', 'e', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-f', 'f', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-r', 'r', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-t', 't', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-s1', 's1', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-s2', 's2', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-s3', 's3', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-s4', 's4', ''); setHiddenFieldValueFromUtm(wrappingDiv, sp, 'funnel-s5', 's5', ''); var error_message = getCookieValue('funnel_error_message'); if (error_message && error_message.trim() != '') { var error = wrappingDiv.getElementsByClassName('funnel-error')[0]; var prev_email = getCookieValue('funnel_email'); error_message = prev_email + " is not valid. Please try again"; error.innerHTML = error_message; error.style = ''; } }); if (false) { initCaptchaFormV2(); } } function initCaptchaFormV2() { var v3RecaptchaResponseEl = document.getElementById('recaptcha-response-v3'); v3RecaptchaResponseEl.parentNode.removeChild(v3RecaptchaResponseEl); var wrappingDiv = document.getElementById('main-signup-form'); var subForm = wrappingDiv.getElementsByClassName('email-submission')[0]; var captchaVersion = document.createElement('input'); captchaVersion.class = 'g-recaptcha hidden-input'; captchaVersion.type = 'hidden'; captchaVersion.name = 'g-recaptcha-response-v2'; captchaVersion.value = 'true'; subForm.appendChild(captchaVersion); var captchaEl = document.createElement('div'); captchaEl.id = 'verify-your-humanity'; subForm.appendChild(captchaEl); var captchaApiScriptEl = document.createElement('script'); captchaApiScriptEl.src = 'https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit'; captchaApiScriptEl.async = true; captchaApiScriptEl.defer = true; document.head.appendChild(captchaApiScriptEl); } function appendCheckboxes() { var optInDivs = document.querySelectorAll('.trends-opt-in'); optInDivs.forEach(el => { if (el.getElementsByClassName('trends-opt-in-checkbox').length < 1) { var checkbox = document.createElement('input'); checkbox.setAttribute('class', 'trends-opt-in-checkbox'); checkbox.setAttribute('type', 'checkbox'); checkbox.setAttribute('name', 'trends_opt_in'); var label = document.createElement('label'); label.setAttribute('class', 'trends-opt-in-text'); label.textContent = "Yes, I'd like to receive updates on market opportunities before they explode from Trends by The Hustle"; el.appendChild(checkbox); el.appendChild(label); checkbox.click(); } }) } window.addEventListener('DOMContentLoaded', (event) => { var funnel_email_cookie = getCookieValue('funnel_email'); if ( (true) && (funnel_email_cookie != null && funnel_email_cookie != '') ) { window.location.replace('/home'); } initForm(); if (true) { appendCheckboxes(); } }); </script> <div class="email-signup" id=main-signup-form> <div class="funnel-error" style="display:none;"></div> <form class="email-submission" action="https://cms.thehustle.co/api/v1/contacts/wordpress_create" method="post" autocomplete="email"> <div class="email-form-wrap"> <input class="funnel-source hidden-input" type="hidden" name="source" value="thehustleco"> <input class="funnel-campaign hidden-input" type="hidden" name="campaign" value="home"> <input class="funnel-medium hidden-input" type="hidden" name="medium"> <input class="funnel-referral hidden-input" type="hidden" name="referral_code"> <input class="funnel-fail-url hidden-input" type="hidden" name="fail_url" value=""> <input class="funnel-a hidden-input" type="hidden" name="a" value=""> <input class="funnel-c hidden-input" type="hidden" name="c" value=""> <input class="funnel-o hidden-input" type="hidden" name="o" value=""> <input class="funnel-oc hidden-input" type="hidden" name="oc" value=""> <input class="funnel-e hidden-input" type="hidden" name="e" value=""> <input class="funnel-f hidden-input" type="hidden" name="f" value=""> <input class="funnel-r hidden-input" type="hidden" name="r" value=""> <input class="funnel-t hidden-input" type="hidden" name="t" value=""> <input class="funnel-s1 hidden-input" type="hidden" name="s1" value=""> <input class="funnel-s2 hidden-input" type="hidden" name="s2" value=""> <input class="funnel-s3 hidden-input" type="hidden" name="s3" value=""> <input class="funnel-s4 hidden-input" type="hidden" name="s4" value=""> <input class="funnel-s5 hidden-input" type="hidden" name="s5" value=""> <input class="funnel-success-url hidden-input" type="hidden" name="success_url" value="https://thehustle.co/signup"> <input id="recaptcha-response-v3" class="g-recaptcha hidden-input" type="hidden" name="g-recaptcha-response" value=""> <input class="signup-email" type="email" name="email" placeholder="Your email address" required autocomplete="email"> <input class="email-submit" type="submit" value="Join Free"> </div> <div class="trends-opt-in"></div> <div submit-success> <template type="amp-mustache"> <p class="c-message c-message--success">Thank you for subscribing.</p> </template> </div> <div submit-error> <template type="amp-mustache"> <p class="c-message c-message--failed">Your submission failed. Please try again!</p> </template> </div> </form> </div>