💽 The massive Solarwinds hack, explained

Home › 💽 The massive Solarwinds hack, explained

💽 The massive Solarwinds hack, explained

By: The Hustle | @TheHustle

December 18, 2020

PLUS: Q&A with Tim Urban (Wait But Why).

December 18, 2020

TOGETHER WITH

Christmas 2020 is one week away! Get those partridges in a pear tree ready.

The Big Idea

The massive SolarWinds hack may force widespread regulatory change

Earlier this week, news of a massive hacking operation — likely Russia-sponsored — rippled through the tech community.

At the center of the storm is SolarWinds, a $5B+ IT company that manages the network infrastructure for **checks notes** everyone:

425 of the US Fortune 500
All 10 of the top US telecom companies
Key US government bodies: Pentagon, State, Treasury, Commerce, NSA, DOJ, etc.

18k SolarWinds customers installed a malicious upgrade…

… sometime between March and June.

According to ThreatPost, SolarWinds was the “perfect target” because its network management software (Orion) has full visibility into an organization’s network.

SolarWinds made some comically bad mistakes in securing its critical tools:

Passwords: “solarwinds123” was one password for access to update servers
Antivirus: to make the installation process easier, the company advised customers to disable antivirus scanning

It’s not clear what was taken

But with the target list and level of access, the data — which we can only assume is more than family photos — is incredibly valuable.

Security analyst Brian Krebs writes that this breach could be an “existential event” for SolarWinds depending on how customers react.

The aforementioned Orion product accounts for ~45% of SolarWinds’ revenue, and lawsuits are almost certain.

SolarWinds’ stock has shed 20%+ this week

Additional losses will be dependent on how much the company knew. Per Krebs, researchers have told SolarWinds about its vulnerabilities for years (in fact, another tech firm — FireEye — broke the hacking news).

Further, in what can only be described as “interesting,” key SolarWinds investors unloaded $286m of stock prior to the hack disclosure.

Facebook’s former security chief Alex Stamos believes government-level change is needed to “create a mechanism to handle cyberattacks the same way [the US] reacts to failures in other complex industries.”

His suggestion: the creation of a cyber equivalent to the National Transportation Safety Board to find root causes and make recommendations on future prevention (e.g., literally any other password).

Snippets

This SolarWinds nugget needs its own snippet: “Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach” over the past few days to exterminate the threat.
Vials may contain 40% more vaccine, if every drop is properly drawn. Byrne Hobart did some napkin math and concluded that 260m more people could be vaccinated, making this discovery worth $500B (if total COVID damage is estimated at $16T).
Unbefitting of its name, the Robinhood trading app paid the SEC $65m for misleading users on how it made money (read our Q&A with competing app, Public, which is very transparent on how it makes money).
TikTok’s “deal” with Oracle and Walmart is basically Schrödinger’s cat: it both exists and doesn’t exist. One sign of it existing: TikTok will do its first ever shoppable US livestream in partnership with Walmart.
Big Tech be Big Tech-ing: When you get to a $1T+ valuation, you need to keep finding revenue streams to move the needle. Hence, Amazon is releasing a maps service to compete with Google and Microsoft.
Sounds reasonable: A new satellite from Capella Space can peer inside buildings with “resolution so crisp that you can see inside individual rooms.”
Tesla-type rallies for 2 Chinese EV makers value them on par with GM and Ford. This year, Nio is up ~11x to $70B while Warren Buffett-backed BYD is up ~4x to $69B.
Google’s $2.1B deal for Fitbit was cleared by the EU, as long as Google silos the data (read our piece on the EU’s not-so-great relationship with Big Tech).

Moving Company

What’s behind California-to-Texas relocations? (It’s more than taxes)

We’ve mentioned the California-to-Texas tech migration a few times here, as we ourselves have moved HQ from San Francisco to Austin.

Others that keenly observed us and followed suit include: Oracle, Hewlett-Packard Enterprise, and Elon Musk’s Twitter account.

So, what’s behind the corporate movement between the country’s 2 most populous states?

The most cited reason is taxes

While this is certainly true, there is a bit of nuance as explained by the Wall Street Journal.

Here are key considerations:

California has higher income taxes (up to 13.3% vs. 0%) and an active regulatory structure
Texas has more regressive property and sales taxes but is much more hands-off on the regulatory side

Business-level taxation is a wash, with Texas actually collecting a higher % of private sector economic activity (5%) — more than the national average (4.5%) — while California takes 4.3% per the WSJ.

Housing costs could be the X-factor

Due to looser land-use regulations, Texas is a comparatively cheaper place to own a home. And, per one tax expert, home ownership costs are a key variable in payrolls costs.

Combine that with no state-level income tax, and wooing talent for the long-term may be easier.

The rise of remote work does make the difference a bit moot for mobile white-collar workers. Either way, come say “hi” when the world’s normal again. 👋

Savvy shoppers are using this Amazon tool to save money (and support sustainability)

Amazon Renewed lets smart shoppers tap into steep discounts on refurbished, like-new products.

But don’t call it an e-thrift store… it’s far from it.

Renewed wants to make the shopping experience as close as possible to buying new on Amazon, which is why:

Every item is professionally inspected prior to listing
Full diagnostic tests are run and any defective parts are replaced
Any product that doesn’t meet your expectations in any way is covered by the Amazon Renewed Guarantee

Shop smarter, save money, and never even notice the difference.

Yeah, sounds like a good move to us.

(Oh, and if you want to get on the other end of the equation, Amazon Second Chance shows you how to trade in products and recycle Amazon devices/packaging.)

Shop Amazon Renewed →

Q&A

Wait But Why’s Tim Urban tells us the superpowers of being 20 and his request for a startup

Trends member Bilal Zaidi is the man behind Creator Lab, a business podcast that dives inside the minds of leading entrepreneurs & creators.

Zaidi recently had a convo with Tim Urban, author of Wait But Why and one of the internet’s most popular writers (check it out on your favorite podcast app or watch on YouTube).

Just for The Hustle readers, he asked Urban the following questions:

Do you have a request for a startup?

My wife is doing a startup in an area that I think is critically needed: innovation on what a doctor’s office should be, which hasn’t really changed since 1985.

Another: connecting supply and demand — like Uber and Airbnb — in surprising places.

Take cooking. There are people who love home cooking meals for their family, but their kids are out of the house. They can be connected to other people who want to eat home-cooked food but don’t want to cook.

What business would you launch if you were 20?

At 20, you have 2 superpowers:

You really have time
You have the freshest eyes

You can be fearless. You can dive into something that is likely to fail, which is — of course — one of the ways to create something great.

You’re on the bleeding edge of what is new and what’s possible. Zuckerberg started Facebook at 19, that’s not a coincidence.

I’d go after the 2 areas I mentioned and also probably social media. People have such a hunger to connect but no one wants to be in a toxic place.

What are your favorite Wait But Why posts?

Ones where I’m having fun and really nerding out: “Putting Time In Perspective and “7.3B People, One House.”

(Read the full Q&A here)

The Hustle Says

Invest in this fast-growing app that makes trading options easy. Check out Gatsby’s SeedInvest page here to get in on the future of options trading.*

Here’s a Sporcle quiz on 2011 TV shows. (Because what else are you gonna do on a Friday, work??? Hahaha. Good one, us.)

Returning to the office isn’t a matter of if, it’s a matter of when. Check out this quick video on how Robin can help make your transition to hybrid work in 2021 possible (and easy… like, really easy).*

Where our high school/college readers at? This one’s for you: Q-munity Vision is a conference for tiny geniuses like y’all to hear from the top minds on Blockchain, AI, Quantum Computing, Genomics, and more. Register here for free.

You don’t go to Chipotle. Chipotle goes to you. Get $0 delivery fees for an entire month from Chipotle, Chick-Fil-A, and thousands of others with this special offer from DoorDash.*

*This is a sponsored post.

Hacker of the Day

Bug bounties are programs where large corporations pay hackers to find vulnerabilities in their code. Netscape launched the first bug bounty program in 1995, to find issues in its browser.

Since then, companies with gnarly code bases — Google, Facebook, Tesla, Microsoft, Uber, Verizon, etc. — have paid millions of dollars to “ethical” hackers.

One of the top “ethical hackers” is Santiago Lopez, who became the first person to earn $1m on HackerOne, a platform that connects hackers with bounties.

The 20-year-old Lopez lives in Buenos Aires and got interested in hacking after watching Hackers (thank god he wasn’t inspired by Breaking Bad).

He is completely self-taught via YouTube and blogs; also, it’s a full-time job, with Lopez clocking 6-7 hours a day.

Other good tidbits:

His first bounty was $50
His largest bounty was $9k
He’s found 1,670+ bugs in his time

Damn, SolarWinds really coulda used this guy.

Shower Thoughts

via Reddit

Ambassador Giveaway

Win a 3-Hour Strategy Session with Sam Parr and The Hustle Team

“A single meeting could change your life.” – A very wise person.

This month, we’re giving one lucky person the chance to learn from The Hustle, uplevel their career or business, and make a few talented friends.

See, at The Hustle we believe in a few things –

Invest time in yourself
Have a goal
Build relationships
Ask a lot of questions
And most importantly, execute

That’s why we’re offering a 3-hour business strategy session to one lucky Ambassador — for free.

You’ll meet with Sam Parr, founder of The Hustle, alongside leaders from our Product, Growth, and Sales teams.

Ask us anything. Our team will work with you to strategize around your specific needs — growth tactics, sticky business decisions, product direction, you name it. Our team is at your disposal.

{if compare(3,referral_count) == 1 || !referral_count}

Plus, earn {3-referral_count} more referrals, and get a free copy of Hustle Con’s Greatest Hits.

{/if} {if compare(referral_count,2)==1 && compare(5,referral_count) == 1 }

Plus, earn {5-referral_count} more referrals, and get a free pack of Sam’s Stickers.

{/if} {if compare(referral_count,4)==1 && compare(10,referral_count) == 1 }

Plus, earn {10-referral_count} more referrals, and get a free pair of our signature skate socks.

{/if} {if compare(referral_count,9)==1 && compare(15,referral_count) == 1 }

Plus, earn {15-referral_count} more referrals, and get a free signature dad hat.

{/if} {if compare(referral_count,14)==1 && compare(25,referral_count) == 1 }

Plus, earn {25 – referral_count} more referrals, and get a free Always Be Hustlin Tee.

{/if} {if compare(referral_count,24)==1 && compare(50,referral_count) == 1 }

Plus, earn {50 – referral_count} more referrals, and get a free Startup Hoodie.

{/if} {if compare(referral_count,49)==1 && compare(100,referral_count) == 1 }

Plus, earn {100 – referral_count} more referrals, and get a free subscription to Trends.

{/if} {if compare(referral_count,99)==1 && compare(1000,referral_count) == 1 }

Plus, earn {1000 – referral_count} more referrals, and we’ll fly you to The Hustle HQ in Austin, Texas.

{/if}

How to enter: Copy and paste your referral link: [LINK] and share it with as many people as you can.

Act now. The ambassador with the most referrals between Thursday, December 10th at 12AM PT and Friday, December 18th at 11:59PM PT will win.

Plus the winner (and their company) will be announced in the daily for all 1.5 million subscribers to see.

Share to Win →

How did you like today’s email?
hate it	meh	love it

Get the 5-minute roundup you’ll actually read in your inbox

Business and tech news in 5 minutes or less

100% free. We don’t spam. Unsubscribe whenever.

What you can learn by analyzing ‘The Bachelor’ franchise

By Juliet Bennett Rylah / October 26, 2021

When educational technology director Suzana Somers was promoted in 2018, she began analyzing data from the reality TV series “The Bachelor” to learn to use Excel. Today, her …

Confused about supply shortages? Consider the odd economics of milk and sawdust.

By Jacob Cohen / October 26, 2021

Source: (kbwillis/Getty Images) Most folks at the grocery store probably see expensive milk and think, “Are you f*cking serious, cows?” But truth is, as with the cost for …

Facebook and Google are in hot water

By Trung T. Phan / October 26, 2021

Sometime this week, Mark Zuckerberg is expected to rebrand Facebook to reflect the company’s ambitions as a metaverse company. In line with this news, FB announced in its …

Intel’s $20B pivot could save the company, and help solve the chip shortage

By Rob Litterst / October 25, 2021

Via Getty Images At a basic level, there are a few ways to make money in the world of microchips: Producer: Design microchips yourself and sell them to customers Foundry: …

PayPal is eyeing a $45B acquisition of Pinterest — does it make sense?

By Trung T. Phan / October 25, 2021

If Leonardo da Vinci had Pinterest (Souce: YouTube / Pinterest) Most of us know Pinterest as the social media platform built around digital pinboards and images. Soon, we may know …

Digits: Dino millionaires, 305m bottles of Champagne, and Chinese films.

By Jacob Cohen / October 25, 2021

1) “Battle of Lake Changjin,” a Chinese movie about soldiers fighting US forces during the Korean War, is on track to be 2021’s 2nd-highest-grossing film, with a total box …

The burgeoning business of OnlyFans consulting

By Zachary Crockett / October 23, 2021

Amberly Rothfield is not an easy person to get a hold of. If you want to book a consultation with...

Hearing aids could be big business — and Big Tech is all ears

By Rob Litterst / October 22, 2021

Photo by: BSIP/Universal Images Group via Getty Images When you think about hearing aids, you probably picture the traditional beige variety that wraps around the ear. Thanks to a …

Product Roundup: Summarizing releases from Apple, Google, and Samsung

By Juliet Bennett Rylah / October 22, 2021

This was a big week for consumer tech, with Apple, Google, and Samsung all making product announcements. If you didn’t have time to watch, here’s a little recap. Apple …

Trump’s SPAC, explained

By Trung T. Phan / October 22, 2021

With how wild 2021 has been, it was inevitable that the following sentence would be typed by business journalists: Donald Trump is rolling out a SPAC. As a quick primer, a SPAC is …

[email-submission-form redirect-to-home="true" button-text="Join Free" include-trends-opt-in="true" id="main-signup-form" fail-url="" success-url="https://thehustle.co/signup" default-source="thehustleco" default-campaign="home"]

Cookie	Duration	Description
_ga	6 months	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_58267113_7	1 minute	This cookie is set by Google and is used to distinguish users.
_gat_UA-58267113-7	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_omappvp	6 months	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.
sailthru_content	1 year	No description available.
sailthru_pageviews	30 minutes	No description available.
sailthru_visitor	1 year	No description available.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
_uetsid	1 day	This cookies are used to collect analytical information about how visitors use the website. This information is used to compile report and improve site.
_uetvid	1 year 24 days	No description available.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
X-AB	1 day	No description available.