💽 The massive Solarwinds hack, explained

Home › 💽 The massive Solarwinds hack, explained

💽 The massive Solarwinds hack, explained

By: The Hustle | @TheHustle

December 18, 2020

PLUS: Q&A with Tim Urban (Wait But Why).

December 18, 2020

TOGETHER WITH

Christmas 2020 is one week away! Get those partridges in a pear tree ready.

The Big Idea

The massive SolarWinds hack may force widespread regulatory change

Earlier this week, news of a massive hacking operation — likely Russia-sponsored — rippled through the tech community.

At the center of the storm is SolarWinds, a $5B+ IT company that manages the network infrastructure for **checks notes** everyone:

425 of the US Fortune 500
All 10 of the top US telecom companies
Key US government bodies: Pentagon, State, Treasury, Commerce, NSA, DOJ, etc.

18k SolarWinds customers installed a malicious upgrade…

… sometime between March and June.

According to ThreatPost, SolarWinds was the “perfect target” because its network management software (Orion) has full visibility into an organization’s network.

SolarWinds made some comically bad mistakes in securing its critical tools:

Passwords: “solarwinds123” was one password for access to update servers
Antivirus: to make the installation process easier, the company advised customers to disable antivirus scanning

It’s not clear what was taken

But with the target list and level of access, the data — which we can only assume is more than family photos — is incredibly valuable.

Security analyst Brian Krebs writes that this breach could be an “existential event” for SolarWinds depending on how customers react.

The aforementioned Orion product accounts for ~45% of SolarWinds’ revenue, and lawsuits are almost certain.

SolarWinds’ stock has shed 20%+ this week

Additional losses will be dependent on how much the company knew. Per Krebs, researchers have told SolarWinds about its vulnerabilities for years (in fact, another tech firm — FireEye — broke the hacking news).

Further, in what can only be described as “interesting,” key SolarWinds investors unloaded $286m of stock prior to the hack disclosure.

Facebook’s former security chief Alex Stamos believes government-level change is needed to “create a mechanism to handle cyberattacks the same way [the US] reacts to failures in other complex industries.”

His suggestion: the creation of a cyber equivalent to the National Transportation Safety Board to find root causes and make recommendations on future prevention (e.g., literally any other password).

Snippets

This SolarWinds nugget needs its own snippet: “Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach” over the past few days to exterminate the threat.
Vials may contain 40% more vaccine, if every drop is properly drawn. Byrne Hobart did some napkin math and concluded that 260m more people could be vaccinated, making this discovery worth $500B (if total COVID damage is estimated at $16T).
Unbefitting of its name, the Robinhood trading app paid the SEC $65m for misleading users on how it made money (read our Q&A with competing app, Public, which is very transparent on how it makes money).
TikTok’s “deal” with Oracle and Walmart is basically Schrödinger’s cat: it both exists and doesn’t exist. One sign of it existing: TikTok will do its first ever shoppable US livestream in partnership with Walmart.
Big Tech be Big Tech-ing: When you get to a $1T+ valuation, you need to keep finding revenue streams to move the needle. Hence, Amazon is releasing a maps service to compete with Google and Microsoft.
Sounds reasonable: A new satellite from Capella Space can peer inside buildings with “resolution so crisp that you can see inside individual rooms.”
Tesla-type rallies for 2 Chinese EV makers value them on par with GM and Ford. This year, Nio is up ~11x to $70B while Warren Buffett-backed BYD is up ~4x to $69B.
Google’s $2.1B deal for Fitbit was cleared by the EU, as long as Google silos the data (read our piece on the EU’s not-so-great relationship with Big Tech).

Moving Company

What’s behind California-to-Texas relocations? (It’s more than taxes)

We’ve mentioned the California-to-Texas tech migration a few times here, as we ourselves have moved HQ from San Francisco to Austin.

Others that keenly observed us and followed suit include: Oracle, Hewlett-Packard Enterprise, and Elon Musk’s Twitter account.

So, what’s behind the corporate movement between the country’s 2 most populous states?

The most cited reason is taxes

While this is certainly true, there is a bit of nuance as explained by the Wall Street Journal.

Here are key considerations:

California has higher income taxes (up to 13.3% vs. 0%) and an active regulatory structure
Texas has more regressive property and sales taxes but is much more hands-off on the regulatory side

Business-level taxation is a wash, with Texas actually collecting a higher % of private sector economic activity (5%) — more than the national average (4.5%) — while California takes 4.3% per the WSJ.

Housing costs could be the X-factor

Due to looser land-use regulations, Texas is a comparatively cheaper place to own a home. And, per one tax expert, home ownership costs are a key variable in payrolls costs.

Combine that with no state-level income tax, and wooing talent for the long-term may be easier.

The rise of remote work does make the difference a bit moot for mobile white-collar workers. Either way, come say “hi” when the world’s normal again. 👋

Savvy shoppers are using this Amazon tool to save money (and support sustainability)

Amazon Renewed lets smart shoppers tap into steep discounts on refurbished, like-new products.

But don’t call it an e-thrift store… it’s far from it.

Renewed wants to make the shopping experience as close as possible to buying new on Amazon, which is why:

Every item is professionally inspected prior to listing
Full diagnostic tests are run and any defective parts are replaced
Any product that doesn’t meet your expectations in any way is covered by the Amazon Renewed Guarantee

Shop smarter, save money, and never even notice the difference.

Yeah, sounds like a good move to us.

(Oh, and if you want to get on the other end of the equation, Amazon Second Chance shows you how to trade in products and recycle Amazon devices/packaging.)

Shop Amazon Renewed →

Q&A

Wait But Why’s Tim Urban tells us the superpowers of being 20 and his request for a startup

Trends member Bilal Zaidi is the man behind Creator Lab, a business podcast that dives inside the minds of leading entrepreneurs & creators.

Zaidi recently had a convo with Tim Urban, author of Wait But Why and one of the internet’s most popular writers (check it out on your favorite podcast app or watch on YouTube).

Just for The Hustle readers, he asked Urban the following questions:

Do you have a request for a startup?

My wife is doing a startup in an area that I think is critically needed: innovation on what a doctor’s office should be, which hasn’t really changed since 1985.

Another: connecting supply and demand — like Uber and Airbnb — in surprising places.

Take cooking. There are people who love home cooking meals for their family, but their kids are out of the house. They can be connected to other people who want to eat home-cooked food but don’t want to cook.

What business would you launch if you were 20?

At 20, you have 2 superpowers:

You really have time
You have the freshest eyes

You can be fearless. You can dive into something that is likely to fail, which is — of course — one of the ways to create something great.

You’re on the bleeding edge of what is new and what’s possible. Zuckerberg started Facebook at 19, that’s not a coincidence.

I’d go after the 2 areas I mentioned and also probably social media. People have such a hunger to connect but no one wants to be in a toxic place.

What are your favorite Wait But Why posts?

Ones where I’m having fun and really nerding out: “Putting Time In Perspective and “7.3B People, One House.”

(Read the full Q&A here)

The Hustle Says

Invest in this fast-growing app that makes trading options easy. Check out Gatsby’s SeedInvest page here to get in on the future of options trading.*

Here’s a Sporcle quiz on 2011 TV shows. (Because what else are you gonna do on a Friday, work??? Hahaha. Good one, us.)

Returning to the office isn’t a matter of if, it’s a matter of when. Check out this quick video on how Robin can help make your transition to hybrid work in 2021 possible (and easy… like, really easy).*

Where our high school/college readers at? This one’s for you: Q-munity Vision is a conference for tiny geniuses like y’all to hear from the top minds on Blockchain, AI, Quantum Computing, Genomics, and more. Register here for free.

You don’t go to Chipotle. Chipotle goes to you. Get $0 delivery fees for an entire month from Chipotle, Chick-Fil-A, and thousands of others with this special offer from DoorDash.*

*This is a sponsored post.

Hacker of the Day

Bug bounties are programs where large corporations pay hackers to find vulnerabilities in their code. Netscape launched the first bug bounty program in 1995, to find issues in its browser.

Since then, companies with gnarly code bases — Google, Facebook, Tesla, Microsoft, Uber, Verizon, etc. — have paid millions of dollars to “ethical” hackers.

One of the top “ethical hackers” is Santiago Lopez, who became the first person to earn $1m on HackerOne, a platform that connects hackers with bounties.

The 20-year-old Lopez lives in Buenos Aires and got interested in hacking after watching Hackers (thank god he wasn’t inspired by Breaking Bad).

He is completely self-taught via YouTube and blogs; also, it’s a full-time job, with Lopez clocking 6-7 hours a day.

Other good tidbits:

His first bounty was $50
His largest bounty was $9k
He’s found 1,670+ bugs in his time

Damn, SolarWinds really coulda used this guy.

Shower Thoughts

via Reddit

Ambassador Giveaway

Win a 3-Hour Strategy Session with Sam Parr and The Hustle Team

“A single meeting could change your life.” – A very wise person.

This month, we’re giving one lucky person the chance to learn from The Hustle, uplevel their career or business, and make a few talented friends.

See, at The Hustle we believe in a few things –

Invest time in yourself
Have a goal
Build relationships
Ask a lot of questions
And most importantly, execute

That’s why we’re offering a 3-hour business strategy session to one lucky Ambassador — for free.

You’ll meet with Sam Parr, founder of The Hustle, alongside leaders from our Product, Growth, and Sales teams.

Ask us anything. Our team will work with you to strategize around your specific needs — growth tactics, sticky business decisions, product direction, you name it. Our team is at your disposal.

{if compare(3,referral_count) == 1 || !referral_count}

Plus, earn {3-referral_count} more referrals, and get a free copy of Hustle Con’s Greatest Hits.

{/if} {if compare(referral_count,2)==1 && compare(5,referral_count) == 1 }

Plus, earn {5-referral_count} more referrals, and get a free pack of Sam’s Stickers.

{/if} {if compare(referral_count,4)==1 && compare(10,referral_count) == 1 }

Plus, earn {10-referral_count} more referrals, and get a free pair of our signature skate socks.

{/if} {if compare(referral_count,9)==1 && compare(15,referral_count) == 1 }

Plus, earn {15-referral_count} more referrals, and get a free signature dad hat.

{/if} {if compare(referral_count,14)==1 && compare(25,referral_count) == 1 }

Plus, earn {25 – referral_count} more referrals, and get a free Always Be Hustlin Tee.

{/if} {if compare(referral_count,24)==1 && compare(50,referral_count) == 1 }

Plus, earn {50 – referral_count} more referrals, and get a free Startup Hoodie.

{/if} {if compare(referral_count,49)==1 && compare(100,referral_count) == 1 }

Plus, earn {100 – referral_count} more referrals, and get a free subscription to Trends.

{/if} {if compare(referral_count,99)==1 && compare(1000,referral_count) == 1 }

Plus, earn {1000 – referral_count} more referrals, and we’ll fly you to The Hustle HQ in Austin, Texas.

{/if}

How to enter: Copy and paste your referral link: [LINK] and share it with as many people as you can.

Act now. The ambassador with the most referrals between Thursday, December 10th at 12AM PT and Friday, December 18th at 11:59PM PT will win.

Plus the winner (and their company) will be announced in the daily for all 1.5 million subscribers to see.

Share to Win →

How did you like today’s email?
hate it	meh	love it