The Hustle

💽 The massive Solarwinds hack, explained

Christmas 2020 is one week away! Get those partridges in a pear tree ready.


December 18, 2020

PLUS: Q&A with Tim Urban (Wait But Why).
December 18, 2020
TOGETHER WITH

Christmas 2020 is one week away! Get those partridges in a pear tree ready.

The Big Idea

The massive SolarWinds hack may force widespread regulatory change

Earlier this week, news of a massive hacking operation — likely Russia-sponsored — rippled through the tech community.

At the center of the storm is SolarWinds, a $5B+ IT company that manages the network infrastructure for **checks notes** everyone:

  • 425 of the US Fortune 500
  • All 10 of the top US telecom companies
  • Key US government bodies: Pentagon, State, Treasury, Commerce, NSA, DOJ, etc.

18k SolarWinds customers installed a malicious upgrade…

… sometime between March and June.

According to ThreatPost, SolarWinds was the “perfect target” because its network management software (Orion) has full visibility into an organization’s network.

SolarWinds made some comically bad mistakes in securing its critical tools:

  • Passwords: “solarwinds123” was one password for access to update servers
  • Antivirus: to make the installation process easier, the company advised customers to disable antivirus scanning

It’s not clear what was taken

But with the target list and level of access, the data — which we can only assume is more than family photos — is incredibly valuable.

Security analyst Brian Krebs writes that this breach could be an “existential event” for SolarWinds depending on how customers react.

The aforementioned Orion product accounts for ~45% of SolarWinds’ revenue, and lawsuits are almost certain.

SolarWinds’ stock has shed 20%+ this week

Additional losses will be dependent on how much the company knew. Per Krebs, researchers have told SolarWinds about its vulnerabilities for years (in fact, another tech firm — FireEye — broke the hacking news).

Further, in what can only be described as “interesting,” key SolarWinds investors unloaded $286m of stock prior to the hack disclosure.

Facebook’s former security chief Alex Stamos believes government-level change is needed to “create a mechanism to handle cyberattacks the same way [the US] reacts to failures in other complex industries.”

His suggestion: the creation of a cyber equivalent to the National Transportation Safety Board to find root causes and make recommendations on future prevention (e.g., literally any other password).

Snippets
 
Moving Company

What’s behind California-to-Texas relocations? (It’s more than taxes)

We’ve mentioned the California-to-Texas tech migration a few times here, as we ourselves have moved HQ from San Francisco to Austin.

Others that keenly observed us and followed suit include: Oracle, Hewlett-Packard Enterprise, and Elon Musk’s Twitter account. 

So, what’s behind the corporate movement between the country’s 2 most populous states?

The most cited reason is taxes 

While this is certainly true, there is a bit of nuance as explained by the Wall Street Journal.

Here are key considerations: 

  • California has higher income taxes (up to 13.3% vs. 0%) and an active regulatory structure 
  • Texas has more regressive property and sales taxes but is much more hands-off on the regulatory side 

Business-level taxation is a wash, with Texas actually collecting a higher % of private sector economic activity (5%) — more than the national average (4.5%) — while California takes 4.3% per the WSJ.

Housing costs could be the X-factor 

Due to looser land-use regulations, Texas is a comparatively cheaper place to own a home. And, per one tax expert, home ownership costs are a key variable in payrolls costs.

Combine that with no state-level income tax, and wooing talent for the long-term may be easier.

The rise of remote work does make the difference a bit moot for mobile white-collar workers. Either way, come say “hi” when the world’s normal again. 👋

SPONSORED

Savvy shoppers are using this Amazon tool to save money (and support sustainability)

Amazon Renewed lets smart shoppers tap into steep discounts on refurbished, like-new products. 

But don’t call it an e-thrift store… it’s far from it. 

Renewed wants to make the shopping experience as close as possible to buying new on Amazon, which is why:

Shop smarter, save money, and never even notice the difference. 

Yeah, sounds like a good move to us. 

(Oh, and if you want to get on the other end of the equation, Amazon Second Chance shows you how to trade in products and recycle Amazon devices/packaging.) 

Shop Amazon Renewed →
Q&A

Wait But Why’s Tim Urban tells us the superpowers of being 20 and his request for a startup

Trends member Bilal Zaidi is the man behind Creator Lab, a business podcast that dives inside the minds of leading entrepreneurs & creators.

Zaidi recently had a convo with Tim Urban, author of Wait But Why and one of the internet’s most popular writers (check it out on your favorite podcast app or watch on YouTube).

Just for The Hustle readers, he asked Urban the following questions:

Do you have a request for a startup?

My wife is doing a startup in an area that I think is critically needed: innovation on what a doctor’s office should be, which hasn’t really changed since 1985.

Another: connecting supply and demand — like Uber and Airbnb — in surprising places.

Take cooking. There are people who love home cooking meals for their family, but their kids are out of the house. They can be connected to other people who want to eat home-cooked food but don’t want to cook.

What business would you launch if you were 20?

At 20, you have 2 superpowers:

  • You really have time
  • You have the freshest eyes

You can be fearless. You can dive into something that is likely to fail, which is — of course — one of the ways to create something great.

You’re on the bleeding edge of what is new and what’s possible. Zuckerberg started Facebook at 19, that’s not a coincidence.

I’d go after the 2 areas I mentioned and also probably social media. People have such a hunger to connect but no one wants to be in a toxic place.

What are your favorite Wait But Why posts?

Ones where I’m having fun and really nerding out: “Putting Time In Perspective and “7.3B People, One House.”

(Read the full Q&A here)

The Hustle Says

Invest in this fast-growing app that makes trading options easy. Check out Gatsby’s SeedInvest page here to get in on the future of options trading.*

Here’s a Sporcle quiz on 2011 TV shows. (Because what else are you gonna do on a Friday, work??? Hahaha. Good one, us.)

Returning to the office isn’t a matter of if, it’s a matter of when. Check out this quick video on how Robin can help make your transition to hybrid work in 2021 possible (and easy… like, really easy).* 

Where our high school/college readers at? This one’s for you: Q-munity Vision is a conference for tiny geniuses like y’all to hear from the top minds on Blockchain, AI, Quantum Computing, Genomics, and more. Register here for free.

You don’t go to Chipotle. Chipotle goes to you. Get $0 delivery fees for an entire month from Chipotle, Chick-Fil-A, and thousands of others with this special offer from DoorDash.*

*This is a sponsored post.

Hacker of the Day

Bug bounties are programs where large corporations pay hackers to find vulnerabilities in their code. Netscape launched the first bug bounty program in 1995, to find issues in its browser.

Since then, companies with gnarly code bases — Google, Facebook, Tesla, Microsoft, Uber, Verizon, etc. — have paid millions of dollars to “ethical” hackers.

One of the top “ethical hackers” is Santiago Lopez, who became the first person to earn $1m on HackerOne, a platform that connects hackers with bounties.

The 20-year-old Lopez lives in Buenos Aires and got interested in hacking after watching Hackers (thank god he wasn’t inspired by Breaking Bad).

He is completely self-taught via YouTube and blogs; also, it’s a full-time job, with Lopez clocking 6-7 hours a day.

Other good tidbits:

  • His first bounty was $50
  • His largest bounty was $9k
  • He’s found 1,670+ bugs in his time

Damn, SolarWinds really coulda used this guy.

Shower Thoughts

  1. Your character doesn’t blink in 1st person games
  2. You’re more likely to slip in a centimeter of water than 4 feet of water
  3. Dogs can legally be police officers, but not criminals
  4. 3.5 out of 5 seems like a lot less than 7 out of 10
  5. The most awkward thing as a kid is reading a birthday card out loud while pretending not to only care about the money inside
via Reddit
Ambassador Giveaway

Win a 3-Hour Strategy Session with Sam Parr and The Hustle Team

“A single meeting could change your life.” – A very wise person.

This month, we’re giving one lucky person the chance to learn from The Hustle, uplevel their career or business, and make a few talented friends.

See, at The Hustle we believe in a few things –

  • Invest time in yourself
  • Have a goal
  • Build relationships
  • Ask a lot of questions
  • And most importantly, execute

That’s why we’re offering a 3-hour business strategy session to one lucky Ambassador — for free.

You’ll meet with Sam Parr, founder of The Hustle, alongside leaders from our Product, Growth, and Sales teams.

Ask us anything. Our team will work with you to strategize around your specific needs — growth tactics, sticky business decisions, product direction, you name it. Our team is at your disposal.

{if compare(3,referral_count) == 1 || !referral_count}

Plus, earn {3-referral_count} more referrals, and get a free copy of Hustle Con’s Greatest Hits.

{/if} {if compare(referral_count,2)==1 && compare(5,referral_count) == 1 }

Plus, earn {5-referral_count} more referrals, and get a free pack of Sam’s Stickers.

{/if} {if compare(referral_count,4)==1 && compare(10,referral_count) == 1 }

Plus, earn {10-referral_count} more referrals, and get a free pair of our signature skate socks.

{/if} {if compare(referral_count,9)==1 && compare(15,referral_count) == 1 }

Plus, earn {15-referral_count} more referrals, and get a free signature dad hat.

{/if} {if compare(referral_count,14)==1 && compare(25,referral_count) == 1 }

Plus, earn {25 – referral_count} more referrals, and get a free Always Be Hustlin Tee.

{/if} {if compare(referral_count,24)==1 && compare(50,referral_count) == 1 }

Plus, earn {50 – referral_count} more referrals, and get a free Startup Hoodie.

{/if} {if compare(referral_count,49)==1 && compare(100,referral_count) == 1 }

Plus, earn {100 – referral_count} more referrals, and get a free subscription to Trends.

{/if} {if compare(referral_count,99)==1 && compare(1000,referral_count) == 1 }

Plus, earn {1000 – referral_count} more referrals, and we’ll fly you to The Hustle HQ in Austin, Texas.

{/if}

How to enter: Copy and paste your referral link: [LINK] and share it with as many people as you can.

Act now. The ambassador with the most referrals between Thursday, December 10th at 12AM PT and Friday, December 18th at 11:59PM PT will win.

Plus the winner (and their company) will be announced in the daily for all 1.5 million subscribers to see.

Share to Win →
How did you like today’s email?

hate it

meh

love it

Join 1.5m+ professionals getting The Hustle daily news brief

Business and tech news in 5 minutes or less

100% free, no ads or spam, unsubscribe anytime

Exit mobile version