The hypocrisy of a SolarWinds hack-back by Biden
Earlier this year when I recommended how America should respond to the so-called SolarWinds hacking campaign, in which supposed Russian hackers infiltrated thousands of U.S. corporate and government IT networks, I focused, purposefully, on strengthening our defenses.
My reasoning: It would be hypocritical for the U.S. to pretend it doesn’t engage in similar acts of cyberespionage against its adversaries. (Even if the SolarWinds incident’s mega-sized scale amps up the level of aggression.)
But the Biden administration is apparently planning some sort of Kremlin-aimed counterattack anyway. A recent New York Times report quoted unnamed national security officials who said the administration was planning a “cyberstrike” within the next three weeks. The White House pushed back on the newspaper’s wording with one official telling CNBC’s Eamon Javers, “That was the New York Times’ characterization, not ours. We don’t know what the article is specifically referring to.” The Times later softened its headline by swapping in “retaliation.”
Ain’t this all just semantic quibbling? Maybe so, but in cyberspace, words and actions matters. As damaging as the SolarWinds hack is to the U.S.—and it is very—acting as though it crosses some unconscionable line would seem to be inconsistent with long-standing norms governing digital spycraft. As Wired’s Andy Greenberg notes, “any rule that could justify SolarWinds retaliation is one that the U.S. also violates with its own cyberespionage.”
That’s to say nothing of another dilemma: If the U.S. takes action against Russia, what should it do about China? Recent, widespread Microsoft Exchange server hacks, in which suspected Chinese hackers breached yet thousands more U.S. networks, surely warrant a response too? If so, then what?
Complicating the matter: Some cybersecurity experts who view the SolarWinds incident as business as usual see the Exchange debacle as going too far. Among them is Dmitri Alperovitch, cofounder of CrowdStrike, a cybersecurity firm, and creator of the Silverado Policy Accelerator, a security-focused think tank. In a thread on Twitter, he says that while the Exchange hackers “started out as targeted espionage campaign, they engaged in reckless and dangerous behavior.” That’s because the hackers indiscriminately planted “web shells,” easy entry points which enable remote control of computers, on the servers they breached. All of those machines “can now be used by other actors, including ransomware.”
“This in my view deserves a significant response by the Biden Administration, especially if we start seeing, as expected, damaging ransomware attacks against American companies this week,” Alperovitch adds.
These are thorny questions our national decision-makers face. But Biden has been surrounding himself with top-notch cybersecurity talent since taking office, and his advisors say they’re making cybersecurity a priority across government. No doubt the team is considering its options carefully.
Cuckoo for crypto puffs. The price of Bitcoin leaped to more than $54,000 this morning from around $51,000 yesterday. Institutional interest appears to be driving the action: Goldman Sachs said it is restarting plans for a cryptocurrency trading desk, a project it put on hold after the last bubble burst. China's Meitu, the image-editing beauty app, just bought $40 million worth of Bitcoin and Ethereum. Activist investor Dan Loeb said he recently did a "deep dive" into so-called digital gold. And NYDIG, an alternative asset manager that specializes in cryptocurrency, recently raised $200 million in new funding.
The trust-buster braintrust. President Joe Biden will nominate Lina Khan, a competition law scholar at Columbia University, to join the Federal Trade Commission, Politico reports. Following the appointment of Tim Wu, another Columbia University antitrust academic, as a White House economic advisor, the Biden administration appears to be staking out a position that's potentially hostile to Big Tech—a big departure from the cozy relationship that typified the Obama years. No more Mr. Nice Joe, apparently.
Feel the energy. Tesla CEO Elon Musk says an updated Cybertruck pick-up truck could come in the second quarter. He says the company is also expanding its "full self-driving mode" software, in limited release as of October, to many more drivers. And per some sleuthing by Bloomberg, Tesla is also apparently building a giant battery site, called Gambit Energy Storage, with plans to attach it to Texas's ailing power grid.
The wonderful wizard of Z. Softbank says it will pump $4.7 billion worth of investment into its Z Holdings affiliate and hire 5,000 A.I. software developers. The Japanese telecom giant plans for the unit, which owns Yahoo Japan and half of Korea's Line messenger app, to go head-to-head with U.S. tech giants like Google, Facebook, and Alphabet. Meanwhile, Greensill Bank, a Softbank-backed firm saddled with troubled supply chain financing loans, has filed for bankruptcy in the U.K.
Ready player one. The European Commission has approved Microsoft's $7.5 billion purchase of ZeniMax Media, parent of Bethesda Softworks, a video game studio known for Doom and Fallout. Expect the deal to bolster Microsoft's Xbox business. In other news, Microsoft's 2018 claims of having discovering evidence of an elusive particle, called a Majorana Fermion, which is key to its quantum computing endeavors, were apparently bunk, Wired reports. The scientists involved in the study issued a retraction in the journal Nature, where they originally published their supposed findings.
Cybersecurity roundup. Apple released an "important" iPhone, iPad, and Apple watch software update on Monday. The upgrade patches security holes hackers can exploit. Also, after the regulatory hammer came down on John McAfee, as Aaron discussed here yesterday, the man's namesake antivirus software firm—which has long since severed ties with him—said it would sell its enterprise business. The company is offloading the unit for $4 billion to a consortium led by Symphony Technology Group, a private equity firm, to focus instead on consumer security.
FOOD FOR THOUGHT
Mark Zuckerberg cares a lot about augmented and virtual reality. In case you had any doubts about that, read this recent interview he gave to The Information, in which he discusses how his preoccupation with the technology has dogged him since high school. The Facebook cofounder and CEO highlights why his company, known for social apps, is so intent on developing its own hardware here. Zuckerberg even takes a few indirect jabs at Apple, though he doesn't mention the company by name. (Bonus fun fact: Zuck says he got through the early days of the pandemic by playing Arizona Sunshine, a zombie shooter VR game, with friends.)
I’ve certainly found it a little bit constraining on mobile phones. You have these app stores that are pretty rigid in their rules. Certainly, there are things that I think would create better social experiences that we’re just simply not allowed to build. On desktop browsers, we have this whole gaming platform. We basically just weren’t allowed to bring that to mobile.
We would like to make sure that we can design the next system so it can actually create the kind of social experiences that we would like there to be.
IN CASE YOU MISSED IT
One year later: 15 ways life has changed since the onset of the COVID pandemic by Rachel Schallom and Fortune staff
Bulls rush back into tech and Bitcoin as yields cool off by Bernhard Warner
Fitbit’s first product since being acquired by Google is just for kids by Aaron Pressman
Will its carbon footprint put a cap on the price of Bitcoin? by Lucinda Shen
(Some of these stories require a subscription to access.Thank you for supporting our journalism.)
BEFORE YOU GO
These are not the fruits you're looking for. Some clever pranksters—er, researchers—discovered that you can fool CLIP, an image-deciphering artificial intelligence program developed by OpenAI, using handwritten notes. Someone scrawled the word iPod on a Post-It note and stuck it on an apple. The result? The computer thought it was looking at Apple's iconic MP3 player, as the Guardian notes. Poor thing.
Oh, and if you have not already seen it, it's about time you watched comedian John Mulaney's stupendous stand-up bit about robots and CAPTCHAs.