The world has a way of reminding us of our own helplessness. The year 2020 has had more than its share of examples to choose from, but for those who prefer to direct their existential dread toward the inability of anyone to protect their digital data, the recent revelation of one of the most significant cybersecurity attacks in history is an excellent place to start.
This past spring hackers managed to insert malicious code into a software product from an IT provider called SolarWinds Corp. whose client list includes 300,000 institutions. About 18,000 of them were exposed when they downloaded a legitimate update from SolarWinds—which of course is the exact thing you’re supposed to do to keep your defenses fresh. The attackers spent months running free through their victims’ networks before anyone noticed, harvesting secrets, and could also have been inserting other vulnerabilities and doing God knows what else. The U.S. government and independent cybersecurity experts have tied the attack to hackers affiliated with the Russian government, and its victims include the U.S. departments of Commerce, State, and Treasury, Microsoft Corp., and cybersecurity firm FireEye Inc.
But sure, go ahead and mix a few special characters into the password on your email account if it makes you feel better.
In a sense, the SolarWinds attack is far removed from the security concerns of individual users, who are more vulnerable to things like having their computers locked until they cough up a ransom denominated in Bitcoin. It’s not worth thinking too much about hardening yourself against state-sponsored hackers, in the same way you wouldn’t choose a deadbolt for your front door based on how well it would stand up to an intercontinental ballistic missile.
The options a government may consider to respond to cybersecurity threats are also not really available to individuals. Much of the discussion in the wake of the SolarWinds hack centers on how the U.S. can increase deterrence, which comes with the implicit assumption that there’s no purely technical fix to cybersecurity at the nation-state level.
In that respect, the breach has highlighted a weakness shared by large institutions and individuals. The digital landscape is far too complex for those who rely on it—you know, all of us—to monitor all the ways we’re exposed. Major factors determining whether your data will be used against you are completely out of your control.
Continue reading your story on the app
Continue reading your story in the magazine
The Food Fight in Fake Meat
Beyond Meat was an early leader. But rival Impossible Foods and others want to eat its lunch
The U.K. Wants to Clean Up Space
The amount of debris in orbit is an increasing danger—and a potential market opportunity
Prices for a warehouse staple are at a record, buoyed by the boom in e-commerce
THE MAN WHO KEEPS THE FAR RIGHT ONLINE
While Amazon and its peers have stopped supporting certain prominent White supremacists and conspiracy theorists, Nick Lim has stepped in
Stopping the Race to the Bottom on Taxes
The U.S. is energizing a global effort to put a floor under corporate tax rates
The Guggenheims Of NFTs
Perhaps you’ve heard of nonfungible tokens? These collectors already have millions of dollars’ worth
Reincarnation And Realpolitik
China, India, and the U.S. are vying to influence the selection of the next Dalai Lama
WAITING FOR ELON
It’s not easy to compete with Miami and Austin for high-tech jobs. But Adelanto, Calif., which boasts a light regulatory environment, an enthusiastic city manager, and plenty of dirt, is giving it a shot
LAW & CRYPTO
Arthur Hayes faces U.S. prosecution over how he ran his overseas Bitcoin exchange
In Hot Pursuit
Chris Urmson’s company, Aurora, has merged with Uber’s self-driving unit to take on Waymo