Friday: 🎁 Christmas Day; Wonder Woman 1984 debuts in theaters & on HBO Max
💻 How the U.S. Got Hacked
News broke last week that U.S. government agencies and corporations were compromised in a massive cyber-espionage campaign carried out by a nation-state widely reported to be Russia (but not officially confirmed).
☀️ Solar-Powered Hack All of the attacks appear to stem from one initial breach of IT infrastructure and management firm SolarWinds – more specifically, the company’s network-monitoring tool called Orion, which makes up ~45% of its revenue.
Evidence shows hackers infiltrated SolarWinds as far back as October 2019, planting malicious code in software updates of Orion. The code added a backdoor to the network of any customer who installed an Orion patch between March and June of this year.
SolarWinds, which manages network infrastructure for 425 of the U.S. Fortune 500 companies (~330k companies in total), said in an SEC filing last week it has notified ~33k Orion customers about the risk of potential exposure, but it believes “the actual number” of potentially affected customers is under 18k.
Some victims of the hack only had a backdoor planted on their network and nothing else, while others were subject to further reconnaissance and data exfiltration. Investigators are working to determine the depth and breadth of each customer’s exposure.
💬 Relevant Quote: “If they didn’t exfiltrate data, it’s because they didn’t want it. If they didn’t take access, it’s because they weren’t interested in it.” –Jake Williams, former NSA hacker & founder of security firm Rendition Infosec
Departments of State, Homeland Security, Commerce, Health, Energy, and Treasury.
The Cybersecurity and Infrastructure Security Agency.
At least three unidentified states.
The city of Austin, TX.
Two companies have publicly acknowledged significant breaches:
FireEye, one of the largest cybersecurity firms in the world, which was the first to disclose a breach on Dec. 8.
Microsoft, which found indicators of the malware in its systems and identified more than 40 of its customers – mostly in the U.S. – who were similarly compromised.
What’s Next? Before the U.S. can respond, it must first establish what the operation was – an espionage campaign, or a cyberattack? While it may seem like splitting hairs, the terms carry two different political and legal ramifications:
Espionage is an accepted part of international relations, one that is often met with arrests, sanctions, or counterintelligence. So far, experts have categorized the ongoing U.S. breach as “espionage to steal national security information.”
A cyberattack carries more serious domestic and international consequences, and could lead the U.S. to respond with force against the nation-state responsible.
Russia hack will fuel lies, conspiracies and national security fears
Questions about the rating system we use? Learn more
Share Today’s Dose of Discussion
🇬🇧 UK Tackles New Virus Strain
The UK imposed its highest tier of lockdown restrictions starting yesterday across south-east and eastern England – including London – in an effort to contain a highly-infectious new strain of COVID-19. Recorded cases across the UK rose 51% last week, largely attributed to the new coronavirus strain officials say appears to spread 70% faster than earlier variants.
More: Ireland, Germany, France, Italy, the Netherlands, Belgium, Austria, Bulgaria, Turkey, and Switzerland imposed travel restrictions on the UK over the weekend.
💬 Relevant Quote: “We have not seen a single (virus) mutation yet that would make it evade the vaccine.” –Adm. Brett Girior, the top U.S. official overseeing coronavirus testing.
The FDA issued an emergency use authorization to Moderna for its COVID-19 vaccine on Friday. Per NBC News, the company is using McKesson, a healthcare supply chain management company, to distribute the shots via UPS and FedEx, with initial deliveries expected to arrive later today.
More: A CDC advisory panel voted Sunday to put “frontline essential workers” and people aged 75+ next in line to receive a COVID-19 vaccine (a combined ~49M Americans).
Even More: Vice President Mike Pence publicly received Pfizer/BioNTech’s vaccine on Friday, followed hours later by House Speaker Pelosi (D) and Senate Majority Leader McConnell (R). President-elect Biden and incoming First Lady Jill Biden will receive the shot later today.
Senate Majority Leader McConnell (R) said negotiators finalized a ~$900B coronavirus relief package Sunday evening, though the legislative text was not released. Congress is hoping to attach the relief measure to a bill to fund the government through next September, and passed a series of stopgap funding measures over the weekend to buy more time for stimulus negotiations. The House is expected to vote on the ~$900B package later today.
Dec. 10: Mastercard and Visa prohibit the use of their cards on Pornhub’s platform following separate investigations into the NYT’s allegations.
Dec. 14: Pornhub removes all unverified content, totaling as many as 10M of its ~13.5M videos.
Dec. 17: A Financial Times report reveals, for the first time, the principal owner of Pornhub’s parent company, MindGeek – a businessman named Bernard Bergemar.
🎮 Game Over
Sony removedCyberpunk 2077, developer CDPR’s flagship video game, from its PlayStation store late Thursday and offered full refunds to anyone who bought the game. This comes days after CDPR said players unsatisfied with their purchase on the PS4 or Microsoft’s Xbox One should request a refund, which Sony historically does not allowfor used digital purchases.
Since Cyberpunk 2077 was released on Dec. 10, players have complained of routine crashes and visual glitches on the newer PS5, with the game performing even worse on the last-gen PS4.
More: Microsoft announced a similar refund policy for Cyberpunk 2077, but did not go as far as removing the game from its online store.
🍩 DONUT Holes:
⚖️ U.S. prosecutorscharged a former China-based software engineer at Zoom with conspiring to censor speech for terminating at least four video meetings commemorating the 31st anniversary of the Tiananmen Square protests.
🐝 Bumble confidentially filed IPO documents with the SEC, Bloomberg reported on Friday.
🏈 The College Football Playoff is set, featuring Alabama, Clemson, Notre Dame, and Ohio State.
🚗 Church Donation (to) Drive
Nakinta Kendrick, a mother of four from Gary, IN, was refueling at a gas station last month when a group of armed men approached her. After stealing Nakita’s keys, the men drove off in her car and led police on a chase that ended with the thieves totaling the stolen vehicle.
Within days of the robbery, the pastor at Nakinta’s church rallied the congregation to raise more than $3,000 for the single mother – surprising her with a fully insured car.
⛄ Do You Want to Have a Snow Day?
School has looked anything but ordinary this year. Given the challenges of the current academic environment, one school administrator from West Virginia took time last week to remind young learners of life’s little joys.
In aletterthat has since gone viral, Jefferson County School Superintendent Bondy Gibson announced on December 15th that schools would close for a snow day– even though the district is conducting all classes remotely.
🦿 A Leg Up on Life
Darshit Thakrar, a radiologist from Loma Linda, CA, was in the process of training for a marathon in 2015 when he was struck by a passing vehicle while changing a flat tire. Following the accident, Darshit awoke in the hospital with no memory of the trauma – and with his left leg amputated.
Are you a business that’s struggling to get paid for work you’ve already completed?
CollBox is a platform built to help businesses get paid for their past-due invoices in a quick and efficient way. Whether you’re a solo entrepreneur or a team of many, we’re here to get you paid for your work.
Chasing down invoices is frustrating and time-consuming. So we created Assist, a soft-touch reminder service acting as a friendly extension to your back-office. Assist ensures your business gets paid – and you don’t need to spend the time to make it happen.
Stop wasting time chasing past-due invoices, and start 2021 with this exclusive offer for DONUT subscribers: Get your first month of Assist for $1 with a 3-month agreement ($249+ off of list price).
✨ The Stars Are Brightly Shining… tonight, Jupiter and Saturn will come together in a “Great Conjunction” unlike any seen in nearly 800 years. Astronomers say this phenomenon could be a scientific explanation behind the biblical Star of Bethlehem present in Christmas nativity scenes.
⏳ Crime Time
What is the longest officially confirmed prison sentence ever handed down?
A) 45 life sentences B) 161 life sentences C) 108 life sentences D) 74 life sentences
(keep scrolling for the answer)
Get Your FREE Stuff
Step 1. Use the button below or copy your unique referral link