Tech Brew Ride Home - Fri. 05/28 – SolarWinds Back In The Headlines

Episode Date: May 28, 2021

The SolarWinds hackers are back, and I’m starting to fear the escalation of a cyber cold war here. Mark Gurman thinks we’ll see redesigned AirPods this year. Have I Been Pwned goes open source. An...d come for the longreads suggestions as always, but stay for my rant about that insane Citizen app story. Sponsors: Netgear.com/bestwifi Promocode: Tech10 Cybereason.com Links: Russia Appears to Carry Out Hack Through System Used by U.S. Aid Agency (New York Times) Apple Plans Redesigned AirPods for 2021, New AirPods Pro in 2022 (Bloomberg) Have I been Pwned goes open source (ZDnet) Weekend Longreads Suggestions: 'FIND THIS FUCK:' Inside Citizen’s Dangerous Effort to Cash In On Vigilantism (Vice) Own the Internet (Not Boring) A New Crop in Pennsylvania: Warehouses (New York Times) The Mystery of Magic’s Greatest Card Trick (New York Times) Subscribe to the RideHome+ Feed at: tech.supercast.tech Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco. Hey, who did this to you? What happened next turned the story into a political firestorm. Reports have identified the victim as Bob Lee, the founder of Cash App. From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16. Welcome to the Tech meme right home for Friday, May 28th, 2021. I'm Brian McCullough today. The Solar Winds hackers are back, and I'm starting to fear the escalation of a cyber cold war here. Mark Garman thinks we'll see redesigned AirPods this year. Have I been poned? Goes open source. And come for the
Starting point is 00:00:52 long read suggestions, as always, but stay for my rant about that insane citizen app story. Microsoft is reporting that the Solar Winds hackers are back and that they've hacked email systems used by the State Department's international aid agency in order to attack human rights groups and other organizations critical of Russia's President Vladimir Putin. Remember, we don't know how long the solar winds hackers were in the various systems. They penetrated last year, and we don't know what sort of booby traps and hidey holes they installed for themselves for later use. Perhaps this is that coming home to Roost, quoting the New York Times. hackers linked to Russia's main intelligence agency surreptitiously seized an email system used by the State Department's
Starting point is 00:01:38 International Aid Agency to burrow into the computer networks of human rights groups and other organizations of the sort that have been critical of President Vladimir Putin. Microsoft Corporation disclosed on Thursday. The newly disclosed attack was also particularly bold. By breaching the systems of a supplier used by the federal government, the hackers sent out genuine-looking emails to more than 3,000 accounts across more than 150 organizations that regular. received communications from the United States Agency for International Development. Those emails went out as recently as this week, and Microsoft said it believes the attacks are ongoing. The email was implanted with code that would give the hackers unlimited access to the computer systems of the recipients from stealing data to infecting other computers on a network. Tom Burt, a Microsoft Vice President, wrote on Thursday night. The original SolarWinds attack went undetected by the U.S.
Starting point is 00:02:26 government for nine months until it was discovered by a cybersecurity firm. In April, President Biden said he could have responded far more strongly to the attack, but, quote, chose to be proportionate because he did not want to, quote, kick off a cycle of escalation and conflict with Russia, end quote. The Russian response nonetheless seems to have been escalation. The malicious activity was underway as recently as the past week. That suggests that the sanctions and whatever additional covert actions the White House carried out in response to the solar winds hack, Part of a strategy of creating seen and unseen costs for Moscow has not choked off the Russian government's appetite for disruption. A spokesperson for the cybersecurity and infrastructure security agency at the Department of Homeland Security said late Thursday that the agency was, quote, aware of the potential compromise at the agency for international development and that it was working with the FBI and U.S. aid to better understand the extent of the compromise and assist potential victims, end quote. Microsoft identified the Russian group behind the attack, as nobellium and said it was the same group responsible for the SolarWinds hack.
Starting point is 00:03:34 Last month, the American government explicitly said that SolarWinds was the work of the SVR, one of the most successful spinoffs from the Soviet-era KGB. The same agency was involved in the hacking of the Democratic National Committee in 2016, and before that, in attacks on the Pentagon, the White House email system, and the State Department's unclassified communications, end quote. It's Mark German and Debbie Wu Apple Scoop Friday. the pairs say that Apple is planning redesigned AirPods to come out this year and second-gen AirPods Pro to come out in 2022, which will include updated motion sensors for fitness tracking.
Starting point is 00:04:15 The new base AirPods will mark the first update to the product since March 2019 and will add a new design that mostly mirrors that of the AirPods Pro. The earbuds will come with a new case and shorter stems poking out of the bottom of each one, but the AirPods Pro coming next year will be the first change to that product since October 2019 and will include updated motion sensors with a focus on fitness tracking, the people said, asking not to be named because the plans are private. As part of its broader home audio and accessory strategy, Apple has also begun early development of a home pod speaker with a built-in screen, as well as a device that combines the features of a home pod, FaceTime camera, and Apple TV, Bloomberg News has reported.
Starting point is 00:04:55 Competition for speakers with screens is already widespread. Apple released a HomePod mini speaker last year and outlined a minor update to the Apple TV set-top box last month. For the new AirPods Pro, Apple has also tested a smaller design that eliminates the stems. That look will debut on new beats-branded wireless earbuds planned to be announced next month, end quote. Have I Been Poned? Has, as promised, gone open source, starting with the Poned password code. Also, the FBI is going to begin sharing compromised passwords discovered in investigations,
Starting point is 00:05:34 with the site, quoting ZDNet. Why is the FBI getting involved? Because Brian A. Vorndan, the FBI's assistant director, Cyber Division, said, quote, we are excited to be partnering with HIBP on this important project to protect victims of online credential theft. It's another example of how important public-private partnerships are in the fight against cybercrime, end quote. The FBI passwords will be provided in SHA1 and N-TLM hash pairs. HibP does doesn't need them in plaintext. They'll be fed into the system as they're made available by the bureau. To do that, have I been poned, is adding on a new open source program, poned passwords, to let the data flow easily into HIPP. HIPP founder, Troy Hunt, security expert and Microsoft
Starting point is 00:06:22 Regional Director, explained he's open sourcing the code because, quote, the philosophy of HIBP has always been to support the community. Now I want the community to help support HIBP. HIBP is written in dot net and runs on Azure. People check the free HIBP site at a rate of almost one billion requests per month. It collects data from all the many personal security breaches that happen every week or two. Hunt says he could, quote, proverbially lift and shift pone passwords into open source land in a pretty straightforward fashion, which makes it the obvious place to start. It's also great timing because, as I said earlier, it's now an important part of many online services, and this move ensures that anybody can run their own poned passwords
Starting point is 00:07:04 instances if they so choose. Hunt hopes, quote, that this encourages greater adoption of the service, both due to the transparency that opening the codebase brings and the confidence that people can always roll their own if they choose. Maybe they don't want the hosted API dependency, maybe they just want a fallback position should I ever meet an early demise through an unfortunate jet ski accident. This gives people choices, end quote. As M.O. Prodolinsky pointed out on Twitter, sometimes one person's work really can make a significant difference in the world. How could this project take off from here? Well, imagine just one scenario from Sean Scott on Twitter, quote, if banks and fintech want to have trust front and center, why not leverage services like this one to
Starting point is 00:07:51 tell customers whether their passwords are compromised, end quote. Imagine that. Imagine proactively alerting and protecting your own users. Time for the weekend long read suggestions. And look, just read this first one. If you've never read any of my long read suggestions before, read this one, because this is one of the worst, wildest things I've ever read in my 22 years in the tech industry. It's from motherboard slash vice, and it involves that citizen app that we recently talked about, you know, how they're hiring private security forces, vigilanteism on demand. Well, if possible,
Starting point is 00:08:37 if this story is true, it's even worse. Like, it seems that vigilanteism is an actual growth hacking strategy that they're employing. Like, really, read the whole thing. They're flooding users with notifications about crimes to make them anxious enough to pay up for the Citizen Premium Service. It's gross. In fact, I'm just going to read the whole lead to the piece so you can see how gross it actually is, quote. Andrew Frame was excited. It was Saturday night two weeks ago, and Frame, the CEO of the Crime and Neighborhood Watch app Citizen, was on Slack, whipping himself and his employees into what he'd later call at an all-hands meeting a, quote, fury of passion about a wildfire that had broken
Starting point is 00:09:19 out earlier that afternoon in Los Angeles's Pacific Palisades neighborhood. Citizen had gotten a tip that the wildfire was started by an arsonist, and Frame had decided earlier in the night that the fire was a huge opportunity. Citizen, using a new live streaming service it had just launched called On Air, would catch the suspect live on air with thousands of people watching. Frame decided the citizen user who provided information that led to the suspect's arrest would get $10,000. Frame wanted him before midnight. As the night were on, Citizen got more information about the supposed suspect. They obtained a photo of a man, which they kept up on the live stream for large portions of the night. More information trickled in through a tips line citizen had set up.
Starting point is 00:10:03 Citizen said the information about the person of interest came from an on-the-ground tip from an LAPD sergeant, followed by emails from local residents who had been approached by LAPD officers. First name? What is it? Publish all info, Framed told employees working in a citizen slack room who were working on the case. Find this fuck, he told them. Let's get this guy before midnight. He's going down. Breaking news, this guy is the devil, get him, Frame said. By midnight, we hate this guy, get him. He was growing impatient. He increased the bounty to $20,000. Thousands of people were watching citizens live stream, but the man still hadn't been caught. Frame asked his staff to send out another notification, one that would hit all citizen users in Los Angeles. The bounty had to go higher.
Starting point is 00:10:47 Close in on him. 30K. Let's get him. No escape. Let's increase. 30K, frame said. Notify all of L.A. blast to all of LA. Citizen is on air. Arsonist pursuit continues the notification, which went out to 848,000 citizen users in Los Angeles said, we are now offering a $30,000 reward for any information directly leading to his arrest tonight. Tap to join the live search, end quote. In the Slack room with Frame 1 staffer brought up a loophole pointing out that Citizen was violating its own terms of service that prohibit, quote, posting of specific information that could identify parties involved in an incident, end quote. The staffer who brought up the terms of service violation was ignored in that specific Slack room, and the broadcast continued to specifically name the person and share his
Starting point is 00:11:34 photo for hours. Earlier in the night, soon after the news of a fire broke, frame said he saw the fire as a chance to catch a suspected arsonist live on the internet, therefore proving citizens' utility to users and helping the app grow. Quote, the more courage we have, the more signups we will have. Go after bad guys, signups will skyrocket. Period. We should catch a new bad guy every day, Frame said. At one point, Frame said, quote, these metrics will be great, and they were. At one point, 40,000 people were watching the live feed according to the Slack messages. Citizens saw a sharp spike in signups as the live stream spread.
Starting point is 00:12:11 Frame said at a later All-Hands meeting that 1.4 million people engaged with the content according to other Slack messages. Well after midnight, Los Angeles police made an arrest. In a separate slackroom, employees cautiously began to celebrate. Cop said it's an ongoing investigation. This looks like our guy, one employee wrote. It wasn't citizens guy. Frame and the entirety of the citizen apparatus had spent a whole night putting a bounty on the head of an innocent man, end quote. I was really tempted to do a much longer rant on this, but I'll settle for this take.
Starting point is 00:12:46 people ask a lot about my biases and point of view when I do this show. I'm a multi-time founder. I'm still an angel investor. So do I have the founder perspective, the investor perspective? Do I have the journalist perspective? I would never call myself a journalist, not because I'm one of those knee-jerk Silicon Valley types who hates journalists, but because I actually respect journalism as a craft. I respect all crafts. Even though I do something on the show that is journalism adjacent, I didn't go to school to learn how to do it properly, so I would never deign to be a practitioner of a craft that I didn't properly train for. My editorial stance on this show is that I love tech. It's the only industry I've ever worked in. It's all I've ever really known since before I was
Starting point is 00:13:31 an adult even. But because I love tech so much, I desperately want it to be better. I'm one of those people who drank the Kool-Aid and really believes tech can change humanity for the better. So when I see tech used for evil, venal, lazy shit, I get pissed. Growth hacking has always had a mixed connotation. Moving fast and breaking things includes the breaking things part. It's right there in the name. And I'm not naive or moralistic about this. My third startup got to 200,000 users, basically because we spam the hell out of Live Journal back in 2005. But your growth hacking does not get to destroy the fabric of the society that my kids live in. Your quest for engagement does not give you the right to create a running man-style dystopia.
Starting point is 00:14:16 This is not hyperbole. This is exactly what they're doing here. Oh, designing for virality, for engagement by creating the environment for doom scrolling, for showing people things that enrage them. That's bad enough. That's bad enough for people. That's bad enough for society. Designing your product to scare people, though. So much so that you're literally creating actual mob behavior is beyond morally reprehensible. I'd even say, say it's borderline illegal and actionable. Anyone involved in this, if this story ends up being true, has lost their moral compass full stop. Next, lots of folks have been sharing Paki McCormick's
Starting point is 00:14:55 bull case for Ethereum piece this week, and I'm sharing it because I think that this has rapidly, over the last few months or so, sort of become the consensus opinion, at least among folks in Silicon Valley who I talk to who are deeply into crypto. And it boils down to this, really, quote, Ethereum is so many things at once, all of which feed off each other. Ethereum, the blockchain, is a world computer, the backbone of a decentralized internet, Web 3, and the settlement layer for Web 3. Bitcoin is easy. It's digital gold. It's a store of value. It just kind of sits there. Ethereum is so much more than a cryptocurrency. It's a world computer and the value layer of the internet. It lets people build apps and products with money baked into the code.
Starting point is 00:15:39 If you believe that Web3 is going to continue to grow, then you likely believe that over time Ethereum will become the settlement layer of a new internet. All sorts of transactions, whether they happen on Ethereum, another blockchain or even Visa, will turn to Ethereum to exchange funds and keep secure immutable records. A year ago, I wouldn't have said that. But I'm increasingly convinced that ETH will become one of the best assets to own over the next five years. Here's the bullcase in a nutshell. Oaning ETH is like owning shares in the internet. Demand for ETH will go up with increased Web3 adoption, while upcoming changes will decrease the supply of ETH and let more value accrue to holders. It's like a tech stock, a bond, a ticket to Web3, and money rolled into one, end quote. Next, I've often said that if I could do it all over again, maybe I'd come back as an economist because I love stories like this one from the New York Times about the Lehigh Valley in Pennsylvania. If you know of the Lehigh Valley, you might know the city's Allentown, Bethlehem. This was one of the places the Industrial Revolution happened in the U.S. in the 19th and 20th century. But it's also rural, lots of farmland, so cheap land. Add to that, the Lehigh Valley's proximity to the New York and Philadelphia metro areas and two major interstate highways that go through the valley. And that means that about 30 percent of all American consumers are just a day's truck drive away from the Lehigh Valley. So now there is a gold rush for building, you guessed it, warehouses and fulfillment centers in the Lehigh Valley. Quote,
Starting point is 00:17:16 there are now almost as many warehouse and transportation jobs in the region as manufacturing positions, but it's not a milestone all celebrate, not in an area that hopes to keep alive its higher-paying manufacturing sector, even though some of its biggest employers like Bethlehem Steel closed down long ago. Manufacturing jobs in the Lehigh Valley pay on average, $71,400 a year compared with $46,700 working in a warehouse or driving a truck. The region is still home to large manufacturing plants that produce Crayola crayons and marshmallow peeps candies. Don Cunningham, the chief executive of the Lehigh Valley Economic Development Corporation, says the warehouse jobs are lifting employment and wages, particularly for unskilled workers.
Starting point is 00:17:58 If you were to turn away this economic opportunity for a whole sector of workers, where do they go, Mr. Cunningham said. they could end up on some sort of government assistance or end up caught up in the criminal justice system, end quote. Mr. Cunningham, whose father worked in the local steel industry, said he recognized that distribution jobs were not ideal, quote, but to be able to make $16 an hour with a high school diploma, there aren't a lot of places in the U.S. where you can do that, he said. This is a really nice sector for low-skilled workers. It at least gives them a fighting chance to carve out a livable wage, end quote. And then finally, one more from the New York Times. times. The magician David Burglis has perfected what magicians consider the greatest card trick ever devised. But David Burglis is 94, and he swears he can't teach the trick to a next generation
Starting point is 00:18:50 of magicians. Quote, it's not a secret I can give to anyone because it's not a secret as such, Mr. Bergliss, a formal and intense 94-year-old said at his home in North London. It's like asking a musician who can improvise to teach you his improvisations, which of course he can't, end quote. The trick is a version of a classic plot of magic called Any Card, Any Number. These tricks are called A Can in the business. A Can has been around since the 1700s, and every iteration unfolds in roughly the same way. A spectator is asked to name any card in a deck, let's say the nine of clubs. Another is asked to name any number between one and 52, let's say 31. The cards are dealt face up one by one, the 31st card is revealed, and of course it's the nine of clubs. Cue the gasps.
Starting point is 00:19:39 For all their differences, every A-Can has one feature in common. At some point, the magician touches the cards. The touch might be imperceptible, it might appear entirely innocent, but the cards are always touched, with one exception, David Burglis's version of A-Can. He would place the cards on a table, and he didn't handle them again until after the revelation and during the applause. There no sleight of hand, no hint of shenanigans. It was both effortless and boggling. Among magicians around the world, his touchless acan is one of the most talked about and puzzled over tricks in history. It was eventually labeled the Burgliss Effect and helped make its creator's reputation in a career that spans six decades. Over the years, a number of
Starting point is 00:20:22 magicians have reported private one-on-one performances of the Burgliss Effect that left them stupefied, end quote. And now the question is, will the secret to the trick, die with Burgliss, something, something, the prestige part two. Okay, big programming note for you. Monday is a bank holiday here in the U.S., so we will not have a normal weekday show for you on Monday because I'm taking the day off, but I will have plenty of content for you on Monday because on Monday we're going to release the Twitter space that we did this week, talking about the streaming wars, talking about Tesla, but even better than that, I'm going to give you several more hours of Twitter spaces because, well, you'll see.
Starting point is 00:21:15 Look for a special announcement episode on Monday explaining how we're going to do the Twitter space episodes going forward, including giving you access to Twitter spaces and clubhouse rooms from a bunch of other prominent tech voices all in one place. Look for that on Monday and enjoy. Also, Ride Home Plus subscribers. An interesting raises episode drops mere hours after this episode goes live. If you went in on that and you're not a right home plus subscriber as ever, subscribe at tech.comcast.com. But seriously, everybody, watch your feeds on Monday for our big new announce.
Starting point is 00:21:50 I'm super excited about this. Talk to you on Tuesday.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.