Tech Brew Ride Home - Fri. 09/16 – Big Uber Breach

Episode Date: September 16, 2022

Uber is investigating a breach of its systems that has caused it to take some of its most important systems offline. The White House has finally delivered that big “comprehensive framework” for cr...ypto regulation. How did Amazon do with its NFL broadcast last night? And, of course, the Weekend Longreads Suggestions. Links: Uber Investigating Breach of Its Computer Systems (NYTimes) Uber suffers computer system breach, alerts authorities (Washington Post) White House Releases ‘Comprehensive Framework’ for Crypto Regulation and Development (Decrypt) The Amazon Experience Comes to the NFL (The Ringer) Weekend Longreads Suggestions: The AI Unbundling (Stratechery) Deere Invests Billions in Self-Driving Tractors, Smart Crop Sprayers (WSJ) The Collectors Who Save Video-Game History from Oblivion (The New Yorker) The Enduring Allure of Choose Your Own Adventure Books (The New Yorker) Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 On April 4th, 2023, around 2 in the morning, a man was found stabbed multiple times on a sidewalk in downtown San Francisco. Hey, who did this to you? What happened next turned the story into a political firestorm. Reports have identified the victim as Bob Lee, the founder of Cash App. From Bloomberg Podcasts, this is Foundering, the Killing of Bob Lee, beginning April 16. Welcome to the Tech meme right home for Friday, September 16th, 2022. I'm Brian McCullough today. Uber is investigating a breach of its systems that has caused it to take some of its most important systems offline. The White House has finally delivered on that big comprehensive framework for crypto regulation.
Starting point is 00:00:51 How did Amazon do with its NFL broadcast last night and, of course, the weekend long read suggestions? Here's what you miss today in the world of tech. Two big stories this morning. First up, Uber has taken. down some of its internal communication and engineering systems, taking them fully offline as it investigates a breach of its overall systems. Uber's stock opened down more than 5% this morning on the news, quoting the New York Times. The breach appeared to have compromised many of Uber's internal systems and a person claiming responsibility for the hacks sent images of email, cloud storage, and code repositories to cybersecurity researchers and the New York Times.
Starting point is 00:01:32 They pretty much have full access to Uber, said Sam Kerr. a security engineer at Yuga Labs, who corresponded with the person who claimed to be responsible for the breach. This is a total compromise from what it looks like, end quote. An Uber spokesman said the company was investigating the breach and contacting law enforcement officials. Uber employees were instructed not to use the company's internal messaging service Slack and found that other internal systems were inaccessible, said to employees who were not authorized to speak publicly. Shortly before the Slack system was taken offline on Thursday afternoon, Uber employees received a message that read, quote, I announce I am a hacker and Uber has suffered
Starting point is 00:02:09 a data breach, end quote. The message went on the list several internal databases that the hacker claimed had been compromised. The hacker compromised a worker's Slack account and used it to send the message, the Uber spokesman said. It appeared that the hacker was later able to gain access to other internal systems posting an explicit photo on an internal information page for employees. The person who claimed responsibility for the hack told the New York Times that he had sent a text message to an Uber worker claiming to be a corporate information technology person. The worker was persuaded to hand over a password that allowed the hacker to gain access to Uber's systems, a technique known as social engineering. These types of social engineering attacks
Starting point is 00:02:46 to gain a foothold within tech companies have been increasing, said Rachel Tobac, chief executive of Social Proof Security. Ms. Tobac pointed to the 2020 hack of Twitter in which teenagers use social engineering to break into the company. Similar social engineering techniques were used in recent breaches at Microsoft and Octa. We are seeing that attackers are getting smart and also documenting what is working, Ms. Tobac said. They have kits now that make it easier to deploy and use social engineering methods. It's become almost commoditized, end quote.
Starting point is 00:03:17 Some security experts are saying that the hacker had access to Uber's AWS accounts, even Uber's Hacker One Bug Bounty Program. One source reports that the hacker downloaded all vulnerability reports before losing access. On the hacker in question, the Washington Post says the hacker claims to be 18 years old, says they had breached the company for fun and might leak its source code in a few months. Quote, internal screenshots obtained by the Washington Post showed the hacker claiming to have wide-ranging access inside Uber's corporate networks and appeared to indicate the hacker was motivated by the company's treatment of its drivers. The person claimed to have taken data from
Starting point is 00:03:55 common software used by Uber employees to write new programs. The hacker posted as Uber on a chat function at Hacker 1, which runs interference between researchers who are reporting security vulnerabilities and the companies who are affected by them. Uber and other companies use that service to manage reports of security flaws in its programs and to reward researchers who find them. In that chat, which was viewed by the post, the alleged hacker claimed access to Uber's Amazon Web Services account. In a subsequent interview on a messaging app, the alleged hacker told the post that they had breached the company for fun and might leak the source code, quote, in a few months. the person described Uber security as, quote, awful, end quote.
Starting point is 00:04:38 And the White House has officially released a comprehensive framework for crypto regulation, outlining the recommendations of various federal agencies after six months of study. Quoting to Crypt. The directive to research crypto was given in President Biden's executive order signed in March this year. Like the executive order today's comprehensive framework doesn't lay down any new legislation, but it does provide a clear vision of U.S. crypto regulation. The new framework builds on research from nine reports submitted to the president since the order and claims to reflect, quote, the input and expertise of diverse stakeholders across government,
Starting point is 00:05:14 industry, academia, and civil society, end quote. Their concerns are wide-ranging, and the recommendations include not just the obvious, such as consumer protections, environment, and national security, but go a step further to consolidate the U.S.'s role as a global crypto frontrunner by encouraging private sector innovation and co-cooperation on an international level. The framework Greenlights regulators like the Securities and Exchange Commission and Commodity Futures Trading Commission to continue coordinating efforts to enforce law in the industry and to share data on consumer complaints in the space.
Starting point is 00:05:46 The U.S. Treasury will take an active role in working with financial institutions to help identify and mitigate cyber risks through data sharing and analysis. It is also tasked with working with regulators to ensure crypto firms have regulatory guidance. The Treasury will extend this role to U.S. allies through international organizations like the Organization for Economic Cooperation and Development and the Financial Stability Board. The Treasury is expected to complete an illicit finance risk assessment on decentralized finance by the end of February 2023 and an assessment on non-fungible tokens by July 2023. President Biden himself will have to decide, quote, whether to call upon Congress to amend the Bank
Starting point is 00:06:25 Secrecy Act, anti-tip-off statutes and laws against unlicensed money transmitting to apply explicitly to digital asset service providers, including digital asset exchanges and non-fundgible token platforms, and quote, today's fact sheet admits there are opportunities to ensure that blockchain technology aligns with a net zero emissions economy and improving environmental justice. The report also mentions, quote, a potential U.S. CBDC citing many profound potential benefits in technology, the economy, security, and individual liberty, but efforts in this direction are limited to a set of policy objectives for a U.S. CBDC alongside, and quote, interagency working group led by the Treasury to, quote, consider the potential implications of a U.S.
Starting point is 00:07:10 CBDC, leverage cross-government technical expertise, and share information with partners, end quote. Unrelated, but not, not related. Speaking hours after Ethereum's merge update yesterday, SEC Chair Gary Gensler said that cryptocurrencies that let holders stake coins may be subject to U.S. securities laws, which means did Ether just get out of the frying pan only to find a new fire, quoting the Wall Street Journal? Securities and Exchange Commission Chairman Gary Gensler said Thursday that cryptocurrencies and intermediaries that allow holders to stake their coins might pass a key test used by courts to determine whether an asset is a security, known as the Howie test. it examines whether investors expect to earn a return from the work of third parties.
Starting point is 00:07:55 Quote, from the coins perspective, that's another indicia that under the Howie test, the investing public is anticipating profits based on the efforts of others. Mr. Gensler told reporters after a congressional hearing, he said he wasn't referring to any specific cryptocurrency. Issuers of securities, a category of assets that include stocks and bonds, are required to file extensive disclosures with the SEC under laws passed in the 1930s. exchanges and brokers that facilitate the trading of securities must comply with strict rules designed to protect investors from conflicts of interest. Cryptocurrency issuers and trading platforms face strict liabilities if they sell any assets that are
Starting point is 00:08:30 deemed to be securities by the SEC or courts. Staking is one of two ways in which cryptocurrency networks verify transactions, used by some of the largest cryptocurrencies including Solana, Cardano, and as of this week, Ether, it allows investors to lock up their tokens for a specified amount of time to receive a return. If an intermediary such as a crypto exchange offers staking services to its customers, Mr. Gensler said, it, quote, looks very similar with some changes of labeling to lending, end quote. The SEC has repeatedly signaled over the past year that firms offering crypto lending products need to register with the agency and in February forced BlockFi lending to pay $100 million for failing to do so,
Starting point is 00:09:09 end quote. Real quick, maybe you saw Amazon's debut last night as a full-fledged NFL broadcaster. Apparently, the program had audio and video issues and also lots of prime ads in it, but it was a good and conventional broadcast with top commentators and nice extra streams, at least according to the ringer. quote, the first thing I thought while watching Thursday's Kansas City Chiefs Los Angeles Chargers game, the first NFL game broadcast exclusively on Amazon Prime Video was, boy, there sure are a lot of ads for Amazon Prime Video on this game broadcast on Amazon Prime Video, considering I am paying $14.99 per month to watch this game on Amazon Prime Video. There were ads for The New Lord of the Rings Show, the boys, and some weird movie with Sylvester Stallone. To be honest, I was surprised there were commercials at all. Most streaming services, including TV shows on Prime Video, don't have commercials.
Starting point is 00:10:10 And Amazon is one of the largest companies on the planet. It's founder Jeff Bezos is worth $150 billion post-divorce. I thought maybe they'd fill the blank spaces built into football games with something unique, something only Amazon could afford to provide, something to convince us that for $9 per month, we can get the premier football watching experience. But nope. To be fair, it was a very good NFL game broadcast. Many people complained on Twitter about technical issues with
Starting point is 00:10:35 the video quality or lag, and observers noted that the sound from the Arrowhead Stadium crowd was notably muted. But there were plenty of positives. Amazon spent big money on Al Michaels, as well as Kirk Herbstreet, to give them two of the premier commentators in the sport, and the pregame halftime postgame crew features Richard Sherman and Ryan Fitzpatrick, two recently retired NFL players with big personalities and big brains who are obviously going to be spectacular on camera. And there were plenty of bells and whistles. Watching on a laptop allowed access to enhance replays and constantly updated advanced stats, such as how many yards of separation receivers were getting. There was a second stream featuring live all 22 clips,
Starting point is 00:11:13 player tracking and personal information, which will quickly become a favorite among football nerds. As it turns out, a fancy new Amazon streaming broadcast of an NFL game is very similar to a TV broadcast of an NFL game, except it now costs $9 per month, which is pretty disappointing because there's going to be a lot more streaming broadcasts of sports soon. end quote. Time for the weekend long read suggestions. First up, Ben Thompson had a big piece this week about what he calls the big AI unbundling that is clearly upon us. Quote, what remains is one final bundle, the creation and substantiation of an idea. To use myself as an example, I have plenty of ideas and thanks to the internet the ability to distribute them around the globe. However, I still need to
Starting point is 00:12:05 write them down just as an artist needs to create an image or a musician needs to write a song. What is becoming increasingly clear, though, is that this too is a bottleneck that is on the verge of being removed. The analogy to publishing points to what will be the long-term trend for any profession affected by these new AI models. Relatively undifferentiated creators who depend on the structural bundling of idea creation and substantiation will be reduced to competing with zero marginal cost creators for attention generated and directed from aggregators. Highly differentiated creators, though, who can substantially deliver both creation and substantiation on their own, will be even more valuable. Social media, for example, has been a tremendous boon to differentiated publishers.
Starting point is 00:12:47 It gives readers a megaphone to tell everyone how great said publisher is. These AI tools will have a similar effect on highly differentiated creators who will leverage text-based iteration to make themselves more productive and original than ever before, end quote. Then I've hit on this sort of story before, but from the Wall Street Journal, a big piece. about how very soon and very quickly agricultural equipment is about to be automated. For example, tractor maker Deere, which plans to debut self-driving tractors later this year, predicts that 10% of its revenue will come from software fees by the end of the decade. Quote, By 2026, Deer wants to connect 1.5 million machines in service and a half billion acres in use to its cloud-based John Deere Operations Center, which will collect and store crop data,
Starting point is 00:13:33 including millions of images of weeds that can be targeted by herbicide. Deer last year acquired California-based startup bare-flag robotics for $250 million to provide software for turning older tractors into autonomous-capable vehicles. Selling farmers' subscriptions to the software is expected to yield higher profit margins than sales of deer's signature green and yellow machinery, which will continue to make up the bulk of deer sales, end quote. Then from the New Yorker, the video game enthusiasts who have worked to save video game history from Oblivion. Quote,
Starting point is 00:14:05 The oldest video games are now about 70 years old, and their stories are disappearing. The companies that created early games left behind design documents and production timelines and story bibles, but these kinds of ephemera, and even the games themselves are easily lost. Paper mildews, disks demagnetize, bits are said to rot. As small errors accumulate and store data, hard drives die, and so do the people who produce games in the first place. Generations of kids grew up playing these video games and helped to jumpstart the digital revolution. But games aren't always treated as a serious part of the culture, and historians and archivists are only starting to preserve them. One museum curator even told me that a federal grant for
Starting point is 00:14:45 his game preservation work ended up on a U.S. Senators' list of wasteful projects. The challenge isn't just technical. It's also about convincing the public that game history is history and that it's well worth saving, end quote. And finally, also from the New Yorker, the enduring allure of Choose Your Own Adventure Books, quote, The Choose franchise hit a generational sweet spot alongside the rise of Dungeons and Dragons and other role-playing games. Back then, it was these text-based experiences which could most powerfully deliver the possibilities of interactive narrative. When you read these books as a child, your process was always the same. You started by following your intuitions, trying to approximate what you would actually do in these far-fetched situations,
Starting point is 00:15:26 and once you'd reach that first ending, the one you probably deserved, you let yourself try anything you wanted. You let yourself make reckless choices that ran counter to your intuitions in every imaginable way. It was like wearing brave person drag. You let yourself rummage through the rest of the book to find every single ending the same way you'd rummage through a bag of chips. If your nutritionist mother let you eat chips to find every single shard. The warning at the beginning of every Choose Your Own Adventure is also a promise. You are responsible because you choose. Think carefully before you make a move. One mistake may be your last. It's not just saying you are in control, but also you will find yourself in pleasurable danger. Choose your own adventure books invited kids to exercise some agency as they rattled around in these cages of limited possibility. Millions of seven-year-olds who would someday become 35-year-olds remembering with an aching nostalgia this early sense of freedom, this faith that after every death, there would always be a do-over, end quote. Yep, these books came out in the early 80s, when video games, as we understand them now,
Starting point is 00:16:30 with the ability to do over and try and try again, like in that Tom Cruise movie with Emily Blunt, were in development at the exact same time. Ideas in the zeitgeist for the win. No Twitter space to share with you this weekend. Chris is still overseas, but I do have a bonus episode for you, or at least I hope I do. We still have to record it later this afternoon. It's a portfolio profile episode of an investment we made into a Metaverse company.
Starting point is 00:17:07 In fact, I think this one has the possibility to be one of the biggest forces in the metaverse if the Metaverse comes to fruition. Just like with my investment in the crypto company I told you about recently, I like to make bets in this space that are more structural than anything. Listen to the episode to hear about an idea that could be absolutely fundamental to the very structure of the Metaverse. And if you're listening and you're an investor yourself, The round is closing, but it's still open. So if you're intrigued by what you hear, you venture funds out there.
Starting point is 00:17:37 Get in touch, and I'll put you in touch to join the round. Talk to you on Monday.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.