FireEye, a cybersecurity firm, revealed last week that unknown parties had penetrated its network and that its clients, including the US Government, were at risk. Bruce Schneier has technical details about the attack. Former Homeland Security Adviser Thomas Bossert lays out the scope of it:
The attackers gained access to SolarWinds software before updates of that software were made available to its customers. Unsuspecting customers then downloaded a corrupted version of the software, which included a hidden back door that gave hackers access to the victim’s network.
This is what is called a supply-chain attack, meaning the pathway into the target networks relies on access to a supplier. Supply-chain attacks require significant resources and sometimes years to execute. They are almost always the product of a nation-state. Evidence in the SolarWinds attack points to the Russian intelligence agency known as the S.V.R., whose tradecraft is among the most advanced in the world.
According to SolarWinds S.E.C. filings, the malware was on the software from March to June. The number of organizations that downloaded the corrupted update could be as many as 18,000, which includes most federal government unclassified networks and more than 425 Fortune 500 companies.
The magnitude of this ongoing attack is hard to overstate.
The Russians have had access to a considerable number of important and sensitive networks for six to nine months. The Russian S.V.R. will surely have used its access to further exploit and gain administrative control over the networks it considered priority targets. For those targets, the hackers will have long ago moved past their entry point, covered their tracks and gained what experts call “persistent access,” meaning the ability to infiltrate and control networks in a way that is hard to detect or remove.
The logical conclusion is that we must act as if the Russian government has control of all the networks it has penetrated.
Now, if only we had an administration that believed its experts and a majority party in the Senate that would pass a Defense Reauthorization Bill...
I'm looking out my office window at the light dusting of snow on my neighbors' cars, wondering how (or whether) I'll get my 10,000 steps today. My commute to work got me 3,000 each way, making the job tons easier before lockdown. Easier psychologically, anyway; nothing prevents me from going for a 45-minute walk except that I really don't want to.
Instead of a lunchtime hike, I'll probably just read these articles:
And just as a side note for posterity, we should remember that the President of Russia congratulated Joe Biden on his win before the Majority Leader of the US Senate did. The Republican Party must really not like democracy.
Happy Hanukkah! Now read these:
I will now have some very yummy Szechuan leftovers.
The Electoral College has voted, and with no surprises, as of 16:37 Chicago time Joe Biden has received the requisite 270 votes to be elected President of the United States. And yet, we had a few surprises today:
Finally, John le Carré died at 89 yesterday. Time to revisit Josephine Livingstone's review of "the glorious return of George Smiley," le Carré's 2017 novel A Legacy of Spies.
The Electoral College started voting early this morning. Each state delegation casts its votes separately, usually in the respective state capitol buildings. The New York just voted a few minutes ago, bringing the totals so far today to Biden 161, STBXPOTUS 158. California votes late in the day, so once again it may seem like it's close but it really isn't.
In just a few hours, Joe Biden will officially be the President-Elect of the United States. The House and Senate will count the votes in a joint session on January 6th, and Joe Biden will take office as the 46th President of the United States on January 20th.
Now, if we can just get the STBXPOTUS to shut up, we might have a happier transition.
I'm not good at it, personally. But NBC News has some advice they've titled "How to talk to your friends and family about Covid, vaccines and wearing masks:"
“You always want to offer your empathy first,” said Amy Pisani, executive director of Vaccinate Your Family, the nation’s largest nonprofit organization dedicated to vaccine advocacy. “If they have a personal story, start with your shared values.”
Steven Taylor, a clinical psychologist and professor at the University of British Columbia in Vancouver, Canada, said that confrontation is particularly doomed to failure when talking to people who have fallen down conspiracy rabbit holes.
“Many conspiracy theorists score high in a trait called psychological reactance, which, to put it simply, is like an allergic reaction to being told what to do,” Taylor said. “We have to think of messages that don’t trigger that psychological reactance.”
Rather, it may be more effective to find non-confrontational ways to appeal to people that don’t overtly challenge their sense of self or freedom — a concept that Taylor refers to as introducing “behavioral nudges.” Instead of harping on the scientifically proven benefits of wearing a mask, for instance, people could try to convince friends and family to don face coverings for the good of their community.
Sander van der Linden, a social psychologist at the University of Cambridge in the U.K., said the emergence of conspiracy theories in times of upheaval has been well-documented throughout history.
“What you often see is that in times of uncertainty — whether it’s political uncertainty, economic uncertainty or social uncertainty — there’s a surge in conspiracy theories,” van der Linden said.
And that’s cause for real concern. Van der Linden’s research has shown that people who believe misinformation about the coronavirus are less likely to wear masks or get vaccinated, which makes it critical at this juncture of the pandemic to try to engage, rather than ignore, skeptical loved ones.
In times of extreme stress, we become apes, in other words. Yet somehow, we'll get through this.
I mean, more than usual. In our delusional fading days of empire, Kyle Edward Williams states the obvious:
[I]t’s worth pondering just how close we came to a hostile private sector takeover of the American political tradition. Modern America has long been infatuated with the transcendental wisdom ascribed to business sense, so it’s something of an oddity that the U.S. has not elected more businesspeople to the high office, even if many have tried. Indeed, it’s never really been the case that America has exhibited total deference to business leadership.
In recent years, presidential candidates have made their business experience an important part of their pitch to the American voter. George W. Bush had a less-than-stellar career as an oil and gas executive, and his first major business success came from a lucrative deal with a group of wealthy family friends that made him managing general partner of the Texas Rangers, but he was still the first president to have an MBA—and his came from Harvard Business School. Time called Bush the “CEO president,” though one suspects that he might have been happier (and almost certainly more effective) as the commissioner of Major League Baseball.
[T]his election may prove to be a turning point in our political discourse. Not just because of Biden’s victory but also because of Trump’s unrelenting attacks on scientific experts, civil servants, and public institutions of almost all kinds, Americans have rallied around the ideal of public service. In the days after November 3, postal workers received standing ovations in the streets of America’s major cities. People wear Anthony Fauci T-shirts. Such displays may strike us as cringeworthy in certain ways—it’s not the point of public service to court mass adulation, after all. But at another level, they’re also a healthy and long-overdue celebration of the real good that democratic institutions can do. A Biden presidency stands poised to rehabilitate the public servant and to put to rest, at least for a time, the myth of the omnicompetent business reformer.
Well, sure. Except the exact people who supported the STBXPOTUS also think he knew how to run a business.
My company gives us the usual American holidays off, and adds two "floating holidays" you can take whenever you want. I took my first one in January and just remembered last week that I hadn't taken the second one. So I took it today. Which gave me some time to read a bunch of things:
Finally, the list I posted Wednesday needs an update. In October 1918, influenza killed 195,000 Americans, or an average of 6,290 per day. So clearly most of that month set records well above the records we set this week.
I saw a slightly-inaccurate version of this on Facebook and corrected it.
Here's a list of the most single day, single cause deaths in American history, through yesterday today. See if you can spot the pattern:
- Galveston hurricane, 9 Sep 1900 (~6,000)
- Battle of Antietam, 18 Sep 1862 (3,652)
- Puerto Rico hurricane, 7 Aug 1899 (3,389)
- SF earthquake, 18 Apr 1906 (~3,100)
- Covid-19, 9 Dec 2020 (3,011)
- Terrorist attacks, 11 Sep 2001 (2,996)
- Covid-19, 3 Dec 2020 (2,861)
- Okeechobee hurricane, 17 Sep 1928 (~2,800)
- Covid-19, 2 Dec 2020 (2,762)
- Covid-19, 8 Dec 2020 (2,566)
- Pearl Harbor, 7 Dec 1941 (2,467)
- Covid-19, 1 Dec 2020 (2,461)
- Covid-19, 4 Dec 2020 (2,439)
- Covid-19, 5 Dec 2020 (2,310)
More important is that the only disaster to kill more Americans on an annualized basis than Covid-19 is the 1918-1919 flu, and it's a very close number (about 300,000 deaths per year attributable to each). As the winter goes on and Covid-19 deaths increase, I expect it will surpass the 1918 flu on that basis.
But no disaster has killed more Americans than HIV/AIDS, except smallpox, depending on when you start counting.
Data from CDC.
Today's news stories comprise a mixed bag:
Finally, a little sweetness for a cold December day: Whisky Advocate has a recipe for bourbon balls that I hope someone will try and share with me. I'll even supply the bourbon.