Good Monday Morning! It’s April 19th and while this month seems to be moving along much quicker than March, today is a day dreaded by vampires across the planet. Here’s why. Here’s your SWIRL:
📱 Tech: Hacking from the FBI with love
📈 Business: Dish Sues Peloton, Lululemon, and NordicTrack
🏛 Politics: US & Russia trade sanctions
If this is your first SWIRL, keep reading this part. If not, carry on to the content. Welcome, new Swirlers! Here’s a brief reader guide for you: the three teasers above will unfurl below to briefly cover a buzzy development in their respective areas. You’ll read a little about each one. At the end, we pull on a common thread among all three and explore what it might mean for us. If you missed last week’s SWIRL, tuck in here.
📱 Tech: Hacking from the FBI with love
Let’s say your bedroom window 🪟 is unlocked. You don’t know it’s unlocked, but the police do and they’re worried a burglar might rob you. Would you be comfortable if they broke into your house to secure🔒the window without your permission?
You could argue the FBI is doing that. Well, something very similar to that.
Last week, the Department of Justice announced 📢 an operation to protect American computers by remotely accessing devices to remove software code that malicious hackers have been exploiting.
In the press release, officials confirmed that the FBI’s Cyber 👩🏻💻 Division has been accessing hundreds of private computers that run Microsoft’s Exchange ‘on-premises’ email 📧 server. On-premises is tech speak for not in the cloud ☁️ . Once the FBI accesses the computer, it removes ‘web shell’ code, which provides back-door 🚪entry for cyber attackers to access the device, according to the announcement.
How did these ‘web shell’ backdoors get there? Hackers put them there earlier this year. The FBI alerted 🚨 consumers to this preliminary attack, which was purported to be perpetrated by the Chinese hacking outfit Hafnium, but many organizations didn’t take the necessary (and technically challenging) steps to remove the dangerous code themselves.
So a court ⚖️ has given the government the permission to do this on behalf of Americans.
The DOJ has said they will try to inform the owners of machines 💻 that were legally hacked by the FBI, but it could take until early May to let folks know. However, the bigger question many are asking: how will they use this power in the future?
📈 Business: Dish Network sues Lululemon, Peloton, & NordicTrack
Dish 📡 Networks, on behalf of its ‘Sling TV’ unit, has filed a lawsuit alleging several popular in-home workout products are using Sling’s proprietary video-streaming technology without its permission. The suit targets 🎯 Peloton, Lululemon’s Mirror product, and the makers of NordicTrack equipment, Icon Health & Fitness.
The sweat-inducing video-streamers in question:
🚴♂️Peloton: they’re the maker of trendy stationary bikes, treadmills, and that Christmas commercial; full disclosure: I love my Peloton1
🪞Mirror: it’s literally a high-tech mirror, with a huge display behind the glass & they stream workout content through the mirror; Lululemon bought the company last year
🏃🏻♀️NordicTrack: they’re the classic in-home workout machine brand; if you remember their “But wait! If you call now…” TV ads, you’re old enough to be as worried about the return of bootcut jeans as I am
So, what’s Dish Network’s beef?
The patents cited in the lawsuits relate to ways of improving online video quality, particularly when users do things like fast-forward or rewind programs. They also allow for browsing of multiple streams without hiccups and adjust for a user’s bandwidth. Sling said it uses the technology in offering subscriptions to live TV channels over the internet. - Christopher Yasiejko & Susan Decker, for Bloomberg
While the pandemic has been a huge boost 📈 to in-home exercise companies like Peloton, Sling TV experienced a decline 📉 in users last year. Peloton subscriptions grew by 134%. Mirror generated $170M in revenue last year. Dish claims its technology is contributing to this success and it wants a piece of the good fortune💰. <inserts dad joke about sweat equity>
The network provider has had some success with types of cases 📑 before. In 2019, Dish sued Univision over the same patents. The two companies agreed 🤝 to settle—they didn’t disclose the financial agreements, but it’s fair to assume Dish had some leverage or Univision may not have settled.
As of this weekend 🗓, Peloton and Lululemon had yet to publicly respond to the suit. Icon Health told Bloomberg it will “vigorously defend against these meritless claims.”
🏛 Politics: US & Russia trade sanctions
The White House described an April 13th phone call 📞 between President Biden and Russian President Putin as a “candid, respectful conversation.”
Two days later, Biden followed through with a heads-up he gave Putin during the call by signing an executive order 📝 with a litany of sanctions against Russia.
Let’s back up ◀️.
Earlier this year, the US intelligence community singled out Russia 🇷🇺 as the likely perpetrator of the massive SolarWinds cyber attack that has continued to wreak havoc on US government and private computer systems.
A month ago, the US released a report 📂 that formally accused Russia of meddling in the 2020 presidential election.
Pressure had been building against Biden to do something. Now he has. The newly imposed sanctions aim to limit the economic 💲 activity of 32 Russian individuals and organizations. There are new prohibitions on US companies participating in Russian bonds markets and ten Russian diplomats will be expelled ✌🏼 from DC.
In turn, Russia announced it will send ten US diplomats back to DC. Biden cautioned that additional measures could be on the way.
Biden added that he didn’t want to “kick off a cycle of escalation and conflict with Russia.” Russia’s decision to kick out ten US diplomats signaled they may have felt differently. However, the real test of the relationship 👬🏻 between the two nations may come later this year. A summer summit between between Biden and Putin in Europe is in the works.
So, how do our three stories swirl together? All of our featured organizations are pursuing corrective actions.
🕵🏽♂️ The FBI is preventing some systems from being further hacked
📡 Dish Networks is seeking payment for proprietary tech it accuses others of using
🦅 The US government is holding Russia accountable for cyber aggression
Simple enough, right? Sure. But now you have a choice. Take the blue pill and let the simple SWIRL be enough. Or, take the red pill and explore a deeper connection.
If you’re taking blue, bye. See you next week. If you’re going red, stick with me here.
The impacts of the Microsoft hack by Hafnium are widespread because a few lines of trojan-horse code, related to one system, worked their way into thousands of computers. It’s a straightforward example of how our connected lives are increasingly at risk of cyber compromise, which brings us to the video-streaming lawsuit.
If Dish’s claims are founded, it could mean that several major companies are sharing the same or similar computer code. That could be risky if true. I am not alleging any intellectual property theft here, nor am I suggesting that these companies have security issues that could open them up to attacks. However, I am pointing out that widely-used code is more often attractive to hackers than obscure code.
And that’s where we pick up the Russian pieces. Similar to the Microsoft hack by China, the SolarWinds attack by Russia exploited a small gap in one security system that allowed cyber operatives to gain far-reaching access to others because organizations used the same product (read: code).
While each of our swirl stories so highlight organizations that are actively pursuing corrective actions, we’re also seeing how these corrective actions might be inherently connected: the growing risk of cyber compromise.
That may not be the best feeling on a Monday morning, so here’s something to lift your spirits.
Subscribe and share SWIRL!
If you love reading SWIRL, but you’re not subscribed yet, the newsletter hits inboxes every Monday morning and the little button below makes that happen for you.
You can help us grow by sharing this week’s SWIRL:
Have an idea, feedback, or tip for SWIRL? -> Hit me up.
Or, just want to share quick feedback about SWIRL? Take your pick:
This is not an ad, but it could be - hit me up, Peloton lol.