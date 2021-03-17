U.S. markets closed

  • S&P 500

    3,974.12
    +11.41 (+0.29%)
     

  • Dow 30

    33,015.37
    +189.42 (+0.58%)
     

  • Nasdaq

    13,525.20
    +53.63 (+0.40%)
     

  • Russell 2000

    2,336.39
    +16.87 (+0.73%)
     

  • Crude Oil

    64.44
    -0.36 (-0.56%)
     

  • Gold

    1,744.00
    +13.10 (+0.76%)
     

  • Silver

    26.41
    +0.41 (+1.57%)
     

  • EUR/USD

    1.1985
    +0.0076 (+0.64%)
     

  • 10-Yr Bond

    1.6410
    +0.0200 (+1.23%)
     

  • GBP/USD

    1.3964
    +0.0072 (+0.52%)
     

  • USD/JPY

    108.8660
    -0.1220 (-0.11%)
     

  • BTC-USD

    57,870.83
    +1,578.11 (+2.80%)
     

  • CMC Crypto 200

    1,154.16
    +42.01 (+3.78%)
     

  • FTSE 100

    6,762.67
    -40.94 (-0.60%)
     

  • Nikkei 225

    29,914.33
    -6.76 (-0.02%)
     

Why America will never be safe from cyberattacks

  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.
Daniel Howley
·Technology Editor
·6 min read
  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.
FILE - In this Nov. 7, 2017, file photo, a man is silhouetted as he walks in front of Microsoft logo at an event in New Delhi, India. Microsoft says it&#x002019;s uncovered new Russian hacking attempts targeting U.S. political groups ahead of the midterm elections. The company said Tuesday, Aug. 21, 2018, that a hacking group tied to the Russian government created fake internet domains that appeared to spoof two conservative organizations: the Hudson Institute and the International Republican Institute. (AP Photo/Altaf Qadri, File)
Hackers continue to target the U.S. and its allies, and there's, unfortuantely, no end in sight. (AP Photo/Altaf Qadri, File)

Wednesday, March 17, 2021

This article was first featured in Yahoo Finance Tech, a weekly newsletter highlighting our original content on the industry. Get it sent directly to your inbox every Wednesday by 4 p.m. ET. Subscribe

It's impossible to stop all hacks, and a lack of cybersecurity experts isn't helping

The U.S. government is still managing the fallout from two separate, massive cyberattacks linked to Russian and Chinese hackers, with a White House task force meeting this past Monday to probe the most recent attack, which involved Microsoft’s (MSFT) e-mail software.

On Thursday, the Senate’s homeland security committee will hold a hearing to probe the other attack, which exploited a vulnerability in a software company called SolarWinds (SWI) in one of history’s most far-reaching cyberattacks on governments and private companies.

While Washington grapples with how to prevent another attack of this scale, the hard truth is this: There’s no such thing as a foolproof cybersecurity defense. And the United States will never truly be safe from all cyberattacks.

The reason such systems don’t exist? Because human beings write computer code. And despite being incredibly smart, those people make mistakes. And each minuscule error creates one more pathway for hackers to launch cyberattacks.

“Nobody knows how to make a system that is usable and perfectly secure. Nobody knows how to do that,” Herbert Lin, senior research scholar at the Center for International Security and Cooperation, told Yahoo Finance.

But there’s a crucial way we can trip up some attackers — namely, grooming a new generation of cybersecurity experts.

Cyberattacks can be prevented, but they’ll never be eliminated

The nation’s vulnerability to cyberattacks became particularly apparent in December of last year, when the Russia-linked SolarWinds hack was uncovered.

As I wrote at the time, the SolarWinds attack was especially insidious, as it touched everything from Cox Communications to an Arizona county to the U.S. agency that oversees the nation’s nuclear arsenal. In January, The New York Times reported the hack had involved as many as 250 federal agencies and private businesses.

It didn’t take long for another major hack to rear its head. On March 2, Microsoft revealed its Exchange software had been breached by Hafnium, a group sponsored by the Chinese government that it described as a “highly skilled and sophisticated actor.” It was the eighth time in 12 months Microsoft had disclosed nation-state groups going after entities “critical to society,” according to the company, which itself had helped the U.S. government respond to the earlier SolarWinds attack.

These attacks keep happening, in part, because the battle between cybersecurity experts and hackers is a game of cat and mouse exacerbated by the increasing amount of digital data.

“There's a constant back and forth, where companies are trying to do as much as possible, in theory, to protect data, and hackers are constantly trying to find new ways around it,” Jessica Vitak, associate professor at the University of Maryland’s School of Information Studies, told Yahoo Finance. “But I think what we're seeing here is the inevitable result of more and more data being collected and stored digitally.”

WASHINGTON, DC - FEBRUARY 23: Microsoft President Brad Smith testifies during a Senate Intelligence Committee hearing on Capitol Hill on February 23, 2021 in Washington, DC. The hearing focused on the 2020 cyberattack that resulted in a series of data breaches within several agencies and departments in the U.S. federal government. (Photo by Drew Angerer/Getty Images)
Microsoft President Brad Smith testifies during a Senate Intelligence Committee hearing on a series of data breaches within several agencies and departments in the U.S. federal government. (Photo by Drew Angerer/Getty Images)

Think of hacking this way. You’ve got a suite of disparate systems and services that your company or government agency relies on every day, each powered by hundreds of millions of lines of code. And that code is written by people.

Inevitably, someone writing code for a program will make a mistake that finds its way into the sea of characters that make up the final software. It’s not just issues with code, either. Breaches can happen when systems aren’t configured properly, or passwords aren’t changed regularly.

To ensure that hackers can’t launch indiscriminate attacks, security professionals need to work around the clock to lock down their software. As Stuart Madnick, professor of information technologies and engineering systems at MIT, explains it, hackers exploit the asymmetry between themselves and a system’s defenders.

“If your building has 20 doors on it, your job is to make sure all 20 doors are kept locked at night,” Madnick explained. “The burglar only has to be able to find one door that isn't locked. So it's kind of a 20 to one advantage.”

Cloud computing also has its own vulnerabilities. While cloud services can cut down on the number of doors a burglar is trying to smash through, it gives them a bigger entryway to target.

Of course, cybersecurity experts always poke and prod software to find potential vulnerabilities they can then shore up. But cyber attackers are just as diligent in their search for weaknesses, as well. And when they find them, they can launch so-called Zero Day attacks.

Zero Day attacks are especially troubling, because attackers can exploit vulnerabilities until cybersecurity professionals discover them. And even when they are found out, the attackers can continue to exploit the vulnerability behind a Zero Day, because the software being hit needs to be patched to shut down the attack vector. And doing that can take weeks or months.

More training and more cybersecurity professionals

One of the keys to preventing at least some cyberattacks is for companies and government organizations to think about security right out of the gate.

“When we just look at the Internet of Things and smart home technology and smart city technology there's a push for the technology, without pairing that with proper understanding and respect for ensuring security measures are taken,” Vitak said.

Outside of keeping cybersecurity top of mind, it’s crucial to attract more students into the cybersecurity field. According to (ISC)2, an international nonprofit representing information security professionals, global organizations need to add at least 3.1 million more cybersecurity experts to their payrolls to secure their operations. The U.S. alone needs to add more than 350,000 cybersecurity jobs.

What’s more, the pandemic has seen cybersecurity professionals pulled from their full-time jobs to assist in shortfalls in day-to-day web operations. While there’s no such thing as a perfectly secure, connected system, the incredible shortfall in cybersecurity professionals is making a bad situation even more dire.

“I'm seeing a generation of developers that really understand how to write cool apps, how to call libraries, how to make something that's really attractive to you as a consumer,” says Hanan Hibshi, a researcher and teaching faculty at Carnegie Mellon University’s Security and Privacy Institute. “But we do not have enough of those who understand what's going on under the hood.”

By Daniel Howley, tech editor. Follow him at @DanielHowley

Recommended Stories

  • Fed brightens forecast for economic recovery, with more officials warming up to rate hike

    The Federal Reserve on Wednesday maintained target interest rates at near-zero and reiterated its commitment to aggressive asset purchases

  • The Fed thinks a post-pandemic inflation bump might just be temporary: Economist

    The Fed is taking a very measured approach to the current inflation concerns — because they might be temporary.

  • Russia recalls its U.S. ambassador for consultations after Biden comment on Putin

    Russia on Wednesday called its ambassador to the United States back to Moscow for consultations on the future of U.S.-Russia ties after U.S. President Joe Biden said Vladimir Putin would "pay a price" for alleged election meddling. Biden made his comments after a U.S. intelligence report supported longstanding allegations that Putin was behind Moscow's election interference in the United States, an accusation Russia called baseless.

  • Looks Like Scranton Joe Has a Little Swamp Problem, Too

    Chip SomodevillaHearings are set to begin for Joe Biden’s pick for surgeon general, Vivek Murthy, but disclosures revealing the fact that he earned more than $2 million for pandemic consulting and speaking fees could derail his plans.That is, of course, if anyone cares that Murthy made money from Carnival Cruise Lines (the owner of cruise ships that became infamous for coronavirus outbreaks last year), Airbnb, and several health-related services and products, among other clients, according to a Washington Post report on ethics documents Murthy filed last month.The son of Indian immigrants, Murthy received his bachelor’s degree from Harvard and M.D. and MBA degrees from Yale. While working as an internist at Brigham and Women’s Hospital in 2007, he co-founded “Doctors for Obama.” He went on to serve in the Obama administration as the 19th surgeon general of the United States, before being fired by Donald Trump. During the 2020 presidential campaign (presumably at the same time he was doing pandemic consulting), Murthy advised Biden on COVID-19. In September of 2020, he joined the Biden-Harris Transition Team’s advisory council.Meet Obama’s Controversial Surgeon General NomineeThese financial disclosures raise questions about a potential conflict of interest having to do with lucrative industries that are related to health. “There are large questions in the minds of the public about the health and safety risks that might exist in areas like the cruise industry, and we want the surgeon general to give people completely impartial advice,” Jeff Hauser, who leads the Revolving Door Project, told The Washington Post.It makes sense for Biden to tap experienced people from the previous Democratic administration (which ended just four years ago). But one man’s experience is another man’s swamp. Corporations and organizations want influence and access to decision-makers in the White House. The downside of Obama retreads is that it looks like yet another example of the infamous revolving door, whereby elites land a prestigious government job, cash in, rejoin the government to gain more experience and contacts, and then cash in even more later.There’s nothing wrong with making money (like Elizabeth Warren, I’m a capitalist!), but when cronies repeatedly oscillate between lucrative corporate gigs and high-powered governmental jobs, there’s always the worry that the public interest will be supplanted by corporate interest; that officials will effectively—maybe even subconsciously—serve as “sleeper” agents for their once and future clients. This dual loyalty problem is, presumably, especially tempting when we are talking about the prospect of making millions of dollars, as is the case with Murthy. And even if our officials are like Caesar’s wife, the appearance of impropriety can weaken public trust in government. This is the sort of thing that liberals, presumably, should be wary of.Let’s be honest: I think it’s fair to say that Democrats, who are largely remaining silent on the ethical conundrums here, would be having a field day if he were a Republican nominee. Actually, we don’t have to imagine.Consider, for example, Elizabeth Warren accusing former FDA Commissioner Scott Gottlieb of “revolving door influence-peddling.” Or consider what Bernie Sanders had to say about Alex Azar’s nomination to head HHS: "During Mr. Azar's tenure at Eli Lilly, this multi-billion-dollar corporation dodged taxes while charging Americans outrageously high prices for life-saving prescription drugs. We need an HHS secretary who is willing to take on the greed of the pharmaceutical industry and lower prescription drug prices, not one who has financially benefited from this greed.”Yes, it’s true that these examples aren’t perfectly analogous. But it’s fair to say that this problem is a bipartisan phenomenon. It’s hard to tell someone who has gained experience and contacts via public service that he or she cannot monetize that experience, particularly when public service constitutes a pay cut. When you’re an important person who knows things, opportunities tend to fall in your lap. Between consulting, speaking fees, and books, there is a lot of money to be made in the world of politics. (It’s worth noting, for example, how Warren made her fortune and how even socialists like Sanders can become millionaires.) So will this be enough to doom Murthy’s chances? Not likely. If history is a guide, the money alone—even from the dreaded cruise ship industry—won’t be enough to sink this nomination. What is more, at $2.6 million, Murthy is a piker compared to Janet Yellen, who took money from the likes of Goldman Sachs (and other banks she oversees), yet was easily confirmed with 84 votes as Treasury secretary.While they are unlikely to dwell on Murthy’s past financial ties (which would be hypocritical—not that that has stopped them before), having called gun violence a public health problem, Murthy is unlikely to win any Republican support. What this means is that his nomination is hanging by a thread. As The Washington Post reports, Joe Manchin, “who supports gun rights and voted against Murthy in 2014 citing his political activism, ‘has not decided how he will vote on Dr. Murthy’s nomination,’” according to a spokesperson.Ultimately, I think Biden gets his man. Unless there’s something truly egregious (and not just the appearance of something), that’s probably for the best. Besides, Joe Biden never promised to “drain the swamp.” That was Donald Trump’s broken promise. Biden’s implicit promise was to return things to normal. And judging by the revolving door, he is.Read more at The Daily Beast.Get our top stories in your inbox every day. Sign up now!Daily Beast Membership: Beast Inside goes deeper on the stories that matter to you. Learn more.

  • Ex-Goldman Sachs executive buys Jeffrey Epstein's New York mansion for $51 million

    The New York townhouse where Jeffrey Epstein is alleged to have abused underage girls has been sold to a former Goldman Sachs executive for a “steal” at $51 million. Michael Daffey, an Australian who is understood to have made a fortune on cryptocurrency, has purchased the 28,000 square-foot mansion for $37 million less than the asking price after a number of potential buyers were put off by the property’s history. The 40-room house used to have on display a collection of eyeballs in a frame on the wall, as well as a taxidermy tiger and poodle. Victims described there being a massage room, where they were abused. It is now understood to be empty and free of Epstein’s possessions. “I think it is half off,” said property broker Dolly Lenz, who had been among those trying to sell the property. “It is 28,000 square feet. That’s less than $4,000 a foot for the most magnificent mansion on the best block, just off Fifth Avenue. It’s the very best in New York.”

  • Making sense of February's retail flop

    Some market watchers may have been shocked by Tuesday morning's February retail sales report.

  • Investors really hate tech stocks right now— but should they?

    No love is being shown to tech stocks at the moment. But soon they could come back into favor. Here's why.

  • Inflation-stricken Venezuela rolls out new, larger-denomination banknotes

    Venezuela this week is rolling out larger-denomination banknotes as hyperinflation batters the crisis-stricken South American country's bolivar currency. Venezuela's central bank said this month it also planned to roll a bill worth 1 million bolivars, just 50 U.S. cents. "These bills in a few months will not be worth anything anymore, because in this country prices rise very quickly," said Rafael Alvarez, a healthcare worker who left a bank carrying one 200,000 bolivar bill and four bills worth 50,000 bolivars each.

  • GLOBAL MARKETS-Stocks gain, dollar drops after Fed holds on rates

    A gauge of global stocks gained on Wednesday and the U.S. dollar slid after the Federal Reserve repeated its pledge to keep its target interest rate near zero for years to come. The yield on the benchmark U.S. Treasury note, whose surge has roiled markets in recent weeks, fell back after hitting its highest level since January 2020 ahead of the highly anticipated statement from the central bank. The Fed projected a rapid jump in U.S. economic growth and inflation this year as the COVID-19 crisis winds down.

  • Google searches reveal people are growing very worried about inflation

    People outside of Wall Street appear to be growing worried about the prospect for inflation, Deutsche Bank finds.

  • Retirement expert reveals the two biggest mistakes people make

    Retirement planning occurs over the course of several decades, but even with the benefit of time, people still make avoidable errors, one expert said.

  • Food-Ordering Software Firm Olo Jumps After $450 Million IPO

    (Bloomberg) -- Olo Inc., the food-ordering software company whose board members include Shake Shack Inc. founder Danny Meyer, climbed 39% in its trading debut Wednesday after raising $450 million in an initial public offering.The New York-based company sold 18 million shares for $25 each on Tuesday after marketing them for $20 to $22, a range it had earlier elevated from $16 to $18. Olo’s shares opened at $32 and closed at $34.75 in New York, giving it a market value of $4.93 billion.The company’s software powers loyalty programs and allows restaurants to manage orders and set customized menus, according to its website. Olo, whose name is derived from “online ordering,” partnered with Uber Technologies Inc. in 2019 to allow consumers to place Uber Eats orders directly into restaurants’ systems, according to an earlier statement.Olo’s customers include restaurant chains such as Five Guys Holdings Inc., California Pizza Kitchen Inc. and The Cheesecake Factory Inc.Like other businesses with a hand in food delivery, Olo has surged during the coronavirus pandemic. After losing $8.3 million on $51 million in revenue in 2019, Olo had net income of $3 million on $98 million in revenue last year, according to its filings.Grubhub Inc. shares have fallen from a peak in October but remain up 61% in the past year. DoorDash Inc. soared 78% in its trading debut in December. Its shares are still up 31% from its IPO price.”When the pandemic hit, Olo was ready,” said Morad Elhafed, general partner at Olo-investor Battery Ventures.Olo will continue to benefit from changes to the restaurant industry as the pandemic ebbs, Elhafed predicted. “The restaurant industry is resilient,” he said. “I don’t think we’re going back to wanting to wait in line.”Olo was founded in 2005 as a text-message food-ordering service. It received a $40 million investment from the Raine Group in 2016 and $18 million from Tiger Global Management in 2019, according to company statements. Raine Group will remain Olo’s biggest shareholder after the listing and will have 27% of the voting power, according to the filings. Other investors include RRE Ventures and Raqtinda Investments.Meyer, chief executive officer of Union Square Hospitality Group, owns about 1.1% of Olo’s Class B shares, the filings show.Olo’s offering was led by Goldman Sachs Group Inc., JPMorgan Chase & Co. and Royal Bank of Canada. The shares are trading on the New York Stock Exchange under the symbol OLO.(Updates with investor’s comment in seventh paragraph)For more articles like this, please visit us at bloomberg.comSubscribe now to stay ahead with the most trusted business news source.©2021 Bloomberg L.P.

  • Stocks jump following Fed's rates decision

    Yahoo Finance’s Adam Shapiro and Chris Whalen, Whalen Global Advisors Chairman, discuss the Fed’s decision to keep rates unchanged.

  • Here’s how the stock market and bond yields have responded to the last 17 Fed decisions

    It's all eyes on the Federal Reserve for traders and investors Wednesday. Deutsche Bank broke down how stocks, bonds and the dollar have reacted to the past 17 Fed decisions.

  • Duke women absent from NCAA tournament thanks to a COVID-19 decision in December

    Duke's absence from the basketball landscape was stark in December and even more so in March.

  • Power Play: Volkswagen abruptly pulls plug on South Korean battery makers

    Days before Volkswagen AG held an event to announce a major ramp-up in its electric vehicle production, the German car maker abruptly told its South Korean battery suppliers their current technology would be largely excluded from those plans. Volkswagen's shift to a new unified prismatic battery, away from the pouch-style manufactured by LG and SK, is likely to be a massive blow given the pair have invested billions in pouch production sites in the United States, Europe and Asia. The shift also raised concerns among battery suppliers that the race by automakers to meet growing demand for EVs in a rapidly changing technological environment could leave them behind almost overnight.

  • Why Cassava Sciences Stock Is Skyrocketing Today

    Shares of Cassava Sciences (NASDAQ: SAVA) were 19.2% higher as of 3:20 p.m. EDT on Wednesday. The big jump came after Jones Trading analyst Soumit Roy initiated coverage on the stock with a buy rating. Roy set a one-year price target of $110, a 111% premium over Cassava's closing price on Tuesday.

  • Credit Suisse flags financial hit over Greensill collapse

    Credit Suisse may have to book a charge over its dealings with Greensill, it warned on Tuesday, as investor scrutiny grows over its relationship with the British supply-chain finance company that collapsed into insolvency. The Swiss bank has had to close around $10 billion of supply-chain finance funds that bought notes issued by Greensill, and which it marketed to clients. "While these issues are still at an early stage, we would note that it is possible that Credit Suisse will incur a charge in respect of these matters," it said.

  • VW Soars Most Since Famous Short Squeeze on Plans to Beat Tesla

    (Bloomberg) -- Volkswagen AG shares surged the most since a historic short squeeze a dozen years ago after back-to-back days of briefings on how it plans to supplant Tesla Inc. as the global electric vehicle leader.VW’s common stock soared as much as 29% on Tuesday after the company announced plans to standardize key technologies across its sprawling industrial empire and generate scale effects that both Tesla and established automakers are unlikely to match. On Monday, VW said it would build six battery factories in Europe alone.The stock move is reminiscent of a short squeeze that briefly made VW the world’s most valuable company in 2008. VW’s three dominant holders - the Porsche and Piech family, the German state of Lower Saxony and Qatar -- hold 90% of common stock. VW’s preference shares, which have a much larger free float and are more widely traded, rose as much as 9.3% in Frankfurt trading.VW aims to become the global EV leader by 2025 at the latest, though reaching its target of 1 million electric and plug-in hybrid deliveries this year could put the company within striking distance of Tesla. Those big ambitions appear to be getting the attention of retail investors who have bid up U.S. stocks speculated about on Reddit and other social media forums early this year.“We will accelerate our transformation journey in 2021 and beyond,” Chief Executive Officer Herbert Diess told reporters. VW’s newly formed management board “is set to unleash value,” he said.Diess, 62, has been overhauling VW’s vast operations to free up funds for spending on the battery and software capabilities that made Tesla the world’s most valuable automaker last year. He was concerned until recently, telling Bloomberg News in January that the capital markets’ dim view on the company put it at a disadvantage.The outsize gain in VW’s common stock relative to preference shares is partly driven by U.S. retail investor buying and high short interest, according to Ken Menager, a special situations strategist at Avalon Capital. VW’s American Depositary Receipts are based on the common-share listing in Germany.“Volkswagen is turning electric, poised to overtake Tesla’s battery-electric vehicle crown in 2023 and catch up on software by 2025, a view the market is only now developing,” Michael Dean, a Bloomberg Intelligence analyst, wrote in a report. “Educating investors about its battery tech -- it aims to cut cell costs by 50% via the rollout of solid-state batteries -- and software should also reap rewards.”Porsche SqueezeThe last time VW witnessed a similar stock surge was when Porsche’s attempt to take over the company led to a short squeeze resulting in a series of investor lawsuits.Porsche’s plan to acquire its much bigger rival faltered when the global financial crisis hit. To save Porsche from bankruptcy, VW ended up buying the sports-car maker over the course of several years, leaving only a publicly traded holding company whose main asset is VW shares.One of the catalysts for VW’s recent share rise has been speculation the company could consider a separate listing of Porsche. Diess poured cold water on those hopes Tuesday, saying there is “no immediate need” for a stock offering of what is VW’s most profitable brand. VW largely will finance its overhaul from its robust cash flows, the CEO said.Platform ApproachVW is planning to hone its common-platform approach to leveraging economies of scale across its stable of 12 brands to deploy technologies including software, batteries and charging infrastructure.The company intends to boost its software operation’s headcount to 10,000 as it develops automated-driving features and in-car operating systems. The hiring push would make VW one of Europe’s largest software firms behind SAP SE, improving its chances of catching up to Tesla and countering the risks posed by technology companies such as Apple Inc. and Alphabet Inc.VW also released detailed annual results across its business units for the first time:Operating profit at VW’s namesake passenger-car brand plummeted to 454 million euros in 2020, from 3.8 billion euros in 2019The Audi division, which leads the group’s software expansion, saw operating profit decline to 2.7 billion euros from 4.5 billion eurosPorsche, the group’s most profitable brand, emerged from the pandemic largely unscathed with 4 billion euros in operating profit, compared with 4.2 billion euros in the previous yearLast month, VW said it expects profitability to improve this year. It kept its dividend proposal unchanged even as analysts braced for a cut, and said rising vehicle deliveries will push up revenue up significantly. By 2025 at the latest, VW wants to generate an operating return on sales of 7% to 8%.(Updates with strategist’s comment in the seventh paragraph.)For more articles like this, please visit us at bloomberg.comSubscribe now to stay ahead with the most trusted business news source.©2021 Bloomberg L.P.

  • When are federal taxes due in 2021? IRS under pressure to extend income tax return deadline

    The IRS is under pressure to extend the federal income tax deadline after last-minute changes, such as the rules on unemployment benefits.