Month: December 2020

Enlarge (credit: Jason Torchinsky)

Let's be honest: 2020 sucks. So much of this year has been a relentless slog of bad news and miserable events that it's been hard to keep up. Yet most of us have kept up, and the way most of us do so is with the small handheld computers we carry with us at all times. At least in America, we still call these by the hilariously reductive name "phones."

We can all use a feel-good underdog story right now, and luckily our doomscrolling 2020 selves don't have to look very far. That's because those same phones, and so much of our digital existence, run on the same thing: the ARM family of CPUs. And with Apple's release of a whole new line of Macs based on their new M1 CPU—an ARM-based processor—and with those machines getting fantastic reviews, it's a good time to remind everyone of the strange and unlikely source these world-controlling chips came from.

If you were writing reality as a screenplay, and, for some baffling reason, you had to specify what the most common central processing unit used in most phones, game consoles, ATMs, and other innumerable devices was, you'd likely pick one from one of the major manufacturers, like Intel. That state of affairs would make sense and fit in with the world as people understand it; the market dominance of some industry stalwart would raise no eyebrows or any other bits of hair on anyone.

Enlarge / The attack hit multiple US agencies—and a full assessment of the damage may still be months away. (credit: Andrew Harrer | Bloomberg | Getty Images)

Last week, several major United States government agencies—including the Departments of Homeland Security, Commerce, Treasury, and State—discovered that their digital systems had been breached by Russian hackers in a months-long espionage operation. The breadth and depth of the attacks will take months, if not longer, to fully understand. But it's already clear that they represent a moment of reckoning, both for the federal government and the IT industry that supplies it.

As far back as March, Russian hackers apparently compromised otherwise mundane software updates for a widely used network monitoring tool, SolarWinds Orion. By gaining the ability to modify and control this trusted code, the attackers could distribute their malware to a vast array of customers without detection. Such "supply chain" attacks have been used in government espionage and destructive hacking before, including by Russia. But the SolarWinds incident underscores the impossibly high stakes of these incidents—and how little has been done to prevent them.