Relentless Hacking Is Turning All of Us Into Data Nihilists

The world has a way of reminding us of our own helplessness. The year 2020 has had more than its share of examples to choose among, but for those who prefer to direct their existential dread toward the inability of anyone to protect digital data, the recent revelation of one of the most significant cybersecurity attacks in history is an excellent place to start.

In the spring, hackers managed to insert malicious code into a software product from an IT provider called SolarWinds Corp., whose client list includes 300,000 institutions. About 18,000 of them were exposed when they downloaded a legitimate update from SolarWinds—the exact thing you’re supposed to do to keep your defenses fresh. The attackers spent months running freely through their victims’ networks before anyone noticed—harvesting secrets—and they may have been inserting vulnerabilities and doing who knows what else. The U.S. government and independent cybersecurity experts have tied the attack to hackers affiliated with the Russian government, and its victims include the U.S. departments of Commerce, State, and Treasury, Microsoft Corp., and cybersecurity firm FireEye Inc.