Hackers believed to be directed by the Russian intelligence service, the SVR, used that routine software update to slip malicious code into Orion's software and then used it as a vehicle for a massive cyberattack against America. The routine update, it turns out, is no longer so routine. Customers simply had to log into the company's software development website, type a password and then wait for the update to land seamlessly onto their servers.
It was supposed to provide the regular fare - bug fixes, performance enhancements - to the company's popular network management system, a software program called Orion that keeps a watchful eye on all the various components in a company's network. Last spring, a Texas-based company called SolarWinds made one such software update available to its customers.
The next morning, rather like the shoemaker and the elves, our software is magically transformed. A pop-up window announces its arrival and all that is required of us is to plug everything in before bed. The routine software update may be one of the most familiar and least understood parts of our digital lives. 'This release includes bug fixes, increased stability and performance improvements.' An NPR investigation into the SolarWinds attack reveals a hack unlike any other, launched by a sophisticated adversary intent on exploiting the soft underbelly of our digital lives.
