www.fastcompany.com Open in urlscan Pro
151.101.129.54 Public Scan

Back to summary

Submitted URL:
https://r20.rs6.net/tn.jsp?f=001r5I30M9kNAIIV3wNIUaUYr_SjdPCblOG04YgK4tAiXqPET8zDhAMPv5iiejdCE-RXy1Sl0bPwykhD7wauMLL...
Effective URL:
https://www.fastcompany.com/90672384/microsoft-president-brad-smith-solarwinds-exclusive
Submission: On December 10 via api (December 10th 2021, 3:15:06 pm UTC) from SE — Scanned from DE

Form analysis
0 forms found in the DOM

Text Content

FAST COMPANY

Follow
*
*
*
*
*

Login
* Co.Design
* Tech
* Work Life
* News
* Impact
* Podcasts
* Video
* Recommender
* Innovation Festival 360IF360
* Subscribe
*
* FastCo Works
* AWS
* Deloitte
* Genpact

* HOMEPAGE

* CO.DESIGN

* TECH

* WORK LIFE

* NEWS

* IMPACT

* PODCASTS

* VIDEO

* RECOMMENDER

* INNOVATION FESTIVAL 360

* SUBSCRIBE

Help Center
fastco works

* AWS

* BOSTON SCIENTIFIC

* DELOITTE

* DEPT

* ELEVATE PRIZE

* GENPACT

* KLARNA

* LOGITECH

* SQUARE

* VERIZON AWS

* VISA

* FASTCO WORKS

An award-winning team of journalists, designers, and videographers who tell
brand stories through Fast Company's distinctive lens

FC Executive Board
collections

* FAST GOVERNMENT

The future of innovation and technology in government for the greater good

* MOST INNOVATIVE COMPANIES

Our annual guide to the businesses that matter the most

* MOST CREATIVE PEOPLE

Leaders who are shaping the future of business in creative ways

* WORLD CHANGING IDEAS

New workplaces, new food sources, new medicine--even an entirely new economic
system

* INNOVATION BY DESIGN

Celebrating the best ideas in business

Newsletter
Events

* INNOVATION FESTIVAL

Courses and LearningAdvertiseCurrent Issue
Current Issue
SUBSCRIBE
Follow us:

* 09-07-21

WHAT IT WAS LIKE INSIDE MICROSOFT DURING THE WORST CYBERATTACK IN HISTORY

MICROSOFT PRESIDENT BRAD SMITH DESCRIBES THE CHAOS INSIDE THE TECH GIANT DURING
THE SOLARWINDS HACK.

Source photo: HJBC/iStock]
*
*
*
*

More Like This
Prince Harry says quitting can be good for your mental health
How WWE spots superstars of the future
Prince Harry: Social media is dividing us. Together, we can redesign it
By Brad Smith and Carol Ann Browne long Read

While the KGB may have collapsed with the Soviet Union in 1991, its long shadow
still quietly serves its homeland through new 21st-century digital forms and
tactics, especially in cyberspace.

When the Communist Bloc splintered, so did the KGB. Two new agencies were born:
the Foreign Intelligence Service of the Russian Federation (SVR), a spy agency
tasked with gathering intelligence, and the enforcement arm, the Federal
Security Service (FSB), which is charged with security. Both conduct espionage
and counterintelligence.

In the waning months of 2020—a particularly arduous and painful year for the
entire world—the SVR threw a wet blanket on an already dampened holiday.
Headquartered in a sprawling office complex in southwest Moscow, its buildings
from the outside look like a typical modern office park in the suburbs. A close
equivalent to the U.S. Central Intelligence Agency (CIA) the SVR manages from
these buildings its global espionage and external counterintelligence
operations, including electronic surveillance in countries around the world.
These days, this includes a wide variety of cyber activities. And not unlike the
tech companies in similarly sprawling campuses across the United States that
employ our best and brightest technology minds, the SVR has a large and
experienced staff of talented cyber professionals.

Inside Microsoft we use obscure elements from the periodic table to classify and
code-name different nation-state actors that are engaged in cyber activity.
Within our own cybersecurity ranks, the SVR is called Yttrium, a metallic
rare-earth and toxic mineral found in the Earth’s crust.

Yttrium is one of the most sophisticated cyberthreats for many of our customers,
as well as for Microsoft itself. And instead of conducting its clandestine
efforts in back rooms and through dead drops, this 21st-century successor to
the KBG often does its work by penetrating computer networks owned by private
enterprises and citizens around the world.

WHY THE SOLARWINDS ATTACK WAS SO DEVASTATING

Yttrium’s latest threat hit my radar in the form of an instant message on the
last day of November 2020, asking if I had “five minutes for something kind of
urgent.” The message came from Tom Burt, our vice president responsible for a
wide range of cybersecurity issues. I knew from more than two decades of working
with Tom that he was typically calm and understated, two key qualities when
dealing with crises. I knew that Tom’s “kind of urgent” was likely an alarm
bell.

I quickly ended a meeting to talk with Tom. He reported that we had been
approached by FireEye, one of the leading cybersecurity firms, for help with
what looked like a serious cybersecurity breach it had suffered. As Tom
explained, the early indicators pointed to Yttrium, a finding later confirmed by
the White House.

In the coming weeks, this initial report would lead cybersecurity experts to
pursue a digital trail that uncovered the attempted hacking of dozens of
sensitive computer networks around the world, including Microsoft itself. By
January 2021, The New York Times reported that “the U.S. government was clearly
the main focus of the attack, with the Treasury Department, the State
Department, the Commerce Department, the Energy Department, and parts of the
Pentagon among the agencies confirmed to have been infiltrated.” But those
weren’t the only targets. At Microsoft we identified dozens of impacted
organizations, including other tech companies, government contractors, think
tanks, and a university. The impacted countries spilled beyond the United States
to include Canada, the United Kingdom, Belgium, Spain, Israel, and the United
Arab Emirates. In several instances, the network penetrations had lasted for
several months.

The attack quickly became the broadest confirmed penetration of U.S. government
and tech sector computer networks. While cybersecurity experts would give the
attack a variety of names, including Solorigate and Sunburst, the public would
mostly read about it with reference to the Texas company whose software was
hijacked to stage the initial attacks—SolarWinds.

But what to make of all this? Was it, as some on Capitol Hill suggested, a
Russian “act of war” or a “digital Pearl Harbor”? Or was it just “espionage as
usual,” as some in the intelligence community countered. In my view, it was
neither.

Its importance is difficult to overstate. The cyberattack provided a “moment of
reckoning” that demonstrated technology’s inherent strengths and weaknesses and
illustrated the degree to which it had become both a defensive tool and an
offensive weapon. And perhaps more than anything, it showed the world how much
work we must do to manage all the implications of inventions that are remaking
the century in which we live.

But all this requires putting things in perspective. Even before the attacker’s
identity was apparent, anything that potentially involved FireEye was a big
deal. FireEye is one of the world’s most sophisticated cybersecurity firms. Its
CEO, Kevin Mandia, is one of the country’s leading cybersecurity experts, having
started his career as a computer security officer in the Air Force before
founding his own security company that FireEye eventually acquired. If this
leading security company had been penetrated, it almost certainly took an
incredibly sophisticated attack. And if the SVR had made it through FireEye’s
defenses, it likely was succeeding elsewhere.

RESPONDING TO THE ATTACK

Yttrium had long represented an important area of focus for the engineers at the
Microsoft Threat Intelligence Center, which we call MSTIC (pronounced “mystic”).
An elite unit itself, MSTIC constantly focuses on identifying and combating
emerging cybersecurity threats. It relies on a combination of the world’s best
technology and engineers to sift through the 6 trillion electronic signals that
flow into our data centers every day. It’s a combination that places MSTIC in
the top tier of a cybersecurity ecosystem responsible for protecting the
security of not just Microsoft’s network but the company’s government and
business customers and much of the world’s critical infrastructure.

For centuries, governments have engaged in espionage and counterintelligence
operations. One of the unusual hallmarks of our digital era is that much of this
daily fencing today also involves tech companies. It’s MSTIC’s job to hunt for
new intrusions and cyberattacks from Yttrium and other nation-state actors.
Yttrium also occupies a particularly significant position at the top of the
cybersecurity arena. Long known not just for technical sophistication but
operational persistence, Yttrium has succeeded in a way that few can match in
penetrating sophisticated computer networks and operating undetected for
prolonged periods of time.

One challenge was that Yttrium had become more difficult to track. As 2020 was
winding down, however, it appeared that Yttrium had reemerged with renewed
fervor. If Yttrium had broken into FireEye and elsewhere, it would be important
to push the intruders out of the affected networks before they could extract
more information. And we wanted MSTIC to learn as much as it could about
Yttrium’s new methods before it covered its tracks. One of the ironies of this
type of cyberattack was that it represented both a successful espionage coup for
an attacker and, once identified, a new opportunity for a defender to spot
tactics, techniques, and procedures that could help identify and thwart other
ongoing or future attacks.

One key was to move fast and with as many responders as possible. Microsoft’s
Security Response Center (MSRC) quickly activated its incident response plan.
The MSRC is part of Microsoft’s Cyber Defense Operations Center, where a team
works 24/7 and can call on security professionals, data scientists, product
engineers, and customer support experts throughout the company to respond
rapidly to security threats.

Once we started to work with FireEye, it was clear that this was not a typical
case of a sophisticated attacker breaking into just a few computer networks. The
attackers had installed a small piece of malware into the update code of a
network management program called Orion, a product of SolarWinds. The Orion
software was used by roughly 38,000 enterprise customers around the world. When
customers installed the update on their on-premise servers, the malware
installed as well. As FireEye reported, the malware would connect to what is
known as a command-and-control (C2) server. The C2 server could then give the
connected computer “jobs” that included the ability to transfer files, execute
commands, profile a system, reboot a machine, and disable system services. This
meant the attackers suddenly had a backdoor into the network of every customer
that had updated the Orion program.

This approach put at risk the software supply chain across the economy and
around the world. The immediate questions became: How many enterprises had
installed the Orion update, and hence the malware, on their networks? And how
quickly could this backdoor be closed?

At Microsoft we quickly mobilized more than 500 employees to work full time on
every aspect of the attack. Other tech companies scrambled into action as well.
Given the potential breadth of the incident, Microsoft CEO Satya Nadella
convened a meeting each evening of our most senior security leaders to run
through the day’s work, what we had learned, and what we needed to do next.

It didn’t take long to appreciate the importance of effective technical teamwork
across the industry and with the U.S. government. Engineers at SolarWinds,
FireEye, and Microsoft immediately began working together. The teams at FireEye
and Microsoft knew each other well, but SolarWinds was a smaller company dealing
with a huge crisis, and the teams had to build trust quickly if they were to be
effective. The SolarWinds engineers shared the source code for their update with
the security teams at the other two companies, which revealed the source code of
the malware itself. The technical teams in the U.S. government swung into fast
action, especially at the National Security Agency (NSA) and the Cybersecurity
and Infrastructure Security Agency (CISA) at the Department of Homeland
Security.

The digital nature of software and the global reach of the internet quickly came
into play. Like a pendulum, they swing in both directions. The attackers had
turned code into a weapon that was distributed globally through the internet via
the SolarWinds update. But with the source code for the specific malware
identified, we had a signature, like a digital fingerprint, that we could look
for on desktop and server computers. FireEye published this signature for
organizations around the world to access.

At Microsoft, we added this signature in an update to our Windows Defender
Antivirus program, which customers use to monitor, identify, and remove malware
across an organization’s network and computers.

Many customers also share their Defender data with us, which provides an ongoing
picture of where specific malware is installed. Within 48 hours we created a map
of the world that lit up every location where SolarWinds’ Orion program had been
updated with the malware. The map revealed the broad vulnerability around the
world and especially in the United States.

The teams at FireEye and Microsoft worked a bit like 21st-century counterparts
to Sherlock Holmes. Each day they added digital clues that could be used to
uncover Yttrium’s trail. And with each step they took, they picked up more
information to uncover Yttrium’s bad acts and how we might thwart them.

Each evening, John Lambert, MSTIC’s leader, reported on the day’s findings. As
he explained, the defensive response to a successful cyberattack always needs to
answer two initial questions: How did the attacker gain entry, and what network
credentials did the attacker obtain? Until we had the answers to both questions,
there was no way we could push the attackers out of the affected networks.

THROUGH THE BACKDOOR

As the security teams studied the infection, they discovered that the malware in
the Orion software initially created a backdoor in a company’s network but
otherwise lay dormant for two weeks, so as not to create any network log entries
that would call attention to itself. It then reported information about the
network it had infected to a command-and-control server that the attackers had
registered and was being hosted in the United States by the tech firm GoDaddy.

If a target network was of interest to Yttrium, the attackers then took a second
step. They entered through the backdoor and installed additional code on the
organization’s server, in effect opening a window to connect to a second
command-and-control server. This second server, unique to each victim to help
evade detection, was registered and hosted in a second data center, often on
Amazon Web Services’ (AWS) cloud. As John Lambert explained, Yttrium carefully
“cleaned up after itself,” closing the backdoor to GoDaddy and using the open
window connecting to a service such as AWS instead. As we identified the
customers impacted by these second-stage attacks, teams of specialized
Microsoft engineers—our cybersecurity hunters—worked to help customers search
for and close these windows.

As the security teams at FireEye and Microsoft studied the source code shared by
SolarWinds, they discovered that the code installed on the initial
command-and-control server at GoDaddy had a “kill switch” that would
automatically shut off the malware on an organization’s server under specific
conditions. Armed with this knowledge, the security teams worked together to
transfer control of the C2 server from GoDaddy to Microsoft, activate the kill
switch to turn off any ongoing or new uses of the malware, and identify any
organizations that had computers that continued to ask the server for
instructions.

This effectively stopped the attackers from using their malware to enter
additional networks. While this type of action often marks the climax of cyber
battles, in this case the attackers’ technical sophistication meant that it was
just the start of some of the most frenetic work. Because Yttrium had already
entered multiple networks and opened new windows, we still needed to identify
additional impacted networks, learn what Yttrium was doing inside them, find and
close the open windows, and force out the attackers.

As the hunting teams pursued Yttrium, they learned that the attackers typically
looked for new ways to drill deeper into the impacted networks. Like intruders
inside a house, they turned off the equivalent of any security cameras, such as
event logging tools and in some cases antivirus software.

They then began scanning the network for the software keys that would give them
access to the home’s most precious possessions. Most often, the attackers looked
for the accounts of network administrators who had elevated privileges, meaning
access to information across an organization’s network.

They then looked for the passwords for these accounts, which unfortunately some
customers had stored in an insecure way that was easy for the attackers to find.

With password in hand, the attackers could move from a server located on
premises, such as in an organization’s server room, to its other network assets,
including in the cloud. Yttrium typically looked for information that would
advance its espionage efforts, including an organization’s email, documents, and
other digital assets such as source code or the tools that security experts use
to identify and combat potential network intrusions. For some organizations,
this included emails and documents in Microsoft’s Office 365 cloud service.

Once MSTIC identified the tactics, techniques, and procedures used by the
attackers as they accessed Office 365, our threat hunters could scan our cloud
services to identify the telltale patterns that a customer had been compromised.
Using this method, we identified 60 customers that had been victimized by the
attacks.

DIGITAL FIRST RESPONDERS

This led to the next phase of our response, as security experts worked as
digital first responders to help the victims. Microsoft employees notified each
of these 60 customers and offered information about the attack and the technical
indicators we had identified that would help them start their own
investigations.

Given the importance of the SolarWinds intrusions, the responsibility for our
largest enterprise customer notifications fell on Ann Johnson, a longstanding
cybersecurity leader who previously had led our Detection and Response Team
(DART). We referred to DART as “the Microsoft cybersecurity team we hope you
never meet” because it contacts customers if they have suffered a cyberattack.
In this case, some of our smaller customers took that attitude to heart a bit
too literally. After answering the phone and hearing someone explain they were
from Microsoft calling about a cyberattack, some responded angrily to what they
believed was a hoax.

Naturally, our engineers put an extremely high priority on investigating any
potential intrusions into Microsoft’s own network. While at first there was no
indication that we had been targeted, deeper digging by more people identified
that Microsoft, too, had been a target.

This work revealed a limited presence of malicious SolarWinds code on
Microsoft’s internal network, as well as other attempted activities. For
example, we found unusual activity with a small number of internal accounts and
we discovered one account had been used to view source code in a number of
source code repositories. This did not enable the attackers to change any source
code, and we found no evidence of access to production services or customer
data. The investigation also found no indications that our systems were used to
attack others. Ultimately, the implementation of cybersecurity best practices
had limited the impact, but the intrusion was sobering nonetheless.

In many respects, Yttrium’s work represented one of the most sophisticated cyber
intrusions we had ever seen. The attackers in many instances wrote customized
code for a specific network and went to great lengths to cover their tracks. As
our experts noted, the work reflected a high level of technical expertise and
execution.

But equally notable was the operation’s scale. Yttrium had deployed large teams
of engineers who acted with patience and persistence. In many instances, they
recognized that the ultimate target, such as a U.S. agency, likely had strong
security protection in place. So they began by targeting trusted third parties
of these agencies, such as an IT service company that might have access to an
agency’s network. Once inside this company’s network, they could seek to
identify the account of an employee who had access to a government network and
try to obtain that individual’s password. And once equipped with that password,
they could then look to jump into a government network itself.

The attackers shrewdly used American data centers to help cloak the attacks.
Because the NSA has the authority to scan only foreign activity but not
computers in the U.S. itself, we surmised that Yttrium used U.S.-based servers
at GoDaddy, AWS, and other smaller U.S. providers to host its
command-and-control operations and evade detection.

Put together, all this illustrates the degree to which cyberthreats have
intensified around the world. Ultimately, the new attack illustrated publicly
what can be accomplished if a government builds a large organization that
attracts top-tier technical talent and uses that capability to launch a
sustained cyberattack. And it showed how much technology has changed not just
the relations between nations but the nature of the tensions—and even
hostilities— this can create.

THE HARD WORK AHEAD

As the digital trail led to more information about what had happened, even
bigger questions emerged. What did the attack say about network vulnerabilities
and the global state of cybersecurity protection? How could the tech sector and
the government better protect the country and the world?

By February 2021, congressional committees had summoned witnesses to Washington,
D.C., to answer these and similar questions. The Senate Intelligence Committee,
led by Senators Mark Warner and Marco Rubio, led off with a lengthy Tuesday
afternoon session, where I sat at the witness table next to FireEye’s Kevin
Mandia and SolarWinds’ new CEO, Sudhakar Ramakrishna. (They also summoned
Amazon, but it refused to participate.) The three of us took turns answering
questions in person, an exercise we repeated three days later in a virtual joint
hearing before the House Homeland Security and Oversight committees. Both
hearings examined not only what had happened but also what steps needed to be
taken to prevent such attacks in the future.

An initial conclusion is that the world needs to modernize technology
infrastructure and broaden the use of cybersecurity best practices. This
includes work by the companies that create software to better harden the
software “build process” and every part of the software supply chain, to help
prevent the insertion of malware into a software update.

The hearings on Capitol Hill hammered home that it will take governments and
tech companies working together to secure the world’s digital infrastructure.
While this can start with stronger protection for government networks
themselves, it must reach well beyond the public sector. We need to broaden
awareness and encourage expanded adoption of cybersecurity precautions, and tech
companies like Microsoft must make it simpler and easier for customers to
understand and use the security protections we create.

As we look to the future, it’s apparent that the next decade will be defined in
part by issues like international norms for governments and practical steps to
strengthen our cybersecurity defenses. Technology in some respects has created
a more dangerous world. A country like the United States can no longer rely on
large oceans to separate it from its rivals. The internet has made everyone each
other’s next-door neighbor. And software that can be used for espionage can
equally be used as ransomware or a weapon to disable a nation’s electrical grid
or water supply. Ultimately, it’s easier to send code into battle than troops
and missiles.

None of this changed overnight or because of a single development. But with
successive changes over the past decade, two things have become clear: We live
in a world remade by technology, and we must grapple with the consequences for
the new world we have created.

--------------------------------------------------------------------------------

Brad Smith is president of Microsoft. Carol Ann Browne is general manager and
chief of staff to Brad Smith at Microsoft.

This excerpt is adapted from the new paperback edition of The New York Times
bestseller Tools & Weapons: The Promise and Peril of the Digital Age, available
Sept. 7, 2021.

TOP ARTICLES

Affordable housing made from coffee: How this Colombian company did it

IMPACT

Impact

WHAT PEOPLE WHO GOT THE JOHNSON & JOHNSON VACCINE NEED TO KNOW ABOUT BOOSTERS

Fast Company Magazine

HOW DICK’S SPORTING GOODS WENT FROM CHAMPIONING GUN REFORM TO SAVING PUBLIC
LANDS

Impact

LESSONS FROM THE PANDEMIC EVICTION CRISIS CAN HELP US REMAKE THE HOUSING SYSTEM

NEWS

News

WHY DID COVID BECOME A POLITICAL ISSUE? A NEW STUDY OFFERS SOME ANSWERS

News

NO, STARBUCKS ISN’T NIXING AN EXTRA CHARGE FOR PLANT-BASED MILK

News

INFLATION UPDATE: ONLINE PRICES ARE GOING UP—AND THESE ITEMS JUST SAW THE
HIGHEST HIKES

CO.DESIGN

Co.Design

DOCTORS HAVE DEHUMANIZED BLACK PEOPLE FOR CENTURIES. THIS ILLUSTRATOR BELIEVES
ART COULD HELP

Co.Design

THE SURPRISING ORIGIN STORY OF THE ICONIC CUP NOODLES

Co.Design

THESE PLAYFUL DESK ACCESSORIES WERE 3D-PRINTED USING RECYCLED FOOD PACKAGING

WORK LIFE

Work Life

EAGER TO BOOST YOUR TEAM’S SOFT SKILLS? FOCUS ON THIS

Work Life

5 STRATEGIES FOR MAKING FRIENDS AS A WORKING ADULT

Work Life

RESEARCH EXPLAINS THE BIG DIFFERENCE BETWEEN KIND AND NICE. ONE HAS A BIGGER
IMPACT ON SUCCESS

* Advertise
* Privacy Policy
* Terms
* Notice of Collection
* Do Not Sell My Data
* Permissions
* Contact
* About Us
* Site Map
* Fast Company & Inc © 2021 Mansueto Ventures, LLC
*

FAST COMPANY

Follow
*
*
*
*
*

Login
* Co.Design
* Tech
* Work Life
* News
* Impact
* Podcasts
* Video
* Recommender
* Innovation Festival 360IF360
* Subscribe
*
* FastCo Works
* AWS
* Deloitte
* Genpact

* HOMEPAGE

* CO.DESIGN

* TECH

* WORK LIFE

* NEWS

* IMPACT

* PODCASTS

* VIDEO

* RECOMMENDER

* INNOVATION FESTIVAL 360

* SUBSCRIBE

Help Center
fastco works

* AWS

* BOSTON SCIENTIFIC

* DELOITTE

* DEPT

* ELEVATE PRIZE

* GENPACT

* KLARNA

* LOGITECH

* SQUARE

* VERIZON AWS

* VISA

* FASTCO WORKS

An award-winning team of journalists, designers, and videographers who tell
brand stories through Fast Company's distinctive lens

FC Executive Board
collections

* FAST GOVERNMENT

The future of innovation and technology in government for the greater good

* MOST INNOVATIVE COMPANIES

Our annual guide to the businesses that matter the most

* MOST CREATIVE PEOPLE

Leaders who are shaping the future of business in creative ways

* WORLD CHANGING IDEAS

New workplaces, new food sources, new medicine--even an entirely new economic
system

* INNOVATION BY DESIGN

Celebrating the best ideas in business

Newsletter
Events

* INNOVATION FESTIVAL

Courses and LearningAdvertiseCurrent Issue
Current Issue
SUBSCRIBE
Follow us:

* 09-07-21

WHAT IT WAS LIKE INSIDE MICROSOFT DURING THE WORST CYBERATTACK IN HISTORY

MICROSOFT PRESIDENT BRAD SMITH DESCRIBES THE CHAOS INSIDE THE TECH GIANT DURING
THE SOLARWINDS HACK.

Source photo: HJBC/iStock]
*
*
*
*

By Brad Smith and Carol Ann Browne long Read

While the KGB may have collapsed with the Soviet Union in 1991, its long shadow
still quietly serves its homeland through new 21st-century digital forms and
tactics, especially in cyberspace.

WHY THE SOLARWINDS ATTACK WAS SO DEVASTATING

RESPONDING TO THE ATTACK

THROUGH THE BACKDOOR

They then looked for the passwords for these accounts, which unfortunately some
customers had stored in an insecure way that was easy for the attackers to find.

DIGITAL FIRST RESPONDERS

THE HARD WORK AHEAD

--------------------------------------------------------------------------------

Brad Smith is president of Microsoft. Carol Ann Browne is general manager and
chief of staff to Brad Smith at Microsoft.

This excerpt is adapted from the new paperback edition of The New York Times
bestseller Tools & Weapons: The Promise and Peril of the Digital Age, available
Sept. 7, 2021.

VIDEO

Why Apple's new holiday ad fails to melt any hearts
Santa finds his own Mr. Claus in Norway’s emotional postal ad, and Apple
delivers an underwhelming new holiday campaign. This is Fast Company's brand hit
and miss of the week.
More Videos

0 seconds of 3 minutes, 40 secondsVolume 0%

Press shift question mark to access a list of keyboard shortcuts
Keyboard ShortcutsEnabledDisabled
Play/PauseSPACE
Increase Volume↑
Decrease Volume↓
Seek Forward→
Seek Backward←
Captions On/Offc
Fullscreen/Exit Fullscreenf
Mute/Unmutem
Seek %0-9
Next Up
Chipotle combines Kacey Musgraves and Coldplay in its heartwarming new ad
03:39
Settings
OffBrand Hit And Miss 120321
Font Color
White

Font Opacity
100%

Font Size
100%

Font Family
Arial

Character Edge
None

Background Color
Black

Background Opacity
50%

Window Color
Black

Window Opacity
0%

Reset
WhiteBlackRedGreenBlueYellowMagentaCyan
100%75%25%
200%175%150%125%100%75%50%
ArialCourierGeorgiaImpactLucida ConsoleTahomaTimes New RomanTrebuchet MSVerdana
NoneRaisedDepressedUniformDrop Shadow
WhiteBlackRedGreenBlueYellowMagentaCyan
100%75%50%25%0%
WhiteBlackRedGreenBlueYellowMagentaCyan
100%75%50%25%0%
facebook twitter Email
Linkhttps://www.fastcompany.com/video/why-apples-new-holiday-ad-fails-to-melt-any-hearts/OuFZ4ftV?jwsource=cl
Copied
Auto180p1080p720p406p270p180p
Live
00:00
03:40
03:40

IMPACT

Impact

WHAT PEOPLE WHO GOT THE JOHNSON & JOHNSON VACCINE NEED TO KNOW ABOUT BOOSTERS

Fast Company Magazine

HOW DICK’S SPORTING GOODS WENT FROM CHAMPIONING GUN REFORM TO SAVING PUBLIC
LANDS

Impact

LESSONS FROM THE PANDEMIC EVICTION CRISIS CAN HELP US REMAKE THE HOUSING SYSTEM

NEWS

News

WHY DID COVID BECOME A POLITICAL ISSUE? A NEW STUDY OFFERS SOME ANSWERS

News

NO, STARBUCKS ISN’T NIXING AN EXTRA CHARGE FOR PLANT-BASED MILK

News

INFLATION UPDATE: ONLINE PRICES ARE GOING UP—AND THESE ITEMS JUST SAW THE
HIGHEST HIKES

CO.DESIGN

Co.Design

DOCTORS HAVE DEHUMANIZED BLACK PEOPLE FOR CENTURIES. THIS ILLUSTRATOR BELIEVES
ART COULD HELP

Co.Design

THE SURPRISING ORIGIN STORY OF THE ICONIC CUP NOODLES

Co.Design

THESE PLAYFUL DESK ACCESSORIES WERE 3D-PRINTED USING RECYCLED FOOD PACKAGING

WORK LIFE

Work Life

EAGER TO BOOST YOUR TEAM’S SOFT SKILLS? FOCUS ON THIS

Work Life

5 STRATEGIES FOR MAKING FRIENDS AS A WORKING ADULT

Work Life

RESEARCH EXPLAINS THE BIG DIFFERENCE BETWEEN KIND AND NICE. ONE HAS A BIGGER
IMPACT ON SUCCESS

* Advertise
* Privacy Policy
* Terms
* Notice of Collection
* Do Not Sell My Data
* Permissions
* Contact
* About Us
* Site Map
* Fast Company & Inc © 2021 Mansueto Ventures, LLC
*

WE VALUE YOUR PRIVACY

To deliver the best possible experience, we and our partners use techniques such
as cookies to store and/or access information on a device and provide
personalised ads and content, ad and content measurement, audience insights and
product development. Precise geolocation and information about device
characteristics can be used. Personal data such as network address and browsing
activity may be processed.

You may click to consent to the processing described above or review options and
make granular choices. Some processing may not require your consent, but you
have a right to object. Your preferences will apply to this site only. You may
change your mind at any time by visiting our privacy policy.

review options accept & continue
#browser_notifications_enabled

#browser_notification_subscriber_blocked

#session_pageviews_1

#capture_slider_active

#capture_lightbox_active

www.fastcompany.com Open in urlscan Pro 151.101.129.54 Public Scan

Form analysis 0 forms found in the DOM

Text Content

www.fastcompany.com Open in urlscan Pro
151.101.129.54 Public Scan

Form analysis
0 forms found in the DOM