Issue 92

Neobanks, SolarWinds and the US Army

Delivered on 21 December 2020 by Justin Pyvis. About a 3 min read.

Is this the beginning of the end for the so-called neobanks? Australian neobank Xinja last week closed all of its bank accounts, issued refunds and handed back its banking licence. It was burning cash trying to acquire customers but didn't have anything to sell them. Sounds like a bit of a Ponzi:

Corporate documents, obtained by The Age and The Sydney Morning Herald, show Sydney-based firm Grant Thornton ceased to be Xinja’s auditor in April, with its last financial statement warning the neobank temporarily breached its minimum capital requirements.

Grant Thorton said Xinja’s cash flow relied on “injections of additional capital” to maintain a buffer above Australian Prudential Regulation Authority’s requirements to continue operating lawfully. The report also noted the group needed to cut costs and expand products to stay afloat.

“Should the above transactions or assumptions not materialise, there is a material uncertainty whether the group will continue as a going concern,” Grant Thornton’s auditors warned.

Seven days later, Grant Thorton ceased to be Xinja’s auditor and was replaced by big four auditing firm PwC.

I know words like 'neobank' tend to get people excited but there's really nothing 'neo' (new) about them, other than the lack of a physical branch. It would be like Amazon branding itself a 'neoretailer'; i.e. pure marketing BS. In their current form, neobanks are just boring old banks. End of discussion.

That's not to say neobanks don't exist. But they're being built on the blockchain - stablecoins and DeFi, or decentralised finance, are where the neobanks will be. Dressing up the same old traditional banks sans retail branches with some expensive marketing, a decent app and a fancy card just doesn't cut it, especially when you need to offer above-market rates to attract deposits that you can't properly utilise.

Please, use a decent password (manager)

Twice in the past week it was reported that critical systems were "hacked". But it's a generous use of the word - in both cases, it was simply a case of human error. Namely, using a sh***ty password.

First there was Donald Trump's twitter account, which was kind of a big deal because it's how he conducts everything from diplomacy to policy:

Dutch prosecutors have confirmed that Donald Trump’s Twitter account was hacked in October despite denials from Washington and the company, but said the “ethical hacker” would not face charges.  The hacker, named as Victor Gevers, broke into Trump’s account @realDonaldTrump on 16 October by guessing the US president’s password, Dutch media reports said... Gevers, 44, disclosed the hack immediately, saying the password he guessed was “maga2020!”, referring to the Trump slogan “Make America Great Again”.

Next up was the SolarWinds breach, a US company that "develops software for businesses to help manage their networks, systems, and information technology infrastructure". It turns out SolarWinds does a lot of work for, and has a lot of access to, the networks of key US government bureaucracies including the Treasury, Department of State, Department of Commerce, Department of Energy and even the National Nuclear Security Administration.

The "hack" occurred because SolarWinds used the super secure password solarwinds123 (yes, all lowercase), which once discovered allowed the attackers to push an update to their clients loaded with malware, in many cases granting them full network access.

Insanity? You might think so. But if you've ever worked in a large organisation or government entity, stupid passwords are the norm. Rather than requiring a password manager, hardware token or two-factor authentication (or some combination of the three), management at these organisations - themselves technically illiterate - seem content to use the default Microsoft corporate security policy, which amounts to forcing people to append their stupid password with an ever-increasing number of digits every few months.

Microsoft, by the way, is also a big client of SolarWinds.

Speaking of slow moving organisations...

It took the US Army nearly a year to develop a... cloth face mask. Apparently that was a good effort - it was accomplished on an “expedited timeline”.

U.S. Army soldiers will soon be wearing a new face mask designed to protect them from COVID-19. The Army developed the Combat Cloth Face Covering (CCFC), which is visibly no different from commercial masks designed and brought to market within days of the pandemic, on what the service calls an “expedited timeline.”

But the glacially slow development is yet another dysfunctional procurement program from a service that takes years to purchase something as simple as a handgun.

You could not make this up. Meanwhile, “[private sector] clothing designers and personal protective equipment manufacturers quickly came up with designs that were immediately put into mass production. Within weeks, millions of people worldwide could easily obtain effective masks”.

I sure am glad the military has nothing to do with vaccine development.


Issue 92: Neobanks, SolarWinds and the US Army was compiled by Justin Pyvis and delivered on 21 December 2020.