Axios

Meta's Mark Zuckerberg has outlined a new template for companies to make up with President-elect Trump and MAGA.

Why it matters: Meta did this with a methodical striptease over nine days, capturing massive public and MAGA attention.

• "This is speaking Trump's love language," a transition source told us.

They say it's hard to turn a battleship around, but Mark Zuckerberg just about-faced his globe-spanning, $1.5 trillion-value, 3 billion-user company — transforming Meta from a bastion of Silicon Valley's socially progressive neoliberalism into a full-on MAGA hive.

Why it matters: After Zuckerberg's embrace of Trump and Trumpism, Silicon Valley is holding its breath to see whether a whole row of tech dominoes is about to fall in the same direction.

Roy Austin Jr., who built and led a small civil rights team inside Meta beginning in 2021, is departing the company, Austin announced in a Facebook post Friday evening.

Why it matters: It's the first notable departure from the social media giant since CEO Mark Zuckerberg's wave of rightward moves this week, which included shuttering a fact-checking operation, loosening hate speech restrictions and ending diversity programs.

Mark Zuckerberg's appearance on the "Joe Rogan Experience" podcast has made it clear that in the increasingly manichean face-off between government and tech, the Facebook founder is firmly on the side of tech.

Why it matters: In doing so, Zuckerberg is implicitly disowning a core part of the history of his own company.

Mark Zuckerberg spent this week reshaping Meta to be more MAGA-friendly, and capped it off Friday by calling for the "repopulation" of the "cultural elite class" on Joe Rogan's podcast.

Why it matters: Over the last few days, Meta has dropped internal DEI guidelines and opened the floodgates for hate speech, racism, and conspiracy theories, but Zuckerberg's comments on Rogan tie him explicitly to right-wing talking points.

Meta's Mark Zuckerberg, in an appearance on the "Joe Rogan Experience" podcast, criticized the Biden administration for pushing for censorship around COVID-19 vaccines, the media for hounding Facebook to clamp down on misinformation after the 2016 election, and his own company for complying.

Why it matters: Zuckerberg's three-hour interview with Rogan gives a clear window into his thinking during a remarkable week in which Meta loosened its content moderation policies and shut down its DEI programs.

Sensitive data belonging to students and teachers across several K-12 school districts appears to have been stolen in a recent breach of a major education technology provider.

Why it matters: Kids aren't immune to identity theft, and an increasing number of them are encountering identity fraud before turning 18, according to recent surveys.

The Supreme Court seemed inclined Friday to uphold a law that would ban TikTok in the U.S.

Why it matters: One of the most popular social media apps in the country may disappear next week.

Meta is ending its major DEI programs across the company, effective immediately, Sara Fischer and Mike Allen scooped.

Why it matters: The move is a strong signal to Meta employees that the company's push to make inroads with the incoming Trump administration isn't just posturing, but an ethos shift that will impact its business practices.

Read the memo from Meta in full:

Hi all, I wanted to share some changes we're making to our hiring, development and procurement practices. Before getting into the details, there is some important background to lay out:

The legal and policy landscape surrounding diversity, equity and inclusion efforts in the United States is changing. The Supreme Court of the United States has recently made decisions signaling a shift in how courts will approach DEI. It reaffirms longstanding principles that discrimination should not be tolerated or promoted on the basis of inherent characteristics. The term "DEI" has also become charged, in part because it is understood by some as a practice that suggests preferential treatment of some groups over others.

At Meta, we have a principle of serving everyone. This can be achieved through cognitively diverse teams, with differences in knowledge, skills, political views, backgrounds, perspectives, and experiences. Such teams are better at innovating, solving complex problems and identifying new opportunities which ultimately helps us deliver on our ambition to build products that serve everyone. On top of that, we've always believed that no-one should be given - or deprived- of opportunities because of protected characteristics, and that has not changed.

Given the shifting legal and policy landscape, we're making the following changes:

• On hiring, we will continue to source candidates from different backgrounds, but we will stop using the Diverse Slate Approach. This practice has always been subject to public debate and is currently being challenged. We believe there are other ways to build an industry-leading workforce and leverage teams made up of world-class people from all types of backgrounds to build products that work for everyone.
• We previously ended representation goals for women and ethnic minorities. Having goals can create the impression that decisions are being made based on race or gender. While this has never been our practice, we want to eliminate any impression of it.
• We are sunsetting our supplier diversity efforts within our broader supplier strategy. This effort focused on sourcing from diverse-owned businesses; going forward, we will focus our efforts on supporting small and medium sized businesses that power much of our economy. Opportunities will continue to be available to all qualified suppliers, including those who were part of the supplier diversity program.
• Instead of equity and inclusion training programs, we will build programs that focus on how to apply fair and consistent practices that mitigate bias for all, no matter your background.
• We will no longer have a team focused on DEI. Maxine Williams is taking on a new role at Meta, focused on accessibility and engagement.

What remains the same are the principles we've used to guide our People practices:

1. We serve everyone. We are committed to making our products accessible, beneficial and universally impactful for everyone.
2. We build the best teams with the most talented people. This means sourcing people from a range of candidate pools, but never making hiring decisions based on protected characteristics (e.g. race, gender etc.). We will always evaluate people as individuals.
3. We drive consistency in employment practices to ensure fairness and objectivity for all. We do not provide preferential treatment, extra opportunities or unjustified credit to anyone based on protected characteristics nor will we devalue impact based on these characteristics.
4. We build connection and community. We support our employee communities, people who use our products, and those in the communities where we operate. Our employee community groups (MRGs) continue to be open to all.

Meta has the privilege to serve billions of people every day. It's important to us that our products are accessible to all, and are useful in promoting economic growth and opportunity around the world. We continue to be focused on serving everyone, and building a multi-talented, industry-leading workforce from all walks of life.

Go deeper: Exclusive: Meta rolls back DEI programs in latest bow to Trump

Mark Zuckerberg's Meta is terminating major DEI programs, effective immediately — including for hiring, training and picking suppliers, according to a new employee memo obtained by Axios.

Why it matters: The move is a strong signal to Meta employees that the company's push to make inroads with the incoming Trump administration isn't just posturing, but an ethos shift that will impact its business practices.

Ransomware is a rampant, ever-evolving cybersecurity threat that has become an endemic problem for all organizations.

The big picture: Fighting the cybercriminal gangs behind these attacks has become a game of whack-a-mole.

• Law enforcement seizes a gang's servers and domains, dealing a temporary blow to its operations — only for the hackers to rebuild and relaunch their attacks a few months later.

Between the lines: The 2024 takedown of LockBit was different. The perpetrators are still struggling to recover nearly a year later.

Driving the news: A new Axios analysis of the LockBit indictments provides one of the clearest views inside a ransomware gang's operations.

LockBit hackers weren't the criminal masterminds that the public may have believed them to be, despite the group's list of high-value victims.

Why it matters: Perceiving ransomware gangs as untouchable villains may make unsuspecting companies freeze up when they're targeted.

• Some may pay the ransom simply out of fear of business losses and to prevent a data leak, believing they may not have the resources to outsmart them.
• After paying, those victims also tend to trust their attackers to uphold their end of the bargain and delete whatever confidential data was stolen — only to have the hackers go back on their word.

@ D.C.

🇨🇳 China-backed hackers have breached the Committee on Foreign Investment in the United States, a Treasury Department office that reviews foreign investments for national security risks. (CNN)

✍🏻 A new Biden cybersecurity executive order, likely to be signed next week, will focus on how agencies procure security tools and how they vet the tools they're using, according to a draft copy. (Nextgov)

⭐️ Some internet-connected products will soon come with the equivalent of an Energy Star label that measures cybersecurity. (NBC News)

@ Industry

🙉 Apple said in a statement that it has never used Siri data to build marketing profiles and has never made that data available to advertisers after the company agreed to settle a lawsuit about the voice assistant. (The Verge)

🌇 My view from the plane home from Las Vegas this week: Always sit in the window seat!

Fact-checking suddenly looks quaint, inadequate and practically irrelevant.

• Whole realities — the supposed culprits for the LA inferno, a new MAGA map of the world, a child sex-abuse scandal ("grooming gangs") in Britain — now sweep the internet overnight.
• We no longer need fact-checkers. We need reality-checkers.

Why it matters: When President-elect Trump takes office 10 days from now, he'll be more impervious than ever to metaphysical truth — long the purview of traditional, rigorous news reporting.

The world's most powerful supercomputer was officially dedicated in California Thursday, with the CEOs of Hewlett-Packard Enterprise and AMD on hand to celebrate their handiwork.

Why it matters: El Capitan — as the $600 million supercomputer is known — will handle an array of classified tasks aimed at securing the U.S. stockpile of nuclear weapons and run a variety of other unspecified simulations.

AI technology is advancing rapidly and if you're not already using it at work, brace yourself.

Why it matters: That was Sam Altman's message, buried in a blog post.

One of the most devastating types of cyberattack companies face today has been around for decades — and its perpetrators have hardly had to innovate to stay profitable.

Why it matters: Ransomware — in which hackers encrypt a victims' computers until a ransom is paid — has plagued nearly every sector.

• Publicly traded companies, hospitals and schools have all faced service disruptions or had to shut down due to their impact.

By the numbers: 2024 was probably the highest-grossing year for ransomware gangs in decades.

• One company paid as much as $75 million to a ransomware gang.

Between the lines: In a cat-and-mouse game, cyber criminals constantly change their tactics as defenses against them improve.

• When businesses got better at backing up their key servers, many ransomware gangs started ditching encryption altogether, instead opting to steal companies' proprietary information or shutting down systems needed to run the businesses.

A set of indictments released as part of international law enforcement's takedown of LockBit in early 2024 provided the clearest inside view of a ransomware gang.

How it works: Many cybercriminals run what's known as a ransomware-as-a-service model.

• The gang's administrators write malware that steals files or encrypts servers, then they hire freelance hackers to break into companies' digital systems, or even just exploit common security flaws.

How LockBit operates

LockBit is a leading example of how a ransomware gang operates.

The gang had a widespread impact: The U.S. Department of Justice estimates that LockBit attacked more than 2,500 organizations worldwide, including 1,800 in the U.S.

• The group raked in more than $500 million, officials say.

The big picture: Ransomware gangs are more than just a bunch of young hackers coding in their basements.

• LockBit had hiring managers, job interview processes and even a human resources department.
• LockBit even built its own administrative portals to communicate with freelancers.

Zoom in: A 31-year-old Russian man who went by the moniker, "LockBitSupp," ran the LockBit gang, according to a May indictment.

• Other alleged members include a father-son duo who were arrested in Ukraine and a 38-year-old man in Warsaw, Poland.

LockBit became far bigger and more destructive than those before them, experts tell Axios.

• Investigators estimate nearly 200 online personas worked for LockBit.
• LockBit was the top ransomware variant attacking U.S. critical infrastructure in 2023, according to the FBI, accounting for 14% of reported attacks.
• "They were targeting schools, hospitals, emergency services, critical infrastructure, among other private sector companies," Brett Leatherman, deputy assistant director of FBI's cyber operations, tells Axios.

LockBit had two things other ransomware gangs didn't: an untouchable reputation and a "control panel" that made it easy to onboard and track hundreds of freelancers.

• Freelancers got tattoos to show their allegiance to the group, and LockBit was known to lie about whom it had attacked, often claiming bigger targets than was the case.
• Right after last year's law enforcement operation, LockBit required freelancers to invest roughly one bitcoin, worth at least $61,000 at the time, in the operation before getting access to the coveted control panel, per Tim Mitchell, a security researcher at cybersecurity company SecureWorks.

Flashback: The FBI Newark field office started investigating LockBit in early 2020 as the gang attacked more U.S. organizations, Leatherman said.

• Through conversations with international partners, the FBI realized that while its offices had a great view of the direct impact of these attacks and who was being hit, its U.K. counterpart, the National Crime Agency, had the best visibility into LockBit's technical infrastructure.
• "We were able to have a much greater impact because of that part," Leatherman said.

The intrigue: To take down LockBit, the FBI and its private sector partners couldn't just focus on the technical takedowns: seizing databases and web domain names. They also had to cause irreparable damage to the gang's reputation.

• "Why do people drink one soda over another? Because the brand is so strong," says Robert McArdle, a director on Trend Micro's cybercrime research team at Trend Micro, which helped in the investigation. "And if you can destroy that you're left with soda water."
• In similar takedowns, international law enforcement would seize the infrastructure the night before, release a press release in the morning and hold a press conference to share a few more details.
• In the LockBit operation, investigators went a step further: For weeks, they placed countdowns on a dark-web leak site they had seized, to troll LockBit's supporters. Each one promised to divulge new information — the identity of LockBitSupp, the release of a free decryption tool to help victims, and links to the press releases about the operation.
• "It's not just about the disruption, it's also about the deterrence," Leatherman says. "Our goal was to make LockBit, the variant itself in the technical ecosystem, radioactive."

Yes, but: Ransomware gangs are constantly evolving.

• Even when law enforcement arrests their leaders or seizes their online infrastructure, the remaining members will rebrand and keep working.

What's next

Between February and April of last year, LockBit attacks on U.S. companies declined 85%, Leatherman said, and that number continued to shrink since the May indictment of LockBitSupp. More victims have also come forward.

Zoom out: Ransomware remained a prominent threat in 2024, when there were as many attacks as in the previous year.

• Ransomware attacks led to service disruptions at hospitals, pharmacies, schools and even auto dealers.
• Congress called a Fortune 500 CEO to testify in May about an attack on his company.

Reality check: Part of the resurgence stems from the growth in the number of internet-connected devices that companies have running on their networks, Leatherman said.

• Security flaws are inevitable these days in all technologies, and each of those internet-connected devices can provide a "jumping off point" for attackers, he added.

The bottom line: Ransomware requires an all-of-government approach, not just law enforcement investigations, to both hold hackers responsible for their misdeeds and to make the cybercrime less appealing.

• "The operation and the investigation is not over," Leatherman says. "We continue to pursue those actors and any other actor that wants to impose harm on the United States cyber ecosystem here."

Go deeper:

• Companies facing slow road out of the ransomware ward
• The clowns and fools behind ransomware attacks
• How one cyberattack causes relentless ripple effects

President-elect Trump understands the U.S. auto industry better now than he did during his first term, says Ford chairman Bill Ford, who's hopeful that Tesla CEO Elon Musk will use his close relationship with Trump to advocate for all automakers.

Why it matters: Trump had a fraught relationship with Detroit carmakers during his first term, and the companies often sparred with the president over labor, trade, tariffs and regulations.