Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Since 2018, together with colleagues, first on VICE Motherboard and now on TechCrunchAt the end of the year, I publish a list highlighting the best cybersecurity stories reported by other publications. Cybersecurity, surveillance, and privacy are big topics that no single publication can cover effectively on its own. Journalism is by definition a competitive field, but also a very collaborative one. That’s why it sometimes makes sense to refer our readers to other publications and their work to learn more about these complex and pervasive tattoos.
Without further ado, here are this year’s favorite cybersecurity stories from our friends at rival shops. – Lorenzo Franceschi-Bicchierai.
In one of the largest and most brazen mass attacks in recent history, hackers this year raided hundreds of untrusted cloud storage accounts operated by Snowflake, a cloud computing company trusted by the world’s largest technology and telecommunications companies. The hackers then held the vast wealth of stolen data for ransom. AT&T, one of the victims of the hacks, confirmed this lost “almost all” call and text logs More than 50 billion call and text records of 110 million AT&T customers were compromised.
Days after the AT&T breach went public, an independent security reporter Kim Zetter reported that AT&T paid a hacker $370,000 weeks ago to delete a large cache of stolen phone records. and does not disclose information to the public. Zetter’s report revealed a key piece of the puzzle of who was behind the intrusions—known at the time by Mandiant only as UNC5537—and who they were. later identified as Connor Moucka and John Binns and charged for their roles In mass thefts from Snowflake’s customer accounts. – Zack Whittaker.
Kashmir Hill’s latest research report The New York Times revealed that automakers are sharing consumer driving behavior and habits with data brokers and insurance companies, using that data to increase customer rates and premiums, a dystopian use of the driver’s own data against them. Drivers for GM car owners often not reported that enrolling in its Smart Driver feature will automatically result in vehicles sharing their driving habits with third parties. The story It led to a congressional investigationit revealed that automakers were in some cases selling consumers’ data for mere pennies. – Zack Whittaker.
This is just a wild story. If this story were a movie — heck, it should be — it would still be shocking. But it’s incredible that it actually happened. Zach Dorfman did an incredible job reporting here. Intelligence operations are not easy to write about; by definition, they must remain secret forever. And it’s not one of those stories that the intelligence community would be happy to see surreptitiously out there. There is nothing to be proud of or happy about. I don’t want to spoil this story in any way, you just have to read it. It’s that good. – Lorenzo Franceschi-Bicchierai.
This isn’t purely a cybersecurity story, but in some ways, cryptocurrency has always been a part of hacker culture. Born a libertarian dream, has been clear for several years Bitcoin and all its cryptocurrencies have nothing to do with what Satoshi Nakamoto, the mysterious inventor of cryptocurrency and blockchain technology, envisioned in his 2008 bitcoin founding article. As Charlie Warzel explains so well in this piece, cryptocurrency has now become a tool for the far right to wield power. – Lorenzo Franceschi-Bicchierai.
Bloomberg’s Katrina Manson got a scoop no one else could: drug dealer Senkora paid a ransom of 75 million dollars to the extorting gang Not releasing sensitive personal and medical information on nearly 18 million people after a previous cyber attack. In February, Cencora was hacked but has steadfastly and consistently refused to say how many people’s data was stolen – despite public documents It showed more than 1.4 million affected individuals and growing. TechCrunch has been following this alleged ransom payment story for some time (and we weren’t the only ones!) after hearing rumblings that Cencora had paid what was believed to be the largest ransomware payment to date. Bloomberg’s Manson obtained details of the bitcoin transactions and confirmed the ransom payments. – Zack Whittaker.
I’ve been dealing with ransomware for years, and while the hackers behind these data-stealing attacks are often willing to talk, the victims of these attacks are usually less than willing to open up. Bloomberg’s Ryan Gallagher has achieved the impossible by acquiring UK-based delivery company Knights of Old. Discover everything about a ransomware attack This resulted in the closure of the company after 158 years of operation. Knights co-owner Paul Abbott spoke candidly about the attack, giving readers a glimpse into the devastation caused by the Russian-linked hacking gang. Abbott has revealed how and why the company decided not to negotiate, resulting in the release of more than 10,000 internal documents. The leak, Abbott said, meant the company couldn’t secure a loan or sell the company, forcing it to close its doors permanently. – Carly Page.
404 Media absolutely killed it a year after launch. There have been many great stories, but this one stood out for me. Here, Joseph Cox and other journalists received the same set of data, and he decided to focus on one key issue in his story: How cell phone location can help identify people visiting abortion clinics. With Donald Trump back in the White House and the Republican Party in control of all branches of government, we are likely to see further challenges to abortion rights and access, making such control especially dangerous. – Lorenzo Franceschi-Bicchierai.
I have been covering cryptocurrency attacks and heists for several years now. It’s a fascinating world full of scammers, fraudsters, hackers and tenacious investigators. One of the most interesting characters is a man who goes by the handle of ZachXBT. For years, he has been uncovering the most complex crypto mysteries, hacks, thefts, scams and money laundering operations. Andy Greenberg at Wired this year did a great job profiling ZachXBT. Even if Greenberg fails to reveal the detective’s real-world identity and withholds much identifying information, the story paints a vivid picture of the investigator and his motivations. – Lorenzo Franceschi-Bicchierai.
Wired’s Andy Greenberg has learned about another major Chinese-backed hacking campaign. An eye-opening report, published in OctoberResearchers working for Chengdu-based cybersecurity firm Sichuan Silence and the University of Electronic Science and Technology of China reveal how they spent years researching vulnerabilities in Sophos firewalls. The vulnerabilities were later exploited by hacking groups supported by the Chinese government. Like APT41 and Typhoon Voltplacing backdoors in Sophos firewalls used by organizations around the world and stealing their sensitive data. A five-year campaign, as also detailed by Sophos himselfresulted in the compromise of more than 80,000 firewall devices globally, including some used by the US government. After Greenberg’s report, the US government sanctioned A Chinese cybersecurity company and one of its employees for their role in a widespread hacking campaign. – Carly Page.
The Salt Typhoon hack of US phone and internet giants will go down not only as one of the biggest cyber security stories of 2024, but also as one of the biggest attacks in history. The Wall Street Journal impressively reported this storyIn October, the Chinese government-backed hacking group Salt Typhoon reported that it had penetrated the networks of some US telecommunications providers to gain access to systems used by the federal government for court-authorized wiretapping requests. The WSJ’s scathing report led to months of harassment and US government action since then. urged Americans to switch to encrypted messaging appsfor example, Signal, to minimize the risk of interception of communications. – Carly Page.
KYC, or “know your customer” checks, are some of the methods banks and tech companies use to confirm that they’re actually dealing with you. KYC involves looking at a driver’s license, passport or other ID and verifying the authenticity of the document as much as possible. While fraud and forgery are inevitable, generative AI models render these KYC checks completely useless. 404 Media investigated an underground site where “neural networks” rapidly extract fake IDsit was a brilliant way to expose how easy it is to quickly create fake IDs that can enable bank fraud and money laundering. Site offline 404 After media report. – Zack Whittaker.
