Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Starting in 2018, together with the first staff at VICE Motherboard, and now at TechCrunchI’ve been publishing a list at the end of the year highlighting the best cybersecurity stories reported by other sites. Cybersecurity, surveillance, and privacy are big topics that no single publication can adequately cover on its own. Journalism is by definition competitive, but it is also a highly collaborative field. That’s why it sometimes makes sense to refer our readers to other publications and their work to learn more about complex and broad beats.
Without further ado, here are our favorite cybersecurity stories of the year written by our friends at the outlet. – Lorenzo Franceschi-Bicchierai.
In one of the biggest and most dangerous attacks in recent history, hackers this year hijacked hundreds of cloud storage accounts belonging to cloud computing company Snowflake, trusted by the world’s largest technology and telecommunications companies. The criminals then held large databases of stolen data for ransom. One victim of the hacks, AT&T, confirmed this lost calls and texts of “almost all” of the 110 million AT&T customers affected by the breach, that accounts for more than 50 billion calls and texts.
A few days after AT&T announced their breach, an independent security reporter reported Kim Zetter he released news that AT&T had a few weeks earlier paid a hacker $370,000 to remove a large database of stolen telephones. not to release the data publicly. Zetter’s report revealed a large part in the picture of who was behind the riots – then known only as UNC5537 and Mandiant – and who they were. They were later identified as Connor Moucka and John Binns and charged for their role in details of Snowflake customer account theft. — Zack Whittaker.
The latest report of Kashmir Hill in the The New York Times revealed that automakers are sharing consumer driving patterns and habits with data vendors and insurance companies, who use the data to raise customer rates and premiums, a dystopian use of driver information against them. For GM car owners, drivers are they are often not informed that signing up for its Smart Driver feature would only allow cars to share their driving information with other people. Story it led to a congressional investigationwhich revealed that car manufacturers sell consumer data in some cases just for money. — Zack Whittaker.
This is nonsense. If this story were a movie – heck, it should be – it would be amazing. But the truth is that this actually happened is surprising. Zach Dorfman did a great job reporting here. Writing about intelligence services is not easy; by definition, this must remain hidden forever. And this is not one of those stories that the intelligence community would be happy to see in private. There is nothing to be proud or happy about here. I don’t want to spoil the story in any way, just read it. That’s good. – Lorenzo Franceschi-Bicchierai.
This is not a cybersecurity issue, but in some ways crypto has always been part of the culture of theft. Born as a pipe of liberty, it has been clear for several years that Bitcoin and all its crypto pages have nothing to do with what Satoshi Nakamoto, the mysterious founder of cryptocurrency and blockchain technology, thought back in 2008 in his Bitcoin founding paper. Now, crypto has become a tool for those far away to exercise their power, as Charlie Warzel explains so well in this piece. – Lorenzo Franceschi-Bicchierai.
Bloomberg’s Katrina Manson found what no one else could: a drug distributor Cencora offered a $75 million ransom to the terrorist group to prevent the release of personal and medical information on more than 18 million people following a cyber attack. Cencora was hacked in February, but has steadfastly and persistently refused to say how many people had their information stolen – even public records. showed more than 1.4 million people affected by the ride. TechCrunch has been chasing this story for quite some time (and we’re not the only ones!) after hearing rumors that Cencora had paid what it believed to be the largest ransom payment to date. Bloomberg’s Manson obtained details of the bitcoin transaction and confirmed the payment of the ransom. — Zack Whittaker.
I’ve been covering ransomware for years, and while the perpetrators are often willing to talk, the victims are often unwilling to open up. Bloomberg’s Ryan Gallagher achieved the impossible by getting the UK company to deliver Knights of Old full disclosure of ransomware attacks which led to the company’s closure after 158 years in business. Paul Abbott, who owns the Knights, spoke candidly about the attack, giving readers a picture of the destruction caused by Russian-linked terrorists. Abbott revealed how – and why – the company chose not to negotiate, leading to the publication of 10,000 internal documents. The leak, Abbot revealed, meant the company was unable to secure loans or sell the company, forcing it to close all of its doors. – Carly Page.
404 Media has been killing it in the year or so since its launch. There have been many good stories but this one stood out for me. Here, Joseph Cox and other journalists received the same documents, and wisely decided to focus on one main topic in his article: How cell phone locations can help identify people who go to abortion clinics. With Donald Trump returning to the White House, and the Republican Party in control of all branches of government, it is possible that we will see some problems with abortion rights and opportunities, making the race particularly dangerous. – Lorenzo Franceschi-Bicchierai.
I’ve been covering crypto hacks and heists off and on for a few years now. It’s a fascinating world full of con artists, con artists, conspirators – and ruthless detectives. One of the most interesting characters is a man who goes by the handle ZachXBT. Over the years, he has been exposing the most complex crypto secrets, hacks, heists, scams and money laundering operations. This year, Andy Greenberg at Wired did a great job of documenting ZachXBT. And while Greenberg could not reveal the detective’s real world and withhold identifying information, the story provided a vivid picture of the detective and his motivations. – Lorenzo Franceschi-Bicchierai.
Wired’s Andy Greenberg got the scoop on another massive Chinese hacking campaign. An eye-opening report, published in Octobershows how researchers working at Chengdu-based cybersecurity firm Sichuan Silence and the University of Electronic Science and Technology of China spent years investigating vulnerabilities in the Sophos firewall. Threats used by hacking groups supported by the Chinese government, such as APT41 and Volt Typhoonplanting back doors in Sophos firewalls used by organizations around the world and stealing their information. A five-year campaign, viz and in detail by Sophos itselfcaused more than 80,000 fire extinguishers around the world to malfunction – including some used by the US government. Following the Greenberg report, the US government to be allowed a Chinese cybersecurity company is one of its employees because of its role in the spread of the group. – Carly Page.
The Salt Typhoon of US mobile and internet giants will not only go down as one of the biggest cyber security stories of 2024, but also as one of the biggest in history. The Wall Street Journal found more information on the matterreported in October that Salt Typhoon, a Chinese government-backed hacking group, hacked into dozens of US telecom providers to gain access to information from systems the federal government used to subpoena court-ordered radio calls. The WSJ’s excellent report sparked months of follow-up and prompted the US government to take action, which has been ongoing ever since. encouraged Americans to switch to texting appssuch as Signal, to reduce the risk of having their messages. – Carly Page.
KYC, or “know your customer” checks, are among the most trusted methods that banks and technology companies use to try to verify that you are the person they are dealing with. KYC involves checking your driver’s license, passport, or other form of ID, and checking – to the extent possible – the authenticity of the document. But while fakes and fakes are inevitable, artificial intelligence models are rendering KYC checks useless. 404 Media analyzed an underground facility where a “neural network” quickly removes fake IDswhich was a great way to expose how easy it is to create fake IDs on the fly that can lead to bank fraud and money laundering. Page went online following 404 Media reports. — Zack Whittaker.
