Starting in 2018 with the first partners at VICE Motherboard Now on TechCrunchI published a list at the end of the year highlighting the best cybersecurity stories reported by other outlets. cyber security; Surveillance and privacy are huge topics that no single publication can effectively cover. Journalism is by definition competitive, but also a highly collaborative field. That is why it sometimes makes sense for our readers to learn more about the complex and scattered shots of other publications and their work.
Without further ado, Here are our favorite cybersecurity stories of the year, written by our friends at Competitive Outlets. — Lorenzo Franceschi-Bicchierai.
In one of the biggest and most spectacular hacks in recent history; This year, hackers raided hundreds of unsecured cloud storage accounts hosted by Snowflake, a cloud computing company relied on by some of the world's largest technology and telecom companies. The hackers then saved large troves of stolen data for return. AT&T, one of the victims of the hacks, confirmed this. Call and text records of “almost all” were lost The breach accounted for more than 50 billion call and text messages from AT&T's 110 million customers.
AT&T said that days after its breach went public as an independent security reporter. Kim Zetter The news broke. AT&T paid a hacker $370,000 to delete a huge cache of stolen phone records The information is not made public. Zetter's report found a key piece in the puzzle of who was behind the intrusions — at the time known only to Mandiant as UNC5537 — and who. Later identified as Connor Moucka and John Binns, they were prosecuted for their roles. Mass thefts from Snowflake's customer accounts. – Zack Whittaker
Kashmir Hill Final Investigation Report The New York Times Automakers are sharing customers' driving habits and habits with data brokers and insurance companies, using the data to raise customers' rates and premiums, a dystopian use of a driver's personal data against them, he said. For GM vehicle owners; The drivers. Often not informed Enrollment in its Smart Driver feature will allow vehicles to share their driving habits with third parties. The story Congress made an inquiry.Automakers have revealed that in some cases they have sold consumers' data for pennies. – Zack Whittaker
This is just a wild story. If this story were a movie, This should be That's still shocking. But it's unbelievable that this actually happened. Zach Dorfman pulls off an incredible feat of reporting here. Writing about intelligence operations is not easy. Meaning these must be kept secret forever. And this isn't one of those stories that the intelligence community will be quietly happy to see out there. Here is something to be proud of. Nothing to be happy about. I don't want to spoil this story in any way. You just need to read it. that's nice. — Lorenzo Franceschi-Bicchierai.
This isn't just a cybersecurity story, but in some ways crypto is part of hacker culture. As a freedman, he dreamed of making money. Clear for a few years. Bitcoin and all its crypto offshoots were re-imagined in 2008 in the Bitcoin founding document by Satoshi Nakamoto, the mysterious inventor of cryptocurrency and blockchain technology. Now, as Charlie Warzel explains so well in this episode. Crypto has become a tool for the far right to wield their power. — Lorenzo Franceschi-Bicchierai.
Bloomberg's Katrina Manson earned a label no one else could: drug distributor Cencora paid $75 million in ransom to an extortionist. Not releasing sensitive personal and medical information about 18 million people after an earlier cyber attack. Cencora was hacked in February, but has consistently refused to claim that any individuals' information was stolen — despite public documents. It showed more than 1.4 million people affected and rising.. TechCrunch has been following this story about the alleged ransom payment for some time (and we're not the only ones) after hearing rumors that Cencora paid what was believed to be the largest ransomware payment to date. Bloomberg's Manson obtained details of the bitcoin transactions and confirmed the ransom payments. – Zack Whittaker
I've been hiding ransomware for years, While the hackers behind these data theft attacks are often willing to talk, the victims of these attacks are usually not motivated to open up. Bloomberg's Ryan Gallagher achieved an almost impossible feat by acquiring UK-based delivery company Knights of Old. Describe all about ransomware attacks. This led to the closure of the company after 158 years of operation. Knights co-owner Paul Abbott spoke candidly about the attack and gave readers a glimpse of the damage caused by the Russian-linked hacking gang. Abbott released more than 10,000 internal documents revealing how the company decided to negotiate. In this leak, Abbot revealed that the company was forced to close its doors for good because it couldn't get a loan or sell the company. – Carly Page.
404 Media killed it a year or so after launch. There were many great stories, but this one stood out to me. Here, Joseph Cox and other journalists received the same data set and decided to focus his story on a key issue: how cell phone location could identify visitors to abortion clinics. With Donald Trump back in the White House and Republicans in control of all branches of government, we are likely to see more challenges to abortion access and access. This kind of surveillance is especially dangerous. — Lorenzo Franceschi-Bicchierai.
I have been covering crypto hackers and thefts for a few years now. It is the fliers, Scammers It's a fascinating world full of hackers—and relentless investigators. One of the most fascinating characters is a man with the handle ZachXBT. for many years He explains the most complex crypto mysteries; hacks, Thefts Some scams and money laundering operations have been uncovered. This year, Wired's Andy Greenberg did a great job profiling ZachXBT. Greenberg does not reveal the detective's real-world identity and withholds much information, but the story vividly portrays the investigator and his motivations. — Lorenzo Franceschi-Bicchierai.
Wired's Andy Greenberg covered another major Chinese-backed hacking campaign. eye-opening report; Released in October.In Sichuan Silence, the Chengdu-based cybersecurity company and researchers from the China University of Electronic Science and Technology revealed how they spent years researching vulnerabilities in Sophos firewalls. Vulnerabilities used by Chinese government-backed hacking groups; Like APT41 versus Volt typhoonPlant backdoors in Sophos firewalls used by organizations around the world to steal their sensitive data. As he campaigned for five years, Sophos itself also describes it in detail.More than 80,000 firewall devices worldwide, including some used by the US government, were compromised. Following Greenberg's reporting, United States government Sanctioned. A Chinese cyber security company and one of its employees have been indicted for their role in a widespread hacking operation. – Carly Page.
The Salt Typhoon hack of US phone and internet giants will go down not only as one of the biggest cybersecurity stories of 2024, but also as one of the biggest hacks in history. The Wall Street Journal had an impressive coverage of this story.Salt Typhoon, a Chinese government-backed hacking group, reported in October that it penetrated the networks of US telecom providers to obtain information from systems used by the federal government for court-authorized network-tapping requests. The WSJ's excellent reporting set off months of follow-up work and prompts from the US government that followed. He urged Americans to switch to encrypted messaging apps.to reduce the risk of their communications being intercepted, such as Signal; – Carly Page.
KYC or “Know Your Customer” checks are most dependent on the technologies banks and technology companies use to verify who you're dealing with. KYC your driver's license; This includes looking at passports or other forms of ID and — to the extent possible — verifying the authenticity of the document. But forgeries and forgeries are inevitable, though. Next generation AI models make these KYC checks completely useless. Investigated by 404 Media. Underground site where “neural networks” push out fake IDs at speedIt's an obvious way of how easy it is to release fake IDs that can support bank fraud and criminal money laundering. Site It went offline. 404 Media's reporting follows. – Zack Whittaker