Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
It’s the end of the year. That means it’s time to celebrate the best news in cyber security we didn’t spread. Starting in 2023TechCrunch has taken a look back at the year’s best cybersecurity stories.
If you are not well, the idea is simple. Currently, there are many journalists who publish information about cybersecurity in English. There are many articles on internet security, privacy, and monitoring published every week. And most of them are good, and you should read them. We’re here to curate our favorites, so know that this is a subjective and, at the end of the day, an incomplete list.
Anyway, let’s get into it. – Lorenzo Franceschi-Bicchierai.
Every once in a while, there’s a story so devastating that when you start reading it, you think it could be a movie or television show. Such is the case with Shane Harris who corresponded for months with a top Iranian hacker.
In 2016, a reporter for The Atlantic contacted a person who claimed to work as a hacker for Iran’s intelligence, where he said he had worked on major projects, such as the downing of an American airliner and the previous hack against the oil giant, Saudi Aramco, where Iranian thieves wiped the company’s computers. Harris was skeptical, but as he continued to talk to the thief, who finally revealed his real name, Harris began to trust him. After the thief’s death, Harris was able to piece together the real story, which turned out to be even more mysterious than the thief had led him to believe.
This fascinating article is a great look at the challenges cyber security journalists face when dealing with sources who claim to have big stories to share.
In January, the UK government secretly handed Apple a court order requiring the company to create a back door to allow the police to access the iCloud data of every customer in the world. Because of the gag order around the world, it was for a reason The Washington Post it felt like we learned that there was a plan to begin with. The demands were the first of their kind, and – if successful – would be a major defeat for tech giants who have spent the past decade locking themselves away from their users’ data to avoid being forced to hand it over to the government.
Apple later stopped offering its own end-to-end cloud storage to its customers in the UK in response to their requests. But in the press release, the secret plan was put in the public eye and allowed both Apple and critics to review the UK’s surveillance powers in a way that has never been attempted in public. The news sparked a years-long dispute between the UK and the United States, leading Downing Street to drop the proposal – just try again after a few months.
The story was a wall-to-wall trick that some journalists only dream of, but The Atlantic’s editor-in-chief played it in real time when he was unwittingly added to the Signal team of US government officials. in An official of the United States government is discussing war plans from their phones.
Reading the discussions about where the US military should drop bombs – and seeing the reports of the missiles on the ground on the other side of the world – was the confirmation that Jeffrey Goldberg should have known that he was, as he suspected, in a real conversation with the officials of the Trump administration, and this was all written and documented.
And he did, paving the way for a months-long investigation (and criticism) of the government’s security system, which is being called the biggest. state opsec error in history. The disclosure of the incident eventually revealed a security vulnerability that included the application a knock-off for Signal which also jeopardized seemingly secure government communications.
Brian Krebs is one of the world’s oldest cyber security journalists, and for years he’s been following the web’s scraps that lead him to expose the most notorious cybercriminals. In this case, Krebs was able to find the truth behind the web handle of Rey, who is one of the most famous. hardworking young people‘ an online crime group that calls itself Browser LAPSUS$ $Hunters.
Krebs’ quest was so successful that he was able to talk to the person closest to the hacker – we won’t spoil the whole story here – and then the hacker himself, who admitted his crimes and said that he was trying to escape the life of a cybercriminal.
Independent media company 404 Media has done more journalism this year than most media outlets. One of his greatest accomplishments was uncovering and effectively shutting down a massive space travel surveillance system that was created by government agencies and operated in the open.
404 Media reported that a little-known airline-based whistleblower named the Airlines Reporting Corporation is selling access to five billion tickets and flights, including the names and financial information of ordinary Americans, allowing government agencies like ICE, the State Department, and the IRS to track people without a warrant.
ARC, which owns United, American, Delta, Southwest, JetBlue, and other airlines, said it would shut down the data program without permission. Monthly reports 404 Media and more pressure from policymakers.
The assassination of UnitedHealthcare CEO Brian Thompson in December 2024 was one of the biggest stories of the year. Shortly after Luigi Mangione, the main suspect in the murder, was arrested and charged with using a “ghost gun,” a 3D-printed gun that had no serial numbers and was secretly built without a background check — a gun the government didn’t know existed.
Wired, using its features previous developments in 3D printed materialsthey tried to test how easy it would be to make a 3D printed gun, and run a legal (and ethical) environment. The reporting process was told in a fun way, and the video that goes along with the story is really cool and fun.
DOGE, or the Department of Public Works, was one of the biggest stories of the year, as Elon Musk’s gang they messed up the federal government, and broke security laws and red tape, as part of mass seizure of citizen data. NPR had some excellent investigative reporting exposing the resistance of government officials trying to prevent the theft of the government’s most sensitive information.
In one of the disclosures he shared with members of Congress, a senior IT official at the National Labor Relations Board told lawmakers that while seeking help investigating DOGE’s actions, “he found a letter sealed in an envelope taped to his door, which contained threatening language, personal information and headshots of him walking his dog.”
Every story that starts the reporter said they found something that made them “feel like crapping my pants,” you know it’s going to be an interesting read. Gabriel Geiger obtained data from a mysterious monitoring company called First Wap, which had the profiles of thousands of people around the world whose phones had been tracked.
The data, from 2007 to 2015, allowed Geiger to identify many famous people whose phones were tracked, including the first lady of Syria, the head of a private military contractor, a Hollywood actor, and an enemy of the Vatican. This article explores the dark world of phone surveillance using Signaling System No. 7, or SS7, an obscure protocol known to allow malicious searches.
Swatting has been a problem for years. What started as a bad joke has become a real threat, which has resulted at least one death. Swatting is a form of spoofing in which someone – usually a scammer – calls the emergency services and tricks authorities into sending a SWAT team to the spoof’s target’s home, often pretending to be their target, and pretending to be about to commit a violent crime.
In this article, Wired’s Andy Greenberg put a face on many of the people who are part of these issues, such as the mobile operators who have to deal with the problem. And they also featured a serial killer, called Torswats, who for months harassed workers and schools across the country with false – but very credible – threats of violence, and a hacker who took it upon himself to track down Torswats.
