It’s the top of the yr. Which means it’s time for us to have a good time one of the best cybersecurity tales we didn’t publish. Since 2023, TechCrunch has appeared again at one of the best tales throughout the board from the yr in cybersecurity.
In case you’re not acquainted, the concept is easy. There are actually dozens of journalists who cowl cybersecurity within the English language. There are a number of tales about cybersecurity, privateness, and surveillance which can be printed each week. And a number of them are nice, and it is best to learn them. We’re right here to advocate those we favored probably the most, so remember the fact that it’s a really subjective and, on the finish of the day, incomplete listing.
Anyway, let’s get into it. — Lorenzo Franceschi-Bicchierai.
Each on occasion, there’s a hacker story that as quickly as you begin studying, you assume it could possibly be a film or a TV present. That is the case with Shane Harris’ very private story of his months-long correspondence with a high Iranian hacker.
In 2016, The Atlantic’s journalist made contact with an individual claiming to work as a hacker for Iran’s intelligence, the place he claimed to have labored on main operations, such because the downing of an American drone and the now-infamous hack in opposition to oil big Saudi Aramco, the place Iranian hackers wiped the corporate’s computer systems. Harris was rightly skeptical, however as he saved speaking to the hacker, who ultimately revealed his actual title to him, Harris began to imagine him. When the hacker died, Harris was in a position to piece collectively the actual story, which someway turned out to be extra unbelievable than the hacker had led Harris to imagine.
The gripping story can also be an amazing behind-the-scenes have a look at the challenges cybersecurity reporters face when coping with sources claiming to have nice tales to share.
In January, the U.Okay. authorities secretly issued Apple with a court docket order demanding that the corporate should construct a backdoor so police can entry iCloud knowledge of any buyer on this planet. As a result of a worldwide gag order, it was solely as a result of The Washington Publish broke information that we realized the order existed to start with. The demand was the primary of its sort, and — if profitable — could be a significant defeat for tech giants who’ve spent the previous decade locking themselves out of their customers’ personal knowledge to allow them to’t be compelled to supply it to governments.
Apple subsequently stopped providing its opt-in end-to-end encrypted cloud storage to its prospects within the U.Okay. in response to the demand. However by breaking the information, the key order was thrust into the general public eye and allowed each Apple and critics to scrutinize U.Okay. surveillance powers in a approach that hasn’t been examined in public earlier than. The story sparked a months-long diplomatic row between the U.Okay. and the USA, prompting Downing Road to drop the request — solely to attempt once more a number of months later.
This story was the form of fly-on-the-wall entry that some reporters would dream of, however The Atlantic’s editor-in-chief received to play out in real-time after he was unwittingly added to a Sign group of senior U.S. authorities officers by a senior U.S. authorities official discussing struggle plans from their cell telephones.
Studying the dialogue about the place U.S. army forces ought to drop bombs — after which seeing information studies of missiles hitting the bottom on the opposite aspect of the world — was affirmation that Jeffrey Goldberg wanted to know that he was, as he suspected, in an actual chat with actual Trump administration officers, and this was all on-the-record and reportable.
And so he did, paving the way in which for a months-long investigation (and critique) of the federal government’s operational safety practices, in what was known as the largest authorities opsec mistake in historical past. The unraveling of the state of affairs in the end uncovered safety lapses involving using a knock-off Sign clone that additional jeopardized the federal government’s ostensibly safe communications.
Brian Krebs is among the extra veteran cybersecurity reporters on the market, and for years he has specialised in following on-line breadcrumbs that result in him revealing the id of infamous cybercriminals. On this case, Krebs was capable of finding the actual id behind a hacker’s on-line deal with Rey, who’s a part of the infamous superior persistent youngsters‘ cybercrime group that calls itself Scattered LAPSUS$ Hunters.
Krebs’ quest was so profitable that he was in a position to discuss to an individual very near the hacker — we received’t spoil the entire article right here — after which the hacker himself, who confessed to his crimes and claimed he was making an attempt to flee the cybercriminal life.
Unbiased media outlet 404 Media has achieved extra impression journalism this yr than most mainstream retailers with vastly extra assets. Certainly one of its greatest wins was exposing and successfully shuttering an enormous air journey surveillance system tapped by federal businesses and working in plain sight.
404 Media reported {that a} little-known knowledge dealer arrange by the airline business known as the Airways Reporting Company was promoting entry to 5 billion airplane tickets and journey itineraries, together with names and monetary particulars of unusual People, permitting authorities businesses like ICE, the State Division, and the IRS to trace individuals and not using a warrant.
ARC, owned by United, American, Delta, Southwest, JetBlue, and different airways, mentioned it might shut down the warrantless knowledge program following 404 Media’s months-long reporting and intense stress from lawmakers.
The killing of UnitedHealthcare CEO Brian Thompson in December 2024 was one of many greatest tales of the yr. Luigi Mangione, the chief suspect within the killing, was quickly after arrested and indicted on prices of utilizing a “ghost gun,” a 3D-printed firearm that had no serial numbers and in-built non-public and not using a background test — successfully a gun that the federal government has no thought exists.
Wired, utilizing its previous reporting expertise on 3D-printed weaponry, sought to check how straightforward it might be to construct a 3D-printed gun, whereas navigating the patchwork authorized (and moral) panorama. The reporting course of was exquisitally advised, and the video that goes together with the story is each glorious and chilling.
DOGE, or the Division of Authorities Effectivity, was one of many greatest working tales of the yr, as the gang of Elon Musk’s lackeys ripped via the federal authorities, tearing down safety protocols and purple tape, as a part of the mass-grab of residents’ knowledge. NPR had a number of the finest investigative reporting uncovering the resistance motion of federal employees making an attempt to forestall the pilfering of the federal government’s most delicate knowledge.
In a single story detailing a whistleblower’s official disclosure as shared with members of Congress, a senior IT worker within the Nationwide Labor Relations Board advised lawmakers that as he was in search of assist investigating DOGE’s exercise, he “discovered a printed letter in an envelope taped to his door, which included threatening language, delicate private info and overhead photos of him strolling his canine, in keeping with the duvet letter connected to his official disclosure.”
Any story that begins with a journalist saying they discovered one thing that made them “really feel like shitting my pants,” you already know it’s going to be a enjoyable learn. Gabriel Geiger discovered a dataset from a mysterious surveillance firm known as First Wap, which contained data on hundreds of individuals from all over the world whose cellphone places had been tracked.
The dataset, spanning 2007 via 2015, allowed Geiger to establish dozens of excessive profile individuals whose telephones had been tracked, together with a former Syrian first girl, the top of a non-public army contractor, a Hollywood actor, and an enemy of the Vatican. This story explored the shadowy world of cellphone surveillance by exploiting Signalling System No. 7, or SS7, an obscurely named protocol lengthy identified to permit malicious monitoring.
Swatting has been an issue for years. What began as a nasty joke has grow to be an actual menace, which has resulted in no less than one demise. Swatting is a kind of hoax the place somebody — usually a hacker — calls the emergency providers and methods the authorities into sending an armed SWAT workforce to the house of the hoaxer’s goal, usually pretending to be the goal themselves, and pretending they’re about to commit a violent crime.
On this function, Wired’s Andy Greenberg put a face on the numerous characters who’re a part of these tales similar to the decision operators who need to take care of this drawback. And he additionally profiled a prolific swatter, referred to as Torswats, who for months tormented the operators and colleges everywhere in the nation with pretend — however extraordinarily plausible — threats of violence, in addition to a hacker who took it upon himself to trace Torswats down.
