TECHCRUNCH.COM
These are the cybersecurity stories we were jealous of in 2024
Since 2018, along with colleagues first at VICE Motherboard, and now at TechCrunch, I have been publishing a list at the end of the year highlighting the best cybersecurity stories reported by other outlets. Cybersecurity, surveillance, and privacy are huge topics that no one single publication can cover effectively on its own. Journalism is by definition competitive, but also a highly collaborative field. Thats why it sometimes makes sense to point our readers to other publications and their work to learn more about these complicated and sprawling beats.Without further ado, here are our favorite cybersecurity stories of this year written by our friends at rival outlets. Lorenzo Franceschi-Bicchierai.AT&T paid a hacker $370,000 to delete a stolen cache of nearly all of the companys phone recordsIn one of the biggest and most brazen mass-hacks in recent history, hackers this year raided hundreds of insecure cloud storage accounts hosted by cloud computing company Snowflake, relied on by some of the worlds largest tech and telecom companies. The hackers then held the huge troves of stolen data for ransom. One victim of the hacks, AT&T, confirmed that it lost the call and text records of nearly all of AT&Ts 110 million customers in the breach, accounting for more than 50 billion call and text records.Days after AT&T went public with news of its breach, independent security reporter Kim Zetter broke the news that AT&T had weeks earlier paid a hacker $370,000 to delete the huge cache of stolen phone records and not publicly release the data. Zetters reporting uncovered a major piece in the puzzle of who was behind the intrusions at the time known only as UNC5537 by Mandiant and who were later identified as Connor Moucka and John Binns and indicted for their role in the mass-thefts from Snowflakes customer accounts. Zack Whittaker.Kashmir Hills latest investigative report in The New York Times revealed that automakers are sharing consumers driving behavior and habits with data brokers and insurance companies, which use the data to hike customer rates and premiums, a dystopian use of a drivers own information against them. For GM vehicle owners, drivers are often not informed that enrolling in its Smart Driver feature would automatically result in vehicles sharing their driving habits with third-parties. The story prompted a congressional inquiry, which revealed that the carmakers sold consumers data in some cases for mere pennies. Zack Whittaker.CIA sent an officer deep undercover to spy on Islamic radicals. The operation cost him everythingThis is just a wild story. If this story was a movie heck, it should be it would still be shocking. But the fact that this actually happened is just incredible. Zach Dorfman pulled off an incredible feat of reporting here. Writing about intelligence operations is not easy; by definition, these are supposed to stay secret forever. And this is not one of those stories that the intelligence community would secretly be happy to see out there. Theres nothing to be proud or happy here. I dont want to spoil this story in any way, you just have to read it. Its that good. Lorenzo Franceschi-Bicchierai.Cryptos legacy is finally clear, per Charlie WarzelThis is not purely a cybersecurity story, but in some ways crypto has always been part of hacking culture. Born as a libertarian pipe dream, its been clear for a few years that Bitcoin and all its crypto offshoots have nothing to do with what Satoshi Nakamoto, the mysterious inventor of the cryptocurrency and blockchain technology, imagined back in 2008 in his founding paper on Bitcoin. Now, crypto has become a tool for the far-right to wield their power, as Charlie Warzel explains very well in this piece. Lorenzo Franceschi-Bicchierai.Hackers scored a record ransom payment of $75 million for Cencoras data breachBloombergs Katrina Manson got the scoop that nobody else could: drug distributor Cencora paid a $75 million ransom to an extortion gang not to release sensitive personal and medical-related data on upwards of around 18 million people following an earlier cyberattack. Cencora was hacked in February, but steadfastly and continually refused to say how many individuals had their information stolen even though public filings showed upwards of 1.4 million affected individuals and rising. TechCrunch had been chasing this story about the alleged ransom payment for some time (and we werent the only ones!) after hearing rumblings that Cencora had paid what is believed to be the biggest ransomware payment to date. Bloombergs Manson got the details on the bitcoin transactions and confirmed the ransom payments. Zack Whittaker.How merciless attacks by ransomware gangs bleed small companies dryIve covered ransomware for years, and while the hackers behind these data-theft attacks are often willing to talk, the victims of these attacks typically arent so keen to open up. Bloombergs Ryan Gallagher achieved the near-impossible by getting the U.K.-based delivery company Knights of Old to reveal all about a ransomware attack that resulted in the company shuttering after 158 years in business. Paul Abbott, Knights co-owner, spoke frankly about the attack, giving readers a glimpse into the devastation caused by the Russia-linked hacking gang. Abbott revealed how and why the company decided not to negotiate, resulting in the publication of more than 10,000 internal documents. This leak, Abbot disclosed, meant the company could not secure a loan or sell the company, forcing it to close its doors for good. Carly Page.404 Media has absolutely been killing it in the year or so after it launched. There have been plenty of great stories but this one stood out for me. Here, Joseph Cox and other journalists received the same dataset, and he smartly decided to focus on one major issue in his story: How cellphone location could help identify people visiting abortion clinics. With Donald Trump returning to the White House, and the Republican Party controlling all branches of government, it is likely that we will see further challenges to abortion rights and access, making this kind of surveillance especially dangerous. Lorenzo Franceschi-Bicchierai.Meet ZachXBT, the masked vigilante tracking down billions in crypto scams and theftsI have been covering crypto hacks and heists on and off for a few years now. It is a fascinating world full of grifters, scammers, hackers and dogged investigators. One of the most intriguing characters is a man who goes by the handle ZachXBT. For years, he has been unraveling some of the most intricate crypto mysteries, hacks, heists, scams and money laundering operations. This year, Andy Greenberg at Wired did a great job profiling ZachXBT. And even if Greenberg couldnt reveal the detectives real-world identity and withheld a lot of identifying information, the story painted a vivid picture of the investigator and his motivations. Lorenzo Franceschi-Bicchierai.The inside story of a firewall vendors five-year war with the Chinese hackers hijacking its devicesWireds Andy Greenberg got the scoop on another major China backed-hacking campaign. The eye-opening report, published in October, reveals how researchers working for Chengdu-based cybersecurity firm at Sichuan Silence and the University of Electronic Science and Technology of China spent years researching vulnerabilities in Sophos firewalls. The vulnerabilities subsequently used by Chinese-government backed hacking groups, such as APT41 and Volt Typhoon, to plant backdoors in Sophos firewalls used by organizations around the world and steal their sensitive data. The five-year-long campaign, as also detailed by Sophos itself, resulted in the compromise of more than 80,000 firewall devices globally including some used in the U.S. government. Following Greenbergs reporting, the U.S. government sanctioned the Chinese cybersecurity company and one of its employees for their role in the widespread hacking campaign. Carly Page.The WSJ revealed a massive China-linked hack targeting U.S. phone and internet giantsThe Salt Typhoon hack of U.S. phone and internet giants will not only go down as one of the biggest cybersecurity stories of 2024, but also as one of the biggest hacks in history. The Wall Street Journal impressively got the scoop on this story, reporting in October that Salt Typhoon, a Chinese government-backed hacking group, had penetrated the networks of a swath of U.S. telecom providers to access information from systems the federal government uses for court-authorized network wiretapping requests. The WSJs excellent reporting kickstarted months of follow-ups and prompted action from the U.S. government, which has since urged Americans to switch to encrypted messaging apps, such as Signal, to minimize the risk of having their communications intercepted. Carly Page.The underground site where neural networks churn out fake IDs capable of enabling fraudKYC, or know your customer checks, are some of the most relied upon techniques that banks and tech companies use to try to confirm it is in fact you they are dealing with. KYC involves looking at your drivers license, passport, or other kind of ID, and checking to the greatest degree possible the authenticity of the document. But while fakes and forgeries are inevitable, generative AI models are rendering these KYC checks entirely useless. 404 Media explored the underground site where neural networks churn out fake IDs at speed, which was a brilliant way to expose how easy it is to generate fake IDs on the fly that are capable of enabling bank fraud and criminal money laundering. The site went offline following 404 Medias reporting. Zack Whittaker.
0 Comments 0 Shares 7 Views