These are the cybersecurity tales we have been jealous of in 2024 | TechCrunch

Since 2018, together with colleagues first at VICE Motherboard, and now at TechCrunch, I’ve been publishing a listing on the finish of the 12 months highlighting the very best cybersecurity tales reported by different shops. Cybersecurity, surveillance, and privateness are large subjects that nobody single publication can cowl successfully by itself. Journalism is by definition aggressive, but in addition a extremely collaborative area. That’s why it typically is sensible to level our readers to different publications and their work to be taught extra about these sophisticated and sprawling beats. 

With out additional ado, listed here are our favourite cybersecurity tales of this 12 months written by our associates at rival shops. — Lorenzo Franceschi-Bicchierai.

In one of many greatest and most brazen mass-hacks in current historical past, hackers this 12 months raided lots of of insecure cloud storage accounts hosted by cloud computing firm Snowflake, relied on by a few of the world’s largest tech and telecom corporations. The hackers then held the large troves of stolen knowledge for ransom. One sufferer of the hacks, AT&T, confirmed that it misplaced the decision and textual content data of “practically all” of AT&T’s 110 million clients within the breach, accounting for greater than 50 billion name and textual content data. 

Days after AT&T went public with information of its breach, unbiased safety reporter Kim Zetter broke the information that AT&T had weeks earlier paid a hacker $370,000 to delete the huge cache of stolen phone records and never publicly launch the info. Zetter’s reporting uncovered a significant piece within the puzzle of who was behind the intrusions — on the time recognized solely as UNC5537 by Mandiant — and who have been later recognized as Connor Moucka and John Binns and indicted for his or her position within the mass-thefts from Snowflake’s buyer accounts. — Zack Whittaker.

Kashmir Hill’s newest investigative report in The New York Times revealed that automakers are sharing customers’ driving habits and habits with knowledge brokers and insurance coverage corporations, which use the info to hike buyer charges and premiums, a dystopian use of a driver’s personal data towards them. For GM car homeowners, drivers are often not informed that enrolling in its Good Driver function would robotically lead to autos sharing their driving habits with third-parties. The story prompted a congressional inquiry, which revealed that the carmakers bought customers’ knowledge in some instances for mere pennies. — Zack Whittaker.

That is only a wild story. If this story was a film — heck, it needs to be — it could nonetheless be surprising. However the truth that this really occurred is simply unimaginable. Zach Dorfman pulled off an unimaginable feat of reporting right here. Writing about intelligence operations shouldn’t be straightforward; by definition, these are supposed to remain secret eternally. And this isn’t a kind of tales that the intelligence neighborhood would secretly be pleased to see on the market. There’s nothing to be proud or pleased right here. I don’t wish to spoil this story in any method, you simply must learn it. It’s that good. — Lorenzo Franceschi-Bicchierai.

This isn’t purely a cybersecurity story, however in some methods crypto has all the time been a part of hacking tradition. Born as a libertarian pipe dream, it’s been clear for a few years that Bitcoin and all its crypto offshoots don’t have anything to do with what Satoshi Nakamoto, the mysterious inventor of the cryptocurrency and blockchain expertise, imagined again in 2008 in his founding paper on Bitcoin. Now, crypto has grow to be a device for the far-right to wield their energy, as Charlie Warzel explains very effectively on this piece. — Lorenzo Franceschi-Bicchierai.

Bloomberg’s Katrina Manson received the inside track that no one else might: drug distributor Cencora paid a $75 million ransom to an extortion gang to not launch delicate private and medical-related knowledge on upwards of round 18 million folks following an earlier cyberattack. Cencora was hacked in February, however steadfastly and regularly refused to say what number of people had their data stolen — regardless that public filings confirmed upwards of 1.4 million affected people and rising. TechCrunch had been chasing this story concerning the alleged ransom cost for a while (and we weren’t the one ones!) after listening to rumblings that Cencora had paid what’s believed to be the largest ransomware cost thus far. Bloomberg’s Manson received the main points on the bitcoin transactions and confirmed the ransom funds. — Zack Whittaker.

I’ve coated ransomware for years, and whereas the hackers behind these data-theft assaults are sometimes keen to speak, the victims of those assaults usually aren’t so eager to open up. Bloomberg’s Ryan Gallagher achieved the near-impossible by getting the U.Okay.-based supply firm Knights of Outdated to reveal all about a ransomware attack that resulted within the firm shuttering after 158 years in enterprise. Paul Abbott, Knights’ co-owner, spoke frankly concerning the assault, giving readers a glimpse into the devastation attributable to the Russia-linked hacking gang. Abbott revealed how — and why — the corporate determined to not negotiate, ensuing within the publication of greater than 10,000 inner paperwork. This leak, Abbot disclosed, meant the corporate couldn’t safe a mortgage or promote the corporate, forcing it to shut its doorways for good. — Carly Web page.

404 Media has completely been killing it within the 12 months or so after it launched. There have been loads of nice tales however this one stood out for me. Right here, Joseph Cox and different journalists acquired the identical dataset, and he well determined to concentrate on one main challenge in his story: How cellphone location might assist determine folks visiting abortion clinics. With Donald Trump returning to the White Home, and the Republican Celebration controlling all branches of presidency, it’s seemingly that we’ll see additional challenges to abortion rights and entry, making this type of surveillance particularly harmful. — Lorenzo Franceschi-Bicchierai.

I’ve been masking crypto hacks and heists on and off for a couple of years now. It’s a fascinating world filled with grifters, scammers, hackers — and dogged investigators. One of the crucial intriguing characters is a person who goes by the deal with ZachXBT. For years, he has been unraveling a few of the most intricate crypto mysteries, hacks, heists, scams and cash laundering operations. This 12 months, Andy Greenberg at Wired did an important job profiling ZachXBT. And even when Greenberg couldn’t reveal the detective’s real-world id and withheld a number of figuring out data, the story painted a vivid image of the investigator and his motivations. — Lorenzo Franceschi-Bicchierai.

Wired’s Andy Greenberg received the inside track on one other main China backed-hacking marketing campaign. The attention-opening report, published in October, reveals how researchers working for Chengdu-based cybersecurity agency at Sichuan Silence and the College of Digital Science and Expertise of China spent years researching vulnerabilities in Sophos firewalls. The vulnerabilities subsequently utilized by Chinese language-government backed hacking teams, resembling APT41 and Volt Hurricane, to plant backdoors in Sophos firewalls utilized by organizations world wide and steal their delicate knowledge. The five-year-long marketing campaign, as also detailed by Sophos itself, resulted within the compromise of greater than 80,000 firewall units globally — together with some used within the U.S. authorities. Following Greenberg’s reporting, the U.S. authorities sanctioned the Chinese language cybersecurity firm and one in all its staff for his or her position within the widespread hacking marketing campaign. — Carly Web page.

The Salt Hurricane hack of U.S. cellphone and web giants won’t solely go down as one of many greatest cybersecurity tales of 2024, but in addition as one of many greatest hacks in historical past. The Wall Street Journal impressively got the scoop on this story, reporting in October that Salt Hurricane, a Chinese language government-backed hacking group, had penetrated the networks of a swath of U.S. telecom suppliers to entry data from programs the federal authorities makes use of for court-authorized community wiretapping requests. The WSJ’s glorious reporting kickstarted months of follow-ups and prompted motion from the U.S. authorities, which has since urged People to change to encrypted messaging apps, resembling Sign, to reduce the chance of getting their communications intercepted. — Carly Web page.

KYC, or “know your buyer” checks, are a few of the most relied upon strategies that banks and tech corporations use to attempt to affirm it’s in reality you they’re coping with. KYC includes your driver’s license, passport, or different form of ID, and checking — to the best diploma doable — the authenticity of the doc. However whereas fakes and forgeries are inevitable, generative AI fashions are rendering these KYC checks completely ineffective. 404 Media explored the underground site where “neural networks” churn out fake IDs at speed, which was a superb technique to expose how straightforward it’s to generate faux IDs on the fly which are able to enabling financial institution fraud and prison cash laundering. The positioning went offline following 404 Media’s reporting. — Zack Whittaker.

See also  Russian authorities hackers discovered utilizing exploits made by spy ware corporations NSO and Intellexa | TechCrunch