Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
It’s the end of the year. That means it’s time for us to celebrate the best cybersecurity stories We didn’t do that to publish. Since 2023TechCrunch takes a look at the best stories across the board from the year in cybersecurity.
If you’re not familiar, the idea is simple. There are now dozens of journalists covering cybersecurity in English. There are a lot of stories about cybersecurity, privacy, and surveillance published every week. Many of them are great, and you should read them. We’re here to recommend the things we liked the most, so keep in mind that it’s a highly subjective and, ultimately, incomplete list.
Anyway, let’s get into it. — Lorenzo Franceschi-Bicchierai.
Every now and then, there’s a hacking story that, once you start reading it, you think could be a movie or a TV show. Such is the case with Shane Harris’s very personal story of his months-long correspondence with a top Iranian hacker.
In 2016, a journalist for The Atlantic made contact with someone claiming to be a hacker for Iranian intelligence, who claimed to have worked on major operations, such as the downing of a US drone and the now-famous hack against oil giant Saudi Aramco, in which Iranian hackers wiped out the company’s computers. Harris was truly skeptical, but as he continued to talk to the hacker, who eventually revealed his real name to him, Harris began to believe him. When the hacker died, Harris was able to piece together the true story, which somehow turned out to be even more fantastic than the hacker led Harris to believe.
The engaging story is also a fascinating behind-the-scenes look at the challenges cybersecurity reporters face when engaging with sources who claim to have great stories to share.
In January, the UK government secretly issued an injunction to Apple requiring the company to build a backdoor so police could access any customer’s iCloud data in the world. Because of the worldwide gag order, it was just because The Washington Post Breaking news we knew it was there right at the beginning. The order was the first of its kind, and if successful would be a major defeat for the tech giants who have spent the past decade isolating themselves from their users’ private data so they don’t have to provide it to governments.
Apple then It stopped offering comprehensive encrypted cloud storage to its UK customers in response to demand. But by making the news public, the secret matter was thrust into the public eye and allowed both Apple and critics to examine the UK’s surveillance powers in a way that had never been publicly examined before. The story sparked a months-long diplomatic row between the UK and the US, prompting Downing Street to drop the request – only to Try again After several months.
This story had the kind of quick access some reporters dream of, but the editor of The Atlantic had to break the story in real time after he was inadvertently added to a Signal group of senior US government officials. by A senior US government official discusses war plans from their cell phones.
Reading the discussion about where US military forces should drop bombs — and then seeing news reports of missiles landing on the ground on the other side of the world — was confirmation that Jeffrey Goldberg needed to know that, as he suspected, he was in a real conversation with real Trump administration officials, and all of this was recorded and reportable.
And so he did, setting the stage for a months-long investigation (and criticism) of the government’s operational security practices, in what has been called the largest security operation. Opsec government error In history. The disintegration of the mode eventually revealed security vulnerabilities related to its use Reproduction of the knockdown signal This further compromised apparently secure government communications.
Brian Krebs is one of the most seasoned cybersecurity reporters out there, and for years he’s dedicated himself to following online breadcrumbs that lead him to uncover the identity of notorious cybercriminals. In this case, Krebs was able to find the real identity behind the address of cyber hacker Ray, who is part of the notorious network. Advanced persistent adolescentsA cybercrime group calling itself the Scattered LAPSUS$ Hunters.
Krebs’ endeavor was so successful that he was able to speak to someone very close to the hacker — we won’t spoil the entire article here — and then the hacker himself, who confessed to his crimes and claimed he was trying to escape the life of a cybercriminal.
Independent 404 Media has achieved more influential journalism this year than most mainstream media outlets with far greater resources. One of its biggest victories was exposing and shutting down a massive air travel surveillance system exploited by federal agencies and operating in plain sight.
404 Media reported that a little-known data broker set up by the airline industry called Airlines Reporting Corporation was selling access to five billion plane tickets and travel itineraries, including the names and financial details of ordinary Americans, allowing government agencies such as ICE, the State Department, and the IRS to track people without a warrant.
ARC, which is owned by United, American, Delta, Southwest, JetBlue and other airlines, said it would shut down the warrantless data program next. 404 media reports for months And intense pressure from representatives.
The murder of UnitedHealthcare CEO Brian Thompson in December 2024 was one of the biggest stories of the year. Luigi Mangione, the prime suspect in the murder, was arrested soon after and charged with using a “ghost gun,” a 3D-printed firearm that had no serial numbers and was specially manufactured without a background check — actually a gun that the government had no idea existed.
Wired using it Previous experience reporting on 3D printed weaponssought to test how easy it is to make a 3D printed gun, while navigating the patchwork legal (and ethical) landscape. The reporting process was beautifully told, and the video accompanying the story was excellent and chilling.
DOGE, or Department of Government Efficiency, was one of the biggest news stories of the year Elon Musk’s gang of henchmen The federal government was hacked, and security protocols and red tape were destroyed, as part of Mass grab From citizen data. NPR has had some of the best investigative reporting exposing the resistance movement of federal employees trying to prevent the theft of the government’s most sensitive data.
In one story detailing the whistleblower’s formal disclosure as shared with members of Congress, a senior IT staffer at the National Labor Relations Board told lawmakers that while seeking assistance in investigating DOGE activity, he “found a printed letter in an envelope taped to his door, which included threatening language, sensitive personal information, and overhead photos of himself walking his dog, according to the cover letter attached to his formal disclosure.”
Any story that starts with Says a journalist They found something that made them “feel like peeing my pants,” and you know it’s going to be a fun read. Gabriel Geiger found a dataset from a mysterious surveillance company called First Wap, which contains records of thousands of people from around the world whose phone locations have been tracked.
The data set, spanning from 2007 to 2015, allowed Geiger to identify dozens of high-profile people whose phones were tracked, including the former Syrian first lady, the head of a private military contractor, a Hollywood actor, and an enemy of the Vatican. This story explored the murky world of phone surveillance by exploiting Signal System 7, or SS7, a mysterious protocol long known to allow malicious tracking.
Spanking has been a problem for years. What started as a bad joke became a real threat, leading to… At least one death. Swatting is a type of scam in which someone – often a hacker – calls emergency services and tricks authorities into sending an armed SWAT team to the home of the scammer’s target, often posing as the target themselves, and pretending to be about to commit a violent crime.
In this feature, Wired’s Andy Greenberg puts a face to many of the characters that are part of these stories such as the call operators who have to deal with this problem. It also profiled the prolific swatter, known as Torswats, who tormented operators and schools across the country for months with fake — but very believable — threats of violence, as well as a hacker who took it upon himself to track down Torswats.