Again in 2018, my former colleague at VICE Motherboard Joseph Cox and I began publishing a listing of one of the best cybersecurity tales that have been printed elsewhere. It wasn’t only a technique to tip our hats at our pleasant opponents; by pointing to different publications’ tales, we have been giving our readers a fuller image of what had occurred on the planet of cybersecurity, privateness and surveillance within the 12 months that was simply ending.
Our unique inspiration was Bloomberg Businessweek’s Jealousy Record, an ongoing compendium of one of the best tales printed in different shops as picked by Bloomberg reporters and editors.
Now that each Cox and I’ve moved on from Motherboard, we at information.killnetswitch are choosing up the cyber jealousy listing to as soon as once more listing one of the best cybersecurity tales of the 12 months — and those we have been probably the most jealous of. — Lorenzo Franceschi-Bicchierai.
For those who have been on the web in October 2016 and lived on the U.S. East Coast, you in all probability keep in mind that day when main web sites like Twitter, Spotify, Netflix, PayPal, Slack and tons of of others stopped working for a few hours. Because it turned out, that was the work of three enterprising younger hackers, who had constructed some of the efficient distributed denial-of-service instruments ever created.
On this prolonged piece, Andy Greenberg profiles the three younger hackers and tells the untold story of their lives, from teenage pc nerds, to completed cybercriminals — and, in the long run, to reformed cybersecurity professionals. Sit on a snug chair and get engrossed on this must-read.
In September, an unholy alliance of Russian cybercriminals and Western youngsters with distinctive social engineering expertise allegedly hacked and took down MGM’s casinos in Las Vegas, inflicting widespread disruption. This was some of the talked about cyberattacks of the 12 months and a number of other publications stayed on the story. Jason Koebler, former editor in chief of VICE Motherboard and now one of many co-founders of the workers-owned outlet 404 Media, had the sensible concept of flying to Las Vegas and seeing the chaos along with his personal eyes. The results of his journey was a bit that confirmed simply how dangerous MGM was hit, leading to a “nightmare” for on line casino employees, as Koebler put it.
NPR’s cybersecurity correspondent Jenna McLaughlin reported from Kyiv, documenting a sequence of fantastic information and audio tales about life in wartime Ukraine from these defending the nation after Russia’s invasion. Cyberwarfare has performed a big function within the struggle, with cyberattacks hitting Ukraine’s power sector and its army operations. McLaughlin’s dispatches spanned conferences with prime cyber defenders to reporting on Ukraine’s defensive (and offensive) operations towards its Russian aggressors, spliced with highlights of regular on a regular basis Ukrainian life that includes soccer, in fact.
In an astonishing about-face, electronics maker Anker admitted that its supposably always-encrypted cameras weren’t at all times encrypted. Briefly, a security researcher discovered a bug that confirmed it was doable to entry unencrypted streams of buyer movies, regardless of Anker’s claims that its Eufy cameras have been end-to-end encrypted. The Verge verified and reproduced the security researcher’s findings and Anker finally admitted that its cameras weren’t end-to-end encrypted because it claimed and had in truth produced unencrypted streams. Hats off to The Verge for its spectacular and dogged reporting attending to the underside of Anker’s misrepresentations and botched try to cowl it up.
In 2020, Russian authorities hackers sneaked malicious code into the availability chain of software program made by SolarWinds, a tech firm whose clients vary from big firms to federal authorities businesses. The hack was stealthy and extremely efficient, giving the Russians the prospect to steal secrets and techniques from their rival nation. Veteran cybersecurity reporter Kim Zetter spoke with the individuals who helped examine the incident and reconstructed the stealthy hack nearly blow-by-blow in an extremely detailed and deep investigation. Zetter additionally printed a helpful and thorough timeline of occasions on her Substack, which is price subscribing to in the event you haven’t already.
Trickbot is without doubt one of the most energetic and damaging Russian cybercrime syndicates, having hit hundreds of corporations, hospitals and governments in the previous few years. On this investigation, primarily based on interviews with cybersecurity specialists in addition to an evaluation of a trove of knowledge from the ransomware gang that leaked on-line, WIRED’s Matt Burgess and Lily Hay Newman unmask one in all Trickbot’s “key personas.” The journalists determine him as a Russian man who says he’s “fucking addicted” to Metallica, and likes the traditional film “Hackers.” Every week after the reporters printed, the U.S. and U.Ok. governments introduced sanctions towards 11 folks for his or her alleged involvement in Trickbot — together with the person recognized within the unique WIRED story.
“I used to be floored by how simply somebody may steal my cellphone,” wrote Enterprise Insider’s Avery Hartmans, whose cellphone quantity was hijacked by somebody who tricked her provider, Verizon, into considering they have been her. Our cellphone numbers are related to our financial institution accounts, password resets and extra, so SIM swapping may end up in frighteningly damaging entry to an individual’s life. On this case, by exploiting this single level of failure, the hacker was capable of rack up hundreds of {dollars} in fraudulent purchases in Hartmans’ identify. Hartmans’ breathtakingly detailed first-hand account of monitoring down her SIM swapper with unwavering willpower — with assist alongside the way in which — was an unbelievable technique to increase consciousness to those sorts of focused SIM swapping hacks, and never least to point out how ineffective most corporations could be to assist.
Data containing near a 12 months’s price of facial recognition requests obtained by Politico reporter Alfred Ng present that within the 12 months after police in New Orleans started utilizing facial recognition, the follow didn’t determine suspects more often than not and was used nearly completely towards Black folks. Using facial recognition by police, regulation enforcement and authorities businesses stays a extremely controversial follow throughout the US. Whereas critics say facial recognition is deeply flawed at a technical degree as a result of it’s almost at all times skilled on white faces, Ng’s reporting confirms what civil rights advocates have additionally argued for years: that facial recognition amplifies the human biases of the authorities that use this expertise. Or, within the phrases of 1 New Orleans council member who voted towards facial recognition, that New Orleans’ use of facial recognition is “wholly ineffective and fairly clearly racist.”
Simply as final 12 months got here to a detailed, password supervisor LastPass confirmed that cybercriminals stole its clients’ encrypted password vaults storing its clients’ passwords and different secrets and techniques throughout an earlier data breach. The total impression of this theft remained unknown till September 2023 when cybersecurity reporter Brian Krebs reported that a number of researchers had recognized a “extremely dependable set of clues” that seemingly related greater than 150 victims of crypto thefts linked to stolen LastPass password vaults. Based on Krebs’ intensive reporting, over $35 million in crypto had been stolen to this point. One of many victims, who had been utilizing LastPass for greater than a decade, informed Krebs they have been robbed of roughly $3.4 million price of various cryptocurrencies.