Topics
Latest
AI
Amazon
Image Credits:Fedor Kozyr / Getty Images
Apps
Biotech & Health
clime
Image Credits:Fedor Kozyr / Getty Images
Cloud Computing
mercantilism
Crypto
Enterprise
EVs
Fintech
fund raise
contraption
Gaming
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
security department
Social
Space
Startups
TikTok
transfer
Venture
More from TechCrunch
result
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
reach Us
Back in 2018 , my former fellow at VICE Motherboard Joseph Cox and I begin put out a leaning of the best cybersecurity level that were published elsewhere . It was n’t just a room to tip off our chapeau at our friendly contender ; by point to other publications ’ stories , we were yield our readers a full picture of what had materialize in the world of cybersecurity , privateness and surveillance in the year that was just ending .
Our original inspiration wasBloomberg Businessweek ’s Jealousy List , anongoing compendiumof the best report published in other exit as picked by Bloomberg reporters and editors .
Now that both Cox and I have prompt on from Motherboard , we at TechCrunch are pick up the cyber jealousy list to once again heel the well cybersecurity history of the year — and the single we were the most jealous of . — Lorenzo Franceschi - Bicchierai .
Three young hackers behind the web-killing Mirai botnet finally tell their story
If you were on the cyberspace in October 2016 and experience on the U.S. East Coast , you credibly call back that day when major websites like Twitter , Spotify , Netflix , PayPal , Slack and one C of others discontinue working for a couple of hours . As it turned out , that was the work of three enterprising young cyberpunk , who had build one of the most in force distributed denial - of - service tools ever created .
In this lengthy piece , Andy Greenbergprofiles the three immature hackers and tells the untold news report of their life , from teenage computer nerds , to accomplished cybercriminals — and , in the destruction , to reform cybersecurity professionals . sit down on a comfortable chair and get engrossed in this must - take .
404 Media reporter gambled in MGM’s casinos during ransomware attack
In September , an unholy alliance of Russian cybercriminals and westerly teenager with exceptional social engineering skills allegedly hack and took down MGM ’s casinos in Las Vegas , causing widespread disruption . This was one of the most tattle about cyberattacks of the year and several publications stayed on the report . Jason Koebler , former editor in chief of VICE Motherboard and now one of the co - laminitis of the workers - owned outlet404 Media , had the smart idea of flying to Las Vegas and seeing the chaos with his own heart . The resolution of his trip was a piece that showed just how bad MGM was strike , result in a “ nightmare ” for casino workers , as Koebler put it .
Intrepid reporter@jason_koeblertried to risk his room through a hacked Vegas , and documented the software package gore , stock cassino workers , and comic strip golf-club chucker-out he encountered along the wayhttps://t.co/7VyIfOIXO0
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
— 404 Media ( @404mediaco)September 18 , 2023
NPR’s series of stories and audio about life, cyber and war in Ukraine
NPR ’s cybersecurity correspondent Jenna McLaughlin report from Kyiv , document a series of excellent news and audio stories about life in wartime Ukraine fromthose defend the nation after Russia ’s invasion . Cyberwarfare has played a significant theatrical role in the war , withcyberattacks hitting Ukraine ’s energy sectorandits military surgical operation . McLaughlin ’s dispatches spannedmeetings with top cyber defendersto report on Ukraine ’s justificatory ( and offensive ) operations against its Russian aggressors , spliced withhighlights of normal routine Ukrainian lifefeaturing soccer , of class .
The Verge’s reporting resulted in Anker admitting its Eufy cameras weren’t end-to-end encrypted as it claimed
In an astonishing about - face , electronics maker Anker acknowledge that its supposably always - encipher cameras were n’t always encrypted . In short , a security investigator find a bug that show it waspossible to get at unencrypted streams of client video , despite Anker ’s claim that its Eufy cameras were end - to - terminal encrypted . The Verge swear and reproduced the security research worker ’s finding and Ankereventually accommodate that its cameras were not ending - to - end encryptedas it claimed and had in fact get unencrypted streams . Hats off to The Verge for its telling and unyielding reportage getting to the bottom ofAnker ’s misrepresentations and botched attempt to cover it up .
SolarWinds: The untold story of the boldest supply-chain hack ever
In 2020 , Russian government activity hackers sneaked malicious computer code into the provision chain of package made by SolarWinds , a technical school company whose customers order from jumbo corporations to federal administration agency . The hack was sneaky and incredibly effective , giving the Russians the opportunity to steal secret from their rival country . Veteran cybersecurity reporterKim Zetterspoke with the citizenry who helped investigate the incident and reconstructed the sneak jade almost fluff - by - blow in an fantastically elaborated and deep investigation . Zetter also publisheda handy and thorough timeline of eventson her Substack , which isworth subscribing toif you have n’t already .
Two years ago the SolarWinds hack made history as the bluff , most sophisticated provision chain hack ever pulled off . I dug into the detailed story about the ingenious way the hackers pull it off – and then got caught – in this tale for WIRED magazinehttps://t.co/mxgJBIP26L
— Kim Zetter ( @KimZetter)May 2 , 2023
How an Indian startup called Appin hacked the world
For year , very few people were aware of the beingness of an Indian firm promise Appin . But thanks to an probe free-base on “ interviews with hundreds of the great unwashed , thou of papers , and research from several cybersecurity firms , ” as Reuters put it , its squad of journalist report and published evidence that shows Appin as a hacking - for - hire functioning that help to obtain info on executive , politicians , military functionary and wealthy people all over the world . This is one of the most detailed and thorough expression inside the wispy world of hacking - for - hire companies , who do n’t work for regime like Hacking Team or NSO Group , but or else for moneyed individual customer . The story itself made headline whenReuters was force to take down the story to comply with a New Delhi royal court order . Reuters tell inan editor ’s noteit stands by the reporting .
Unmasking Trickbot, one of the world’s top cybercrime gangs
Trickbot is one of the most fighting and damaging Russian cybercrime syndicates , having off thousands of company , hospitals and government in the last few old age . In this probe , establish on interviews with cybersecurity experts as well as an analysis of a trove of information from the ransomware crew that leak online , WIRED’sMatt BurgessandLily Hay Newmanunmask one of Trickbot ’s “ cardinal personas . ” The journalists identify him as a Russian man who says he ’s “ fucking addicted ” to Metallica , and likes the classic picture show “ Hackers . ” A week after the reporter release , the U.S. and U.K. governments announce indorsement against 11 peoplefor their allege engagement in Trickbot — including the Isle of Man identified in the original WIRED storey .
Today US and UK officials sanctioned 11 supposed Trickbot members and DoJ unseal 3 indictments against so-called Trickbot and Conti members . The only someone indicted in all 3 is Maksim Galochkin , who@WIREDpublicly identified last week in an investigationhttps://t.co/3BbjkdMTJ9
— Lily Hay Newman ( @lilyhnewman)September 7 , 2023
How one Business Insider reporter tracked down her own SIM swapper
“ I was floored by how well someone could slip my earpiece , ” write Business Insider’sAvery Hartmans , whose phone identification number was hijacked by someone who fox her carrier , Verizon , into thinking they were her . Our phone numbers are connected to our bank accounts , password resets and more , so SIM swapping can ensue in scarily damaging access to a person ’s animation . In this case , by exploiting this single point of failure , the cyberpunk was capable to rack up thousand of dollar in fraudulent purchase in Hartmans ’ name . Hartmans ’ breathtakingly detailed first - deal account of tracking down her SIM swapper with unwavering determination — with help along the way — was an incredible way to grow awareness to these kinds of target SIM switch hacks , and not least to show how useless most companies can be to aid .
Last summer , my phone was hacked and my identity operator and credit visiting card were stolen in an attack that ’s both complex and unpreventable .
I ’ve spent the past 8 months investigating what bechance and how they did it , and today , that account is finally here ( ! ! ) https://t.co/pIuz26i2QM
— Avery Hartmans ( @averyhartmans)April 2 , 2023
Politico’s reporting on ‘wholly ineffective and pretty obviously racist’ use of facial recognition in New Orleans
Data containing close to a year ’s Charles Frederick Worth of facial acknowledgment request obtained by Politico reporterAlfred Ngshow that in the year after law in New Orleans began using facial recognition , the practice failed to identify defendant most of the time and was used almost alone against pitch-dark the great unwashed . The use of facial recognition by police , jurisprudence enforcement and government agencies remainsa highly controversial practiceacross the United States . While critics say facial identification is deeply blemished at a technical level because it is almost always trained on lily-white faces , Ng ’s reporting confirms what civil right advocates have also argued for years : that facial recognition amplifies the human biases of the authorities that expend this engineering . Or , in the run-in of one New Orleans council penis who voted against facial recognition , that New Orleans ’ use of facial realization is “ wholly ineffectual and pretty obviously anti-Semite . ”
Experts fear crooks are cracking keys stolen in LastPass breach
Just as last twelvemonth came to a close , password manager LastPass affirm that cybercriminals stole its customer ’ encrypted word vaultsstoring its customers ’ passwords and other closed book during an early data rupture . The full shock of this theft stay on unknown until September 2023 whencybersecurity reporter Brian Krebsreported that several researchers had identified a “ highly reliable readiness of clues ” that apparently connected more than 150 victims of crypto thefts link to stolen LastPass countersign vaults . According to Krebs ’ extensive reporting , over $ 35 million in crypto had been stolen so far . One of the victims , who had been using LastPass for more than a decade , told Krebs they were robbed of approximately $ 3.4 million Charles Frederick Worth of different cryptocurrencies .
