Andy Greenberg (@agreenberg at the other places)
@a_greenberg
Followers
70,762
Following
1,121
Media
452
Statuses
8,935
WIRED writer, author of SANDWORM and now TRACERS IN THE DARK: The Global Hunt for the Crime Lords of Cryptocurrency. Andy.01 on Signal. agreenberg @wired .com
New York
Joined April 2007
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Rio Grande do Sul
• 271028 Tweets
Madonna
• 179326 Tweets
Ole Miss
• 99839 Tweets
DAVI NO PODPAH
• 99268 Tweets
Sony
• 99092 Tweets
Porto Alegre
• 79629 Tweets
Star Wars
• 74103 Tweets
#SmackDown
• 67575 Tweets
Hope Hicks
• 65127 Tweets
みどりの日
• 47120 Tweets
スパコミ
• 43243 Tweets
WNBA
• 36846 Tweets
Mark Hamill
• 36427 Tweets
#TheAmazingDigitalCircus
• 33719 Tweets
Keyshia
• 25521 Tweets
Thiago Silva
• 18939 Tweets
Quintana
• 17921 Tweets
#Maythe4thBeWithYou
• 16033 Tweets
設営完了
• 15619 Tweets
Pomni
• 13485 Tweets
Caitlin Clark
• 12632 Tweets
Benedetti
• 11766 Tweets
Luke Skywalker
• 10425 Tweets
G7最下位の70位
• 10316 Tweets
Pinned Tweet
I spent this year talking to the 3 young hackers behind Mirai, the malware that once broke the internet.
This is WIRED's resulting cover story—an epic, untold, 22,000-word tale of cybercrime, friendship, chaos, betrayal, paranoia, and redemption.
Read:
41
441
1K
A wild, appalling story: A group of hackers fabricated evidence on the PCs of Indian human rights activists who were then arrested for terrorism and jailed. Now researchers have found a direct link between those hackers and the police making the arrests.
186
5K
9K
For weeks, observers of North Korea have noted that the country's internet seemed to be under attack, with all its websites down at times. This wasn't the work of US Cyber Command. It was a single hacker getting even after NK spies targeted him last year.
67
1K
4K
Three years ago today, Marcus Hutchins stopped WannaCry, an $8 billion cyberattack. Then the FBI arrested him.
Today we're publishing a 14,000-word cover story that finally tells his full, untold tale, from 15yo criminal to hero to convict to redemption.
91
2K
4K
For the last year, I’ve been reporting out what it felt like to be inside a company hit by NotPetya, the unprecedented $10 billion cyberattack. The result is this WIRED cover story: how Russian malware took down Maersk, the world’s largest shipping firm.
94
2K
3K
In 2011, RSA was hacked by Chinese spies, who stole the "seed" values used to generate codes on SecurID 2fa tokens, shocking the security world. Now, after 10 years, the NDAs of the staff involved have expired. This is the untold story they shared with me:
41
1K
3K
Today is the 25th anniversary of the release of Sneakers, very possibly the greatest hacker movie of all time
96
1K
2K
Big news: DOJ today unsealed charges against Sandworm, naming the Russian GRU hackers who have for 5 years crossed every red line in cyberwar from blackouts to disrupting the Olympics to unleashing the NotPetya worm that cost $10 billion. < Updates to come
69
1K
2K
Lots of well deserved remembrances of Ellsberg’s heroism today. I’ll just post my favorite passage from his incredible memoir, Secrets. He’s telling Henry Kissinger (who as many have noted is somehow still alive) what access to truly secret information can do to a person’s mind.
39
567
2K
As a Jewish person, allow me to weigh in on antisemitism: If you're supporting the wholesale, ongoing, indiscriminate killing of children in Gaza by saying it's in defense of Jewish people, *that* is anti-semitism.
21
478
2K
I interviewed
@DDoSecrets
cofounder Emma Best about
#BlueLeaks
, 269 gigs of files from 200+ law enforcement orgs, given to Best's secret-spilling group by a source aligned w/ Anonymous. Likely the most significant Anonymous operation in nearly a decade.
26
880
2K
That link, somewhat amazingly, was that a Pune City Police official added his own email and phone number as the recovery contacts for three of the activists' hacked accounts, likely as a very crude way to maintain access, sometimes just months before the activists were arrested.
9
579
2K
As simple as that giveaway might sound, finding it required
@SentinelOne
mapping out the whole hacking campaign, and one very badass source at an email provider coming forward with the key info.
5
409
1K
On Friday I contacted Gab about a major breach of their backend. Their CEO responded with a blog post accusing me of "assisting the hacker in his efforts to smear our business." He followed up today w/ another post about "[transphobic slur] demon hackers."
44
529
1K
I'm at JFK, spoke to man whose Yemeni 68yo diabetic aunt has been held for six hours by CBP, no communication, no med info, deported tonight
48
2K
1K
I went to Ukraine to tell this
@wired
cover story, behind the blackout-inducing cyberattacks plaguing the country:
56
1K
1K
All this Bellingcat-style attribution work is very fun and gratifying to be involved in. But the focus should remain on the defendants in the case, known as the Bhima Koregaon 16. Of those 16, 13 are in jail. One, 84-year-old priest Stan Swamy, died there. As
@juanandres_gs
says:
15
399
1K
Last fall, Iowa contracted two white hat hackers to break into a series of courthouses as a security test. Then they were arrested and charged with felony burglary.
This is their full story, from Sneakers-style heist tricks to Kafkaesque legal nightmare:
24
591
1K
Five years ago, Cody Wilson released files on the web for the first 3D printable gun. The government tried to stop him. He sued. Now he's won. So he's launching a new online library of gun files designed to let anyone download and build lethal DIY weapons.
113
646
892
Since 2020, I've been writing a book on how Bitcoin, once said to be untraceable, turned out to be the opposite. Today we're releasing an early, 15,000-word excerpt: Inside the crypto tracing case that took down the largest known child sex abuse site ever.
80
419
1K
Citizen Lab's
@jsrailton
went a step further: He added the official's number as a contact in WhatsApp, and found his profile included a selfie pic. The face in the pic matched photos of the man at police press conferences and even a news photo taken at one the activist's arrests.
3
330
987
US gov agencies are warning of a new malware toolkit that can target industrial control systems (ICS) from power grids to oil & gas. Dragos calls it "Pipedream," and
@cnoanalysis
says it’s "the most expansive ICS attack tool anyone has ever documented."
57
669
984
To confirm the police official's identity,
@0xzeshan
then found the email and phone number the official had added to the hacked accounts in multiple breached/leaked databases and an archived version of the Pune Police website.
1
295
945
Three years ago I learned of a group of hackers hitting Ukraine with relentless, disruptive cyberattacks—with effects that would soon spread globally. Today, my book that tells the story of that first true cyberwar is out: SANDWORM. I hope you'll read it.
76
252
942
A tiny startup called Kytch hacks McDonald’s ice cream machines to make them break less. Now their work to fix McFlurry extruders has thrown them into an epic conflict with fast-food giants, complete with legal threats, private investigators, and betrayal.
31
362
951
Pigs in the US are increasingly slaughtered with CO2 gas chamber systems that can asphyxiate as many as 1,600 pigs an hour. The companies that sell and use them claim they're "stress-free" or "painless" for animals. Hidden spy cams reveal a darker reality.
66
594
921
Confirming
@briankrebs
reporting that Chinese group Hafnium has now exploited Microsoft Exchange zero-days to hack tens of thousands of networks. One researcher says 30k servers in the US alone, hundreds of thousands globally. "China just owned the world."
36
746
907
Incredible reporting on how WikiLeaks’ Vault 7 release of secret CIA docs in 2017 drove the agency to consider kidnapping Assange or even killing him. “Pompeo and other top agency leaders ‘were completely detached from reality…they were seeing blood.’”
26
365
843
My book Sandworm, on Russia's years-long cyberwar in Ukraine, has spiked in sales since Russia's full-scale invasion began. So I'm donating royalties for the first half of 2022 to Ukrainian victim aid non-profits. (ht to
@anneapplebaum
who set the example)
35
206
879
Watch live as Obama pardons a semi-sentient bird instead of Edward Snowden
38
569
794
Huge shift: In 2015/2016, blackouts Russia's GRU hackers caused in Ukraine took US gov *years* to attribute publicly. NotPetya, GRU's global cyberattack that massively affected Americans in 2017, took 8 months. Now GRU sneezes and it's called out in days.
New: White House attributes DDoS attacks on Ukrainian organization this week to Russia's GRU -- Anne Neuberger said it from White House podium just now
14
274
557
117
290
793
We obtained an FBI notification to hacking victims sent out in May. It reveals that the Russian GRU hackers known as Fancy Bear or APT28 have been targeting US state and federal agencies, educational institutions and the US energy sector.
23
688
757
Florida local officials say hacker tried to dump caustic lye in a 15k-person city's water via access to the water plant's TeamViewer software. A rare public announcement of an industrial control system breach intended to have catastrophic consequences.
54
490
745
It's not really my job to say this, but when a reporter contacts you about a theft/leak of 70 gigabytes of your data including private posts, chats and passwords this is not the response I'd recommend.
8
96
744
Ars Technica's
@dangoodin001
is one of the most technically knowledgeable reporters I know. Now he's being sued by Keeper Security for writing up a report of Keeper's software vulnerabilities made by a Google researcher. This is gross, litigious bullying.
23
487
723
Who's up for hacking an actual satellite in orbit next year in Vegas?
40
293
699
Researchers found that varying the intensity of a laser pointed at a smart speaker’s mic could trick it into behaving as if it were receiving voice commands—silently telling Alexa to make purchases or unlock doors via a window from hundreds of feet away.
34
434
678
How Mimikatz, a tool coded by a French government IT manager in his spare time, became the favorite password stealer of hackers worldwide (including the Russians who first tried to steal it from its creator's hotel room in Moscow)
7
398
642
Iran’s APT35 hackers left five hours of videos recorded from their own screens on an exposed server, where IBM researchers found them. The videos show the hackers demonstrating data theft techniques, sometimes on real victims’ email accounts.
13
308
619
In 2012, a known bug in millions of hotel locks went unfixed. Now, meet the man who exploited it for >100 burglaries
16
480
602
A year after Bloomberg's questionable spy chip story, a researcher has shown how those hardware implants aren't just possible, but potentially cheap: With $200 in gear, he hid a tiny chip in a Cisco firewall that gives him remote access. Would you spot it?
33
385
589
I traced the blow-by-blow of how four teams of researchers independently found flaws that would become Spectre/Meltdown at almost the same time. What does that strange synchronicity mean about bug rediscovery and the secret exploitation of zero-day flaws?
10
338
552
Weak encryption in the keyless entry system for Tesla’s Model S allowed security researchers to clone a key fob in seconds, open the car’s doors and drive it away.
32
346
540
We dug into the mystery of "Jia Tan," the polite, conscientious volunteer coder who inserted a surprisingly sophisticated backdoor into XZ Utils—and is most likely the persona of a state-sponsored hacking group based in an Eastern European time zone.
15
231
575
Twitter’s encrypted DM feature is technically flawed, opt-in, limited to 1-to-1 text-based messages, restricted to a small user base, and generally inferior in just about every way to encrypted apps like Signal and WhatsApp.
And all for just $8 a month.
24
193
544
Here are the six men charged. (You might recognize Kovalev from 2018, when he was charged along with 11 other GRU agents re: US election interference—he hacked US State Boards of Election. This indictment adds he also helped hack the 2017 campaign of France's President Macron)
39
275
509
Signal has used Brian Acton's $50m gift to staff up (from 3 people to 20) build tons of new features, and vastly scale up its ambitions. "I’d like for Signal to reach billions of users," says Acton. "I’d love to have it happen in the next 5 years or less."
9
255
536
A Reddit rumor was going around yesterday that hackers downloaded nearly all of Parler's data with a 2fa bug that let anyone create an admin account. Yes, hackers grabbed all of Parler's (public) data. But the truth of how they did it was far simpler:
17
243
536
Phone phreaker Will Caruana put together what may be the world's largest list of numbers for elevator phones. Anyone can call in to talk to elevator passengers, eavesdrop, or in many cases, reprogram the phones. (And yes, I called a few dozen myself.)
10
264
541
Just 2 months after an FBI-led "disruption" of ransomware group BlackCat, the hackers are on day 7 of an attack delaying prescriptions in hospitals across the US—and raising questions about the efficacy of law enforcement's operations against these groups.
16
309
551
Researchers at Dragos have defined a new APT group they call Kamacite, which at times works as the "access" team for Russia's GRU hackers known as Sandworm, at times independently. And they found Kamacite has targeted the US grid + oil and gas for years.
5
317
527
Hundreds of models of Gigabyte motherboards, used in gaming and other high-performance computers, have a backdoor in their firmware that invisibly downloads code to the machine at startup—and does so insecurely, leaving the feature open to abuse.
16
264
520
Eva Galperin, the head of EFF’s Threat Lab, has been pressuring antivirus firms to finally take seriously the threat of consumer spyware apps used for domestic abuse. Today, she got her first win: Kaspersky announced a new stalkerware crackdown:
8
223
510
Final thanks to all who contributed to this truly collaborative work:
@ArsenalArmed
, who proved the original evidence fabrication,
@TomHegel
&
@juanandres_gs
who will be speaking on this at Black Hat,
@amnesty
,
@citizenlab
,
@jsrailton
,
@0xZeshan
, and one unnamed security analyst.
8
132
491
Researchers checked 34 billion insufficiently random Ethereum keys, and found that 732 of the associated addresses had already been emptied, likely by thieves. One of those thieves had amassed a fortune that was at one point worth $54 million.
16
310
486
Kaspersky researchers found a puzzle inside a Central Asian country's embassy: Highly versatile spyware infecting its network, called TajMahal, with 80 distinct modules and no fingerprints of any known hacker groups. It had gone undetected for five years.
7
309
489
Last week’s news of an FBI operation against the Russian hacker group Turla offered an excuse to sketch out the 25-year history of these elite FSB cyberspies—and to try to capture why so many intel analysts and security researchers are obsessed with them.
10
222
486
Dutch police investigators detailed to me how they took over and ran one of the world’s top dark web drug sites for nearly a month, all while turning it into a massive surveillance trap for the site’s users:
9
305
459
At Defcon next week, two hackers will re-launch (after a years-long hiatus) PunkSpider, a search engine for hackable websites. It will publicly reveal hundreds of thousands of unpatched web bugs—in the hope of shaming site owners into fixing them.
12
241
473
I was about to write “I am anti-fascist” like everybody is doing but honestly who is not anti-fascist except fascists
11
65
472
I dug into the terms of Binance's settlement with feds. The world's biggest crypto exchange is about to open its entire database of transaction records to US regulators and law enforcement for a "24/7, 365-days-a-year financial colonoscopy."
Read:
19
175
470
@SCFGallagher
@caitlin__kelly
Her best friend is a giant blue ox and she brushes her teeth with pine trees. Once she got so sad she dropped her ax and dragged it behind her, creating the Grand Canyon.
0
10
443
Israeli firm Check Point says an NSA zero-day exploit was replicated by Chinese hackers and used for years. (Long prior to its leak by Shadow Brokers) A source now confirms Lockheed Martin found the Chinese version of the tool being used on a US network.
15
251
444
Two months ago, Microsoft admitted Chinese hackers had obtained a cryptographic key that let them forge access tokens and get into 25 organizations' emails. Now they've revealed how they think it happened, and it is truly a Series of Unfortunate Events.
13
144
455
For the first time, Signal has released a breakdown of its costs, which will reach $50 million a year by 2025. Its president
@mer__edith
says this isn’t just an appeal for donations. It’s a way to highlight the surveillance profit model they’re up against.
11
197
450
Just when you start to worry that
@moxie
might have lost his cyberpunk edge as CEO of the relatively grown-up non-profit behind Signal, he lays hands on a Cellebrite device that "fell off a truck," hacks it and demos the bugs in a Hackers-themed video:
9
121
435
Feds have arrested the admin of Bitcoin Fog, the longest-running dark web Bitcoin-laundering service. It helped hide $336M over 10 years. How'd they find him? With exactly the follow-the-money techniques his service was meant to defeat. h/t
@SeamusHughes
!
13
229
427
Dutch researcher
@0Xiphorushas
has detailed a new physical access technique that could let hackers break into any of millions of PCs via their Thunderbolt ports. The good news is it requires unscrewing the case briefly. The bad news is it's unpatchable.
12
271
431
Signal is rolling out new settings today to finally let you create a username instead of revealing your phone number to everyone you communicate with. This is probably the most requested feature in Signal’s 10-year history.
I tested it out in beta:
12
160
441
Android phones aren't just slow to get security updates. They also sometimes lie to you about them. A new study of 1,200 Android phones' firmware finds that the phones lacked as many as a dozen patches even while telling users they're fully patched.
11
421
411
Wired is unionizing. We've been planning this for more than a year, but in the current economic crisis it's more urgent than ever. If we can gain a seat at the table and use it to protect our most vulnerable staff, we have a responsibility to do it now.
14
104
427
This weekend, pro-Russian saboteurs halted more than 20 Polish trains, possibly to hamper Ukraine's war effort.
@LukOlejnik
figured out how they did it: A "radio-stop" command anyone can broadcast at a certain frequency with as little as $30 of equipment.
12
204
425
Alex Stamos' plan for the Stanford Internet Observatory is...bold. Negotiate access to anonymized data from Facebook, Google, Twitter, etc. Scrape fringe sites like Voat, Gab, 4chan, 8chan. Offer it all up to social scientists studying bad behavior online.
11
188
414
The CCleaner backdoor attack is now looking much more like serious targeted espionage than a broad cybercrime scheme
7
490
394
Researchers found that anyone who controls a WhatsApp server (sophisticated hackers, a government coercing the company) can insert themselves into any group chat, undermining WhatsApp’s promises of end-to-end encryption
10
488
388
Google reveals a hacker group used five zero-day vulnerabilities (a lot!) in a phishing and watering-hole spy campaign against North Koreans last year. Kaspersky links the attacks to DarkHotel, a suspected South Korean hacking group.
11
224
394
I just realized: NotPetya, the Russian GRU-built worm designed to destroy Ukraine's digital infrastructure, hit on the 10-year anniversary TO THE DAY of the fourth Diehard movie's release in theaters...wherein bad guys carry out cyberattacks designed to hack all US infrastructure
17
73
391
For the 30th anniversary of The Cuckoo’s Egg, I interviewed Cliff Stoll and tried to capture the immense, unlikely influence this polymath planetary astronomer has had on the field of cybersecurity:
16
168
397
To mark the paperback release of SANDWORM this week, here's an excerpt that tells the blow-by-blow of a historic 2007 US government experiment known as Aurora. The goal: destroy a school-bus-sized, $300,000 diesel generator with malicious code alone.
5
120
395
Yes, the $3.6 billion crypto seizure is notable for one defendant's horrifying rap videos. But it's also a pretty remarkable display of IRS defeating crypto-laundering techniques like "chain-hopping," Monero and mixing via dark web market. I dug into it:
20
147
390
This piece, the longest Wired has published in the magazine in over a decade, is paywall-free for one more day.
(Also, hope it makes you want to subscribe to Wired so my colleagues and I can have jobs.)
I spent this year talking to the 3 young hackers behind Mirai, the malware that once broke the internet.
This is WIRED's resulting cover story—an epic, untold, 22,000-word tale of cybercrime, friendship, chaos, betrayal, paranoia, and redemption.
Read:
41
441
1K
12
132
388
No matter your feelings on Assange and WikiLeaks, this could be an awful event for press freedom:
49
250
325
Apple walked me through the elaborate cryptography that allows the new Find My app to let you track down your lost, offline Macbook via Bluetooth signals it sends out, while still preventing anyone else from tracking you via those signals—including Apple.
6
156
370
After last week's $3.6B bitcoin seizure, (the largest financial seizure ever) I'm excited to reveal the title/cover for my next book, on the detectives who learned to trace cryptocurrency and their giant impact on digital black markets: TRACERS IN THE DARK
26
75
380
P4x wants to send a message not only to NK to stop targeting US hackers (see
@lilyhnewman
from last year ) but also to US agencies he feels have done little to support/protect targeted individuals: “If no one’s going to help me, I’m going to help myself."
6
76
360
One Tesla owner has released code for modding a Model S to pull video from its autopilot cameras and extract license plates/faces. His "surveillance detection scout," is intended to warn if someone is following you—and also raises major privacy questions.
13
194
367
In 2022, we at WIRED told the story of P4x, a hacker who singlehandedly took down the entire North Korean internet.
Now he's revealing his name—Alejandro Caceres—and his strange experience since then: trying to teach the US military to be more like him.
13
144
374
For the last year, the head of the cyberwar-focused Unit 74455 of Russia's GRU military intelligence agency, aka Sandworm, has been a hacker named Evgenii Serebriakov.
If that name sounds familiar, it's because he was busted in the Netherlands in 2018.
5
187
371
Big thing
#1
to me: After more than two years of silence from governments around the world on the "Olympic Destroyer" cyberattack that sabotaged the 2018 Winter Olympics in Korea () the US has finally (!) blamed Russia and condemned the attack.
13
127
351
A year ago, researchers broke the encryption of the Tesla Model S keyless entry system, showing hackers could wirelessly clone key fobs to steal cars. Tesla made new fobs. Now the same researchers found a bug in the new fobs and cracked them again.
16
231
354
The same "phone spear phishing" playbook used to hack Twitter in July has since been used against dozens of other companies, including banks, cryptocurrency exchanges and hosting providers, according to investigators tracking the new wave of attacks:
8
242
346
Wired has published another excerpt of my book SANDWORM, out 11/5. This piece tells the blow-by-blow story of how the most deceptive malware in history nearly crippled the 2018 Olympics—and how investigators ultimately tracked down the culprits behind it.
12
150
350
Just thought to myself "oh god the tweets he's going to do about this twitter ban" and then had an amazing, euphoric realization
15
34
356
A new round of data-destroying fake ransomware attacks in Ukraine appears to be small-scale for now. But it's uncomfortably similar to Russia's escalating attacks from 2015-2017 that culminated in NotPetya's $10 billion devastation.
8
165
337
It's been almost exactly 5 years since the NSA was caught hacking targets' hard drive firmware to plant ultra-stealthy spy tools. Yet today, gazillions of computer parts' firmware, from webcams to trackpads to network cards, remains wholly unprotected.
8
143
334
Big thing
#2
: Three-plus years after Sandworm unleashed NotPetya, the worst cyberattack in history () the US has named 4 men directly involved, even noting how Andrienko & Pliskin "celebrated" afterwards. A kind of accountability that's long been lacking.
10
143
317
In an infamous incident at the Defcon hacker conference 15 years ago, Boston's transit agency sued a group of MIT hackers to stop them from revealing a method for getting free rides.
Today, four teenagers at Defcon picked up where they left off:
(thread)
5
123
325