Skip to content

Chronicles

Latest chronicles

83 chronicles

  1. 01

    Joker's Stash: The Carding Empire That Closed Itself

    Joker's Stash was the largest dark web shop for stolen payment-card data for years, until its operator announced a voluntary shutdown in early 2021.

    #carding#payment-fraud#cryptocurrency
  2. 02

    Genesis Market: The Shop That Sold Your Whole Browser

    Genesis Market packaged victims' browser fingerprints, cookies, and passwords into bots that bypassed MFA, until Operation Cookie Monster ended it in April 2023.

    #account-takeover#stolen-credentials#law-enforcement
  3. 03

    ShadowCrew: The Forum That Taught Crime to Scale

    ShadowCrew turned stolen credit cards into a wholesale trade for thousands of members until the Secret Service ran Operation Firewall in October 2004.

    #carding#identity-theft#law-enforcement
  4. 04

    Hydra Market: The Russian Bazaar That Laundered Billions

    Hydra was the largest Russian-language darknet market, moving drugs, stolen data, and crypto cash-out services worth billions until German police seized its servers in 2022.

    #darknet#money-laundering#law-enforcement
  5. 05

    Welcome to Video: The Blockchain That Named the Buyers

    Investigators dismantled a dark web abuse-material site by following its Bitcoin payments across the public ledger, turning anonymous transactions into 337 arrests worldwide.

    #darknet#bitcoin#law-enforcement
  6. 06

    AlphaBay & Hansa: The Honeypot Waiting on the Other Side

    When police seized AlphaBay, the largest darknet market after Silk Road, the fleeing buyers ran straight into Hansa, a rival store the Dutch had already taken over.

    #darknet#law-enforcement#operation-bayonet
  7. 07

    Mirai Botnet: The IoT Army That Broke the Internet

    The Mirai botnet hijacked hundreds of thousands of default-password IoT devices and, in 2016, knocked Twitter, Reddit, and Spotify offline via DNS provider Dyn.

    #botnet#iot#ddos
  8. 08

    Bangladesh Bank Heist: The Typo That Saved a Billion

    The Bangladesh Bank heist saw Lazarus-linked hackers steal $81 million over SWIFT in 2016, foiled from a full billion only by a single misspelled word.

    #banking#swift#lazarus-group
  9. 09

    Stuxnet: The Worm That Sabotaged Iran's Nuclear Program

    A worm built to slip across air gaps, count centrifuges, and rewrite the rules of warfare without firing a shot.

    #nation-state#scada#natanz
  10. 10

    NotPetya: The Worm That Crashed the World

    A fake ransomware worm flushed through a Ukrainian accounting tool and ate ten billion dollars of global shipping, pharma, and freight in a single afternoon.

    #nation-state#ransomware#supply-chain
  11. 11

    Colonial Pipeline: One Password Stopped the Fuel

    In 2021 DarkSide ransomware entered Colonial Pipeline through one leaked VPN password, halting half the US East Coast gasoline supply for a week.

    #ransomware#darkside#infrastructure
  12. 12

    SolarWinds: The Backdoor Hidden in a Routine Update

    SolarWinds shipped a trojanized Orion update that planted the Sunburst backdoor on 18,000 networks, letting Russia's SVR breach US agencies.

    #nation-state#supply-chain#svr
  13. 13

    Sony Pictures Hack: When a Comedy Triggered a Wipe

    The Sony Pictures hack, tied to North Korea over the film The Interview, wiped the studio and leaked emails, salaries, and unreleased films to the world.

    #nation-state#lazarus-group#leak
  14. 14

    Silk Road: The Darknet Empire Caught Logged In

    Silk Road was the largest darknet drug market, run by Ross Ulbricht as Dread Pirate Roberts until the FBI seized his open laptop in a San Francisco library.

    #darknet#bitcoin#law-enforcement
  15. 15

    Equifax: The Unpatched Server That Bared a Nation

    The Equifax breach exploited one unpatched Apache Struts server to exfiltrate the credit records of 147 million Americans, nearly half the country.

    #breach#credit-bureau#apache-struts
  16. 16

    Lapsus$: The Teenagers Who Broke Big Tech

    Lapsus$ was a Telegram group of teenagers who breached Nvidia, Samsung, Microsoft, Okta, and Uber using MFA fatigue, SIM swaps, and bribed insiders.

    #social-engineering#sim-swap#okta
  17. 17

    Twitter Bitcoin Hack: A Teen Who Phoned the Help Desk

    The 2020 Twitter Bitcoin hack hijacked verified accounts of Obama, Musk, and Apple after a Florida teen social-engineered Twitter's internal support tools.

    #vishing#social-engineering#twitter
  18. 18

    Cambridge Analytica: 87 Million Facebook Profiles

    A personality quiz harvested 87 million Facebook profiles that Cambridge Analytica used to micro-target voters in Brexit and the 2016 US election.

    #data-broker#facebook#elections
  19. 19

    Mt. Gox: The Exchange That Lost 850,000 Bitcoin

    A Tokyo exchange built on top of a Magic: The Gathering trading site briefly handled most of the world's Bitcoin. Then 850,000 coins quietly walked out the door.

    #bitcoin#exchange#collapse
  20. 20

    Snowden: The Thumb Drive That Exposed PRISM

    Edward Snowden leaked NSA documents exposing PRISM and bulk surveillance, forcing a global reckoning over mass data collection and accelerating encryption.

    #whistleblower#nsa#surveillance
  21. 21

    Operation Aurora: When China Hacked Google

    China reached into Google's source-code repository looking for the accounts of dissidents. Google reached back by leaving the country.

    #nation-state#google#china
  22. 22

    Target 2013: The Breach That Walked In Through HVAC

    Target's 2013 breach exposed 40 million payment cards after attackers slipped in through an HVAC contractor's vendor login during the holiday rush.

    #retail#pos-malware#supply-chain
  23. 23

    Conti Leaks: A Ransomware Gang Spills Its Files

    In 2022, after Conti backed Russia's invasion of Ukraine, a Ukrainian insider leaked two years of the ransomware gang's internal chats and source code.

    #ransomware#conti#leak
  24. 24

    Pegasus: The Spyware Governments Aimed at Journalists

    Pegasus, NSO Group's zero-click spyware, surfaced in a leak of fifty thousand numbers tying governments to surveillance of journalists and dissidents.

    #spyware#nso#human-rights
  25. 25

    Kaseya: The Holiday Weekend REvil Locked 1,500 Firms

    REvil exploited Kaseya VSA over the July 4th weekend, cascading ransomware through managed service providers to roughly 1,500 downstream businesses.

    #ransomware#supply-chain#msp
  26. 26

    Ashley Madison: The Affair Site Hacked Into the Open

    In 2015 The Impact Team breached affair site Ashley Madison and, after its ultimatum was ignored, leaked 32 million users onto public torrents.

    #leak#extortion#social-impact
  27. 27

    Heartbleed: The OpenSSL Typo That Bled the Web

    Heartbleed was a tiny OpenSSL flaw that let anyone read 64KB of server memory at a time, leaking passwords and private keys across two-thirds of the web.

    #openssl#vulnerability#infrastructure
  28. 28

    WannaCry: The Worm That Froze Hospitals Worldwide

    WannaCry, a 2017 North Korean worm wielding the leaked NSA EternalBlue exploit, froze UK hospitals until a researcher accidentally tripped its kill switch.

    #ransomware#eternalblue#lazarus-group
  29. 29

    Yahoo Breaches: Three Billion Accounts and a Hidden Bill

    The Yahoo breaches compromised three billion accounts across 2013 and 2014, and the delayed disclosure forced Verizon to cut $350 million off its acquisition.

    #breach#yahoo#acquisition
  30. 30

    MOVEit: The Zero-Day Cl0p Used to Strip Thousands

    A managed file-transfer tool sat between thousands of organizations and their payroll providers. The Cl0p gang found a zero-day in it and stripped them all in a weekend.

    #ransomware#zero-day#supply-chain
  31. 31

    Change Healthcare: Ransomware Froze US Claims

    In 2024 ALPHV/BlackCat ransomware crippled Change Healthcare, the clearinghouse behind a third of US medical claims, stranding pharmacies for months.

    #ransomware#healthcare#blackcat
  32. 32

    CrowdStrike Outage: The Update That Crashed the World

    The CrowdStrike outage of July 2024 saw one bad Falcon update blue-screen 8.5 million Windows machines, grounding flights and freezing hospitals worldwide.

    #outage#endpoint#supply-chain
  33. 33

    LockBit Takedown: Police Seized the Gang's Stage

    Operation Cronos took down LockBit as police from ten countries seized the leak site of the most prolific ransomware brand and mocked its leaders publicly.

    #ransomware#law-enforcement#lockbit
  34. 34

    Medibank: When Refusing to Pay Cost Patients Their Privacy

    When Australia's largest health insurer refused to pay, the attackers published abortion records, addiction histories, and HIV status by way of demonstration.

    #ransomware#healthcare#australia
  35. 35

    RSA SecurID: The Breach That Forged Token Keys

    RSA SecurID was breached when a phishing email reached HR, forcing replacement of the hardware tokens used by much of the Fortune 500 and Lockheed Martin.

    #nation-state#two-factor#supply-chain
  36. 36

    DNC Hack: When Two Russian Bears Shared a Network

    The DNC hack saw Russia's SVR and GRU read Democratic emails for months, then weaponize them through Guccifer 2.0 and WikiLeaks before the 2016 US election.

    #nation-state#election#russia
  37. 37

    The Shadow Brokers: The Leak That Freed NSA Exploits

    The Shadow Brokers dumped the NSA's offensive toolkit online, leaking EternalBlue and the exploits that later powered WannaCry and NotPetya.

    #nsa#leak#zero-day
  38. 38

    Vault 7: The Insider Who Leaked the CIA's Hacking Tools

    Vault 7 was WikiLeaks' 2017 release of roughly nine thousand documents on the CIA's hacking tools, leaked by a frustrated engineer inside the agency itself.

    #cia#leak#insider
  39. 39

    Ukraine Power Grid: The First Blackout Caused by Hackers

    The Ukraine power grid attack of 2015 cut electricity to 230,000 people as Russian hackers seized substation controls, the first blackout caused by a cyberattack.

    #ics#ukraine#russia
  40. 40

    Shamoon: The Wiper That Bricked 30,000 Aramco PCs

    Shamoon was a wiper that bricked 30,000 workstations at Saudi Aramco, overwriting boot records with a burning flag in an attack attributed to Iran.

    #wiper#iran#oil
  41. 41

    Capital One Breach: 106 Million Records via SSRF

    In 2019 a former AWS engineer abused a misconfigured WAF to reach Capital One S3 buckets and steal data on 106 million credit-card applicants.

    #cloud#aws#waf
  42. 42

    MGM and Caesars: The Phone Call That Closed the Casinos

    Two of the largest casino operators in the world were taken down by the same group within a week, both via the help desk and a confident phone call.

    #ransomware#social-engineering#scattered-spider
  43. 43

    Norsk Hydro: The Ransomware Victim Who Went Public

    When LockerGoga encrypted the Norwegian aluminum giant's entire IT estate, the company refused to pay and instead invited journalists into the war room.

    #ransomware#transparency#manufacturing
  44. 44

    The Athens Affair: Wiretapping a Prime Minister

    Around the 2004 Athens Olympics, intruders quietly switched on Vodafone Greece lawful-intercept to wiretap the prime minister and a hundred officials.

    #wiretap#telecom#olympics
  45. 45

    Hacking Team: 400GB of a Spyware Firm, Leaked

    Phineas Fisher dumped 400GB of Italian spyware firm Hacking Team's emails, customer list, and source code, exposing its sales to repressive regimes.

    #spyware#leak#phineas-fisher
  46. 46

    Marriott: Four Years Inside Starwood's Reservations

    An intelligence-grade intrusion sat undetected inside Starwood's reservation system for four years, surviving a multi-billion-dollar acquisition by Marriott.

    #breach#hospitality#china
  47. 47

    Uber 2016: The Breach Cover-Up That Convicted a CSO

    Uber's 2016 breach exposed 57 million people, then its CSO hid it as a bug-bounty payout, earning the first US criminal conviction of a security chief.

    #breach#cover-up#bug-bounty
  48. 48

    Storm-0558: The Stolen Key That Forged Any Token

    A Chinese group used a stolen Microsoft signing key to forge tokens for any tenant in the world. Then they read State Department email.

    #nation-state#microsoft#identity
  49. 49

    Volt Typhoon: China's Quiet Bet on US Infrastructure

    Volt Typhoon is a Chinese campaign found in 2023 prepositioned inside US water, power, and military networks, apparently staged for sabotage in a future conflict.

    #nation-state#china#critical-infrastructure
  50. 50

    Operation Triangulation: The Zero-Click iPhone Spy Chain

    Kaspersky discovered a zero-click iOS implant on its own employees' iPhones. The exploit chain hinged on an undocumented hardware register hidden inside Apple's CPU.

    #spyware#ios#zero-click
  51. 51

    Bybit Hack: The 1.5 Billion Dollar Crypto Heist

    In 2025 North Korea's Lazarus Group tricked a Bybit signer via a poisoned Safe{Wallet} interface, moving 1.5 billion dollars of Ether in one block.

    #crypto#lazarus-group#supply-chain
  52. 52

    Maroochy Shire: The Insider Who Spilled the Sewers

    A rejected job applicant kept his contractor's radio and laptop, drove around an Australian sewage network for months, and remote-released a million liters into the parks and rivers.

    #ics#insider#australia
  53. 53

    CCleaner Attack: 2.3 Million Hosts, 40 Targets

    In 2017 a trojanized CCleaner build reached 2.3 million Windows PCs, but its second stage was delivered to fewer than 40 tech-company targets.

    #supply-chain#ccleaner#targeted
  54. 54

    Travelex: The Ransomware That Ruined New Year's Eve

    Travelex was crippled on New Year's Eve 2019 by Sodinokibi ransomware through an unpatched VPN flaw, paying roughly $2.3 million in Bitcoin to recover.

    #ransomware#sodinokibi#fintech
  55. 55

    JBS Foods: The Ransomware That Halted Meat

    The JBS Foods attack saw REvil ransomware shut the world's largest meat processor across two continents and extract an 11 million dollar Bitcoin ransom.

    #ransomware#food-supply#revil
  56. 56

    T-Mobile Breaches: A Carrier That Kept Losing Your Data

    T-Mobile suffered breaches in 2018 through 2023, including a 2021 hack of 54 million customers, making it the case study in serial carrier data loss.

    #telecom#breach#recurrence
  57. 57

    Anthem Breach: 78.8 Million Health Records Stolen

    In 2015 a nation-state intrusion at health insurer Anthem exposed 78.8 million records, including Social Security numbers, dates of birth and addresses.

    #breach#health-insurance#china
  58. 58

    OPM Breach: When China Took Every Clearance File

    The US Office of Personnel Management held the background-check files of every cleared federal employee in the country. China appears to have taken the lot.

    #nation-state#china#federal
  59. 59

    Flame: The Spy Malware That Forged Microsoft

    Flame was a 20-megabyte espionage platform aimed at Iran that forged a Microsoft update certificate to spread and proved to be a cousin of Stuxnet.

    #nation-state#espionage#iran
  60. 60

    Magecart: The Skimmer Hidden in British Airways

    Twenty-two lines of JavaScript injected into a third-party script harvested credit cards from the British Airways checkout for fifteen days.

    #web-skimming#magecart#airlines
  61. 61

    Twilio 2022: One Phished SMS, 130 Companies Exposed

    Twilio's 2022 breach began with phishing SMS to employees and cascaded into 130 downstream firms, including Signal and the Authy two-factor app itself.

    #supply-chain#phishing#twilio
  62. 62

    Costa Rica vs. Conti: Ransomware Triggers Emergency

    In 2022 Conti ransomware paralyzed Costa Rica's finance ministry and beyond, prompting the president to declare the first national cyber emergency.

    #ransomware#conti#government
  63. 63

    Cellebrite vs. Signal: A Forensic Tool Undone

    After Cellebrite claimed it could parse Signal, Moxie Marlinspike reverse-engineered its forensic device and found code-execution bugs that taint its reports.

    #forensics#signal#vulnerability
  64. 64

    Operation Cleaver: Iran's Quiet Turn to Persistent Access

    Operation Cleaver was an Iranian campaign that burrowed into airlines, energy firms, telecoms, and a US military contractor, mapping critical infrastructure footholds.

    #nation-state#iran#espionage
  65. 65

    Sea Turtle: The DNS Hijack That Skipped the Front Door

    Sea Turtle was an Iranian DNS-hijacking campaign that seized registrars to reroute and intercept traffic for governments and telecoms across three regions.

    #dns-hijack#iran#infrastructure
  66. 66

    Optus 2022: How One Open API Exposed a Nation

    Australia's second-largest telco lost the personal records of 9.8 million customers — including 1.2 million still-valid passport and driver's license numbers — through an unauthenticated API.

    #telecom#api#australia
  67. 67

    Levandowski vs. Waymo: 14,000 Stolen Files

    Anthony Levandowski took 14,000 files from Google's self-driving program, sold his startup to Uber, and pled guilty to trade-secret theft against Waymo.

    #insider#trade-secrets#autonomous-vehicles
  68. 68

    ShadowHammer: ASUS Updates Hijacked to Hunt 600 PCs

    Operation ShadowHammer pushed a signed, trojanized ASUS Live Update to half a million PCs to reach roughly 600 specific MAC addresses.

    #supply-chain#asus#targeted
  69. 69

    Log4Shell: The Log Line That Broke the Internet

    A logging library used by half the internet would execute any code you wrote into a chat message. The fix took the world a weekend; the cleanup took years.

    #vulnerability#open-source#rce
  70. 70

    Spectre and Meltdown: The Flaws Baked Into Silicon

    Spectre and Meltdown were CPU flaws in speculative execution that let any program read protected memory, affecting nearly every processor of the prior two decades.

    #hardware#side-channel#cpu
  71. 71

    ProxyLogon: The Exchange Zero-Day Feeding Frenzy

    ProxyLogon let Chinese group Hafnium quietly raid Exchange servers, until the patch leaked and criminal crews mass-exploited tens of thousands worldwide.

    #nation-state#exchange#china
  72. 72

    Triton: The Malware Built to Kill a Safety System

    Triton, found in a Saudi petrochemical plant in 2017, was the first malware engineered to disable the safety systems that exist to prevent an explosion.

    #ics#safety-system#nation-state
  73. 73

    PSN 2011: The 23-Day Outage That Grew Up Gaming

    Seventy-seven million accounts and a 23-day global outage made the 2011 PSN breach the moment console gaming discovered it was a data-custody business.

    #breach#gaming#sony
  74. 74

    JPMorgan 2014: One Server, 76 Million Households

    The JPMorgan Chase 2014 breach exploited one server missing two-factor auth to expose 76 million households and seed a years-long securities fraud scheme.

    #breach#banking#fraud
  75. 75

    The Morris Worm: The Internet's First Disaster

    In 1988 a graduate student released a self-replicating program to measure the internet. A bug in its restraint logic instead became the internet's first disaster.

    #worm#history#first
  76. 76

    Conficker: The Botnet That Was Never Fired

    From 2008 the Conficker worm built a botnet of millions of PCs and spurred an industry coalition to fight it, yet its operators never weaponized it.

    #worm#botnet#coordination
  77. 77

    SQL Slammer: The Worm That Saturated the Internet

    Code Red in 2001 and SQL Slammer in 2003 proved a single UDP packet worm could saturate the global internet in under fifteen minutes.

    #worm#history#internet-scale
  78. 78

    Kevin Mitnick: The Hacker the Myth Outran

    Kevin Mitnick, America's most-wanted hacker, was caught in 1995 by rival Tsutomu Shimomura and became the face of social engineering as the real attack surface.

    #history#social-engineering#law-enforcement
  79. 79

    MafiaBoy: The Teenager Who Took the Web Offline

    A fifteen-year-old in Montreal knocked Yahoo, Amazon, eBay, CNN, and Dell offline over a single week in February 2000 — and bragged about it in a chat room.

    #ddos#history#juvenile
  80. 80

    The Cuckoo's Egg: A 75-Cent Trail to the KGB

    Cliff Stoll chased a 75-cent accounting glitch at Berkeley and unmasked Markus Hess, a German hacker selling US military secrets to the Soviet KGB.

    #history#espionage#first
  81. 81

    Moonlight Maze: The Espionage That Outlived Decades

    The first major nation-state intrusion campaign against the US ran for years in the late 1990s — and code fingerprints from it resurfaced two decades later.

    #nation-state#history#russia
  82. 82

    Titan Rain: The First Great Chinese Cyber-Espionage Wave

    Titan Rain was an early-2000s Chinese campaign that quietly drained US defense and NASA networks, and the analyst who traced it back to China was fired for it.

    #nation-state#china#history
  83. 83

    GhostNet: The Spy Web Inside 103 Countries

    GhostNet began with the Dalai Lama's bugged computers and exposed a 1,295-machine espionage network inside the ministries and embassies of 103 countries.

    #espionage#china#surveillance