2025's Cybersecurity Wins: Stories That Inspired Us

As the year draws to a close, it's time to reflect on the cybersecurity landscape and celebrate the victories – the stories that often go unreported amidst the constant stream of breaches and threats. Since 2023, GearTech has been closely following the most impactful cybersecurity narratives. The digital world faces a relentless barrage of attacks, and countless stories of resilience, investigation, and prevention deserve recognition. There's a wealth of cybersecurity, privacy, and surveillance reporting published weekly, and many are truly exceptional. Here, we highlight the stories that resonated most with us, acknowledging that this is a subjective and inevitably incomplete list. This year saw significant advancements in threat intelligence, proactive defense, and investigative journalism, offering glimmers of hope in an increasingly complex digital world. We'll explore these wins, analyzing their impact and the lessons learned for 2025 and beyond.

Unmasking the Shadows: Investigative Journalism at its Finest

Shane Harris and the Cultivation of an Iranian Hacker Source

Some hacker stories read like scripts for a thrilling movie or TV series. Shane Harris’s deeply personal account of his months-long correspondence with a top Iranian hacker is a prime example. In 2016, the Atlantic journalist connected with an individual claiming involvement in Iran’s intelligence operations, alleging participation in significant events like the downing of an American drone and the infamous Saudi Aramco hack. Initially skeptical, Harris’s belief grew as the hacker revealed his identity. The hacker’s untimely death allowed Harris to reconstruct the true story, which proved even more incredible than initially presented. This gripping narrative also provides a valuable behind-the-scenes look at the challenges cybersecurity reporters face when building trust with sources and verifying sensitive information.

The Washington Post Exposes a Secret U.K. Order Demanding Apple Backdoor

In January, the U.K. government secretly issued Apple a court order demanding the creation of a backdoor to access iCloud data of any customer globally. A worldwide gag order initially concealed this demand, but The Washington Post broke the news, bringing it to light. This unprecedented request, if successful, would have been a major setback for tech companies prioritizing user data security. Apple responded by halting its opt-in end-to-end encrypted cloud storage in the U.K. However, the public exposure sparked a debate about U.K. surveillance powers and prompted a diplomatic row with the United States, ultimately leading Downing Street to withdraw the request – though attempts to reinstate it followed.

The Trump Administration's Accidental Texting of War Plans

The Atlantic’s editor-in-chief experienced a reporter’s dream – and a national security nightmare – when inadvertently added to a Signal group containing senior U.S. government officials discussing war plans. The accidental inclusion provided fly-on-the-wall access to sensitive discussions, including details about potential bombing targets. Witnessing news reports of missile strikes corresponding with the group’s conversations confirmed the authenticity of the chat. This led to a months-long investigation and critique of the government’s operational security practices, revealing what was dubbed the biggest government opsec mistake in history. The incident further exposed security vulnerabilities related to the use of a counterfeit Signal clone, jeopardizing secure communications.

Tracking Down Cybercriminals and Disrupting Their Operations

Brian Krebs Identifies a Prolific Hacker Group Admin

Brian Krebs, a veteran cybersecurity reporter, has a long history of tracing online footprints to reveal the identities of notorious cybercriminals. In this case, Krebs uncovered the real identity of “Rey,” an administrator within the Scattered LAPSUS$ Hunters group, known for its advanced persistent teenage cybercrime activities. Krebs’s investigation led him to a person close to the hacker and ultimately to the hacker himself, who confessed to his crimes and expressed a desire to leave the cybercriminal lifestyle. This case highlights the power of persistent investigative journalism in dismantling criminal networks.

404 Media Shuts Down Airlines' Secret Data-Selling Program

Independent media outlet 404 Media achieved significant impact journalism this year, exposing and effectively shutting down a massive air travel surveillance system operated by the Airlines Reporting Corporation (ARC). ARC, owned by major airlines, was selling access to five billion plane tickets and travel itineraries – including personal and financial details – to federal agencies like ICE, the State Department, and the IRS, without warrants. Following 404 Media’s reporting and pressure from lawmakers, ARC agreed to discontinue the warrantless data program. This victory demonstrates the crucial role of independent journalism in protecting privacy rights.

Pushing the Boundaries of Security Research and Ethical Hacking

Wired's 3D-Printed Gun Experiment and the Legal Landscape of 'Ghost Guns'

The killing of UnitedHealthcare CEO Brian Thompson in December 2024 brought the issue of “ghost guns” – 3D-printed firearms without serial numbers – into sharp focus. Wired, leveraging its expertise in 3D-printed weaponry, conducted an experiment to assess the ease of building such a gun and navigate the complex legal and ethical considerations. The resulting report, accompanied by a chilling video, provided valuable insights into the accessibility of untraceable firearms and the challenges of regulating them. This investigation sparked a crucial conversation about the intersection of technology, law, and public safety.

Exposing Government Overreach and Protecting Whistleblowers

NPR Details a Whistleblower's Account of DOGE and Sensitive Data

The “DOGE” saga – involving alleged data grabs by a group associated with Elon Musk – was a major story this year. NPR’s investigative reporting uncovered the resistance movement within the federal government aimed at preventing the pilfering of sensitive data. A whistleblower from the National Labor Relations Board revealed receiving threatening communications, including personal information and surveillance photos, after seeking help investigating DOGE’s activities. This story underscores the importance of protecting whistleblowers who expose government misconduct and the risks they face.

Mother Jones Uncovers an Exposed Dataset of Surveillance Victims

A journalist’s discovery of a dataset from a surveillance company called First Wap led to a startling revelation: records on thousands of individuals worldwide, including world leaders, a Vatican enemy, and potentially you, had been tracked. The dataset, spanning 2007-2015, revealed the exploitation of Signalling System No. 7 (SS7), a protocol allowing malicious phone tracking. This story exposed the shadowy world of phone surveillance and raised serious concerns about privacy and security. The journalist’s initial reaction – “I felt like shitting my pants” – perfectly captures the gravity of the discovery.

Combating Emerging Threats: Swatting and Online Harassment

Wired Investigates a String of 'Swatting' Attacks on Schools

Swatting, a dangerous hoax involving false emergency calls to dispatch armed SWAT teams, has evolved from a malicious prank to a serious threat. Wired’s Andy Greenberg investigated a series of swatting attacks targeting hundreds of schools nationwide, profiling the call operators, a prolific swatter known as Torswats, and a hacker who tracked down Torswats. This feature humanized the individuals involved and shed light on the devastating consequences of swatting, highlighting the need for improved security measures and law enforcement responses.

These stories represent just a fraction of the impactful cybersecurity reporting from 2024. They demonstrate the power of investigative journalism, ethical hacking, and proactive defense in protecting individuals, organizations, and nations from evolving cyber threats. As we look ahead to 2025, these wins serve as inspiration and a reminder that vigilance, collaboration, and a commitment to security are essential in navigating the increasingly complex digital landscape. The ongoing evolution of artificial intelligence (AI), quantum computing, and Internet of Things (IoT) devices will undoubtedly present new challenges, but the lessons learned from these stories will be invaluable in building a more secure future. Furthermore, the increasing sophistication of ransomware attacks and the rise of supply chain vulnerabilities necessitate a continued focus on proactive threat intelligence and robust security protocols. Investing in cybersecurity education and fostering a culture of security awareness are also crucial steps in mitigating risk and empowering individuals to protect themselves online.