Lightnews — Scholar-powered news

Runa Sandvik @runasand.bsky.social · 4d

No, that was a very short contract in the middle of the pandemic. Here’s why I’ve been up to since. techcrunch.com/2022/07/15/g...

Runa Sandvik's new startup Granitt secures at-risk people from hackers and nation states | TechCrunch

The Norwegian hacker talks about her new venture aimed at protecting journalists and critics from powerful adversaries.

techcrunch.com

2

Runa Sandvik @runasand.bsky.social · 5d

I’ve followed various coverage of Havana Syndrome over the years; still interesting to hear what @jenniferpforde.bsky.social and @bungey.bsky.social uncovered in their podcast ‘Havana Helmet Club’ (and I loved ‘West Cork’ from a few years ago). www.bbc.com/audio/brand/...

BBC Audio | Havana Helmet Club

Listen to the latest episodes of Havana Helmet Club on BBC Audio

www.bbc.com

1 5

Runa Sandvik @runasand.bsky.social · 5d

Been really enjoying this new book about Gunvor Galtung Haavik, a nurse turned secretary for the Norwegian MoFA in Moscow — and KGB spy for 30 years. The KGB used her to get closer to Americans, including Marion Peacock, Lloyd Eddenfield, Bernie G. Britain, and Roy Rhodes.

3

Runa Sandvik @runasand.bsky.social · 6d

I’m very excited to discuss journalism and source protection at the @gijn.org conference in Kuala Lumpur next month, alongside @sandrine-rigaud.bsky.social, @thesignalsnetwork.bsky.social, @pm-arnaud.bsky.social, and @paulradu.bsky.social. gijn.org/stories/gijc...

GIJC25 Program Launches — Two Nobel Laureates and African War Crimes Expert Are Featured Speakers

Journalism pioneer Maria Ressa, famed economist Joseph Stiglitz, and UN Rwanda Tribunal prosecutor Charles Adeogun-Phillips headline the top experts on the conference's program.

gijn.org

3 12

Runa Sandvik @runasand.bsky.social · 6d

Spent the last week in Taiwan! Such a beautiful country and lots of delicious food. Would love to visit again! 🇹🇼

19

Runa Sandvik @runasand.bsky.social · Aug 21

I followed the news in Norway, glad you’re doing ok!

Runa Sandvik @runasand.bsky.social · Aug 12

No, L1, first jump after ground school.

2

Runa Sandvik @runasand.bsky.social · Aug 11

Working on my skydiving license in between security assessments, keynotes, and research. Here’s my first jump in Empuriabrava, Spain with two instructors and my own parachute.

5 1 79

Runa Sandvik @runasand.bsky.social · May 29

Thanks to ODA-Nettverk for inviting me to keynote Inspiration Day yesterday! Really enjoyed being back in Oslo and talking about the importance of end-to-end encryption.

1 1 15

Runa Sandvik @runasand.bsky.social · May 27

Had the pleasure of being a guest on the Adventures of Alice & Bob Podcast recently! Check out the interview for stories about my work with journalists and high-risk people — and that one time I hacked a smart-rifle in 2015. www.beyondtrust.com/podcast/ep-7...

Ep. 79 - Hacking Rifles and Protecting Reporters //… | BeyondTrust

BeyondTrust’s Privileged Access Management platform protects your organization from unwanted remote access, stolen credentials, and misused privileges

www.beyondtrust.com

1 5

Runa Sandvik @runasand.bsky.social · May 26

The Kaspersky researchers who discovered Careto more than a decade ago privately concluded that the group was run by the Spanish government. Careto relied heavily on phishing emails impersonating Spanish newspapers. techcrunch.com/2025/05/23/m...

1 4

Runa Sandvik @runasand.bsky.social · May 26

I’ll be in Stockholm in mid-June! Available for consulting, presentations, workshops for journalists and security folks. Also planning on spending some time in the wind tunnel. 🥳

3 9

Runa Sandvik @runasand.bsky.social · May 5

A team of journalists in Norway spent a year secretly monitoring a credit card fraud gang to uncover who's behind it and how they operate. Here's the story -- in English -- of how they unmasked Darcula and the crime-as-a-service software Magic Cat. www.nrk.no/dokumentar/x...

The scammers have tricked millions through text messages:

Who are they and how do they scam us?

www.nrk.no

1 22 43

Runa Sandvik @runasand.bsky.social · Apr 23

I’m really looking forward to speaking at ODA Inspiration Day in Oslo on May 28! I’ll be there a couple of days prior and would love to meet folks for coffee and/or work. odanettverk.no/2025/04/22/r...

Runa Sandvik is coming to ODA Inspiration Day 2025 - ODA-Nettverk

Runa Sandvik is the founder of Granitt, a consultancy focused on security for journalists and other at-risk people around the world. We are thrilled to have one of the world's leading experts on hacki...

odanettverk.no

7

Runa Sandvik @runasand.bsky.social · Apr 11

On my list and can’t wait to read it!

1

Runa Sandvik @runasand.bsky.social · Apr 10

Please do!

1

Runa Sandvik @runasand.bsky.social · Apr 10

The article refers to victims of a specific 2019 campaign and the database isn’t up to date, so that’s why. You’re not missing anything!

1

Runa Sandvik @runasand.bsky.social · Apr 10

News articles often focus on spyware victims who had their devices checked and opted to go public. We rarely hear about those who didn’t. New court documents from WhatsApp v. NSO shed some light on the true scale of the targeting in a 2019 campaign. techcrunch.com/2025/04/09/c...

Court document reveals locations of WhatsApp victims targeted by NSO spyware | TechCrunch

The list of 1,223 victims in 51 countries hints at the “true scale of the spyware problem,” per one researcher.

techcrunch.com

2 11 15

Runa Sandvik @runasand.bsky.social · Mar 31

Looks like someone did lots of research on this exact topic! aaronschlitt.de/threat-model...

Threat Modelling and Analyzing iPhone Mirroring

What looks like a pretty useful feature to users at first glance is also exciting from the perspective of a security researcher.

aaronschlitt.de

1 1 3

Runa Sandvik @runasand.bsky.social · Mar 26

Thank you! See this guide as a starting point. Happy to chat about what else/what more is needed for specific contexts. bsky.app/profile/runa...

Runa Sandvik @runasand.bsky.social · Jan 24

I wrote a very timely introduction to digital security for journalists for @gijn.org last fall. This guidance may also apply to activists, lawyers, and anyone else doing at-risk work these days. gijn.org/resource/int...

Introduction to Investigative Journalism: Digital Security

Digital security may seem a little daunting at first, but increased security will help investigative journalists build trust with — and protect — current and future sources.

gijn.org

1 3

Runa Sandvik @runasand.bsky.social · Mar 8

Good question! I’d like to think we learn a thing or two from each other.

1

Runa Sandvik @runasand.bsky.social · Mar 6

More of this, please. bsky.app/profile/prop...

ProPublica @propublica.org · Feb 28

D.C., we keep on trucking. 🚚

If you are or were a federal worker, our Signal tipline is always open and actively monitored: 917-512-0201.

Two Black women, dressed in pink, stand in front of a mobile billboard truck outside of the Ronald Reagan Building and International Trade Center. On the side of the truck, a LED screen reads: Are (were) you a government worker? ProPublica journalists want to hear from you. Signal: 917-512-0201. propublica.org/tips.

A black mobile billboard truck drives along the exterior of USAID’s former headquarters at the Ronald Reagan Building and International Trade Center. The road ahead shows the U.S. Capitol. On the side of the truck, a LED screen reads: "Are (were) you a government worker? ProPublica journalists want to hear from you. Signal: 917-512-0201. propublica.org/tips." The back of the truck also has text that begins with "Do you have a tip for ProPublica?" The rest of the text is not clearly legible in the photo.

Wide shot of dozens of people gathered outside the Ronald Reagan Building and International Trade Center in D.C. To the right of them is a parked mobile billboard truck. On the side and back of the truck, a LED screen reads: Are (were) you a government worker? ProPublica journalists want to hear from you. Signal: 917-512-0201. propublica.org/tips.

1 1 8

Runa Sandvik @runasand.bsky.social · Mar 6

As @alecmuffett.bsky.social noted yesterday, it looks like the U.K. government has quietly scrubbed all encryption advice from government web pages. techcrunch.com/2025/03/06/u...

UK quietly scrubs encryption advice from government websites | TechCrunch

The UK is no longer recommending the use of encryption for at-risk groups following its iCloud backdoor demands

techcrunch.com

15 28

Runa Sandvik @runasand.bsky.social · Feb 23

Proton is free, though some may hesitate to use it. Tor is also free, though not exactly the same as a VPN. Do consider paying for one if that’s what you really need.

1 1 4

Runa Sandvik @runasand.bsky.social · Feb 18

If you’re interested in aviation security, check out this fantastic 2013 talk from Hugo Teso on leveraging ADS-B, ACARS, and on-board systems to attack virtual airplanes systems. www.youtube.com/watch?v=wk1j...

#HITB2013AMS D1T1 Hugo Teso - Aircraft Hacking: Practical Aero Series

YouTube video by Hack In The Box Security Conference

www.youtube.com

1 2 13