Lorenzo Franceschi-Bicchierai
@lorenzofb.bsky.social
Real-time historian of the late cyber capitalist era @TechCrunch, writing about the intersection of hackers, human rights, and spies.
Also writing a book about Hacking Team and the history of government spyware.
☎️ Signal: +1 917 257 1382
Also writing a book about Hacking Team and the history of government spyware.
☎️ Signal: +1 917 257 1382
Pinned
Do you have any tips about cybersecurity, surveillance, spyware, zero-days...all things cyber?
Contact me here:
☎️ Signal: + 1 917 257 1382
📷Keybase/Telegram: lorenzofb
Contact me here:
☎️ Signal: + 1 917 257 1382
📷Keybase/Telegram: lorenzofb
NEW: The notorious cybercrime gang ShinyHunters claimed responsibility for last year's data breaches at Harvard University and University of Pennsylvania.
The hackers also published some stolen personal information from the two schools, saying the universities refused to pay a ransom.
The hackers also published some stolen personal information from the two schools, saying the universities refused to pay a ransom.
Hackers publish personal information stolen during Harvard, UPenn data breaches | TechCrunch
The prolific cybercrime group ShinyHunters took responsibility for hacking Harvard and the University of Pennsylvania, and published the stolen data on its extortion website.
techcrunch.com
February 4, 2026 at 5:59 PM
NEW: The notorious cybercrime gang ShinyHunters claimed responsibility for last year's data breaches at Harvard University and University of Pennsylvania.
The hackers also published some stolen personal information from the two schools, saying the universities refused to pay a ransom.
The hackers also published some stolen personal information from the two schools, saying the universities refused to pay a ransom.
Media layoffs are always infuriating but the ones happening today at WaPo are especially enraging.
February 4, 2026 at 5:23 PM
Media layoffs are always infuriating but the ones happening today at WaPo are especially enraging.
Reposted by Lorenzo Franceschi-Bicchierai
I wrote some words for TechCrunch about how Homeland Security is using administrative subpoenas, which aren't subject to judicial oversight, to seek data from tech giants about Trump critics and anonymous accounts of ICE trackers. Featuring really great reporting by Bloomberg & Washington Post.
Homeland Security is trying to force tech companies to hand over data about Trump critics | TechCrunch
The use of administrative subpoenas, which are not subject to judicial oversight, are used to demand a wealth of information from tech companies, including the owners of anonymous online accounts docu...
techcrunch.com
February 3, 2026 at 6:45 PM
I wrote some words for TechCrunch about how Homeland Security is using administrative subpoenas, which aren't subject to judicial oversight, to seek data from tech giants about Trump critics and anonymous accounts of ICE trackers. Featuring really great reporting by Bloomberg & Washington Post.
NEW: French Police searched the local X offices as part of a criminal investigation for several crimes, including possession and distribution of child sexual abuse material.
Paris prosecutor's office also announced that it summond Elon Musk and former X CEO Linda Yaccarino for questioning.
Paris prosecutor's office also announced that it summond Elon Musk and former X CEO Linda Yaccarino for questioning.
French police search X office in Paris, summons Elon Musk for questioning | TechCrunch
The Paris prosecutor’s office announced that it is expanding a criminal investigation into X for alleged crimes, including the possession and distribution of child sexual exploitation material.
techcrunch.com
February 3, 2026 at 4:57 PM
NEW: French Police searched the local X offices as part of a criminal investigation for several crimes, including possession and distribution of child sexual abuse material.
Paris prosecutor's office also announced that it summond Elon Musk and former X CEO Linda Yaccarino for questioning.
Paris prosecutor's office also announced that it summond Elon Musk and former X CEO Linda Yaccarino for questioning.
Reposted by Lorenzo Franceschi-Bicchierai
NEW: NSO tried to hijack the Pall Mall Process to whitewash their reputation in the midst of ongoing Pegasus abuses.
France & UK govs leading the process say: "Not so fast!"
Submitting comments ≠ participation/compliance!
By @suzannesmalley.bsky.social
therecord.media/spyware-make...
France & UK govs leading the process say: "Not so fast!"
Submitting comments ≠ participation/compliance!
By @suzannesmalley.bsky.social
therecord.media/spyware-make...
Spyware maker is hijacking diplomatic efforts to limit commercial hacking, civil society warns
Spyware maker NSO Group trumpeted the company’s participation in the Pall Mall Process, which drew criticism from civil society leaders and government officials who called out human rights abuses.
therecord.media
February 2, 2026 at 6:47 PM
NEW: NSO tried to hijack the Pall Mall Process to whitewash their reputation in the midst of ongoing Pegasus abuses.
France & UK govs leading the process say: "Not so fast!"
Submitting comments ≠ participation/compliance!
By @suzannesmalley.bsky.social
therecord.media/spyware-make...
France & UK govs leading the process say: "Not so fast!"
Submitting comments ≠ participation/compliance!
By @suzannesmalley.bsky.social
therecord.media/spyware-make...
I know the Grammys are dumb in general, but giving "Best Metal Performance" to Turnstile is so so fucking dumb. Who in their right mind would classify anything Turnstile has ever done as "metal"?
February 2, 2026 at 1:10 AM
I know the Grammys are dumb in general, but giving "Best Metal Performance" to Turnstile is so so fucking dumb. Who in their right mind would classify anything Turnstile has ever done as "metal"?
Reposted by Lorenzo Franceschi-Bicchierai
Tensions ran high during the 33rd hearing of 🇬🇷Greece’s wiretappings trial, as defense lawyers challenged the inclusion of documents detailing surveillance products marketed by Intellexa. The court ultimately rejected the objections.
www.dnews.gr/eidhseis/new...
www.dnews.gr/eidhseis/new...
Wiretapping Trial in Greece: Prosecutor to Present Recommendation on February 6 - Dnews
Tensions ran high during the 33rd hearing of Greece’s high-profile wiretapping trial on Thursday, as defense lawyers challenged the inclusion of documents detailing surveillance products marketed by t...
www.dnews.gr
January 30, 2026 at 7:09 PM
Tensions ran high during the 33rd hearing of 🇬🇷Greece’s wiretappings trial, as defense lawyers challenged the inclusion of documents detailing surveillance products marketed by Intellexa. The court ultimately rejected the objections.
www.dnews.gr/eidhseis/new...
www.dnews.gr/eidhseis/new...
Reposted by Lorenzo Franceschi-Bicchierai
hate to be that guy, but today brings yet another reminder of why everyone should stop posting on the elon musk platform
January 30, 2026 at 10:05 PM
hate to be that guy, but today brings yet another reminder of why everyone should stop posting on the elon musk platform
NEW: An informant told the FBI in 2017 that Jeffrey Epstein had a "personal hacker," according to a document released today.
The document does not name the hacker, but says he is Italian, developed and sold zero-days (iOS and Blackberry) to governments such as the U.K. and the United States.
The document does not name the hacker, but says he is Italian, developed and sold zero-days (iOS and Blackberry) to governments such as the U.K. and the United States.
Informant told FBI that Jeffrey Epstein had a ‘personal hacker’ | TechCrunch
A document published by the Justice Department quotes an FBI informant in 2017 that alleged Jeffrey Epstein had a “personal hacker.”
techcrunch.com
January 30, 2026 at 10:07 PM
NEW: An informant told the FBI in 2017 that Jeffrey Epstein had a "personal hacker," according to a document released today.
The document does not name the hacker, but says he is Italian, developed and sold zero-days (iOS and Blackberry) to governments such as the U.K. and the United States.
The document does not name the hacker, but says he is Italian, developed and sold zero-days (iOS and Blackberry) to governments such as the U.K. and the United States.
NEW: Russian government hackers were able to break into parts of Poland's energy infrastructure thanks to default usernames and passwords and no multi-factor authentication, the Polish government said in a report.
facepalm.gif
techcrunch.com/2026/01/30/r...
facepalm.gif
techcrunch.com/2026/01/30/r...
Russian hackers breached Polish power grid thanks to bad security, report says | TechCrunch
The Polish government accused a Russian government hacking group of hacking into energy facilities taking advantage of default usernames and passwords.
techcrunch.com
January 30, 2026 at 4:52 PM
NEW: Russian government hackers were able to break into parts of Poland's energy infrastructure thanks to default usernames and passwords and no multi-factor authentication, the Polish government said in a report.
facepalm.gif
techcrunch.com/2026/01/30/r...
facepalm.gif
techcrunch.com/2026/01/30/r...
The internet can still be a good place sometimes.
if you search for 'Melania' on Amazon, you'll see a banner ad for the doc, a link to buy her book, and an erotic thriller depicting the First Lady as a monster published in 2018
Erotic Parody 'Melania: Devourer of Men' Sales Surge on Amazon Amid Documentary Flop
A Reddit-led protest is trying to push an eight year old erotic thriller to the top of Amazon’s sales charts.
www.404media.co
January 30, 2026 at 4:19 PM
The internet can still be a good place sometimes.
January 29, 2026 at 8:47 PM
Reposted by Lorenzo Franceschi-Bicchierai
New: Fintech firm Marquis, used by hundreds of banks & credit unions across the U.S., told its customers that it plans to seek compensation from its firewall provider SonicWall after blaming the company for a breach that allowed hackers to steal tons of people's personal and financial data & SSNs.
Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach | TechCrunch
The fintech giant said it plans to "seek recoupment of any expenses" from its firewall provider SonicWall after a 2025 data breach exposed customer firewall configurations.
techcrunch.com
January 29, 2026 at 8:34 PM
New: Fintech firm Marquis, used by hundreds of banks & credit unions across the U.S., told its customers that it plans to seek compensation from its firewall provider SonicWall after blaming the company for a breach that allowed hackers to steal tons of people's personal and financial data & SSNs.
January 29, 2026 at 5:12 PM
Reposted by Lorenzo Franceschi-Bicchierai
NEW, by me: A security and privacy feature rolled out to select models of the latest iPhones and iPads this week will make it more difficult for law enforcement, spies, and malicious hackers to obtain a person's precise location data from their phone provider.
Apple's new iPhone and iPad security feature limits cell networks from collecting precise location data | TechCrunch
The new security feature makes it more difficult for police and malicious hackers to obtain a person's precise location data from a cell phone company.
techcrunch.com
January 29, 2026 at 2:53 PM
NEW, by me: A security and privacy feature rolled out to select models of the latest iPhones and iPads this week will make it more difficult for law enforcement, spies, and malicious hackers to obtain a person's precise location data from their phone provider.
Reposted by Lorenzo Franceschi-Bicchierai
Jon is joined by @josephcox.bsky.social and @radleybalko.bsky.social to discuss Palantir's advanced targeting technology and how federal agencies like ICE are using it.
January 28, 2026 at 2:55 PM
Jon is joined by @josephcox.bsky.social and @radleybalko.bsky.social to discuss Palantir's advanced targeting technology and how federal agencies like ICE are using it.
If you take OPSEC advice from Elon Musk and Pavel Durov, good luck, you're basically screwed. I wouldn’t trust those two to make me a coffee with a Nespresso machine, let alone help me stay secure online.
January 27, 2026 at 8:57 PM
If you take OPSEC advice from Elon Musk and Pavel Durov, good luck, you're basically screwed. I wouldn’t trust those two to make me a coffee with a Nespresso machine, let alone help me stay secure online.
NEW: After Apple launched Lockdown Mode years ago, and Google released its own special security feature for Android last year, WhatsApp now offers a new mode for users at high risk of being targeted with spyware.
It's called Strict Account Settings and enables certain restrictions to protect users.
It's called Strict Account Settings and enables certain restrictions to protect users.
WhatsApp is rolling out a new stricter security setting to protect users from cyber attacts | TechCrunch
Days after Meta was sued over alleged false privacy claims surrounding its chat app WhatsApp, the company has rolled out a new setting to protect users
techcrunch.com
January 27, 2026 at 8:26 PM
NEW: After Apple launched Lockdown Mode years ago, and Google released its own special security feature for Android last year, WhatsApp now offers a new mode for users at high risk of being targeted with spyware.
It's called Strict Account Settings and enables certain restrictions to protect users.
It's called Strict Account Settings and enables certain restrictions to protect users.
Vas has tirelessly and constantly followed virtually every story related to government spyware that is developing in any corners of the world. I don't know how he can keep up with everything that's happening in that world, but I am glad he does.
A 🇬🇧judge has ordered 🇸🇦Saudi Arabia to pay more than £3m in damages to a London-based dissident whose phones were targeted with Pegasus #spyware.
www.theguardian.com/world/2026/j...
www.theguardian.com/world/2026/j...
Saudi Arabia ordered to pay £3m to London dissident over Pegasus spying
High court finds kingdom responsible for hacking phones of Ghanem al-Masarir and for physical attack on him
www.theguardian.com
January 26, 2026 at 6:22 PM
Vas has tirelessly and constantly followed virtually every story related to government spyware that is developing in any corners of the world. I don't know how he can keep up with everything that's happening in that world, but I am glad he does.
Reposted by Lorenzo Franceschi-Bicchierai
A number of Washington Post journalists asked for tips from government workers last year and posted their personal phone numbers for @signal.org. Please know that Signal allows you to create a username, meaning you can keep your phone number private. signal.org/blog/phone-n...
Keep your phone number private with Signal usernames
Signal’s mission and sole focus is private communication. For years, Signal has kept your messages private, your profile information (like your name and profile photo) private, your contacts private, ...
signal.org
January 26, 2026 at 4:20 PM
A number of Washington Post journalists asked for tips from government workers last year and posted their personal phone numbers for @signal.org. Please know that Signal allows you to create a username, meaning you can keep your phone number private. signal.org/blog/phone-n...
NEW: Microsoft handed the FBI the recovery keys to decrypt the hard drives of three laptops encrypted with BitLocker.
BitLocker is enabled by default in modern Windows laptops, but Microsoft also prompts users to upload the recovery keys to the company's cloud, which opens up this possibility.
BitLocker is enabled by default in modern Windows laptops, but Microsoft also prompts users to upload the recovery keys to the company's cloud, which opens up this possibility.
Microsoft gave FBI a set of BitLocker encryption keys to unlock suspects' laptops: reports | TechCrunch
The FBI served Microsoft a warrant requesting encryption recovery keys to decrypt the hard drives of people involved in an alleged fraud case in Guam.
techcrunch.com
January 23, 2026 at 3:56 PM
NEW: Microsoft handed the FBI the recovery keys to decrypt the hard drives of three laptops encrypted with BitLocker.
BitLocker is enabled by default in modern Windows laptops, but Microsoft also prompts users to upload the recovery keys to the company's cloud, which opens up this possibility.
BitLocker is enabled by default in modern Windows laptops, but Microsoft also prompts users to upload the recovery keys to the company's cloud, which opens up this possibility.
25 days later, White Date is still down.
NEW: A hacktivist dressed as Pink Ranger from the Power Rangers wiped three white supremacist websites on stage at the end of a talk at a hacker conference.
The hacker also published users’ data on the website okstupid.lol.
The three sites are still down, a week after the live hack.
The hacker also published users’ data on the website okstupid.lol.
The three sites are still down, a week after the live hack.
Hacktivist deletes white supremacist websites live on stage during hacker conference | TechCrunch
A hacker known as Martha Root broke in and deleted three white supremacists websites at the end of a talk during the annual hacker conference Chaos Communication Congress in Germany.
techcrunch.com
January 23, 2026 at 3:42 PM
25 days later, White Date is still down.
Reposted by Lorenzo Franceschi-Bicchierai
Spanish judge closes probe into NSO in wake of Pegasus hack of several govt officials, incl the PM. Court says Israel ignored five requests for information and probe can't proceed as a result. NSO has historically been shielded from accountability by the Israeli govt
therecord.media/spanish-judg...
therecord.media/spanish-judg...
Spanish judge closes NSO Group spyware probe due to lack of cooperation from Israel
The case dates to May 2022, when the court launched a probe into the alleged spying on devices belonging to Prime Minister Pedro Sánchez and Defence Minister Margarita Robles.
therecord.media
January 22, 2026 at 6:56 PM
Spanish judge closes probe into NSO in wake of Pegasus hack of several govt officials, incl the PM. Court says Israel ignored five requests for information and probe can't proceed as a result. NSO has historically been shielded from accountability by the Israeli govt
therecord.media/spanish-judg...
therecord.media/spanish-judg...
NEW: Ireland is working on a law to regulate the use of spyware by the police.
There's no details yet, but the Irish government promises to balance the need to fight serious crime with spyware, with the need to respect privacy and human rights.
techcrunch.com/2026/01/22/i...
There's no details yet, but the Irish government promises to balance the need to fight serious crime with spyware, with the need to respect privacy and human rights.
techcrunch.com/2026/01/22/i...
Ireland proposes new law allowing police to use spyware | TechCrunch
The Irish government announced that it wants to pass a law that would grant police more surveillance powers, such as using spyware to fight serious crime, while aiming to protect the privacy rights of...
techcrunch.com
January 22, 2026 at 4:51 PM
NEW: Ireland is working on a law to regulate the use of spyware by the police.
There's no details yet, but the Irish government promises to balance the need to fight serious crime with spyware, with the need to respect privacy and human rights.
techcrunch.com/2026/01/22/i...
There's no details yet, but the Irish government promises to balance the need to fight serious crime with spyware, with the need to respect privacy and human rights.
techcrunch.com/2026/01/22/i...
Reposted by Lorenzo Franceschi-Bicchierai
New, by me: Under Armour says it’s aware of data breach claims after 72M customer records were posted online.
A spox. told me a "small percentage" of customers had sensitive information compromised but wouldn't say what it considers "sensitive," nor provide an accurate figure of affected customers.
A spox. told me a "small percentage" of customers had sensitive information compromised but wouldn't say what it considers "sensitive," nor provide an accurate figure of affected customers.
Under Armour says it's 'aware' of data breach claims after 72M customer records were posted online | TechCrunch
TechCrunch obtained a sample of the stolen data, which contained names, email addresses, dates of birth, and the user's approximate geographic location. Under Armour confirmed some sensitive informati...
techcrunch.com
January 22, 2026 at 3:36 PM
New, by me: Under Armour says it’s aware of data breach claims after 72M customer records were posted online.
A spox. told me a "small percentage" of customers had sensitive information compromised but wouldn't say what it considers "sensitive," nor provide an accurate figure of affected customers.
A spox. told me a "small percentage" of customers had sensitive information compromised but wouldn't say what it considers "sensitive," nor provide an accurate figure of affected customers.