Runa Sandvik
@runasand.bsky.social
Founder of Granitt, securing journalists and at-risk people around the world.
Two years ago, a Norwegian researcher skeptical that pulsed-energy weapons could do damage to human brains — aka “Havana syndrome” — built a device and tested it on himself. It didn’t go well. Someone from FFI, perhaps? www.washingtonpost.com/national-sec...
Researcher skeptical of ‘Havana syndrome’ tested secret weapon on himself
The CIA investigated a Norwegian government experiment with a pulsed-energy machine in which a researcher built and tested a “Havana syndrome” device on himself.
www.washingtonpost.com
February 14, 2026 at 1:24 PM
Two years ago, a Norwegian researcher skeptical that pulsed-energy weapons could do damage to human brains — aka “Havana syndrome” — built a device and tested it on himself. It didn’t go well. Someone from FFI, perhaps? www.washingtonpost.com/national-sec...
Decided to try Claude by revisiting a malware analysis project that I originally presented at OBTS in 2021: the CIA's OS X implant called Green Lambert. It's amazing what you can do with a terminal and ~15 min of free time these days.
February 14, 2026 at 9:47 AM
Decided to try Claude by revisiting a malware analysis project that I originally presented at OBTS in 2021: the CIA's OS X implant called Green Lambert. It's amazing what you can do with a terminal and ~15 min of free time these days.
Former exec at exploit development firm Trenchant, owned by L3Harris, admitted to selling internal hacking tools to a Russian broker. Did the company notify the vendors whose products were exploited so that they could be patched? techcrunch.com/2026/02/11/d...
DOJ says Trenchant boss sold exploits to Russian broker capable of accessing 'millions of computers and devices' | TechCrunch
The former boss of the L3Harris-owned hacking and surveillance tools maker Trenchant faces nine years in prison for selling several exploits to a Russian broker, which counts the Russian government am...
techcrunch.com
February 12, 2026 at 12:18 PM
Former exec at exploit development firm Trenchant, owned by L3Harris, admitted to selling internal hacking tools to a Russian broker. Did the company notify the vendors whose products were exploited so that they could be patched? techcrunch.com/2026/02/11/d...
Russia’s Sandworm is back in the news, having recently been linked to the late December attack on Poland’s power grid. I recommend reading @agreenberg.bsky.social's work on the hacking group, starting with these WIRED articles and his 2019 book. www.wired.com/story/sandwo...
The Story of Sandworm, the Kremlin's Most Dangerous Hackers
For three years, WIRED has tracked the elite and shadowy Russian vanguard of cyberwar.
www.wired.com
February 9, 2026 at 5:16 PM
Russia’s Sandworm is back in the news, having recently been linked to the late December attack on Poland’s power grid. I recommend reading @agreenberg.bsky.social's work on the hacking group, starting with these WIRED articles and his 2019 book. www.wired.com/story/sandwo...
If you've been laid off by the Washington Post this week and have any questions re: digital security, please email me on [email protected]. I'll help you pro-bono for the rest of the month.
February 6, 2026 at 4:00 PM
If you've been laid off by the Washington Post this week and have any questions re: digital security, please email me on [email protected]. I'll help you pro-bono for the rest of the month.
We’ve heard a lot about use of AI to clone the voices of celebrities, execs, and politicians. Here’s a @defcon.bsky.social talk from @helicoptersofdc.bsky.social about cloning the voices of air traffic controllers to give false instructions to pilots. www.youtube.com/watch?v=JKwx...
DEF CON 33 - Voice Cloning Air Traffic Control: Vulnerabilities at Runway Crossings - Andrew Logan
YouTube video by DEFCONConference
www.youtube.com
February 5, 2026 at 8:00 PM
We’ve heard a lot about use of AI to clone the voices of celebrities, execs, and politicians. Here’s a @defcon.bsky.social talk from @helicoptersofdc.bsky.social about cloning the voices of air traffic controllers to give false instructions to pilots. www.youtube.com/watch?v=JKwx...
The FBI has so far been unable to get into Washington Post reporter Hannah Natanson’s iPhone because it’s using Lockdown Mode — one of my favorite iOS features. You can turn it on for iPadOS, macOS, and watchOS too! www.404media.co/fbi-couldnt-...
FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled
Lockdown Mode is a sometimes overlooked feature of Apple devices that broadly make them harder to hack. A court record indicates the feature might be effective at stopping third parties unlocking some...
www.404media.co
February 4, 2026 at 5:20 PM
The FBI has so far been unable to get into Washington Post reporter Hannah Natanson’s iPhone because it’s using Lockdown Mode — one of my favorite iOS features. You can turn it on for iPadOS, macOS, and watchOS too! www.404media.co/fbi-couldnt-...
Epstein was a New York Times subscriber; in 2017 he received an invite to the first CryptoParty my colleagues and I organized in New York. I've got no memory of him attending, though. www.justice.gov/epstein/file...
February 3, 2026 at 4:37 PM
Epstein was a New York Times subscriber; in 2017 he received an invite to the first CryptoParty my colleagues and I organized in New York. I've got no memory of him attending, though. www.justice.gov/epstein/file...
The old phone number for Norway’s crown princess is in the Epstein files. That number now belongs to a 14yo girl in Stavanger who says she’s receiving creepy calls and messages. I’m surprised the provider recycled the number and didn’t just archive it. www.dagbladet.no/nyheter/stav...
Stavanger-jente ringes ned: - Ekkelt
En 14-åring fra Stavanger har fått mange ukjente anrop etter at telefonnummeret hennes dukket opp i Epstein-filene.
www.dagbladet.no
February 3, 2026 at 1:15 PM
The old phone number for Norway’s crown princess is in the Epstein files. That number now belongs to a 14yo girl in Stavanger who says she’s receiving creepy calls and messages. I’m surprised the provider recycled the number and didn’t just archive it. www.dagbladet.no/nyheter/stav...
Between June and December 2025, a “likely Chinese state-sponsored group” compromised the infrastructure used by Notepad++ and served malicious updates to selectively targeted users. notepad-plus-plus.org/news/hijacke...
February 2, 2026 at 12:57 PM
Between June and December 2025, a “likely Chinese state-sponsored group” compromised the infrastructure used by Notepad++ and served malicious updates to selectively targeted users. notepad-plus-plus.org/news/hijacke...
ProPublica names the two federal immigration agents who fired on Minneapolis protester Alex Pretti last weekend: Jesus Ochoa and Raymundo Gutierrez. www.propublica.org/article/alex...
Two CBP Agents Identified in Alex Pretti Shooting
The two federal immigration agents who fired on Minneapolis protester Alex Pretti are identified in government records as Border Patrol agent Jesus Ochoa and Customs and Border Protection officer Raym...
www.propublica.org
February 1, 2026 at 11:06 PM
ProPublica names the two federal immigration agents who fired on Minneapolis protester Alex Pretti last weekend: Jesus Ochoa and Raymundo Gutierrez. www.propublica.org/article/alex...
I helped design and implement the secure tip line at the New York Times in 2016. Who can access what, when, where, and how is just as important as the specific apps, tools, and settings that are used. www.nytimes.com/2017/03/02/i...
How to Tell a Secret in the Digital Age (Published 2017)
www.nytimes.com
January 31, 2026 at 8:05 PM
I helped design and implement the secure tip line at the New York Times in 2016. Who can access what, when, where, and how is just as important as the specific apps, tools, and settings that are used. www.nytimes.com/2017/03/02/i...
New court record from the FBI details the state of the devices seized from Washington Post reporter Hannah Natanson: phone was on w/Lockdown Mode; personal laptop was off; work laptop was on w/Touch ID; several Signal chats used disappearing messages. storage.courtlistener.com/recap/gov.us...
January 31, 2026 at 5:32 PM
New court record from the FBI details the state of the devices seized from Washington Post reporter Hannah Natanson: phone was on w/Lockdown Mode; personal laptop was off; work laptop was on w/Touch ID; several Signal chats used disappearing messages. storage.courtlistener.com/recap/gov.us...
Police in Norway are investigating an Italian company suspected of installing high-end FLIR cameras on a rooftop overlooking Melkøya, the endpoint of the pipeline for natural gas from the Barents Sea. www.nrk.no/tromsogfinnm...
Avdekket kameraer som overvåket Melkøya
Politiet undersøker et italiensk selskap, som selger informasjon videre til andre, etter avsløring av kameraer som overvåket gassanlegget på Melkøya i detalje.
www.nrk.no
January 30, 2026 at 3:37 PM
Police in Norway are investigating an Italian company suspected of installing high-end FLIR cameras on a rooftop overlooking Melkøya, the endpoint of the pipeline for natural gas from the Barents Sea. www.nrk.no/tromsogfinnm...
Journalism is not a crime. www.cnn.com/2026/01/30/p...
January 30, 2026 at 3:28 PM
Journalism is not a crime. www.cnn.com/2026/01/30/p...
Apple’s new iPhone security feature limits cell networks from collecting precise location data, but appears to have very limited support in the U.S. at the moment. Here’s to hoping all the big carriers get on board too. techcrunch.com/2026/01/29/a...
January 29, 2026 at 3:00 PM
Apple’s new iPhone security feature limits cell networks from collecting precise location data, but appears to have very limited support in the U.S. at the moment. Here’s to hoping all the big carriers get on board too. techcrunch.com/2026/01/29/a...
I’ll be in Copenhagen, Barcelona, and Madrid in March! I’ve got some extra time for security assessments; policy and process things; and presentations, so please get in touch if you’d like to work together.
January 29, 2026 at 2:43 PM
I’ll be in Copenhagen, Barcelona, and Madrid in March! I’ve got some extra time for security assessments; policy and process things; and presentations, so please get in touch if you’d like to work together.
Powerful new features announced by WhatsApp today to defend against sophisticated spyware. Includes the ability to block attachments and media from people not in your contact list. cyberscoop.com/whatsapp-str...
WhatsApp releases account feature that looks to combat spyware
WhatsApp is rolling out “Strict Account Settings,” a lockdown-style security mode that limits interactions from non-contacts to help protect high-risk users from sophisticated spyware attacks.
cyberscoop.com
January 27, 2026 at 7:26 PM
Powerful new features announced by WhatsApp today to defend against sophisticated spyware. Includes the ability to block attachments and media from people not in your contact list. cyberscoop.com/whatsapp-str...
According to the DOJ, Hannah Natanson and the Washington Post published “at least five articles that contained classified information Perez-Lugones provided.” A review shows all five articles, published October 2025 - January 2026, were about Venezuela. www.justice.gov/usao-md/pr/m...
www.justice.gov
January 26, 2026 at 5:23 PM
According to the DOJ, Hannah Natanson and the Washington Post published “at least five articles that contained classified information Perez-Lugones provided.” A review shows all five articles, published October 2025 - January 2026, were about Venezuela. www.justice.gov/usao-md/pr/m...
A number of Washington Post journalists asked for tips from government workers last year and posted their personal phone numbers for @signal.org. Please know that Signal allows you to create a username, meaning you can keep your phone number private. signal.org/blog/phone-n...
Keep your phone number private with Signal usernames
Signal’s mission and sole focus is private communication. For years, Signal has kept your messages private, your profile information (like your name and profile photo) private, your contacts private, ...
signal.org
January 26, 2026 at 4:20 PM
A number of Washington Post journalists asked for tips from government workers last year and posted their personal phone numbers for @signal.org. Please know that Signal allows you to create a username, meaning you can keep your phone number private. signal.org/blog/phone-n...
Given how aggressively the government has pursued Hannah Natanson and the Washington Post, it would not surprise me if Google and Proton also received subpoenas for access to her accounts.
January 24, 2026 at 4:44 PM
Given how aggressively the government has pursued Hannah Natanson and the Washington Post, it would not surprise me if Google and Proton also received subpoenas for access to her accounts.
Here are the items the FBI seized from Washington Post reporter Hannah Natanson: a recorder, two laptops, an external drive, a smart watch, an iPhone. Her December article mentioned that she stored notes “in an encrypted drive,” likely Proton Drive ref: her Jan 20 declaration.
January 23, 2026 at 6:04 PM
Here are the items the FBI seized from Washington Post reporter Hannah Natanson: a recorder, two laptops, an external drive, a smart watch, an iPhone. Her December article mentioned that she stored notes “in an encrypted drive,” likely Proton Drive ref: her Jan 20 declaration.
A “chronic lack of cooperation from the Israeli authorities” has forced Spain’s highest criminal court to shelve its investigation into use of Pegasus against Spanish ministers, inc. the prime minister. Cases uncovered by @citizenlab.ca go back to 2021. www.theguardian.com/world/2026/j...
Spanish court points finger at Israel as it drops Pegasus spyware case again
Judge shelves inquiry into use of Israeli-made software to target ministers’ phones citing chronic lack of cooperation
www.theguardian.com
January 23, 2026 at 2:42 PM
A “chronic lack of cooperation from the Israeli authorities” has forced Spain’s highest criminal court to shelve its investigation into use of Pegasus against Spanish ministers, inc. the prime minister. Cases uncovered by @citizenlab.ca go back to 2021. www.theguardian.com/world/2026/j...
If you store your BitLocker key with Microsoft, Microsoft can and will hand the key over to law enforcement in response to valid court orders. www.forbes.com/sites/thomas...
Microsoft Gave FBI BitLocker Encryption Keys, Exposing Privacy Flaw
The tech giant said providing encryption keys was a standard response to a court order. But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible.
www.forbes.com
January 23, 2026 at 2:21 PM
If you store your BitLocker key with Microsoft, Microsoft can and will hand the key over to law enforcement in response to valid court orders. www.forbes.com/sites/thomas...
I know people are looking for digital security guides and checklists in light of the FBI seizing devices of a Washington Post reporter. Here’s a guide I wrote for @gijn.org in 2024, which remains up to date and relevant. gijn.org/resource/int...
Introduction to Investigative Journalism: Digital Security
Digital security may seem a little daunting at first, but increased security will help investigative journalists build trust with — and protect — current and future sources.
gijn.org
January 23, 2026 at 1:50 PM
I know people are looking for digital security guides and checklists in light of the FBI seizing devices of a Washington Post reporter. Here’s a guide I wrote for @gijn.org in 2024, which remains up to date and relevant. gijn.org/resource/int...