Runa Sandvik's Avatar

Runa Sandvik

@runasand

Founder of Granitt, securing journalists and at-risk people around the world.

10,965
Followers 52
Following 262
Posts 24.04.2023
Joined
Posts Following

Latest posts by Runa Sandvik @runasand

Post image

We still don't know if Trenchant and L3Harris notified Apple once it learned its iPhone-hacking toolkit had been stolen/leaked. The toolkit was later used to target people in China and Ukraine. techcrunch.com/2026/03/09/a...

10.03.2026 12:40 πŸ‘ 6 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Russian Woman Who Drunk-Texted FBI Agent Pleads to Spying for FSB Nomma Zarubina heading U.S. prison for spying for Russian intelligence after a few tumultuous months in which her bail was revoked for harassing an investigator on her case.

Nomma Zarubina, who once drunk-texted an FBI agent saying "Catch me baby. So many spies," is heading to U.S. prison for spying for Russian intelligence. www.occrp.org/en/news/russ...

25.02.2026 15:37 πŸ‘ 13 πŸ” 5 πŸ’¬ 1 πŸ“Œ 0
Post image

Worth noting that while the judge rejected the DOJ's request to search the devices seized from Washington Post reporter Hannah Natanson, they did decide that the court "will conduct an independent judicial review of the seized materials" instead. storage.courtlistener.com/recap/gov.us...

25.02.2026 15:06 πŸ‘ 11 πŸ” 2 πŸ’¬ 1 πŸ“Œ 0
Post image

Huge win for Hannah Natanson and the Washington Post today: the judge ruled that the government cannot search the devices they seized from her. www.washingtonpost.com/national-sec...

24.02.2026 23:53 πŸ‘ 205 πŸ” 59 πŸ’¬ 6 πŸ“Œ 1
Post image

Trenchant and L3Harris had an exec steal internal tools for three *years* β€” and sell them to a Russian broker β€” before anyone noticed. cyberscoop.com/l3harris-exe...

24.02.2026 22:10 πŸ‘ 5 πŸ” 2 πŸ’¬ 0 πŸ“Œ 1

Thank you! Happy to chat anytime.

20.02.2026 08:30 πŸ‘ 4 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Prominent Angolan journalist targeted with Predator spyware An Amnesty International investigation has established that prominent, Angolan journalist, Teixeira CΓ’ndido was targeted with Predator spyware in 2024.

A new investigation from @amnesty.org found that a journalist in Angola was targeted with Predator spyware in 2024. We also know that @citizenlab.ca found links to Predator infrastructure in Angola in 2023, and links to FinFisher infrastructure in 2015. www.amnesty.org/en/latest/ne...

18.02.2026 14:07 πŸ‘ 11 πŸ” 5 πŸ’¬ 0 πŸ“Œ 0
Preview
Not Safe for Politics: Cellebrite Used on Kenyan Activist and Politician Boniface Mwangi - The Citizen Lab Following the widely-condemned arrest in July 2025 of prominent Kenyan opposition voice Boniface Mwangi, the Citizen Lab analyzed artefacts from devices seized during the arrest. We found that Cellebr...

Latest research from @citizenlab.ca shows @cellebrite.bsky.social tech used for human rights abuse in Kenya. Imagine if the company spent more time discussing who *not* to sell to. citizenlab.ca/research/cel...

17.02.2026 23:37 πŸ‘ 15 πŸ” 4 πŸ’¬ 0 πŸ“Œ 0
Preview
Researcher skeptical of β€˜Havana syndrome’ tested secret weapon on himself The CIA investigated a Norwegian government experiment with a pulsed-energy machine in which a researcher built and tested a β€œHavana syndrome” device on himself.

Two years ago, a Norwegian researcher skeptical that pulsed-energy weapons could do damage to human brains β€” aka β€œHavana syndrome” β€” built a device and tested it on himself. It didn’t go well. Someone from FFI, perhaps? www.washingtonpost.com/national-sec...

14.02.2026 13:23 πŸ‘ 18 πŸ” 6 πŸ’¬ 1 πŸ“Œ 0

Decided to try Claude by revisiting a malware analysis project that I originally presented at OBTS in 2021: the CIA's OS X implant called Green Lambert. It's amazing what you can do with a terminal and ~15 min of free time these days.

14.02.2026 09:47 πŸ‘ 21 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0

My understanding is the emails are only encrypted if sent from one Proton user to another Proton user. So in that case they only have metadata to hand over.

12.02.2026 19:18 πŸ‘ 3 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Proton is required to comply with valid legal orders and has a track record of doing so.

12.02.2026 12:32 πŸ‘ 4 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

The issue here isn’t Signal, but the use of biometrics on the work laptop.

12.02.2026 12:31 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
DOJ says Trenchant boss sold exploits to Russian broker capable of accessing 'millions of computers and devices' | TechCrunch The former boss of the L3Harris-owned hacking and surveillance tools maker Trenchant faces nine years in prison for selling several exploits to a Russian broker, which counts the Russian government am...

Former exec at exploit development firm Trenchant, owned by L3Harris, admitted to selling internal hacking tools to a Russian broker. Did the company notify the vendors whose products were exploited so that they could be patched? techcrunch.com/2026/02/11/d...

12.02.2026 12:18 πŸ‘ 23 πŸ” 10 πŸ’¬ 2 πŸ“Œ 2
Preview
Russian Sandworm group attacks energy company in Poland with DynoWiper, ESET Research discovers ESET researchers identified new data-wiping malware that ESET named DynoWiper, used against an energy company in Poland.

Yeah, and this from ESET. www.eset.com/us/about/new...

09.02.2026 23:16 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Ah! I was going by work done by the ESET folks, but maybe they only linked Sandworm to parts of the attack?

09.02.2026 22:04 πŸ‘ 1 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
The Story of Sandworm, the Kremlin's Most Dangerous Hackers For three years, WIRED has tracked the elite and shadowy Russian vanguard of cyberwar.

Russia’s Sandworm is back in the news, having recently been linked to the late December attack on Poland’s power grid. I recommend reading @agreenberg.bsky.social's work on the hacking group, starting with these WIRED articles and his 2019 book. www.wired.com/story/sandwo...

09.02.2026 17:15 πŸ‘ 24 πŸ” 12 πŸ’¬ 2 πŸ“Œ 1

Correct. And because she had linked Signal on the phone to the desktop app, the FBI was able to access her messages.

06.02.2026 22:16 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

If you've been laid off by the Washington Post this week and have any questions re: digital security, please email me on runa@granitt.io. I'll help you pro-bono for the rest of the month.

06.02.2026 16:00 πŸ‘ 85 πŸ” 40 πŸ’¬ 2 πŸ“Œ 2
DEF CON 33 - Voice Cloning Air Traffic Control: Vulnerabilities at Runway Crossings - Andrew Logan
DEF CON 33 - Voice Cloning Air Traffic Control: Vulnerabilities at Runway Crossings - Andrew Logan YouTube video by DEFCONConference

We’ve heard a lot about use of AI to clone the voices of celebrities, execs, and politicians. Here’s a @defcon.bsky.social talk from @helicoptersofdc.bsky.social about cloning the voices of air traffic controllers to give false instructions to pilots. www.youtube.com/watch?v=JKwx...

05.02.2026 20:00 πŸ‘ 16 πŸ” 6 πŸ’¬ 1 πŸ“Œ 3

The issue here was not Signal, but the use of Touch ID for authentication. The agents were able to access her Signal messages because they were able to access the laptop, and she’d linked the mobile app to the desktop app.

05.02.2026 09:18 πŸ‘ 3 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Preview
FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled Lockdown Mode is a sometimes overlooked feature of Apple devices that broadly make them harder to hack. A court record indicates the feature might be effective at stopping third parties unlocking some...

The FBI has so far been unable to get into Washington Post reporter Hannah Natanson’s iPhone because it’s using Lockdown Mode β€” one of my favorite iOS features. You can turn it on for iPadOS, macOS, and watchOS too! www.404media.co/fbi-couldnt-...

04.02.2026 17:20 πŸ‘ 55 πŸ” 21 πŸ’¬ 0 πŸ“Œ 0
Post image

Epstein was a New York Times subscriber; in 2017 he received an invite to the first CryptoParty my colleagues and I organized in New York. I've got no memory of him attending, though. www.justice.gov/epstein/file...

03.02.2026 16:37 πŸ‘ 9 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Stavanger-jente ringes ned: - Ekkelt En 14-Γ₯ring fra Stavanger har fΓ₯tt mange ukjente anrop etter at telefonnummeret hennes dukket opp i Epstein-filene.

The old phone number for Norway’s crown princess is in the Epstein files. That number now belongs to a 14yo girl in Stavanger who says she’s receiving creepy calls and messages. I’m surprised the provider recycled the number and didn’t just archive it. www.dagbladet.no/nyheter/stav...

03.02.2026 13:15 πŸ‘ 17 πŸ” 6 πŸ’¬ 2 πŸ“Œ 0

Reminds me of the time some people reported issues with SolarWinds, but couldn’t quite make sense of it… until six months later or something.

02.02.2026 13:18 πŸ‘ 4 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Post image

Between June and December 2025, a β€œlikely Chinese state-sponsored group” compromised the infrastructure used by Notepad++ and served malicious updates to selectively targeted users. notepad-plus-plus.org/news/hijacke...

02.02.2026 12:57 πŸ‘ 21 πŸ” 11 πŸ’¬ 2 πŸ“Œ 1
Preview
Two CBP Agents Identified in Alex Pretti Shooting The two federal immigration agents who fired on Minneapolis protester Alex Pretti are identified in government records as Border Patrol agent Jesus Ochoa and Customs and Border Protection officer Raym...

ProPublica names the two federal immigration agents who fired on Minneapolis protester Alex Pretti last weekend: Jesus Ochoa and Raymundo Gutierrez. www.propublica.org/article/alex...

01.02.2026 23:06 πŸ‘ 16 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0
Preview
Judge blocks government from searching data seized from Post reporter Government officials may not examine electronic devices seized from a Post reporter until litigation stemming from the search of her home is settled, a judge rules.

Remains to be seen. The devices were seized and material was archived, but has yet to be reviewed. www.washingtonpost.com/national-sec...

01.02.2026 19:08 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Here’s the specific language from one of the other documents. Biometrics is something you have, which they can demand that you present. Password is something you know, which they can’t force you to share. bsky.app/profile/runa...

01.02.2026 13:25 πŸ‘ 6 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0

Like a cryptoparty?

01.02.2026 02:00 πŸ‘ 4 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0