The biggest business story of the past year has been how hackers have wrought havoc on some of the world’s biggest companies, from Target’s credit card breach at the beginning of the year to the Sony hack at the end of the year that caused it to address racist and sexist emails by its executives and temporarily halt the release of “The Interview.”
Some of these actions were orchestrated by lone criminals; some by governments. All of them share one thing in common: The details are never revealed.
That changed in 2014 when Bloomberg News reporter Mike Riley published a number of deeply reported stories about digital attacks. Each exposed corporate America’s vulnerabilities.
That’s why Talking Biz News is naming Riley the Business Journalist of the Year for 2014 in a completely subjective selection. Other business journalists considered were CNBC’s Scott Wapner and Emily Flitter of Reuters for her coverage of private placements.
“Mike has been several steps ahead of the pack reporting on cyber security, writing with great authority as companies were ever more seriously breached,” said Winnie O’Kelly, an executive editor at Bloomberg who has worked with Riley. “He predicted the blurred lines between criminal and state- sponsored activity by hackers for hire that have at times confounded responses by the Obama administration, while capturing the mistakes made by companies from Target to Sony.
“He is an editor’s dream, picking up on narratives and tirelessly reporting from all sides until he can draw a vivid picture for the reader.”
Riley joined Bloomberg News in late 2010 after eight years with the Denver Post, where he covered immigration, the western United States and politics.
Before that, he spent time in Mexico working for the Houston Chronicle as a super stringer.
Soon after joining Bloomberg’s legal team in its Washington bureau, he was asked to look into hacking and cyber security.
“The timing was perfect because there had been a lot of hacking before that, but it was all under the covers,” said Riley in an interview earlier this week with Talking Biz News. “Just as I started looking into it, Anonymous starting hacking into companies and issuing press releases. And then the story grew from that point. Every year there was an escalation — Snowden, China.”
And then came the widespread company hacking that permeated business news in 2014.
“The Epic Hack” is the untold story of how Target became the victim of history’s biggest retail data heist. Over months, Riley and Bloomberg reporters Dune Lawrence, Ben Elgin, and Carol Matlack pieced together, without Target’s cooperation, how hackers brought the giant retailer to near-ruin. The theft wasn’t particularly inventive. It even set off alarms at Target’s security operations center.
“But then,” the reporters wrote in March, “Target stood by as 40 million credit card numbers—and 70 million addresses, phone numbers, and other pieces of personal information—gushed out of its mainframes” and onto the hard drives of Eastern European black marketeers. The Senate Commerce Committee’s investigation into the hack produced a report in March that heavily cited the story. Target’s CEO resigned on May 5.
“Target was a game changer,” said Riley. “Once the CEO loses his job, and the CIO lost her job, this wasn’t just about data being lost and brand reputation; their jobs were at stake.”
In 2010, a series of alarms went off at the FBI’s cyber security office. Nasdaq, the stock exchange operator, had been breached. The drama that unfolded over the next several years was shielded from the public until Riley revealed it in “How Russian Hackers Stole the Nasdaq.” After interviewing more than two-dozen federal investigators, Riley learned that the malware on Nasdaq’s computers was a Russian-designed cyberweapon.
He shared the investigators’ troubling conclusion: “The Russians weren’t trying to sabotage Nasdaq. They wanted to clone it, either to incorporate its technology directly into their exchange or as a model to learn from. And they dispatched an elite team of cyberspies to get it.”
During the summer of 2014, Riley got a tip that state-sponsored hackers had crossed a digital Rubicon, pulling off a highly destructive attack on the computers of a U.S. company. “Now at the Sands Casino: An Iranian Hacker in Every Server” by Elgin and Riley, reveals how the Las Vegas Sands Corp., the casino operator, was thoroughly sabotaged by Iranian hacktivists. After combing confidential documents and interviewing more than a dozen people directly involved in the investigation, Riley and Elgin put together a colorful, sometimes comic, cautionary tale.
The Sands was attacked after its CEO Sheldon Adelson made belligerent public remarks about bombing Teheran. As the more recent instance of Sony, which was similarly attacked by hackers over a Hollywood movie, shows, these incidents are only intensifying.
With the help of other Bloomberg reporters, Riley was also the first to report on the JPMorgan hack — and subsequently that officials connected it to Russia — and the first to fill in the background information about the malware used in the Home Depot breach, revealing it was actually different from that used in the Target attack.
“I think the story is still developing on what this means,” said Riley. “JP Morgan believes it was state sponsored, but the FBI does not. In the world of cyber, can you really know for sure who is hitting you and why? The largest bank in the country spends more than $200 million a year in security.”
Riley believes that such stories have changed how businesses now look at their operations.
“Every single company has to look at their cyber security and in an existential way in how they defends themselves,” said Riley. “Every board of any major corporation is now considering what they have to do to not be the next Sony.”
Riley was also first to report three weeks ago that a 2008 oil pipeline explosion in Turkey — long thought to be an accident or malfunction — was actually a breach. And earlier this week, he wrote a story, with Jordan Robertson, about the FBI investigating companies for “revenge hacking.”
Unlike other journalists who cover hacking and cyber crimes, Riley has yet to be a target of an attack. “But it is a risk of writing about this stuff,” said Riley.
Past winners of the Talking Biz News Business Journalist of the Year include Quartz’s Kevin Delaney, Joe Weisenthal when he was at Business Insider and Andrew Ross Sorkin of the New York Times.
