Cybercrime

Former GCHQ chief calls for transparency amid UK’s attempt to access encrypted iCloud accounts

A controversy has emerged over the British government’s reported attempt to compel Apple to grant authorities access to encrypted iCloud accounts, leading to calls for increased transparency from intelligence agencies. Sir Jeremy Fleming, the former head of the UK’s GCHQ from 2017 to 2023, addressed this issue at the Munich Cyber Security Conference, highlighting the need for public understanding and trust in intelligence operations. He emphasised that an agency’s ‘license to operate’ should be grounded in transparency.

The UK government has contested the description of a ‘back door’ in relation to the notice, clarifying that it seeks to ensure Apple maintains the capability to provide iCloud data in response to lawful warrants, a function that existed prior to the introduction of end-to-end encryption for iCloud in December 2022.

Since 2020, Apple has provided iCloud data to UK authorities in response to four of more than 6,000 legal requests for customer information under non-IPA laws. However, this data excludes requests made under the Investigatory Powers Act (IPA), the UK’s primary law for accessing tech company data.

Fleming emphasised the importance of intelligence agencies providing clear explanations of their operations, particularly in relation to new technologies. He pointed out the need for a better understanding of how intelligence agencies operate in practice, particularly as technological advancements change their methods.

For more information on these topics, visit diplomacy.edu.

Study warns of AI’s role in fueling bank runs

A new study from the UK has raised concerns about the risks of bank runs fueled by AI-generated fake news spread on social media. The research, published by Say No to Disinfo and Fenimore Harper, highlights how generative AI can create false stories or memes suggesting that bank deposits are at risk, leading to panic withdrawals. The study found that a significant portion of UK bank customers would consider moving their money after seeing such disinformation, especially with the speed at which funds can be transferred through online banking.

The issue is gaining traction globally, with regulators and banks worried about the growing role of AI in spreading malicious content. Following the collapse of Silicon Valley Bank in 2023, which saw $42 billion in withdrawals within a day, financial institutions are increasingly focused on detecting disinformation that could trigger similar crises. The study estimates that a small investment in social media ads promoting fake content could cause millions in deposit withdrawals.

The report calls for banks to enhance their monitoring systems, integrating social media tracking with withdrawal monitoring to better identify when disinformation is impacting customer behaviour. Revolut, a UK fintech, has already implemented real-time monitoring for emerging threats, urging financial institutions to be prepared for potential risks. While banks remain optimistic about AI’s potential, the financial stability challenges it poses are still a growing concern for regulators.

As financial institutions work to mitigate AI-related risks, the broader industry is also grappling with how to balance the benefits of AI with the threats it may pose. UK Finance, the industry body, emphasised that banks are making efforts to manage these risks, while regulators continue to monitor the situation closely.

For more information on these topics, visit diplomacy.edu.

Italy denies Israeli spyware firm cut ties over hacking allegations

Italy has rejected claims that Israeli spyware company Paragon ended its collaboration with Rome following allegations that its technology had been misused to target journalists and activists instead of criminals. Cabinet undersecretary for intelligence matters Alfredo Mantovano stated that Paragon had never suspended its services or terminated its contract with the Italian government. Minister for parliamentary relations Luca Ciriani also defended Italy‘s intelligence services, insisting they had acted within the law and had not used the software against protected individuals, including journalists.

Concerns arose after Meta’s WhatsApp revealed that Paragon’s spyware had been used to target multiple individuals, including a journalist and a human rights activist critical of Prime Minister Giorgia Meloni. Italy acknowledged that seven mobile phone users had been affected but denied any government involvement, calling for an investigation. Reports from The Guardian and Haaretz suggested Paragon had severed ties with Rome, doubting the government’s denial of wrongdoing.

Israel-based Paragon and its owner, Florida-based AE Industrial Partners, have not responded to requests for comment. Ciriani assured parliament that Italy’s intelligence services continue to operate fully against national security threats. He also called for the judiciary to investigate the alleged hacking of journalists and activists, stating that Italian intelligence agencies were ready to assist in uncovering the truth.

Hackers target Trump-linked crypto project with fake Barron meme coin

Zach Witkoff, co-founder of the Trump-affiliated crypto project World Liberty Financial, had his X account hacked on Wednesday. The hacker used the account to promote a fake memecoin project involving Barron Trump, claiming that the news would soon be confirmed by the Trump family.

World Liberty Financial quickly confirmed the hack, urging users to ignore the fraudulent Barron Trump project. This incident is part of a wider trend of crypto scams, as Ivanka Trump also warned earlier this year about a fake memecoin using her likeness to defraud investors.

World Liberty Financial, a decentralised finance project, launched its own token, WLFI, in October 2024. Despite these security issues, the project continues to operate with the Trump family’s name associated with its team.

For more information on these topics, visit diplomacy.edu

Six charged after Chicago family kidnapped for cryptocurrency

A Chicago family and their nanny were kidnapped for five days in October by armed men demanding a ransom in cryptocurrency. The kidnappers stole $15 million in digital assets, including Bitcoin and Ether, and forced the victims to transfer funds from their crypto accounts before releasing them.

The incident began when one of the suspects pretended to be at the door to fix a damaged garage, only to overpower the family with a gun. The victims were then transported to an Airbnb and later to another location, where they were threatened with death unless they complied with the kidnappers’ demands.

FBI agents were able to track the suspects using surveillance footage and forensic evidence. The investigation led to six arrests, with one suspect, Zehuan Wei, apprehended while trying to re-enter the US in January. The remaining suspects are believed to have fled to China.

This case highlights the growing trend of crypto-related kidnappings, as criminals target individuals with access to digital currencies. Recently, other high-profile kidnappings for cryptocurrency ransom have also made headlines, including the abduction of a Ledger co-founder and a Toronto CEO.

For more information on these topics, visit diplomacy.edu.

Europol arrests four Russians in ransomware crackdown

Authorities have arrested four Russian nationals suspected of deploying Phobos ransomware to extort payments from victims across Europe and beyond. Europol announced that law enforcement agencies from 14 countries worked together to dismantle the network, taking down 27 servers linked to the cybercriminals. The individuals arrested were reportedly leaders of the 8Base ransomware group, a key player in distributing Phobos malware.

The operation follows a series of recent arrests targeting Phobos-related cybercrime. In June 2024, a key administrator of the ransomware was apprehended in South Korea and later extradited to the United States, while another major affiliate was arrested in Italy last year. Authorities have since issued warnings to over 400 companies worldwide about imminent cyberattacks.

Phobos ransomware has been particularly damaging to small and medium-sized businesses, which often lack strong cybersecurity protections. Europol’s latest Russian crackdown is a significant step in weakening the ransomware network and preventing further cyber extortion efforts.

For more information on these topics, visit diplomacy.edu

Apple granted UK authorities iCloud data in just 4 of 6,000 requests since 2020—excluding Investigatory Powers Act cases

Since 2020, Apple has provided iCloud data to UK authorities in response to four of more than 6,000 legal requests for customer information under non-IPA laws. This data excludes requests made under the Investigatory Powers Act (IPA), the UK’s primary law for accessing tech company data.

From January 2020 to June 2023, Apple received between 0 and 499 IPA-related requests in the first half of 2023, reported in bands of 500. Due to legal limitations, Apple cannot disclose details about these requests.

Earlier reporting linked the low number of content disclosures to efforts by the UK government to force Apple to provide encrypted iCloud data. However, due to the data’s lack of detail, no direct connection can be made.

The UK government previously stated that it has made over 10,000 requests to US companies since the US-UK Data Access Agreement began, providing crucial data for law enforcement in cases related to terrorism, organized crime, and other serious offenses.

Apple’s transparency reports suggest that content data is shared more frequently in other countries, such as the US, where it responded to 22,306 requests in 2020-2023. In comparison, most countries see lower content disclosures due to restrictions on sharing with foreign governments.

The British government’s Technical Capability Notice (TCN), revealed by The Washington Post, follows Apple’s 2022 introduction of optional end-to-end encryption (E2EE) for iCloud. While the UK government did not characterise it as such, critics see the TCN as a potential ‘back door’ to Apple’s encrypted data. Apple has declined comment, while the UK government refrains from discussing operational matters.

The controversy reflects ongoing debates about the balance between encryption, privacy, and law enforcement access to encrypted data.

China tops global data breach rankings in 2024, experts warn

In 2024, three countries entered the top 10 for the highest number of breached accounts. China topped the list, rising from 12th place in 2023, Germany moved up to fifth from 16th, and Poland secured the tenth spot, up from 17th, according to Surfshark, a cybersecurity firm. Despite these changes, Russia, the US, France, India, Brazil, Italy, and the UK remained in the top 10 for both years.

Brazil and Italy saw significant increases, climbing two spots each in 2024. Brazil experienced a 24-fold rise in breached accounts, while Italy saw a 21-fold surge. Russia and France maintained their positions in second and fourth place, though both saw dramatic increases, with Russia’s breaches rising 11 times and France’s nearly 14 times.

In 2024, regional data breach statistics show that Europe had the highest share, accounting for 29% of all breached accounts, totalling over 1.6 billion, with Russia leading the region. Asia followed as the second-most affected region, contributing 23% to the global total, or nearly 1.3 billion breached accounts, with China at the forefront. North America ranked third, representing 14% of all breaches, or about 770 million compromised accounts, primarily from the US.

The US, India, and the UK dropped in rankings in 2024, but the number of breached accounts in these regions still rose. The US saw a 39% increase, ranking third globally, while India recorded five times more breaches than in 2023, and the UK experienced a 14-fold surge. China had the most dramatic increase, with breached accounts jumping nearly 340 times compared to the previous year.

In 2024, Australian users also faced a cyber attack every second, marking a twelvefold increase compared to the previous year. This contributed to a global rise in data breaches, with 5.6 billion accounts compromised worldwide, averaging 176 breaches per second. This global figure represents an eightfold increase from 2023, when 23 accounts were breached per second.

CAR meme coin skyrockets but faces deepfake allegations

The Central African Republic made waves on 10 February by announcing the launch of its meme coin, CAR. The news came directly from President Faustin-Archange Touadéra’s official X account, presenting the token as an experiment to unite people and boost national development. The meme coin, launched on the Solana-based Pump.fun platform, saw its value surge rapidly as traders rushed to invest in what was described as the first-ever national meme coin.

However, excitement soon turned to scepticism. AI detection tools flagged the president’s announcement video as potentially AI-generated, raising concerns about its authenticity. The project’s official X account was swiftly suspended, and further scrutiny revealed that its domain had been registered just days before the announcement using Namecheap, a budget-friendly provider. Shortly after, Namecheap took the website offline, citing it as an ‘abusive service.’

Despite these red flags, the CAR token initially reached a peak valuation of $527 million before dropping to $460 million. The controversy comes amid a rise in fraudulent memecoin launches, with recent cases involving hacked X accounts of high-profile figures. While there is still no clear confirmation on whether CAR is an official government-backed initiative or an elaborate scam, the crypto community remains on high alert.

Italian activist targeted by spyware, Meta warns

Luca Casarini, a prominent Italian migrant rescue activist, was warned by Meta that his phone had been targeted with spyware. The alert was received through WhatsApp, the same day Meta accused surveillance firm Paragon Solutions of using advanced hacking methods to steal user data. Paragon, reportedly American-owned, has not responded to the allegations.

Casarini, who co-founded the Mediterranea Saving Humans charity, has faced legal action in Italy over his rescue work. He has also been a target of anti-migrant media and previously had his communications intercepted in a case related to alleged illegal immigration. He remains unaware of who attempted to hack his device or whether the attack had judicial approval.

The revelation follows a similar warning issued to Italian journalist Francesco Cancellato, whose investigative news outlet, Fanpage, recently exposed far-right sympathies within Prime Minister Giorgia Meloni’s political youth wing. Italy’s interior ministry has yet to comment on the situation.