Cybercrime

Hundreds arrested in Nigerian fraud bust targeting victims globally

Nigerian authorities have arrested 792 people in connection with an elaborate scam operation based in Lagos. The suspects, including 148 Chinese and 40 Filipino nationals, were detained during a raid on the Big Leaf Building, a luxury seven-storey complex that allegedly housed a call centre targeting victims in the Americas and Europe.

The fraudsters reportedly used social media platforms such as WhatsApp and Instagram to lure individuals with promises of romance or lucrative investment opportunities. Victims were then coerced into transferring funds for fake cryptocurrency ventures. Nigeria’s Economic and Financial Crimes Commission (EFCC) revealed that local accomplices were recruited to build trust with targets, before handing them over to foreign organisers to complete the scams.

The EFCC spokesperson stated that agents had seized phones, computers, and vehicles during the raid and were working with international partners to investigate links to organised crime. This operation highlights the growing use of sophisticated technology in transnational fraud, as well as Nigeria’s commitment to combating such criminal activities.

Rhode Island suffers major data breach

Rhode Island officials have confirmed a major data breach in the state’s social services system, potentially exposing the personal and financial details of hundreds of thousands of residents. The hackers, believed to be an international cybercriminal group, accessed sensitive information through RIBridges, the state’s portal for government assistance programmes, including Social Security numbers and banking details.

The breach, which was detected earlier this month, affects users of the Supplemental Nutrition Assistance Program, Temporary Assistance for Needy Families, and healthcare services accessed through HealthSource RI since 2016. The attackers have demanded an undisclosed ransom, threatening to release the stolen data if unpaid. Deloitte, the system’s vendor, confirmed the breach on Friday, prompting the state to shut down the portal temporarily.

Residents impacted by the breach will be notified via letters detailing steps to secure their personal information and protect their bank accounts. For now, new applicants for state benefits must use paper applications as authorities work to secure the compromised system. Governor Dan McKee described the incident as extortion, calling for swift remediation and protection for affected citisens.

Global fight against ransomware: collaboration is the key to resilience

Diplo is actively reporting from the 2024 Internet Governance Forum (IGF) in Riyadh, while the forum’s day one is still, and another essential panel of international experts shed light on the relentless rise of ransomware attacks and the global efforts to counter this growing cyber threat. Moderated by Jennifer Bachus of the US State Department, the session featured cybersecurity leaders Elizabeth Vish, Daniel Onyanyai, and Nils Steinhoff, who highlighted the scale of the crisis and the collaborative response through the Counter Ransomware Initiative (CRI).

Ransomware, described as ‘cybercrime as a service,’ has evolved from simple data encryption to complex extortion schemes targeting critical infrastructure worldwide. ‘Emerging markets are now increasingly in the crosshairs,’ noted Elizabeth Vish, pointing to growing vulnerabilities in developing economies that lack robust cybersecurity resources. With over $1.1 billion in crypto payments extracted by attackers in 2023 alone, ransomware continues to prove profitable, its impacts often crippling public services like hospitals and government institutions.

Established in 2021, the CRI is a coalition of nearly 70 nations dedicated to building collective cyber resilience. Operating under four pillars—policy development, capacity development, public-private partnerships, and the International Counter-Ransomware Task Force—the CRI offers platforms for real-time threat sharing, technical support, and global cooperation. Onyanyai emphasised the initiative’s mentorship model: ‘Advanced nations can guide less-prepared countries, ensuring no one faces this threat alone.’

Public-private cooperation emerged as a cornerstone of the fight. Vish stressed that private companies, often the first to detect attacks, ‘own critical infrastructure and can contribute threat intelligence and resilience strategies.’ Additionally, the role of cyber insurance was discussed as a tool for incentivising better cybersecurity hygiene while facilitating incident recovery.

The panellists underscored the need for collective preparation, emphasising proactive measures like multi-factor authentication and data backups. Vish coined the mantra: ‘Prepare, don’t pay.’ While CRI officially advocates a ‘no ransom’ stance, some countries still grapple with policies on payments.

The session concluded with a stark reminder: no country is immune to ransomware. Whether through emerging AI capabilities or evolving tactics, ransomware remains a persistent, global threat. As Jennifer Bachus aptly summarised: ‘Only through cooperation, capacity building, and resilience will we turn the tide against these cybercriminals.

All transcripts from the Internet Governance Forum sessions can be found on dig.watch.

Trump administration plans stronger response to cyber attacks

The incoming Trump administration is set to explore ways to impose higher costs on adversaries and private actors behind cyber attacks, according to Representative Mike Waltz, the pick for national security adviser. Waltz’s statement follows US allegations that a widespread Chinese cyberespionage operation, known as Salt Typhoon, targeted senior American officials and stole significant amounts of metadata.

The White House has revealed that at least eight telecommunications and infrastructure firms in the US were compromised during this campaign. While Waltz did not specify potential actions against Salt Typhoon, he emphasised the need to go beyond defensive measures and start taking offensive actions to deter cyber threats.

Waltz also highlighted the role of the US tech industry in strengthening national defence and exposing vulnerabilities in adversaries. Meanwhile, Chinese officials continue to deny involvement, dismissing the accusations as disinformation and asserting that Beijing opposes cyber attacks in all forms.

Serbian spyware targets activists and journalists, Amnesty says

Serbia has been accused of using spyware to target journalists and activists, according to a new Amnesty International report. Investigations revealed that ‘NoviSpy,’ a homegrown spyware, extracted private data from devices and uploaded it to a government-controlled server. Some cases also involved the use of technology provided by Israeli firm Cellebrite to unlock phones before infecting them.

Activists reported unusual phone activity following meetings with Serbian authorities. Forensic experts confirmed NoviSpy exported contact lists and private photos to state-controlled servers. The Serbian government has yet to respond to requests for comment regarding these allegations.

Cellebrite, whose phone-cracking devices are widely used by law enforcement worldwide, stated it is investigating the claims. The company’s representative noted that misuse of their technology could violate end-user agreements, potentially leading to a suspension of use by Serbian officials.

Concerns over these practices are heightened due to Serbia’s EU integration programme, partially funded by Norway and administered by the UN Office for Project Services (UNOPS). Norway expressed alarm over the findings and plans to meet with Serbian authorities and UNOPS for clarification.

Krispy Kreme hit by IT disruption affecting US online orders

Krispy Kreme has reported a cybersecurity incident that disrupted online ordering systems across the United States. The doughnut chain discovered the unauthorised activity on 29 November and immediately launched an investigation with external cybersecurity experts.

While the company’s stores remain open for in-person orders, it warned that revenue losses from digital sales could materially impact its financial results. Shares of Krispy Kreme fell by around 2% in premarket trading following the announcement.

The company said it is actively working to mitigate the effects of the incident while maintaining operations at its global locations.

Serie A takes action against piracy with Meta

Serie A has partnered with Meta to combat illegal live streaming of football matches, aiming to protect its broadcasting rights. Under the agreement, Serie A will gain access to Meta’s tools for real-time detection and swift removal of unauthorised streams on Facebook and Instagram.

Broadcasting revenue remains vital for Serie A clubs, including Inter Milan and Juventus, with €4.5 billion secured through deals with DAZN and Sky until 2029. The league’s CEO urged other platforms to follow Meta’s lead in fighting piracy.

Italian authorities have ramped up anti-piracy measures, passing laws that enable swift takedowns of illegal streams. Earlier this month, police dismantled a network with 22 million users, highlighting the scale of the issue.

Russian police arrest 300 in major crypto scam bust

Russian authorities have arrested over 300 individuals in Moscow during a major crackdown on an alleged international cryptocurrency scam ring. The Ministry of Internal Affairs revealed that the group operated several fraudulent call centres, using around 500 workstations to target victims in over 20 countries. The suspects reportedly persuaded individuals to invest in fake cryptocurrency platforms before disappearing with their funds.

Investigators believe the ring was tied to a broader international network led by Yegor Burkin, a fugitive associated with the Khimprom organised crime group, also known for drug smuggling activities. Police claimed that some stolen funds may have been used to support the Ukrainian Armed Forces, adding a geopolitical angle to the case.

Officials highlighted the increasing sophistication of crypto scams, with fraudsters using spoofed phone numbers, fake documents, and professional terminology to appear legitimate. The Ministry warned that such scams are on the rise, with many targeting foreign nationals and employing multilingual staff to reach victims worldwide.

California court orders $5 Million in Ponzi scheme penalties

A California court has ordered five individuals to pay over $5 million for their roles in the IcomTech Ponzi scheme. Between 2018 and 2019, the scheme defrauded investors through a fake Bitcoin trading platform. IcomTech promised 100% returns every six weeks, ultimately misappropriating $8.4 million of victims’ funds.

The group, led by founder David Carmona, lured over 190 investors with lavish expos and false claims of wealth. The court found them guilty of violating the Commodity Exchange Act and Commodity Futures Trading Commission (CFTC) regulations. Each was fined $1 million and banned from trading in CFTC-regulated markets.

In addition to financial penalties, the individuals received prison sentences ranging from five to ten years. The CFTC emphasised the importance of protecting investors from such schemes, urging vigilance in the cryptocurrency sector.

Australian Federal Police leverage AI for investigations

The Australian Federal Police (AFP) is increasingly turning to AI to handle the vast amounts of data it encounters during investigations. With investigations involving up to 40 terabytes of data on average, AI has become essential in sifting through information from sources like seized phones, child exploitation referrals, and cyber incidents. Benjamin Lamont, AFP’s manager for technology strategy, emphasised the need for AI, given the overwhelming scale of data, stating that AI is crucial to help manage cases, including reviewing massive amounts of video footage and emails.

The AFP is also working on custom AI solutions, including tools for structuring large datasets and identifying potential criminal activity from old mobile phones. One such dataset is a staggering 10 petabytes, while individual phones can hold up to 1 terabyte of data. Lamont pointed out that AI plays a crucial role in making these files easier for officers to process, which would otherwise be an impossible task for human investigators alone. The AFP is also developing AI systems to detect deepfake images and protect officers from graphic content by summarising or modifying such material before it’s viewed.

While the AFP has faced criticism over its use of AI, particularly for using Clearview AI for facial recognition, Lamont acknowledged the need for continuous ethical oversight. The AFP has implemented a responsible technology committee to ensure AI use remains ethical, emphasising the importance of transparency and human oversight in AI-driven decisions.