Cybercrime

Inside the rise and fall of a cybercrime kingpin

Ukrainian hacker Vyacheslav Penchukov, once known online as ‘Tank’, climbed from gaming forums in Donetsk to the top of the global cybercrime scene. As leader of the notorious Jabber Zeus and later Evil Corp affiliates, he helped steal tens of millions from banks, charities and businesses around the world while remaining on the FBI Most Wanted list for nearly a decade.

After years on the run, he was dramatically arrested in Switzerland in 2022 and is now serving time in a Colorado prison. In a rare interview, Penchukov revealed how cybercrime evolved from simple bank theft to organised ransomware targeting hospitals and major corporations. He admits paranoia became his constant companion, as betrayal within hacker circles led to his downfall.

Today, the former cyber kingpin spends his sentence studying languages and reflecting on the empire he built and lost. While he shows little remorse for his victims, his story offers a rare glimpse into the hidden networks that fuel global hacking and the blurred line between ambition and destruction.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Inside OpenAI’s battle to protect AI from prompt injection attacks

OpenAI has identified prompt injection as one of the most pressing new challenges in AI security. As AI systems gain the ability to browse the web, handle personal data and act on users’ behalf, they become targets for malicious instructions hidden within online content.

These attacks, known as prompt injections, can trick AI models into taking unintended actions or revealing sensitive information.

To counter the issue, OpenAI has adopted a multi-layered defence strategy that combines safety training, automated monitoring and system-level security protections. The company’s research into ‘Instruction Hierarchy’ aims to help models distinguish between trusted and untrusted commands.

Continuous red-teaming and automated detection systems further strengthen resilience against evolving threats.

OpenAI also provides users with greater control, featuring built-in safeguards such as approval prompts before sensitive actions, sandboxing for code execution, and ‘Watch Mode’ when operating on financial or confidential sites.

These measures ensure that users remain aware of what actions AI agents perform on their behalf.

While prompt injection remains a developing risk, OpenAI expects adversaries to devote significant resources to exploiting it. The company continues to invest in research and transparency, aiming to make AI systems as secure and trustworthy as a cautious, well-informed human colleague.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Washington Post confirms hit in Oracle-linked Cl0p hacking spree

The Washington Post said it was affected by a wider breach tied to Oracle’s E-Business Suite, joining a growing list of victims. The vulnerability was reportedly exploited by the Cl0p ransomware gang, which demands payment from victims in exchange for not leaking stolen files.

Oracle, a major enterprise software provider, disclosed in October that a zero-day flaw in its E-Business Suite had been exploited over the summer. Google also warned that Oracle systems were being targeted in what appeared to be a broader wave of data theft attempts. An initial emergency patch on 2 October failed, and a second critical fix on 11 October left customers exposed for days.

Cl0p’s campaign has already hit high-profile targets including Harvard University, Envoy Air, DXC Technology and Chicago Public Schools. The group, active since at least 2019, previously abused MOVEit, GoAnywhere and Cleo file-transfer tools.

Would you like to learn more aboutAI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Bank Indonesia reports over 370 million cyber threat attempts in 2024

Bank Indonesia (BI) has reported more than 370 million attempted cyber threats targeting the country, highlighting the growing exposure linked to Indonesia’s rapid digital transformation.

The central bank also noted a 25% increase in anomalous cyber traffic in 2024 compared to the previous year. Deputy Governor Filianingsih Hendarta stated that the rise in cyber activity underscores the need for all stakeholders to remain vigilant as Indonesia continues to develop its digital infrastructure.

She also added that public trust is essential to sustaining a resilient digital ecosystem, as trust takes a long time to build and can be lost in to moment.

To strengthen cybersecurity and prepare for continued digitalisation, BI has developed the Indonesian Payment System Blueprint (BSPI) 2030, a strategic framework intended to enhance institutional collaboration and reinforce the security of the national payment system.

BI data shows that internet penetration in Indonesia has reached 80.66%, equivalent to approximately 229 million people, surpassing the global average of 68.7% (around 6.66 billion people worldwide).

Filianingsih also emphasised that strengthening digital infrastructure requires cross-sectoral and international cooperation, given the global and rapidly evolving nature of cyber threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

New law aims to make the internet safer in Singapore

Singapore’s Parliament has passed the Online Safety (Relief and Accountability) Bill, a landmark law designed to provide faster protection and redress for victims of online harm. After over eight hours of debate, MPs approved the Bill, which will establish the Online Safety Commission (OSC) by June 2026, a one-stop agency empowered to direct online platforms, group administrators, and internet service providers to remove harmful content or restrict the accounts of perpetrators.

The move follows findings that social media platforms often take five days or more to act on harmful content reports, leaving victims exposed to harassment and abuse.

The new law introduces civil remedies and enforcement powers for a wide range of online harms, including harassment, doxing, stalking, intimate image abuse, and child exploitation. Victims can seek compensation for lost income or force perpetrators to surrender profits gained from harmful acts.

In severe cases, individuals or entities that ignore OSC orders may face fines of up to S$500,000, and daily penalties may be applied until compliance is achieved. The OSC can also order access blocks or app removals for persistent offenders.

Ministers Josephine Teo, Rahayu Mahzam, and Edwin Tong emphasised that the Bill aims to empower victims rather than punish expression, while ensuring privacy safeguards. Victims will be able to request the disclosure of a perpetrator’s identity to pursue civil claims, though misuse of such data, such as doxing in retaliation, will be an offence. The law also introduces a ‘no wrong door’ approach, ensuring that victims will not have to navigate multiple agencies to seek help.

Singapore joins a small group of nations, such as Australia, that have created specialised agencies for digital safety. The government hopes the OSC will help rebuild trust in online spaces and establish new norms for digital behaviour.

As Minister Teo noted, ‘Our collective well-being is compromised when those who are harmed are denied restitution. By fostering trust in online spaces, Singaporeans can participate safely and confidently in our digital society.’

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S profits plunge after costly cyberattack

Marks & Spencer says a major cyberattack around Easter forced it to shut its website to orders for about six weeks, disrupting logistics, emptying shelves and sending customers to rivals. The breach also exposed personal data, including names, email and postal addresses, and dates of birth.

The incident was traced to ‘human error’, according to chief executive Stuart Machin. M&S estimated the attack cost around £324 million in lost sales, partly offset by a £100 million insurance payout, and expects a total profit impact of about £136 million for the year.

Home delivery restarted in June, while click and collect returned in August, but fashion, home and beauty recovered more slowly than food as the retailer rebuilt systems and worked through backlogs. M&S says online trading has steadily improved and it expects operations to be fully restored by year-end.

The company has pledged tighter security controls and processes following the attack, which highlighted the vulnerability of retail supply chains to cyber incidents. The attack comes amid a surge in cyber incidents targeting UK retailers, including recent campaigns where hackers posed as IT staff to breach corporate networks.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

UN treaty sparks debate over digital cybersecurity

A new UN cybercrime treaty opened for signature on 25 October, raising concerns about digital cybersecurity and privacy protections. The treaty allows broad cross-border cooperation on serious crimes, potentially requiring states to assist investigations that conflict with domestic laws.

Negotiations revealed disagreements over the treaty’s scope and human rights standards, primarily because it grants broad surveillance powers without clearly specifying safeguards for privacy and digital rights. Critics warn that these powers could be misused, putting digital cybersecurity and the rights of citizens at risk.

Governments supporting the treaty are advised to adopt safeguards, including limiting intrusive monitoring, conditioning cooperation on dual criminality, and reporting requests for assistance transparently. Even with these measures, experts caution that the treaty could pose challenges to global digital cybersecurity protection.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Major crypto fraud network dismantled across Europe

European authorities have dismantled one of the continent’s largest cryptocurrency fraud and money laundering schemes, arresting nine suspects across Cyprus, Spain, and Germany. The network allegedly defrauded hundreds of investors through fake crypto platforms, stealing over €600 million.

The scammers reportedly created websites that mimicked legitimate trading platforms, luring victims through social media, cold calls, and fabricated celebrity endorsements. Once deposits were made, the funds were laundered through blockchain technology, making recovery nearly impossible.

During the operation, investigators seized €800,000 in bank accounts, €415,000 in cryptocurrencies, €300,000 in cash, and luxury watches worth over €100,000. Authorities stated that several properties linked to the network remain under evaluation as investigations continue.

French prosecutors said the suspects face fraud and money laundering charges, carrying sentences of up to ten years. The case underscores the growing cross-border nature of crypto-related crime, with Eurojust’s coordination proving key to dismantling the network.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

World Economic Forum President warns of potential AI and crypto bubbles 

World Economic Forum President Borge Brende has warned that massive investments in AI and cryptocurrencies may create financial bubbles. Speaking in Berlin, he noted that $500 billion has been invested in AI this year, raising concerns about speculative bubbles in AI and cryptocurrency.

Brende described frontier technologies as a ‘big paradigm shift’ that could drive global growth, with potential productivity gains of up to 10% over the next decade. He noted that breakthroughs in medicine, synthetic biology, space, and energy could transform economies, but stressed that the benefits must be widely shared.

Geopolitical uncertainty remains a significant concern, according to Brende. He pointed to rising tensions between the US and China, calling it a race for technological dominance that could shape global power.

He also urged multilateral cooperation to address global challenges, including pandemics, cybercrime, and investment uncertainty.

Despite the disorder in world politics, Brende highlighted the resilience of economies like those in the US, China, and India. He called for patient investment strategies and stronger international coordination to ensure that new technologies translate into sustainable prosperity.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Mustafa Suleyman warns against building seemingly conscious AI

Mustafa Suleyman, CEO of Microsoft AI, argues that AI should be built for people, not to replace them. Growing belief in chatbot consciousness risks campaigns for AI rights and a needless struggle over personhood that distracts from human welfare.

Debates over true consciousness miss the urgent issue of convincing imitation. Seemingly conscious AI may speak fluently, recall interactions, claim experiences, and set goals that appear to exhibit agency. Capabilities are close, and the social effects will be real regardless of metaphysics.

People already form attachments to chatbots and seek meaning in conversations. Reports of dependency and talk of ‘AI psychosis‘ show persuasive systems can nudge vulnerable users. Extending moral status to uncertainty, Suleyman argues, would amplify delusions and dilute existing rights.

Norms and design principles are needed across the industry. Products should include engineered interruptions that break the illusion, clear statements of nonhuman status, and guardrails for responsible ‘personalities’. Microsoft AI is exploring approaches that promote offline connection and healthy use.

A positive vision keeps AI empowering without faking inner life. Companions should organise tasks, aid learning, and support collaboration while remaining transparently artificial. The focus remains on safeguarding humans, animals, and the natural world, not on granting rights to persuasive simulations.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!