Cybercrime

ICC Office of the Prosecutor invites public input on draft policy for cyber-enabled crimes

The Office of the Prosecutor of the International Criminal Court invites public comments on its draft policy addressing cyber-enabled crimes under the Rome Statute.

The Office encourages participation from all relevant stakeholders, including States Parties, civil society organisations, private sector entities, and experts in the field.

Contributions will support the development of a final policy paper that will guide the Office’s approach to cyber-related conduct within its jurisdiction, including its investigative and prosecutorial activities.

The policy paper builds on the crimes outlined in the Rome Statute, assessed within the broader framework of international law.

It aims to enhance transparency regarding the Office’s work in this area and contribute to discussions on legal standards, best practices, and frameworks for cooperation, including those relevant to national authorities.

The draft policy clarifies that the Court does not have jurisdiction over common cybercrimes, such as fraud or unauthorised access to computer systems, which are typically addressed under national laws.

While some countries have international obligations to prosecute these crimes under specific treaties, they do not fall within the mandate of the Court. However, national efforts to combat such crimes may sometimes overlap with the Court’s work where they intersect with crimes under its jurisdiction.

To date, cyber-related issues have only been considered at the periphery of the Court’s work, and their legal and practical implications have yet to be fully explored.

Investigating and prosecuting cyber-enabled crimes presents new and complex challenges. This policy sets out the Office’s current position on these issues while recognising that certain matters may only be fully addressed as the Court’s practice in this area develops.

As with any crime under the Court’s jurisdiction, cyber-enabled crimes will be assessed based on their gravity—including their scale, nature, manner of commission, and impact.

The Court focuses on crimes of the most serious international concern, typically those causing widespread harm to large populations.

An exception applies to offences against the administration of justice, which are not subject to a gravity threshold but are considered serious due to their impact on the Court’s ability to function.

For more information on these topics, visit diplomacy.edu.

Indian police arrest Garantex administrator wanted by US

Indian authorities have arrested Aleksej Besciokov, an administrator of the Russian cryptocurrency exchange Garantex, at the request of the US.

Besciokov, a Russian resident and Lithuanian national, was taken into custody in Kerala on charges of money laundering and violating sanctions. The Central Bureau of Investigation (CBI) said he was planning to flee India, and Washington is expected to seek his extradition.

The arrest follows a joint operation by the US, Germany, and Finland to dismantle Garantex’s online infrastructure.

The exchange, under US sanctions since 2022, has processed at least $96 billion in cryptocurrency transactions since 2019. The US Justice Department recently charged two administrators, including Besciokov, with operating an unlicensed money-transmitting business.

Experts warn that sanctioned exchanges often attempt to bypass restrictions by setting up new entities. Blockchain research firm TRM Labs called the Garantex takedown a significant step in combating illicit finance but emphasised the need for continued vigilance against evasion tactics.

For more information on these topics, visit diplomacy.edu.

Singapore fraud case involves $390 million in transactions

Singapore prosecutors revealed on Thursday that a fraud case involving local firms accused of illegally supplying US servers to Malaysia involves transactions worth $390 million.

Three men—Singaporeans Aaron Woon and Alan Wei, along with Chinese national Li Ming—have been charged with deceiving tech giants Dell and Super Micro by misrepresenting the servers’ final destination.

The case has been linked to Chinese AI firm DeepSeek, which is under US scrutiny over the potential use of banned Nvidia chips.

While Singapore authorities confirmed the servers may have contained Nvidia components, they did not specify whether these were the restricted high-end semiconductors subject to US export controls.

Singapore’s Law and Home Affairs Minister K Shanmugam declined to comment on the alleged connection.

Prosecutors claim Wei paid himself tens of millions in dividends, while Woon received a multimillion-dollar bonus. Singaporean authorities are investigating a wider network of 22 individuals and companies suspected of similar fraudulent practices, with six additional arrests made.

The accused are set to reappear in court on May 2, while Malaysian authorities are also probing potential legal violations.

For more information on these topics, visit diplomacy.edu.

Switzerland mandates cyberattack reporting for critical infrastructure from 1 April 2025

As of 1 April 2025, operators of critical infrastructure in Switzerland will be required to report cyberattacks to the National Cyber Security Centre (NCSC) within 24 hours of discovery. This measure, introduced by the Federal Council, is part of an amendment to the Information Security Act (ISA) and aims to enhance cybersecurity coordination and response capabilities.

The reporting obligation applies to key sectors, including energy and water suppliers, transport companies, and public administrations at the cantonal and communal levels. Reports must be submitted when an attack disrupts critical infrastructure, compromises or manipulates information, or involves blackmail, threats, or coercion. Failure to comply may result in financial penalties, which will be enforceable from 1 October, allowing a six-month adjustment period before sanctions take effect.

To facilitate compliance, the NCSC will provide a reporting form on its Cyber Security Hub, with an alternative email submission option for organisations not yet registered on the platform. Initial reports must be submitted within 24 hours, followed by a detailed report within 14 days.

The Federal Council has also approved the Cybersecurity Ordinance, which outlines implementation provisions, reporting exemptions, and mechanisms for information exchange between the NCSC and other authorities. Consultations on the ordinance reflected broad support for streamlined reporting processes, ensuring alignment with existing obligations, such as those under data protection laws.

Additionally, from 1 April, the National Cyber Security Centre will officially change its name as part of its transition into a federal office within the Department of Defence, Civil Protection and Sport (DDPS).

This regulatory update aligns Switzerland with international cybersecurity practices, including the EU’s NIS Directive, which has required cyber incident reporting since 2018.

For more information on these topics, visit diplomacy.edu

Geopolitical tensions drive OT and ICS cyberattacks, a new report warns

Attacks on operational technology (OT) networks have increased, driven in part by geopolitical factors, with OT security gaining broader attention, according to the annual report from Dragos.

In 2024, two additional threat groups began targeting OT systems, bringing the total number of known active groups to nine.

Additionally, researchers from Dragos identified two new malware families designed to compromise industrial control systems (ICS).

According to Dragos’ annual report, barriers to OT/ICS attacks have lowered, making these systems more accessible targets for adversaries.

Ransomware attacks against OT/ICS asset owners also increased by 87% in 2024, with the number of ransomware groups targeting these systems growing by 60%.

Dragos monitors 23 threat groups that engage with OT networks for intelligence gathering or system manipulation. Nine of these groups were active in 2024, including two newly identified ones.

For more information on these topics, visit diplomacy.edu

Coinbase calls for a unified crypto scam reporting system

The reporting system for crypto scams in the US is fragmented and needs to be unified, according to Coinbase’s chief security officer, Philip Martin. Speaking at the SXSW conference, Martin explained that victims often struggle to know where to report scams, with different organisations handling cases in a disjointed manner. He called for a single reporting system that would help track the scale of the issue and improve coordination between organisations.

Martin pointed out that victims of crypto scams often feel frustrated, as many reports seem to go unnoticed, especially with platforms like the FBI’s Internet Crime Complaint Centre (IC3). He suggested that a more centralised approach would provide better visibility for victims and more effective resources to address the problem.

In addition, Martin noted that many crypto scams originate from outside the US, making it harder for law enforcement to take action. He advocated for stronger international cooperation to ensure scammers have no safe havens. Meanwhile, California’s financial regulator reported over 2,600 complaints last year, revealing new types of scams in the crypto space.

For more information on these topics, visit diplomacy.edu

Musk blames ‘major cyberattack’ for X outage, points to Ukraine

Elon Musk’s social media platform, X, experienced widespread disruptions on Monday, which the billionaire attributed to a major cyberattack.

Musk claimed the platform was targeted by an unusually powerful denial-of-service (DoS) attack, suggesting that a well-coordinated group or nation-state might be responsible. However, he offered no concrete evidence to support the claim, leaving cybersecurity experts sceptical.

Many pointed out that DoS attacks, which flood websites with excessive traffic to overwhelm their servers, are commonly executed by small groups or individuals with relatively limited resources.

Reports of outages spiked early in the day, with Downdetector tracking over 39,000 complaints from users in the US at the peak of the disruption. By the afternoon, the number had dwindled significantly, though intermittent service issues persisted for some.

According to an anonymous industry source, the attack consisted of multiple waves of rogue traffic bombarding X’s servers, beginning around 9:45 UTC.

While Musk later asserted in an interview with Fox Business that the cyberattack originated from Ukraine, the same industry source disputed this claim, stating that the bulk of the malicious traffic came from various locations, including the USA, Vietnam, and Brazil, with only a minimal amount from Ukraine.

Tracing the true origin of DoS attacks is notoriously tricky, as attackers often use proxy servers and botnets to disguise their locations.

Cybersecurity specialists have noted that assigning blame based solely on IP addresses can be misleading, as they rarely indicate the actual perpetrators. Despite Musk’s insistence on a Ukraine-based origin, no definitive proof has been presented to substantiate the claim.

Musk’s comments come amid his increasingly vocal criticisms of Ukraine’s ongoing war efforts against Russia, aligning with sentiments echoed by US President Donald Trump, whom he advises.

Over the weekend, Musk suggested that Ukraine’s battlefield operations would collapse without his Starlink satellite communication system, although he clarified that he had no intention of cutting off access.

The latest controversy surrounding X’s cyberattack has further fueled speculation about Musk’s political and strategic positioning in the ongoing geopolitical conflict.

For more information on these topics, visit diplomacy.edu.

Google acknowledges AI being used for harmful content

Google has reported receiving over 250 complaints globally about its AI software being used to create deepfake terrorist content, according to Australia’s eSafety Commission.

The tech giant also acknowledged dozens of user reports alleging that its AI program, Gemini, was being exploited to generate child abuse material. Under Australian law, companies must provide regular updates on their efforts to minimise harm or risk hefty fines.

The eSafety Commission described Google’s disclosure as a ‘world-first insight’ into how AI tools may be misused to produce harmful and illegal content.

Between April 2023 and February 2024, Google received 258 reports of suspected AI-generated extremist material and 86 related to child exploitation. However, the company did not specify how many of these reports were verified.

A Google spokesperson stated that the company strictly prohibits AI-generated content related to terrorism, child abuse, and other illegal activities.

While it uses automated detection to remove AI-generated child exploitation material, the same system is not applied to extremist content.

Meanwhile, the regulator has previously fined platforms like X (formerly Twitter) and Telegram for failing to meet reporting requirements, with both companies planning to appeal.

For more information on these topics, visit diplomacy.edu.

Singapore minister warns against crypto investments amid rising fraud

Singapore’s Minister of State for Home Affairs, Sun Xueling, has issued a strong warning about the risks of investing in cryptocurrency, citing an alarming rise in fraud cases.

During a parliamentary debate on 4 March, she explained that the anonymous nature of digital assets makes them easy targets for criminals, contributing to a sharp increase in financial losses. Fraud linked to cryptocurrency scams now accounts for a quarter of the $1.1 billion in fraud cases reported in the country.

Scammers increasingly use digital assets to evade traditional banking security checks, often instructing victims to convert their money into cryptocurrency.

Hacking, phishing, and fraudulent investment schemes have become more common, with one of the largest scams last year resulting in a loss of $125 million. Sun urged the public to avoid cryptocurrencies, stressing the high risk and slim chances of recovering stolen funds.

Despite the rise in scams, Singapore’s regulatory landscape continues to evolve. The Monetary Authority of Singapore oversees local cryptocurrency operations under the Payment Services Act, but many foreign exchanges remain outside its jurisdiction.

To combat rising fraud, the country recently passed the Anti-Fraud Protection Bill, which allows authorities to block transactions from suspected victims who ignore warnings.

As Singapore balances crypto adoption and consumer protection, businesses are increasingly embracing digital payments, particularly stablecoins. The entry of major players, such as Robinhood, into Singapore’s crypto market is set to boost the adoption of blockchain-based transactions.

For more information on these topics, visit diplomacy.edu

US hits Chinese hackers with indictments and sanctions over cyber espionage

The United States has indicted ten individuals, including employees of the Chinese tech company i-Soon, for their involvement in a years-long cyber espionage campaign that targeted various US government agencies and organisations worldwide.

The campaign allegedly stole sensitive data from entities such as the US Defense Intelligence Agency, the Department of Commerce, and foreign ministry of Taiwan. The hackers, associated with i-Soon, were reportedly hired by Chinese intelligence agencies to breach email systems for substantial payments.

Along with the indictments, the US Treasury Department has imposed sanctions on Shanghai-based Heiying Information Technology and its founder, Zhou Shuai, accusing them of selling stolen data and providing access to compromised networks.

The data reportedly included information from US critical infrastructure networks. Some of this stolen data was later acquired by a previously sanctioned Chinese hacker, Yin Kecheng.

The Chinese embassy in Washington responded by condemning the sanctions and stating that it would take necessary actions to protect Chinese companies and citizens.

The US government’s aggressive stance is part of an ongoing effort to curb Chinese cyber espionage activities and defend its digital infrastructure.

For more information on these topics, visit diplomacy.edu.