Cybercrime

LFR tech helps catch dangerous offenders, but Liberty urges legal safeguards

Live facial recognition (LFR) technology used by the Metropolitan Police has led to more than 1,000 arrests, including dangerous offenders wanted for serious crimes, such as rape, robbery and child protection breaches.

Among those arrested was David Cheneler, 73, a registered sex offender spotted by LFR cameras in Camberwell, south London. He was found with a young girl and later jailed for two years for breaching a sexual harm prevention order.

Another arrest included Adenola Akindutire, linked to a machete robbery in Hayes that left a man with life-changing injuries. Stopped during an LFR operation in Stratford, he was carrying a false passport and admitted to several violent offences.

LFR also helped identify Darren Dubarry, 50, who was wanted for theft. He was stopped with stolen designer goods after passing an LFR-equipped van in east London.

The Met says the technology has helped arrest over 100 people linked to serious violence against women and girls, including domestic abuse, stalking, and strangulation.

Lindsey Chiswick, who leads the Met’s LFR work, said the system is helping deliver justice more efficiently, calling it a ‘powerful tool’ that is removing dangerous offenders from the streets of London.

While police say biometric data is not retained for those not flagged, rights groups remain concerned. Liberty says nearly 1.9 million faces were scanned between January 2022 and March 2024, and is calling for new laws to govern police use of facial recognition.

Charlie Whelton of Liberty said the tech risks infringing rights and must be regulated. ‘We shouldn’t leave police forces to come up with frameworks on their own,’ he warned, urging Parliament to legislate before further deployment.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

India’s top darknet dealer laundered crypto with Monero for two years

India’s Narcotics Control Bureau (NCB) has arrested a 35-year-old engineer from Kerala accused of running the country’s largest darknet drug network alone. The suspect, ‘Ketamelon,’ reportedly ran a Level 4 darknet drug operation for two years without his family knowing.

Authorities seized more than 1,100 LSD blots, over 130 grams of ketamine, and cryptocurrency assets valued at over $82,000 during the four-month investigation. The drugs were reportedly sourced from international suppliers, including a UK-based vendor believed to be the world’s largest LSD supplier.

Shipments reached cities such as Bengaluru, Chennai, Delhi, and Himachal Pradesh.

The suspect laundered proceeds using Monero, a privacy-focused cryptocurrency designed to hide transaction details, making it popular among darknet criminals.

While privacy coins like Monero offer enhanced anonymity, experts warn they are not entirely untraceable, as blockchain ledgers permanently record all transactions.

The operation comes amid wider global efforts targeting cybercrime and crypto-facilitated illegal markets.

Recently, the US Treasury sanctioned a Russian hosting provider linked to ransomware and darknet drug sales, highlighting increasing international pressure on digital criminal networks.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Deepfake abuse in schools raises legal and ethical concerns

Deepfake abuse is emerging as a troubling form of peer-on-peer harassment in schools, targeting mainly girls with AI-generated explicit imagery. Tools that once required technical skill are now easily accessible to young people, allowing harmful content to be created and shared in seconds.

Though all US states and Washington, D.C. have laws addressing the distribution of nonconsensual intimate images, many do not cover AI-generated content or address the fact that minors are often both victims and perpetrators.

Some states have begun adapting laws to include proportional sentencing and behavioural interventions for minors. Advocates argue that education on AI, consent and digital literacy is essential to address the root causes and help young people understand the consequences of their actions.

Regulating tech platforms and app developers is also key, as companies continue to profit from tools used in digital exploitation. Experts say schools, families, lawmakers and platforms must share responsibility for curbing the spread of AI-generated abuse and ensuring support for those affected.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Beware of fake deals as Prime Day approaches

A surge in online scams is expected ahead of Amazon’s Prime Day, which runs from 8 to 11 July, as fraudsters use increasingly sophisticated tactics. Advice Direct Scotland is issuing a warning to shoppers across Scotland: AI-enhanced phishing emails, bogus renewal notices, and fake refund offers are on the rise.

In one common ruse, scammers impersonate Amazon in messages stating your Prime membership has expired or that your account needs urgent verification. Others go further, claiming your Amazon account has been hacked and demanding remote access to your device, something the real company never does. Victims in Scotland reportedly lost around £860,000 last year to similar crime, as scam technology becomes more convincing.

Advice Direct Scotland reminds shoppers not to rush and to trust their instincts. Genuine Amazon communications will never ask for remote access, passwords, or financial information over email or phone. If in doubt, hang up and check your account via official channels, or reach out to the charity’s ScamWatch hotline.

Those seeking guidance can contact Advice Direct Scotland via phone or online chat, or report suspected scams using the free ScamWatch tool. With Prime Day bargains tempting many, staying vigilant could mean avoiding a costly mistake.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Hackers use AI to create phishing sites in seconds

Hackers are now using generative AI tools to build convincing phishing websites in under a minute, researchers at Okta have warned. The company discovered that a tool developed by Vercel had been abused to replicate login portals for platforms such as Okta, Microsoft 365 and crypto services.

Using simple prompts like ‘build a copy of the website login.okta.com’, attackers can create fake login pages with little effort or technical skill. Okta’s investigation found no evidence of successful breaches, but noted that threat actors repeatedly used v0 to target new platforms.

Vercel has since removed the fraudulent sites and is working with Okta to create a system for reporting abuse. Security experts are concerned the speed and accessibility of generative AI tools could accelerate low-effort cybercrime on a massive scale.

Researchers also found cloned versions of the v0 tool on GitHub, which may allow continued abuse even if access to the original is restricted. Okta urges organisations to adopt passwordless systems, as traditional phishing detection methods are becoming obsolete.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Cyberattacks drain millions from hospitality sector

The booming hospitality sector handles sensitive guest information daily, from passports to payment details, making it a prime target for cybercriminals. Recent figures reveal the average cost of a data breach in hospitality rose to $3.86 million in 2024, with over 14,000 critical vulnerabilities detected in hotel networks worldwide.

Complex systems connecting guests, staff, vendors, and devices like smart locks multiply entry points for attackers. High staff turnover and frequent reliance on temporary workers add to the sector’s cybersecurity challenges.

New employees are often more susceptible to phishing and social engineering attacks, as demonstrated by costly breaches such as the 2023 MGM Resorts incident. Artificial intelligence helps boost defences but isn’t a cure-all and must be used with staff training and clear policies.

Recent attacks on major hotel brands have exposed millions of customer records, intensifying pressure on hospitality firms to meet privacy regulations like GDPR. Maintaining robust cybersecurity requires continuous updates to policies, vendor checks, and committed leadership support.

Hotels lagging in these areas risk severe financial and reputational damage in an increasingly hostile cyber landscape.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Chinese-linked hackers target French state in Ivanti exploit campaign

A sophisticated cyber campaign linked to Chinese threat actors has targeted French government, defence and media organisations by exploiting zero-day vulnerabilities in Ivanti’s server software, France’s national cyber agency has revealed.

The French National Agency for Information Systems Security (ANSSI) reported that attackers exploited flaws in an end-of-life version of Ivanti’s Cloud Services Appliance. Victims include public agencies, telecoms, finance firms and media outlets. ANSSI dubbed the threat ‘Houken.’

Hackers used tools developed by Chinese-speaking actors, operated during Chinese working hours and pursued both espionage and financial gain. In one case, they deployed a cryptominer—an unusual move for state-linked actors.

The campaign that targeted France relied on chaining Ivanti zero-days (CVE-2024-8190, CVE-2024-9380 and CVE-2024-8963) to deploy a novel rootkit. Attackers then used webshells, fileless backdoors, and anonymising services like NordVPN.

ANSSI noted similarities to activity by UNC5174, a Chinese initial access broker tracked by Mandiant. This actor, also known as ‘Uteus,’ reportedly works with the Ministry of State Security in China.

Evidence suggests that Houken not only sells access to compromised networks but also carries out direct data exfiltration. One victim included the foreign ministry of a South American country.

The Paris Prosecutor’s Office is investigating a possible botnet linked to Chinese state hackers, though it’s unclear if it’s connected to Houken.

ANSSI warns that both Houken and UNC5174 are still active and likely to continue exploiting exposed infrastructure worldwide.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

BT launches cyber training as small businesses struggle with threats

Cyber attacks aren’t just a problem for big-name brands. Small and medium businesses are increasingly in the crosshairs, according to new research from BT and Be the Business.

Two in five SMEs have never provided cyber security training to their staff, despite a sharp increase in attacks. In the past year alone, 42% of small firms and 67% of medium-sized companies reported breaches.

Phishing remains the most common threat, affecting 85% of businesses. But more advanced tactics are spreading fast, including ransomware and ‘quishing’ scams — where fake QR codes are used to steal data.

Recovering from a breach is costly. Micro and small businesses spend nearly £8,000 on average to recover from their most serious incident. The figure excludes reputational damage and long-term disruption.

To help tackle the issue, BT has launched a new training programme with Be the Business. The course offers practical, low-cost cyber advice designed for companies without dedicated IT support.

The programme focuses on real-world threats, including AI-driven scams, and offers guidance on steps like password hygiene, two-factor authentication, and safe software practices.

Although 69% of SME leaders are now exploring AI tools to help defend their systems, 18% also list AI as one of their top cyber threats — a sign of both potential and risk.

Experts warn that basic precautions still matter most. With free and affordable training options now widely available, small firms have more tools than ever to improve their cyber defences.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

M&S eyes full online recovery by august after cyberattack

Marks & Spencer (M&S) expects its full online operations to be restored within four weeks, following a cyber attack that struck in April. Speaking at the retailer’s annual general meeting, CEO Stuart Machin said the company aims to resolve the majority of the incident’s impact by August.

The cyberattack, attributed to human error, forced M&S to suspend online sales and disrupted supply chain operations, including its Castle Donington distribution centre. The breach also compromised customer personal data and is expected to result in a £300 million hit to the company’s profit.

April marked the beginning of a multi-month recovery process, with M&S confirming by May that the breach involved a supply chain partner. By June, the financial and operational damage became clear, with limited online services restored and key features like click-and-collect still unavailable.

The e-commerce platform in Great Britain is now partially operational, but services such as next-day delivery remain offline. Machin stated that recovery is progressing steadily, with the goal of full functionality within weeks.

Julius Cerniauskas, CEO of web intelligence firm Oxylabs, highlighted the growing risks of social engineering in cyber incidents. He noted that while technical defences are improving, attackers continue to exploit human vulnerabilities to gain access.

Cerniauskas described the planned recovery timeline as a ‘solid achievement’ but warned that long-term reputational effects could persist. ‘It’s not a question of if you’ll be targeted – but when,’ he said, urging firms to bolster both human and technical resilience.

Executive pay may also be impacted by the incident. According to the Evening Standard, chairman Archie Norman said incentive compensation would reflect any related performance shortfalls. Norman added that systems are gradually returning online and progress is being made each week.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Police investigate rising crypto-related crimes in Russia

Police in St. Petersburg have dismantled an illegal crypto mining farm operating near Mitrofanievsky Highway. The facility caused around 10 million rubles ($127,873) in damage to the city’s power grid.

Dozens of mining rigs and tampered meters were seized from the unmanned warehouse.

Authorities believe the farm spanned several hundred square metres and was powered through a nearby substation. A manhunt is under way for those responsible.

Meanwhile, the Ministry of Internal Affairs has warned of a new scam using foreign call centres. Fraudsters pose as trading experts and convince victims to invest in crypto after fake training sessions.

Once trust is gained, scammers take control of victims’ accounts and transfer funds to their own wallets. The warning follows the sentencing of influencer Valeria Fedyakina, known as Bitmama, for a $21 million crypto fraud.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!