A Brighton tradesman lost £75,000 to a fake bitcoin scheme that used a deepfake video of Martin Lewis and Elon Musk. The kitchen fitter, Des Healey, shared his experience on BBC Radio 5 Live, revealing how AI manipulated Martin’s voice and image to create a convincing endorsement. Des admitted he was lured by the promise of quick returns but later realised the devastating scam had emptied his life savings and forced him into debt.
He explained that the fraudsters, posing as financial experts, gained his trust through personalised calls and apparent success in his fake investment account. Encouraged to invest more, he took out £70,000 in loans across four lenders. Only when his son raised concerns about suspicious details, such as background music on calls, did Des begin to suspect foul play and approach the police.
Martin Lewis, Britain’s most impersonated celebrity in scams, described meeting Des as emotionally challenging. He commended Des for bravely sharing his ordeal to warn others. Martin emphasised that scams prey on urgency and secrecy, urging people to pause and verify before sharing personal or financial details.
Although two banks cancelled loans taken by Des, he still owes £26,000 including interest. Des expressed gratitude for the chance to warn others and praised Martin Lewis for his continued efforts to fight fraud. Meanwhile, Revolut reaffirmed its commitment to combating cybercrime, acknowledging the challenges posed by sophisticated scammers.
According to Morgan Adamski, executive director of US Cyber Command, Chinese hackers are embedding themselves in US critical infrastructure IT networks to prepare for a potential conflict with the United States. He announced that China-linked cyber operations aim to secure strategic advantages in the event of a major clash.
These operations involve compromising key networks and positioning themselves to execute disruptive attacks. Examples include manipulating heating, ventilation, and air conditioning (HVAC) systems in server rooms or disrupting vital energy and water controls, officials said earlier this year.
Speaking at the Cyberwarcon security conference in Arlington, Virginia, Adamski emphasised the scale of the threat, noting that the US government has launched globally coordinated efforts to counter these operations. These efforts include offensive and defensive measures designed to degrade and disrupt China’s cyber activities worldwide. Actions range from exposing cyber campaigns to imposing sanctions and issuing cybersecurity advisories, with support from allied nations.
Earlier, US Senator Mark Warner described a suspected China-linked cyberespionage campaign, dubbed ‘Salt Typhoon,’ as the worst telecommunications hack in US history. Beijing has repeatedly denied conducting cyberattacks on US entities.
Italy is ramping up its fight against cybercrime with a draft decree aimed at tackling unauthorised access to sensitive computer systems. The move follows high-profile breaches, including incidents involving state and financial databases, prompting urgent government action. The legislation, which will be discussed by the cabinet on 25 November 2024, focuses on systems critical to military, public safety, health, and civil protection.
The draft gives Italy’s chief anti-mafia prosecutor expanded authority to oversee investigations into cases of extortion linked to data breaches. This comes on the heels of several arrests tied to illicit access to state systems, with dozens more under investigation, including individuals connected to prominent figures like Leonardo Maria Del Vecchio.
Separately, authorities in Bari are probing a potential breach at Italy‘s largest bank, Intesa Sanpaolo, which may have compromised Prime Minister Giorgia Meloni’s account. These incidents underscore the urgency of the proposed crackdown as Italy seeks to safeguard its digital infrastructure.
US authorities have revealed a massive cyberattack on American telecommunications networks, describing it as the ‘worst telecom hack in our nation’s history.’ Linked to Chinese hackers, the breach targeted multiple telecom companies and allowed the interception of surveillance data meant for US law enforcement. According to a joint FBI and CISA statement, the hackers accessed sensitive call records and communications, particularly involving individuals in government and political roles.
The attack also raised alarms after reports suggested telephones belonging to Donald Trump, JD Vance, and other high-profile political figures were compromised. Senator Mark Warner, chairman of the Senate Intelligence Committee, warned that China’s long-term efforts to infiltrate global telecom systems pose a grave security risk. Hackers reportedly managed to listen to phone calls and read text messages, going beyond what the Biden administration has publicly acknowledged.
China has consistently denied allegations of hacking foreign systems, and its embassy in Washington declined to comment on the latest claims. Warner criticised the lack of sufficient safeguards, stating, “The barn door is still wide open,” as concerns over US telecom infrastructure security intensify.
US federal authorities have broken up a significant cryptocurrency-based money laundering operation tied to international drug cartels. Nine individuals have been indicted in Florida for conspiring to launder money and running an unlicensed money-transmitting business, following a multi-agency investigation.
The network, active between 2020 and 2023, reportedly moved illicit funds from the US to drug cartels in Mexico and Colombia. Participants allegedly used cryptocurrencies, including mixers and black-market exchanges, to obscure transactions. Some acted as couriers, transporting cash across US cities before converting it into crypto.
Cryptocurrencies have increasingly been exploited for laundering cartel funds, leveraging their global reach and transaction anonymity. Authorities noted a rise in such schemes using crypto exchanges and shell companies to disguise illegal activities.
This case adds to a growing list of crypto-related laundering incidents, including a 2021 case involving $4 million in cartel funds and other operations tied to major crypto platforms. Regulators worldwide are intensifying efforts to tackle these abuses, emphasising the need for stricter oversight.
South Korean police have confirmed that hackers linked to North Korea’s military intelligence agency were behind a 2019 Ethereum cryptocurrency theft valued at 58 billion won ($41.5 million at the time). Hackers infiltrated a crypto exchange and stole 342,000 Ethereum tokens, which are now worth over 1.4 trillion won ($1 billion).
The stolen funds were laundered through three hacker-controlled crypto exchanges and 51 other platforms, according to South Korea’s National Police Agency. While the exchange targeted was not officially named, South Korea-based Upbit had reported a similar transfer to an unidentified wallet during the incident. The investigation, conducted with the FBI, used IP address analysis and asset tracking to trace the theft to groups reportedly tied to North Korea’s Reconnaissance General Bureau.
This marks the first confirmed instance of North Korean hackers targeting a South Korean crypto exchange. Previously, a UN report linked North Korea to nearly $3.6 billion in crypto heists from 2017 to 2024. South Korean investigators recovered a small fraction of the stolen assets, equivalent to 600 million won, which were returned to the exchange. North Korea denies involvement in such activities despite mounting evidence to the contrary.
Former Binance CEO Changpeng Zhao has alerted the crypto community about a new exploit targeting Intel-based Mac users, which could expose their digital assets. Zhao urged users to immediately patch their systems to protect sensitive data, following the discovery of zero-day vulnerabilities on 19 November. These vulnerabilities also affect iPhones and iPads, prompting Apple to release emergency fixes.
The flaws, tracked as CVE-2024-44308 and CVE-2024-44309, allow hackers to exploit JavaScriptCore and WebKit components on macOS Sequoia. This could lead to cross-site scripting attacks, where attackers inject malicious code into trusted websites, enabling them to steal sensitive information and hijack user sessions.
Despite Apple’s strong security reputation, users have been at risk from several high-profile exploits this year. Previous attacks have included crypto-focused malware and vulnerabilities in Apple’s iMessage framework. With hackers exploiting these flaws, crypto users must stay vigilant and update their systems to safeguard their digital assets.
South Korean authorities have officially confirmed that North Korean hacker groups Lazarus and Andariel orchestrated the infamous $50 million cryptocurrency heist from the Upbit exchange in 2019. The stolen 342,000 Ether (ETH), worth around $147 per coin at the time, has soared in value and is now estimated to be worth over $1 billion due to recent market surges.
The investigation, conducted by South Korea’s National Office of Investigation, tracked crypto flows, IP addresses, and linguistic patterns, with support from the US Federal Bureau of Investigation, to pinpoint North Korea’s involvement. It is the first time South Korea has directly tied a cryptocurrency attack to the reclusive nation, a significant breakthrough in cybercrime investigations.
Meanwhile, the probe into Upbit continues after allegations of weak Know Your Customer measures. Regulators flagged over 600,000 potential violations, including acceptance of unclear identification documents, which could lead to hefty fines and regulatory challenges for the exchange.
Five individuals, alleged members of the hacking group Scattered Spider, face criminal charges in the US. Prosecutors accuse the group of orchestrating phishing schemes to steal sensitive data and cryptocurrency. Victims include at least 12 companies from industries such as gaming and telecommunications, alongside individual cryptocurrency holders.
The suspects, aged in their teens or 20s during the offences, allegedly deceived employees into sharing login details through fraudulent messages. These actions enabled them to access corporate systems and drain millions from personal accounts. The group’s notoriety grew following high-profile hacks of casino operators in 2023, though connections to those incidents remain unclear.
Officials claim Scattered Spider operates as a loose collective of cybercriminals, often collaborating temporarily for specific crimes. Industry experts have long called for stronger enforcement against such groups. Recent arrests signal intensified efforts, with cybersecurity professionals warning young hackers of severe consequences if caught.
The defendants, including individuals from Scotland, Texas, and North Carolina, face charges of conspiracy, identity theft, and wire fraud. Arrests have taken place in the US and Spain, with extradition proceedings underway. Investigations continue as authorities pursue other suspected members of the group.
Germany‘s Federal Court of Justice (BGH) has ruled that Facebook users affected by data breaches in 2018 and 2019 are entitled to compensation, even without proving financial losses. The court determined that the loss of control over personal data is sufficient grounds for damages, marking a significant step in data protection law.
The case stems from a 2021 breach involving Facebook’s friend search feature, where third parties accessed user accounts by exploiting phone number guesses. Lower courts in Cologne previously dismissed compensation claims, but the BGH ordered a re-examination, suggesting around €100 in damages could be awarded per user without proof of financial harm.
Meta, Facebook’s parent company, has resisted compensation, arguing that users did not suffer concrete damages. A spokesperson for Meta described the ruling as inconsistent with recent European Court of Justice decisions and noted that similar claims have been dismissed by German courts in thousands of cases. The breach reportedly impacted around six million users in Germany.
The court also instructed a review of Facebook’s terms of use, questioning whether they were transparent and whether user consent for data handling was voluntary. The decision adds pressure on companies to strengthen data protection measures and could set a precedent for future claims across Europe.
