Cybersecurity

Criminals exploit weak mail security in new fraud surge

Check washing fraud is making a worrying comeback in the US, fuelled by both AI-powered identity theft and lax mail security. Criminals are intercepting posted cheques, erasing original details using chemicals, and rewriting them for higher amounts or different recipients.

The rise in such fraud, often unnoticed until the money is long gone, is prompting experts to warn the public to take immediate preventative steps. Reports show a sharp increase in cheque-related scams, with US financial institutions flagging over 665,000 suspicious cases in 2023 alone.

Organised crime groups are now blending traditional cheque theft with modern techniques, such as AI-generated identities and forged digital images. The fraudsters are also using mobile deposits, phishing emails, and business email compromise to trick individuals and companies into transferring funds.

For added protection, individuals and businesses are advised to invest in fraud monitoring, use cheques with security features, and report any suspicious activity without delay. With losses running into hundreds of millions, the growing threat of cheque washing shows no signs of slowing down.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

ENISA unveils cyber stress testing handbook to strengthen critical infrastructure resilience under NIS2

The European Union Agency for Cybersecurity (ENISA) has released a Handbook for Cyber Stress Testing to support national and sectoral authorities in assessing the cybersecurity and resilience of critical infrastructure, in line with the NIS2 Directive. The guidance is intended for use at the national, regional, and EU levels and complements regulatory frameworks such as the Digital Operational Resilience Act (DORA) and the Critical Entities Resilience (CER) directive.

Cyber stress tests are defined as targeted assessments of an organisation’s capacity to maintain critical services during and after significant cybersecurity incidents. The handbook outlines five main steps for organising these tests:

  1. Defining scope and objectives – identifying relevant sectors, entities, risk scenarios, and test goals;
  2. Designing the test – developing methodologies, resilience metrics, and timelines;
  3. Executing the test – engaging participants and providing guidance;
  4. Conducting a gap analysis – identifying key findings and resilience gaps;
  5. Concluding and follow-up – compiling lessons learned and formulating recommendations.

The structured process enables authorities to evaluate both organizational preparedness and systemic sectoral risks. Practical recommendations are provided for each step, and an example from the health sector illustrates potential applications.

Authorities may use cyber stress tests to inform national risk assessments, prepare for cyber exercises, identify sector-wide vulnerabilities, and support supervisory planning. Tests can also serve as a basis for dialogue between regulators and operators.

While audits and certifications remain standard supervisory tools, stress tests offer an additional method tailored to specific risk scenarios. Depending on sector maturity and regulatory context, authorities may adopt either a voluntary or more prescriptive approach to testing. ENISA recommends clearly communicating the scope, purpose, and use of test results in advance.

Cyber stress tests can be conducted at national, regional, or EU-wide levels. National-level exercises are typically overseen by authorities responsible for specific critical sectors, either broadly assessing sector maturity or focusing on selected entities. Cooperation with sectoral regulators—such as those in finance or civil protection—can enhance the design and implementation of tests.

Regional and EU-wide stress tests, though more complex to coordinate, may be suited to sectors with cross-border dependencies. Recent examples include joint efforts in the energy and financial sectors, coordinated by the European Commission and the European Central Bank. EU funding through the Digital Europe Programme is available to support such initiatives, including development of common tools and methodologies.

In parallel, ENISA has launched the European Vulnerability Database (EUVD), mandated under NIS2. The EUVD is a centralised, authoritative source of publicly available vulnerability information, supporting coordination among national CSIRTs, vendors, and regulators.

The Handbook for Cyber Stress Testing contributes to broader efforts to strengthen risk-informed cybersecurity oversight across the EU and encourages the consistent integration of cyber stress testing into national and sectoral supervisory practices.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Lawmakers discuss reported temporary pause in US offensive cyber operations against Russia

During a recent House Armed Services cyber subcommittee hearing, Chair Rep. Don Bacon (R-Neb.) stated that the U.S. Department of Defense briefly paused offensive cyber operations against Russia following a directive from Defense Secretary Pete Hegseth in late February. Bacon noted that the pause lasted one day and described it as consistent with broader policy aims.

Rep. Eugene Vindman (D-Va.) referenced an anonymous DOD rapid response account statement that disputed the claim, calling it ‘at least misleading.’ Deputy Assistant Secretary of Defence for Cyber Policy Laurie Buckhout did not confirm or deny the reports but stated that multiple elements are involved in cyber operations targeting Russia.

The hearing also included bipartisan concerns regarding the recent dismissal of National Security Agency and US Cyber Command Director Timothy Haugh, particularly in light of cyber threats facing US critical infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Netherlands expands espionage laws to include cyber activities

The Dutch government has adopted new legislation expanding the scope of its espionage laws to include digital espionage and other activities carried out on behalf of foreign states that may harm Dutch national interests. The updated law complements existing provisions that criminalise the disclosure of state secrets by adding penalties for leaking sensitive, but not classified, information and for conducting harmful activities linked to foreign entities.

Under the revised legal framework, penalties for computer-related offenses associated with espionage have been increased. Individuals found guilty of such offenses could face up to eight years in prison, or up to twelve years in particularly severe cases.

Netherlands Justice and Security Minister David van Weel stated that the measures aim to enhance national resilience against foreign threats.

In parallel, the government is moving forward with plans to implement vetting procedures for researchers and students seeking access to sensitive technologies at Dutch academic institutions. This follows growing concern over foreign interest in strategic research, particularly from China, as noted by Dutch intelligence services.

In recent assessments, Dutch authorities have reported both Chinese cyber activities targeting intellectual property and Russian state-linked attempts to disrupt national infrastructure. Incidents include reported efforts to infiltrate institutions based in The Hague, such as the International Criminal Court and the Organisation for the Prohibition of Chemical Weapons.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UAE’s EDGE Group unveils AI Accelerator to power defence and tech

EDGE Group, a global leader in advanced technology and defence, has launched the Group AI Accelerator, a new Centre of Excellence (COE) focused on accelerating AI-driven innovation across its portfolio and facilities.

The initiative is part of EDGE’s broader strategy to support the UAE’s ambitions of becoming a high-tech global hub.

The Group AI Accelerator will develop and integrate AI projects to enhance core engineering capabilities and business services. It will also incubate UAE talent and advance the country’s knowledge-based economy.

Dr. Chaouki Kasmi, EDGE’s President of Technology & Innovation, said the initiative will ‘enable the prompt adoption of AI technologies’ and foster ‘positive disruption’ across key programmes.

Overseen by EDGE’s Technology & Innovation Cluster, the COE will be guided by a steering committee of local and global experts. Engineering and business excellence working groups will lead AI skunkworks projects, R&D in machine learning, and digital transformation efforts.

EDGE’s latest move builds on its commitment to operational excellence and positions the UAE at the forefront of AI and Industry 4.0 development.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Integrity concerns prompt MIT to reject AI innovation study

MIT has called for the withdrawal of a high-profile research paper examining the effects of AI on scientific discovery and innovation, citing concerns over data integrity and validity.

The paper, titled Artificial Intelligence, Scientific Discovery, and Product Innovation, was authored by a now-former doctoral student and claimed AI tools boosted discoveries and patents but reduced researcher satisfaction.

Though praised by renowned economists Daron Acemoglu and David Autor upon its release, both now say they have ‘no confidence’ in the data or findings. Their reversal follows concerns raised by an external computer scientist, prompting an internal MIT review.

While MIT has not disclosed full details due to student privacy laws, it confirmed the author is no longer affiliated with the university. The school is requesting the paper’s withdrawal from The Quarterly Journal of Economics and preprint server arXiv, although the author has yet to initiate removal.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

OpenAI, G42 plan world’s largest AI data facility

OpenAI is reportedly set to become the anchor tenant in a 5-gigawatt data centre project in Abu Dhabi, part of what could become one of the largest AI infrastructure builds globally, according to Bloomberg.

The facility, spanning approximately 10 square miles, is being developed by UAE-based tech firm G42 as part of OpenAI’s broader Stargate initiative, a joint venture announced with SoftBank and Oracle to establish high-capacity AI data centres worldwide.

While OpenAI’s first Stargate facility in Texas is projected to reach 1.2 gigawatts, the Abu Dhabi project would more than quadruple that. The planned scale would consume power equivalent to five nuclear reactors.

OpenAI and G42 have collaborated since 2023 to accelerate AI adoption in the Middle East. The partnership has sparked concerns among US officials, particularly around G42’s past ties to Chinese firms, including Huawei and BGI.

G42 has since pledged to divest from China and shift its focus. In early 2024, Microsoft invested $1.5 billion in G42, and company president Brad Smith joined its board, reinforcing US–UAE tech ties. An official statement from OpenAI on the project is still pending.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Uber is ready for driverless taxis in the UK

Uber says it is fully prepared to launch driverless taxis in the UK, but the government has pushed back its timeline for approving fully autonomous vehicles.

The previous 2026 target has been shifted to the second half of 2027, despite rapid developments in self-driving technology already being trialled on British roads.

Currently, limited self-driving systems are legal so long as a human remains behind the wheel and responsible for the car.

Uber, which already runs robotaxis in the US and parts of Asia, is working with 18 tech firms—including UK-based Wayve—to expand the service. Wayve’s AI-driven vehicles were recently tested in central London, managing traffic, pedestrians and roadworks with no driver intervention.

Uber’s Andrew Macdonald said the technology is ready now, but regulatory support is still catching up. The government insists legislation will come in 2027 and is exploring short-term trials in the meantime.

Macdonald acknowledged safety concerns, noting incidents abroad, but argued autonomous vehicles could eventually prove safer than human drivers, based on early US data.

Beyond technology, the shift raises big questions around insurance, liability and jobs. The government sees a £42 billion industry with tens of thousands of new roles, but unions warn of social impacts for professional drivers.

Still, Uber sees a future where fewer people even bother to learn how to drive, because AI will do it for them.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Why ITU’s legacy still shapes our digital world

On 17 May 1865, 20 European countries came together to create the International Telecommunication Union (ITU), a response to the tedious and inefficient telegraph system that required messages to be rewritten at every border. This practical move—born not from idealism but necessity—paved the way for a global communications framework that continues to underpin today’s digital world.

From the first bilateral agreements to modern platforms like Instagram and AI tools like ChatGPT, the same core principle remains: international cooperation is essential to seamless communication. Despite revolutionary advances in technology, diplomacy has changed slowly.

Yet ITU’s mission—to balance national interests with shared global connectivity—has remained constant. For instance, debates over digital privacy and cybersecurity today echo those from the 19th century over telegraph regulation.

Even as US policies toward multilateralism shift, its consistent support for the ITU showcases how diplomacy can maintain continuity across centuries of change. As Jovan Kurbalija notes in his recent blog post, understanding this long arc of diplomatic history is essential for making sense of today’s tech governance debates.

Crises often trigger breakthroughs in multilateral governance. The Titanic disaster, for example, catalysed swift international regulation of radio communication after years of stagnation. In our interconnected AI-driven era, similar ‘Titanic moments’ could once again force urgent global agreements.

That is especially pressing as technology continues to reshape power structures, favouring innovators and standard-setters, and reviving the age-old race between digital ‘haves’ and ‘have-nots.’

Why does it matter?

ITU’s 160-year legacy is a testament to the endurance of diplomacy amid technological disruption. While tools evolve—from telegraphs to AI—the diplomatic mission to resolve conflicts and foster cooperation remains unchanged. The story of ITU, as Kurbalija reflects, is not just about commemorating the past, but recognising the urgent need for global cooperation in shaping our digital future.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Hong Kong breaks up cross-border crypto laundering ring

Hong Kong authorities have busted a cross-border crypto laundering network that processed around HK$118 million (US$15 million) in illicit funds. The crackdown led to a dozen arrests amid efforts to stop people from monetising personal banking credentials.

Raids led by the Commercial Crime Bureau on Thursday detained nine men and three women aged between 20 and 40 across several districts. Officials seized HK$1.05 million in cash, over 560 bank cards, multiple devices, and financial documents.

Investigators found the network had recruited mainland Chinese citizens since mid-2023 to open fraudulent bank accounts in Hong Kong. These accounts were used to channel criminal proceeds from scams, with cash withdrawn and converted into cryptocurrency.

Two Hong Kong residents were arrested as primary organisers, alongside ten mainland Chinese nationals who served as account fronts. The operation reportedly used more than 550 domestic bank accounts to launder about HK$118 million.

So far, authorities have linked HK$10 million of the laundered money to 58 fraud cases. Victims reported losses totalling HK$43.2 million. The network operated from a Mong Kok apartment, where recruits stayed while processing fraudulent transfers.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot