Cybercrime

AI reshapes cybercrime investigations in India

Maharashtra police are expanding the use of an AI-powered investigation platform developed with Microsoft to tackle the rapid growth of cybercrime.

MahaCrimeOS AI, already in use across Nagpur district, will now be deployed to more than 1,100 police stations statewide, significantly accelerating case handling and investigation workflows.

The system acts as an investigation copilot, automating complaint intake, evidence extraction and legal documentation across multiple languages.

Officers can analyse transaction trails, request data from banks and telecom providers and follow standardised investigation pathways, instead of relying on slow manual processes.

Built using Microsoft Foundry and Azure OpenAI Service, MahaCrimeOS AI integrates policing protocols, criminal law references and open-source intelligence.

Investigators report major efficiency gains, handling several cases monthly where only one was previously possible, while maintaining procedural accuracy and accountability.

The initiative highlights how responsible AI deployment can strengthen public institutions.

By reducing administrative burden and improving investigative capacity, the platform allows officers to focus on victim support and crime resolution, marking a broader shift toward AI-assisted governance in India.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

UNODC and INTERPOL announce Global Fraud Summit in 2026

The United Nations Office on Drugs and Crime (UNODC), in cooperation with the International Criminal Police Organization (INTERPOL), will convene the Global Fraud Summit 2026 at the Vienna International Centre, Austria, from 16 to 17 March 2026.

UNODC and INTERPOL invite applications for participation from private sector entities, civil society organisations, and academic institutions. Applications must be submitted by 12 December 2025.

The Summit will provide a platform for discussion on current trends, risks, and responses related to fraud, including its digital and cross-border dimensions. Discussions will address challenges associated with detection, investigation, prevention, and international cooperation in fraud-related cases.

The objectives of the Summit include:

  • Facilitating coordination among national and international stakeholders
  • Supporting information exchange across sectors and jurisdictions
  • Sharing policy, operational, and technical approaches to fraud prevention and response
  • Identifying areas for further cooperation and capacity-building

The ministerial-level meeting will bring together senior representatives from governments, international and regional organisations, law enforcement authorities, the private sector, academia, and civil society. Participating institutions are encouraged to nominate delegates at an appropriate senior level.

The Summit is supported by a financial contribution from the Government of the United Kingdom of Great Britain and Northern Ireland.

Applications must be submitted through the application at the official website.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

International Criminal Court (ICC) issues policy on cyber-enabled crimes

The Office of the Prosecutor (OTP) of the International Criminal Court (ICC) has issued a Policy on Cyber-Enabled Crimes under the Rome Statute. The Policy sets out how the OTP interprets and applies the existing ICC legal framework to conduct that is committed or facilitated through digital and cyber means.

The Policy clarifies that the ICC’s jurisdiction remains limited to crimes defined in the Rome Statute: genocide, crimes against humanity, war crimes, the crime of aggression, and offences against the administration of justice. It does not extend to ordinary cybercrimes under domestic law, such as hacking, fraud, or identity theft, unless such conduct forms part of or facilitates one of the crimes within the Court’s jurisdiction.

According to the Policy, the Rome Statute is technology-neutral. This means that the legal assessment of conduct depends on whether the elements of a crime are met, rather than on the specific tools or technologies used.

As a result, cyber means may be relevant both to the commission of Rome Statute crimes and to the collection and assessment of evidence related to them.

The Policy outlines how cyber-enabled conduct may relate to each category of crimes under the Rome Statute. Examples include cyber operations affecting essential civilian services, the use of digital platforms to incite or coordinate violence, cyber activities causing indiscriminate effects in armed conflict, cyber operations linked to inter-State uses of force, and digital interference with evidence, witnesses, or judicial proceedings before the ICC.

The Policy was developed through consultations with internal and external legal and technical experts, including the OTP’s Special Adviser on Cyber-Enabled Crimes, Professor Marko Milanović. It does not modify or expand the ICC’s jurisdiction, which remains governed exclusively by the Rome Statute.

Currently, there are no publicly known ICC cases focused specifically on cyber-enabled crimes. However, the issuance of the Policy reflects the OTP’s assessment that digital conduct may increasingly be relevant to the commission, facilitation, and proof of crimes within the Court’s mandate.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Underground AI tools marketed for hacking raise alarms among cybersecurity experts

Cybersecurity researchers say cybercriminals are turning to a growing underground market of customised large language models designed to support low-level hacking tasks.

A new report from Palo Alto Networks’ Unit 42 describes how dark web forums promote jailbroken, open-source and bespoke AI models as hacking assistants or dual-use penetration testing tools, often sold via monthly or annual subscriptions.

Some appear to be repurposed commercial models trained on malware datasets and maintained by active online communities.

These models help users scan for vulnerabilities, write scripts, encrypt or exfiltrate data and generate exploit or phishing code, tasks that can support both attackers and defenders.

Unit 42’s Andy Piazza compared them to earlier dual-use tools, such as Metasploit and Cobalt Strike, which were developed for security testing but are now widely abused by criminal groups. He warned that AI now plays a similar role, lowering the expertise needed to launch attacks.

One example is a new version of WormGPT, a jailbroken LLM that resurfaced on underground forums in September after first appearing in 2023.

The updated ‘WormGPT 4’ is marketed as an unrestricted hacking assistant, with lifetime access reportedly starting at around $220 and an option to buy the complete source code. Researchers say it signals a shift from simple jailbreaks to commercialised, specialised tools that train AI for cybercrime.

Another model, KawaiiGPT, is available for free on GitHub and brands itself as a playful ‘cyber pentesting’ companion while generating malicious content.

Unit 42 calls it an entry-level but effective malicious LLM, with a casual, friendly style that masks its purpose. Around 500 contributors support and update the project, making it easier for non-experts to use.

Piazza noted that internal tests suggest much of the malware generated by these tools remains detectable and less advanced than code seen in some recent AI-assisted campaigns. The wider concern, he said, is that such models make hacking more accessible by translating technical knowledge into simple prompts.

Users no longer need to know jargon like ‘lateral movement’ and can instead ask everyday questions, such as how to find other systems on a network, and receive ready-made scripts.

Would you like to learn more about AI, tech and digital diplomacyIf so, ask our Diplo chatbot!

Police warn of scammers posing as AFP officers in crypto fraud

Cybercriminals are exploiting Australia’s national cybercrime reporting platform, ReportCyber, to trick people into handing over cryptocurrency. The AFP-led Joint Policing Cybercrime Coordination Centre (JPC3) warns scammers are posing as police and using stolen data to file fake reports.

In one recent case, a victim was contacted by someone posing as an AFP officer and informed that their details had been found in a data breach linked to cryptocurrency. The impersonator provided an official reference number, which appeared genuine when checked on the ReportCyber portal.

A second caller, pretending to be from a crypto platform, then urged the target to transfer funds to a so-called ‘Cold Storage’ account. The victim realised the deception and ended the call before losing money.

Detective Superintendent Marie Andersson said the scam’s sophistication lay in its false sense of legitimacy and urgency. Criminals verify personal data and act quickly to pressure victims, she explained. However, growing awareness within the community has helped authorities detect such scams sooner.

Authorities are reminding the public that legitimate officers will never request access to wallets, bank accounts, or seed phrases. Australians should remain cautious, verify unexpected calls, and report any suspicious activity through official channels.

The AFP reaffirmed that ReportCyber remains a safe platform for genuine reports and continues to be a vital tool in tracking and preventing cybercrime nationwide.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Inside the rise and fall of a cybercrime kingpin

Ukrainian hacker Vyacheslav Penchukov, once known online as ‘Tank’, climbed from gaming forums in Donetsk to the top of the global cybercrime scene. As leader of the notorious Jabber Zeus and later Evil Corp affiliates, he helped steal tens of millions from banks, charities and businesses around the world while remaining on the FBI Most Wanted list for nearly a decade.

After years on the run, he was dramatically arrested in Switzerland in 2022 and is now serving time in a Colorado prison. In a rare interview, Penchukov revealed how cybercrime evolved from simple bank theft to organised ransomware targeting hospitals and major corporations. He admits paranoia became his constant companion, as betrayal within hacker circles led to his downfall.

Today, the former cyber kingpin spends his sentence studying languages and reflecting on the empire he built and lost. While he shows little remorse for his victims, his story offers a rare glimpse into the hidden networks that fuel global hacking and the blurred line between ambition and destruction.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Bank Indonesia reports over 370 million cyber threat attempts in 2024

Bank Indonesia (BI) has reported more than 370 million attempted cyber threats targeting the country, highlighting the growing exposure linked to Indonesia’s rapid digital transformation.

The central bank also noted a 25% increase in anomalous cyber traffic in 2024 compared to the previous year. Deputy Governor Filianingsih Hendarta stated that the rise in cyber activity underscores the need for all stakeholders to remain vigilant as Indonesia continues to develop its digital infrastructure.

She also added that public trust is essential to sustaining a resilient digital ecosystem, as trust takes a long time to build and can be lost in to moment.

To strengthen cybersecurity and prepare for continued digitalisation, BI has developed the Indonesian Payment System Blueprint (BSPI) 2030, a strategic framework intended to enhance institutional collaboration and reinforce the security of the national payment system.

BI data shows that internet penetration in Indonesia has reached 80.66%, equivalent to approximately 229 million people, surpassing the global average of 68.7% (around 6.66 billion people worldwide).

Filianingsih also emphasised that strengthening digital infrastructure requires cross-sectoral and international cooperation, given the global and rapidly evolving nature of cyber threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Major crypto fraud network dismantled across Europe

European authorities have dismantled one of the continent’s largest cryptocurrency fraud and money laundering schemes, arresting nine suspects across Cyprus, Spain, and Germany. The network allegedly defrauded hundreds of investors through fake crypto platforms, stealing over €600 million.

The scammers reportedly created websites that mimicked legitimate trading platforms, luring victims through social media, cold calls, and fabricated celebrity endorsements. Once deposits were made, the funds were laundered through blockchain technology, making recovery nearly impossible.

During the operation, investigators seized €800,000 in bank accounts, €415,000 in cryptocurrencies, €300,000 in cash, and luxury watches worth over €100,000. Authorities stated that several properties linked to the network remain under evaluation as investigations continue.

French prosecutors said the suspects face fraud and money laundering charges, carrying sentences of up to ten years. The case underscores the growing cross-border nature of crypto-related crime, with Eurojust’s coordination proving key to dismantling the network.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

AUSTRAC cracks down on crypto ATM money laundering risks

Australia’s financial crime regulator, AUSTRAC, has fined crypto ATM operator Cryptolink $56,340 for failing to report large cash transactions on time. The regulator also ordered the company to improve its anti-money laundering (AML) and counterterrorism financing (CTF) controls.

AUSTRAC’s Crypto Taskforce identified weaknesses in Cryptolink’s risk assessments and reporting controls, raising concerns about the misuse of crypto ATMs by criminals.

According to AUSTRAC CEO Brendan Thomas, crypto ATMs remain one of the highest-risk channels for money laundering in Australia, often used to launder scam proceeds. He emphasised that operators must take stronger action to prevent criminal exploitation of the sector.

As part of the undertaking, Cryptolink must appoint independent reviewers to assess its compliance systems and validate all large cash transaction reports. Cryptolink must report its remedial progress to AUSTRAC by March 2026, having paid the fine without admitting liability.

Findings from AUSTRAC’s taskforce revealed that 85% of transactions made by the 90 most frequent ATM users were linked to scams or money mule schemes. Authorities will keep monitoring high-risk operators to improve oversight and protect consumers from crypto-related crimes.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

AI-driven cybercrime rises across Asia

Cybersecurity experts met in Dubai for the World Economic Forum’s Annual Global Future Councils and Cybersecurity meetings. More than 500 participants, including 150 top cybersecurity leaders, discussed how emerging technologies such as AI are reshaping digital security.

UAE officials highlighted the importance of resilience, trust and secure infrastructure as fundamental to future prosperity. Sessions examined how geopolitical shifts and technological advances are changing the cyber landscape and stressed the need for coordinated global action.

AI-driven cybercrime is rising sharply in Japan, with criminals exploiting advanced technology to scale attacks and target data. Recent incidents include a cyber attack on Asahi Breweries, which temporarily halted production at its domestic factories.

Authorities are calling for stronger cross-border collaboration and improved cybersecurity measures, while Japan’s new Prime Minister, Sanae Takaichi, pledged to enhance cooperation on AI and cybersecurity with regional partners.

Significant global developments include the signing of the first UN cybercrime treaty by 65 nations in Viet Nam, establishing a framework for international cooperation, rapid-response networks and stronger legal protections.

High-profile cyber incidents in the UK, including attacks on Jaguar Land Rover and a nursery chain, have highlighted the growing economic and social costs of cybercrime. These events are prompting calls for businesses to prioritise cyber resilience.

Experts warn that technology is evolving faster than cyber defences, leaving small businesses and less developed regions highly vulnerable. Integrating AI, automation and proactive security strategies is seen as essential to protect organizations and ensure global digital stability.

Cyber resilience is increasingly recognised not just as an IT issue but as a strategic imperative for economic and national security.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot