Cybercrime

FBI and Europol target cybercrime networks in global crackdown

A global law enforcement operation has shut down a series of cybercrime websites used for selling stolen data, pirated software, and hacking tools. The FBI and Europol coordinated the takedown as part of ‘Operation Talent’, targeting platforms associated with Cracked, Nulled, StarkRDP, Sellix, and MySellix.

Seizure notices appeared on the affected websites, and officials confirmed that information on customers and victims had also been obtained. Europol stated that further details would be released within 24 hours, while the FBI has not yet commented on the operation.

Reports suggest that the targeted sites played various roles in the cybercrime ecosystem, facilitating the trade of stolen login credentials, compromised credit card details, and video game cheats. A message in a Cracked Telegram channel acknowledged the seizure, with administrators expressing uncertainty over the next steps.

Authorities continue to investigate, with the crackdown highlighting ongoing efforts to disrupt cybercriminal networks. More updates are expected as officials analyse the seized data and determine potential follow-up actions.

US charges Russian-Israeli citizen over Lockbit ransomware

The United States has charged Rostislav Panev, a Russian-Israeli dual citizen, for his alleged role as a developer for the Lockbit ransomware group, which authorities describe as one of the world’s most destructive cybercrime operations. Panev, arrested in Israel in August, awaits extradition.

Lockbit, active since 2019, targeted over 2,500 victims across 120 countries, including critical infrastructure and businesses, extorting $500 million. Recent arrests, guilty pleas, and international law enforcement efforts have significantly disrupted the group’s activities.

Experts say law enforcement actions have tarnished Lockbit’s reputation, reducing its attacks and deterring affiliates. Authorities emphasise the importance of holding cybercriminals accountable.

Human rights concerns over UN Cybercrime Treaty raised at IGF 2024

A panel discussion at the Internet Governance Forum (IGF) raised serious concerns over the UN Cybercrime Treaty and its potential to undermine human rights. Experts from organisations such as Human Rights Watch and the Electronic Frontier Foundation criticised the treaty’s broad scope and lack of clear safeguards for individual freedoms. They warned that the treaty’s vague language, particularly around what constitutes a ‘serious crime,’ could empower authoritarian regimes to exploit its provisions for surveillance and repress dissent.

Speakers such as Joey Shea from Human Rights Watch and Lina al-Hathloul, a Saudi human rights defender, pointed out the risks posed by the treaty’s expansive investigative powers, which extend beyond cybercrimes to any crimes defined by domestic law. Flexibility like this one could force countries to assist in prosecuting acts that are not crimes within their own borders. They also highlighted the treaty’s weak privacy protections, which could jeopardise encryption standards and further harm cybersecurity researchers.

Deborah Brown from Human Rights Watch and Veridiana Alimonti of the Electronic Frontier Foundation shared examples from Saudi Arabia and Latin America, where existing cybercrime and anti-terrorism laws have already been used to target journalists and activists. The panelists expressed concern that the treaty could exacerbate these abuses globally, especially for cybersecurity professionals and civil society.

Fionnuala Ni Aolain, a former UN Special Rapporteur on counterterrorism and human rights, emphasised that the treaty’s provisions could lead to criminalising the vital work of cybersecurity researchers. She joined other experts in urging policymakers and industry leaders to resist ratification in its current form. They called for upcoming protocol negotiations to address these human rights gaps and for greater involvement of civil society voices to prevent the treaty from becoming a tool for transnational repression.

IGF 2024 addresses cybercrime laws in Africa and the Middle East

Discussions at the IGF 2024 in Riyadh shed light on growing challenges to freedom of expression in Africa and the Middle East. Experts from diverse organisations highlighted how restrictive cybercrime legislation and content regulation have been used to silence dissent, marginalise communities, and undermine democracy. Examples from Tunisia and Nigeria revealed how critics and activists often face criminalisation under these laws, fostering fear and self-censorship.

Panellists included Annelies Riezebos from the Dutch Ministry of Foreign Affairs, Jacqueline Rowe of the University of Edinburgh, Adeboye Adegoke from Paradigm Initiative, and Aymen Zaghdoudi of AccessNow. They discussed the negative effects of vague cybercrime regulations and overly broad restrictions on online speech, which frequently suppress political discourse. Maria Paz Canales from Global Partners Digital added that content governance frameworks need urgent reform to balance addressing online harms with protecting fundamental rights.

The speakers emphasised that authoritarian values are being enforced through legislation that criminalises disinformation and imposes ambiguous rules on online platforms. These measures, they argued, contribute to a deteriorating climate for free expression across the region. They also pointed out the need for online platforms to adopt responsible content moderation practices while resisting pressures to conform to repressive local laws.

Panellists proposed several strategies to counter these trends, including engaging with parliamentarians, building capacity among legal professionals, and ensuring civil society’s involvement during the early stages of policy development. The importance of international collaboration was underlined, with the UN Cybercrime Treaty cited as a key opportunity for collective advocacy against repressive measures.

Participants also stressed the urgency of increased representation of Global South organisations in global policy discussions. Flexible funding for civil society initiatives was described as essential for supporting grassroots efforts to defend digital rights. Such funding would enable local groups to challenge restrictive laws effectively and amplify their voices in international debates.

The event concluded with a call for multi-stakeholder approaches to internet governance. Collaborative efforts involving governments, civil society, and online platforms were deemed critical to safeguarding freedom of expression. The discussions underscored the pressing need to balance addressing legitimate online harms with protecting democratic values and the voices of vulnerable communities.

All transcripts from the Internet Governance Forum sessions can be found on dig.watch.

US sanctions UAE individuals and companies linked to North Korean illicit digital assets

The US Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on two individuals and a company based in the United Arab Emirates (UAE) for allegedly aiding North Korea’s use of digital assets in illegal activities.

The sanctions target Lu Huaying and Zhang Jian, along with Green Alpine Trading, LLC, a front company linked to a broader scheme of money laundering. These actions aim to disrupt a network that, according to US authorities, funnels millions of dollars to North Korea’s nuclear weapons and missile programs.

North Korea has a history of using digital assets and cybercrimes to fund its military efforts, employing IT workers and hackers to generate funds that are often obscured through complex laundering operations. The sanctions focus on Sim Hyon Sop, a representative of North Korea’s state-run Korea Kwangson Banking Corporation, who has been previously sanctioned. Sim is accused of using a mix of cryptocurrency cash-outs and money mules to move funds back to the regime for its military projects.

Under the new sanctions, any property owned by the designated individuals or entities in the US is blocked, and US citizens and companies are prohibited from engaging in transactions with them. Non-compliance could lead to further enforcement actions, even against those outside the US. The move reflects a coordinated effort with the UAE to combat North Korea’s destabilizing activities. It highlights the importance of international cooperation in tackling illicit financial networks that exploit new technologies, including cryptocurrencies.

Global fight against ransomware: collaboration is the key to resilience

Diplo is actively reporting from the 2024 Internet Governance Forum (IGF) in Riyadh, while the forum’s day one is still, and another essential panel of international experts shed light on the relentless rise of ransomware attacks and the global efforts to counter this growing cyber threat. Moderated by Jennifer Bachus of the US State Department, the session featured cybersecurity leaders Elizabeth Vish, Daniel Onyanyai, and Nils Steinhoff, who highlighted the scale of the crisis and the collaborative response through the Counter Ransomware Initiative (CRI).

Ransomware, described as ‘cybercrime as a service,’ has evolved from simple data encryption to complex extortion schemes targeting critical infrastructure worldwide. ‘Emerging markets are now increasingly in the crosshairs,’ noted Elizabeth Vish, pointing to growing vulnerabilities in developing economies that lack robust cybersecurity resources. With over $1.1 billion in crypto payments extracted by attackers in 2023 alone, ransomware continues to prove profitable, its impacts often crippling public services like hospitals and government institutions.

Established in 2021, the CRI is a coalition of nearly 70 nations dedicated to building collective cyber resilience. Operating under four pillars—policy development, capacity development, public-private partnerships, and the International Counter-Ransomware Task Force—the CRI offers platforms for real-time threat sharing, technical support, and global cooperation. Onyanyai emphasised the initiative’s mentorship model: ‘Advanced nations can guide less-prepared countries, ensuring no one faces this threat alone.’

Public-private cooperation emerged as a cornerstone of the fight. Vish stressed that private companies, often the first to detect attacks, ‘own critical infrastructure and can contribute threat intelligence and resilience strategies.’ Additionally, the role of cyber insurance was discussed as a tool for incentivising better cybersecurity hygiene while facilitating incident recovery.

The panellists underscored the need for collective preparation, emphasising proactive measures like multi-factor authentication and data backups. Vish coined the mantra: ‘Prepare, don’t pay.’ While CRI officially advocates a ‘no ransom’ stance, some countries still grapple with policies on payments.

The session concluded with a stark reminder: no country is immune to ransomware. Whether through emerging AI capabilities or evolving tactics, ransomware remains a persistent, global threat. As Jennifer Bachus aptly summarised: ‘Only through cooperation, capacity building, and resilience will we turn the tide against these cybercriminals.

All transcripts from the Internet Governance Forum sessions can be found on dig.watch.

Russian court hands life sentence to Hydra founder

The founder of Hydra, a notorious darknet marketplace and crypto mixing service has been sentenced to life in prison by a Russian court. Stanislav Moiseev and 15 accomplices were convicted of running a criminal network that handled over $5 billion in cryptocurrency transactions, while also producing and selling illegal drugs and psychotropic substances. Moiseev was also fined $38,100, with additional fines imposed on his accomplices.

Hydra, which was dismantled in 2022 by German authorities, accounted for 80% of all darknet-related cryptocurrency transactions at its peak. It sold stolen credit card data, counterfeit currencies, and fake identity documents. Despite its shutdown, Hydra’s criminal operations left a significant mark, with its user base reportedly including 17 million customers and 19,000 vendors.

The sentences include prison terms ranging from eight to 23 years for Moiseev’s accomplices, alongside the seizure of properties, vehicles, and nearly a ton of drugs. Russian officials have been investigating Hydra since 2016, but the convictions are subject to appeal.

Cambodia blocks Binance and Coinbase in crypto crackdown

Cambodia has taken a decisive step in regulating cryptocurrencies by blocking access to 16 exchange websites, including Binance, Coinbase, and OKX. The Telecommunication Regulator of Cambodia (TRC) enforced the block on platforms without licences from the country’s Securities and Exchange Regulator (SERC). While website access is restricted, mobile apps for these platforms remain operational.

This move aligns with Cambodia’s cautious approach to cryptocurrency, where only two entities operate under a regulatory sandbox. These licensed platforms are barred from facilitating exchanges between digital assets and fiat currencies, such as the Cambodian riel or US dollars. The restrictions follow concerns over the nation’s role in global crypto scams and cybercrime, often involving money laundering and illicit online gambling.

Despite these measures, Cambodia remains active in the global crypto market, ranking among the top 20 nations for retail crypto usage per capita. Statista projects that the country’s digital assets market will generate $8 million in revenue by 2024, although growth is expected to slow in subsequent years.

Interpol and South Korea lead operation, arresting over 5,500 cybercrime suspects

A coordinated global effort involving law enforcement from 40 countries has resulted in over 5,500 arrests and the seizure of more than $400 million in virtual and fiat currencies during Operation HAECHI V (July–November 2024).

The operation, led by INTERPOL and financially supported by South Korea, targeted seven major types of cyber-enabled fraud, including voice phishing, romance scams, investment fraud, and business email compromise schemes.

In one significant success, Korean and Chinese authorities dismantled a voice phishing network that defrauded over 1,900 victims of 1,511 billion KRW ($1.1 billion). The syndicate, which impersonated law enforcement and used fake IDs, saw 27 members arrested, with 19 facing formal charges.

INTERPOL issued a Purple Notice during the operation to warn member countries of a new cryptocurrency scam targeting stablecoin users. Known as the USDT Token Approval Scam, fraudsters lured victims with romance-based schemes, directing them to buy Tether stablecoins through legitimate platforms. Victims were then tricked into granting scammers full access to their cryptocurrency wallets through phishing links, allowing unauthorized fund transfers.

Operation HAECHI V also achieved record-breaking results, solving 8,309 cases—nearly double those from the previous year—and blocking 1,023 virtual asset service provider (VASP) accounts, a threefold increase from 2023.

HAECHI V participating countries, territories and regions: Albania, Argentina, Australia, Brunei, Cambodia, Canada, Cayman Islands (UK), China, France, Ghana, Hong Kong (China), India, Indonesia, Ireland, Japan, Korea, Kyrgyzstan, Laos, Liechtenstein, Macao (China), Malaysia, Maldives, Mauritius, Nigeria, Pakistan, Philippines, Poland, Portugal, Romania, Seychelles, Singapore, Slovenia, Spain, Sweden, Thailand, Timor Leste, United Arab Emirates, United Kingdom, United States, Viet Nam.

Italy targets cybercrime with tough new measures

Italy is ramping up its fight against cybercrime with a draft decree aimed at tackling unauthorised access to sensitive computer systems. The move follows high-profile breaches, including incidents involving state and financial databases, prompting urgent government action. The legislation, which will be discussed by the cabinet on 25 November 2024, focuses on systems critical to military, public safety, health, and civil protection.

The draft gives Italy’s chief anti-mafia prosecutor expanded authority to oversee investigations into cases of extortion linked to data breaches. This comes on the heels of several arrests tied to illicit access to state systems, with dozens more under investigation, including individuals connected to prominent figures like Leonardo Maria Del Vecchio.

Separately, authorities in Bari are probing a potential breach at Italy‘s largest bank, Intesa Sanpaolo, which may have compromised Prime Minister Giorgia Meloni’s account. These incidents underscore the urgency of the proposed crackdown as Italy seeks to safeguard its digital infrastructure.