Daylila

Cybersecurity · Sunday, 12 July 2026

01 · Briefing · what happened

5,800 arrests, $293 million seized — 97 countries ran one anti-scam operation at once

Cybersecurity 4 min 6 sources

Interpol's Operation First Light shows what defense against borderless fraud looks like when nations pool their evidence — plus a week of ransomware insiders jailed and a 15-year-old flaw quietly fixed.

Key takeaways

  • Interpol's Operation First Light booked more than 5,800 arrests and seized $293 million across 97 countries, showing that borderless fraud is only caught when nations pool their evidence.
  • Three US ransomware insiders — including a negotiator who betrayed his own clients to the BlackCat gang — were sentenced this week, closing cases that opened years ago.
  • A 15-year-old Linux flaw was found and patched before harm, with researchers paid $92,337 to report it — the reward system that turns potential attackers into defenders.

For a beat that usually reads like a run of bad news, this week had a different shape: the people chasing cybercrime did the catching. A global fraud operation booked thousands of arrests, three ransomware insiders headed to prison, and a flaw that hid in Linux for 15 years got closed with a reward, not a breach.

A coordinated bust across 97 countries

Interpol, the international police-coordination body, said on Thursday that a three-month operation ending in late April led to more than 5,800 arrests and $293 million seized [1]. The campaign, called Operation First Light, targeted social-engineering scams — the kind that trick a person into sending money or handing over a login — and the money-laundering networks that move the proceeds [1].

The numbers give a sense of the scale. Police identified more than 142,000 victims, including people, businesses and governments, and analysed over 152,800 cases of cybercrime across the 97 countries taking part [1]. The scam types ran from business email compromise — where a fraudster impersonates a supplier or boss to redirect a payment — to romance and sextortion schemes [1].

The framing from Interpol matters as much as the total. “No nation can stay safe unless all countries are equipped and committed to jointly fighting back,” said Tomonobu Kaya, who runs Interpol’s financial-crime centre [1]. Social-engineering scams work by crossing borders — hosted in one country, run from a second, cashed out through a third — so no single police force ever sees the whole operation. This week’s result came from many of them putting their fragments on one table.

The slow machinery of consequences

Three separate US cases this week landed prison time on people who worked inside the ransomware economy.

The starkest was an insider betrayal. Angelo Martino, 41, a former ransomware negotiator in Florida, was sentenced to 70 months for secretly working with the BlackCat/Alphv gang while he was paid to help victims [2][3]. Ransomware is malware that locks an organisation’s files until it pays; a negotiator is the specialist a victim hires to talk the attackers down. Martino did the opposite — he fed the gang his own clients’ negotiating limits and insurance details so they could squeeze the maximum ransom, prosecutors said [3]. He was one of three security professionals charged over the scheme; the other two, from Texas and Georgia, each got four years earlier this spring [3]. Authorities seized about $10 million in assets from Martino, including cryptocurrency, vehicles and a fishing boat [3].

Separately, Karen Vardanyan, a 34-year-old Armenian national extradited to the US, pleaded guilty to a run of Ryuk ransomware attacks in 2019 and 2020 [4]. His group took in more than $15 million in ransom payments; he agreed to pay about $1.2 million in restitution and faces up to 15 years [4][6]. These cases move slowly — the crimes are years old — but they close the loop that a breach opens.

A 15-year-old flaw, fixed the good way

Not every important story is an attack. Researchers at Nebula Security disclosed a Linux flaw, nicknamed GhostLock, that had sat in the operating system’s core since 2011 and could let an attacker gain full control of a machine [5]. Linux runs most of the world’s servers, so the reach was wide.

Here’s the part worth noticing: it was found and fixed before anyone is known to have used it against real targets. The flaw was patched in April, and the researchers earned a $92,337 reward through Google’s bug-bounty programme — money paid to people who report flaws instead of selling them [5]. A bug bounty turns the incentive around: the same skill that could break in gets rewarded for reporting the way out. If you run a device that updates automatically, the fix likely reached you without your ever knowing the hole was there.

What it means for you

None of these wins removes the everyday risk. Social-engineering scams work on anyone, and the 142,000 victims counted this week are proof that “I’d never fall for it” is optimistic. The practical takeaways are the plain ones: treat any unexpected message that pushes you to move money or share a code as suspicious, verify it through a channel you chose yourself, and keep your devices set to update automatically — that GhostLock patch only helps the people who install it.

02 · Lesson · why it matters

Why no country can be safe from fraud alone

A scam that runs across three borders can only be caught by police who reach across them too — and even then, no single force ever sees the whole board.

Start with the strange shape of the number

Ninety-seven countries. That is the detail to sit with, not the 5,800 arrests. One arrest is a police story. Ninety-seven countries acting inside a single operation is a different kind of thing — it is the shape of the problem showing through the shape of the answer. You do not build a machine that big unless the thing you are chasing is that spread out.

The scam did not require ninety-seven countries because it was enormous. It required them because it was distributed — one operation whose parts sat in different places on purpose.

The scammer’s real edge is the seam

A modern fraud is rarely in one country. The phishing message goes out from a server in one place. The fake company that receives the money is registered in a second. The mule accounts that break up the cash sit in a third. The person running it may be in a fourth. Each piece, on its own, looks small and local.

That is not sloppiness. It is the design. Spread across borders, the operation hands each national police force only a fragment — a suspicious server, an odd company, a few accounts. No one of them holds enough to see a crime, let alone prove one. The scammer’s advantage is not cleverness. It is the seam between one legal system and the next.

The seam is built, not natural

It is easy to treat borders as a fact of nature, like weather. They are not. They are an arrangement people made, and the arrangement has a specific asymmetry the fraudster lives inside.

Money and messages cross borders in milliseconds. Evidence, arrest warrants, and testimony do not — they move at the speed of treaties, translated paperwork, and a foreign court’s willingness to help. So the same border that means nothing to a wire transfer means everything to the detective trying to follow it. That gap is not an accident of the criminal’s making; it is the ordinary structure of a world divided into nations, and it quietly serves whoever chooses to live in the gap.

The win is not a smarter detective — it is a shared table

Notice what actually cracked the case. Not a genius investigator. A table. Ninety-seven countries each brought their fragment — the server, the company, the accounts, the cash-out — and only when the fragments sat together did a whole operation become visible.

“No nation can stay safe unless all countries are equipped and committed to jointly fighting back,” Interpol’s financial-crime director put it. Read plainly, that is not a slogan. It is a description of the geometry. Against an adversary who wins by being spread out, the only defense that reaches all of it is one that is spread out too — and willing to pool what each part sees.

You are already inside this web

It is tempting to file this under crime-and-police and step back. But the 142,000 victims counted this week were not a category. They were people who got a message that looked real, and businesses that paid an invoice that looked ordinary. The mule accounts that laundered the money were, in many cases, ordinary people’s accounts, borrowed or tricked into service.

Your bank, your inbox, your small business sit in the same network. When a scam is stopped before it reaches you, it is often because some other country shared what it saw with yours — a cooperation you never watched happen and will never get a bill for. You benefit from a table you were never at.

Hold the win loosely

So it is worth resisting the clean feeling of “the good guys won.” They won a round, and the round was real. But look at what the win required and it turns humbler. Each of the ninety-seven only ever saw its own slice. The whole picture did not exist in any one capital — it existed only for the brief moment they all put their pieces down together, and even now no single seat can hold all of it.

That is the quiet lesson under the arrests. A problem built out of gaps is not solved by anyone being smarter about their own patch. It is held at bay, for a while, by people deciding to reach across the gaps they did not make — knowing they will each only ever see a corner of what they are up against.

03 · Lab · your turn

Dismantle the Ring

Rehearse why a scam split across borders only falls when every country pools its piece — and rebuilds when one holds back.

04 · Hope · carry this

A scam that hides in the gaps between nations is also quiet proof of the opposite — that people in ninety-seven countries can still decide to reach across those gaps together, and when they do, the thing that looked untouchable comes apart in a single week.

Across the beats