#FactCheck - AI Artwork Misattributed: Mahendra Singh Dhoni Sand Sculptures Exposed as AI-Generated

Introduction

Cyber financial offences in India have experienced an alarming surge both in terms of frequency and complexity. Be it phishing attacks or organised fraud syndicates, the nation has been facing a spurt in online financial threats, which leave the victims at their mercy because of procedural lags on the part of law enforcement agencies. To counter this, the Government of India has stepped up measures to create a Cyber-Secure Bharat, focusing on speedy resolution, accountability, and digital empowerment. A key move in this direction is the introduction of the e-Zero FIR initiative, brought forth by the Ministry of Home Affairs (MHA) with Union Home Minister Amit Shah at the helm. This newly developed digital-first system is expected to revolutionise the way cyber financial crimes, particularly those that result in high monetary losses, are handled and investigated.

What Is the e-Zero FIR Initiative?

The e-Zero FIR program is a technology-based platform that enables the automated registration of Zero FIRs for value cyber financial crimes. Led by the Indian Cybercrime Coordination Centre (I4C), Ministry of Home Affairs, the programme is now piloted in Delhi and aims to fill a pressing lacuna: the time lag involved in transitioning cybercrime complaints to First Information Reports (FIRs).

Complaints of financial frauds worth more than ₹10 lakh, reported through the National Cybercrime Reporting Portal (NCRP) or helpline number 1930, will be automatically turned into e-Zero FIRs under this scheme. Such electronic FIRs are directed to the e-Crime Police Station in Delhi, regardless of jurisdiction, and then relayed to the corresponding territorial cybercrime unit. Complainants can visit the cybercrime Police Station within 3 days and get the Zero FIR converted into a regular FIR.

Key Features of the Initiative

1. Pilot Implementation in Delhi

Launched as a pilot project in Delhi, it will later serve as the first use case for the national rollout. The success of the pilot will determine its implementation in other states and Union Territories.

2. Seamless Digital Integration

The project provides strong back-end integration between:

• NCRP (National Cybercrime Reporting Portal)
• e-FIR System (Delhi Police)
• CCTNS (Crime and Criminal Tracking Network & Systems – NCRB)

This integrated model enables complaints to pass smoothly between platforms and agencies.

3. Zero FIR Auto-Registration and Routing

Now, for complaints lodged through 1930 or the National Cyber Crime Reporting Portal related to financial losses exceeding the threshold of ₹10 lakh, the system will automatically register a Zero FIR to the e-Crime Police Station of Delhi and then route it to the concerned territorial cybercrime police station, triggering immediate case processing.

4. Victim-Centric Conversion Mechanism

Complainants are given 3 days from the time of filing to physically report to the police station and transform the e-Zero FIR into a conventional regular FIR under Section 173 (1) and 1(ii) of the newly enacted Bhartiya Nagrik Suraksha Sanhita (BNSS). This ensures legal redress is quicker and easier.

Impact and Significance: The CyberPeace View

The e-Zero FIR system is a significant change in India's cybercrime enforcement, offering quicker response times and improved recovery opportunities. Cyber fraud reported within the "golden hour" can boost recovery levels of financial fraud. The system also eliminates jurisdictional barriers and procedural bottlenecks, making it more victim-friendly. Union Home Minister Amit Shah emphasised the initiative's alignment with Prime Minister Narendra Modi's vision of a digitally resilient India. The system is a scalable national model of tech-based policing supported by organised digital workflows. The initiative allows for real-time analysis of fraud graphs and detection of fraud syndicates through identification and device-based clustering. This is a step towards more automated, context-aware cyber policing, focusing on AI, identity graphs, and velocity to prevent crimes. The system is a step towards a next-generation cyber law enforcement strategy, focusing on AI, identity graphs, and velocity.

Conclusion

The roll-out of the e-Zero FIR program is a turning point in India's battle against cybercrime. By marrying automation with inter-agency coordination and easy-to-use mechanisms, the government has eradicated one of the major stumbling blocks for victims, the delay in taking legal action. Though its pilot phase targets high-value financial frauds in Delhi, its potential for having a countrywide impact is vast. With digital transactions on the upswing and frauds getting more cunning, efforts like these are the key to making a safe, responsive, and victim-centric cyber environment. CyberPeace commends and welcomes this important move towards establishing a Cyber-Secure Bharat, wherein all citizens can make digital transactions with confidence.

References

• https://www.pib.gov.in/PressReleasePage.aspx?PRID=2129715
• https://www.mha.gov.in/en
• https://cybercrime.gov.in/
• https://www.ncrb.gov.in/
• https://economictimes.indiatimes.com/wealth/save/new-e-zero-fir-govt-launches-pilot-for-swift-action-against-cybercrimes-how-it-can-help-you/articleshow/121314437.cms?from=mdr

‍

Introduction

DDoS – Distributed Denial of Service Attack is one of the cyber-attacks which has been evolving at the fastest pace,  the new technologies have created a blanket of vulnerability for the victim which allows the cyber criminals to stay under the radar and keep launching small scale high intensity cyber attacks. A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.

Op Power Off

In a recent Operation by Law enforcement agencies known as Op Power Off, LEAs from United Kingdom, United States of America, Netherlands, Poland, and Germany joined hands to target the cybergroups committing such large-scale attacks which can paralyse the Internet become inaccessible for a large faction of netizens. The services collectively seized were by far the most popular DDoS booter services on the market, receiving top billing on search engines. One such service taken down had been used to carry out over 30 million attacks. As part of this action, seven administrators have been arrested so far in the United States and the United Kingdom, with further actions planned against the users of these illegal services.  International police cooperation was central to the success of this operation as the administrators, users, critical infrastructure, and victims were scattered across the world. Europol’s European Cybercrime Centre coordinated the activities in Europe through its Joint Cybercrime Action Taskforce (J-CAT).

Participating Authorities

• United States: US Department of Justice (US DOJ), Federal Bureau of Investigation (FBI)
• United Kingdom: National Crime Agency (NCA)
• The Netherlands: National High Tech Crime Unit Landelijke Eenheid, Cybercrime team Midden-Nederland, Cybercrime team Noord-Holland and Cybercrime team Den Haag
• Germany: Federal Criminal Police Office (Bundeskriminalamt), Hanover Police Department (Polizeidirektion Hannover), Public Prosecutor’s Office Verden (Staatsanwaltschaft Verden)
• Poland: National Police Cybercrime Bureau (Biuro do Walki z Cyber-przestępczością)

Issue related to DDoS Attacks

DDoS booter services have effectively lowered the entry barrier into cybercrime: for a fee as low as EUR 10, any low-skilled individual can launch DDoS attacks with the click of a button, knocking offline whole websites and networks by barraging them with traffic.  The damage they can do to victims can be considerable, crippling businesses financially and depriving people of essential services offered by banks, government institutions, and police forces. Emboldened by perceived anonymity, many young IT enthusiasts get involved in this seemingly low-level crime, unaware of the consequences that such online activities can carry. The influence of toolkits available on the dark net has made it easier for criminals to commit such crimes and at times even get away with it as well.

‍Recent examples of DDoS Attacks

• In February 2020, Amazon Web Services (AWS) suffered a DDoS attack sophisticated enough to keep its incident response teams occupied for several days also affecting customers worldwide.
• In February 2021, the EXMO Cryptocurrency exchange fell victim to a DDoS attack that rendered the organization inoperable for almost five hours.
• Recently, Australia experienced a significant, sustained, state-sponsored DDoS attack.
• Belgium also became a victim of a DDoS attack that targeted the country’s parliament, police services, and universities.

DDoS vs. DoS Attacks: What’s the Difference?

It’s important to avoid confusing a DDoS (distributed denial of service) attack with a DoS (denial of service) attack. Although only one word separates the two, these attacks vary significantly in nature.

• Strictly defined, a typical DDoS attack manipulates many distributed network devices between the attacker and the victim into waging an unwitting attack, exploiting legitimate behavior.
• A traditional DoS attack doesn’t use multiple, distributed devices, nor does it focus on devices between the attacker and the organization. These attacks also tend not to use multiple internet devices.

Conclusion

In this era of cyberspace, it is of paramount importance to maintain digital safety and security equivalent to physical safety, the cybercriminals will not stop at anything and can stoop to any level to target netizens and critical infrastructures in order to commit ransomware and malware attacks. As we can see DDoS-ing is taken seriously by law enforcement, at all levels of users, and are on the radar of law enforcement, be it a gamer booting out the competition out of a video game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain.

Introduction

The information of hundreds of thousands of Indians who received the COVID vaccine was Leaked in a significant data breach and posted on a Telegram channel. Numerous reports claim that sensitive information, including a person’s phone number, gender, ID card details, and date of birth, leaked over Telegram. It could be obtained by typing a person’s name into a Telegram bot.

What really happened?

The records pertaining to the mobile number registered in the CoWin portal are accessible on the Malayalam news website channel. It is also feasible to determine which vaccination was given and where it was given.

According to The Report, the list of individuals whose data was exposed includes BJP Tamil Nadu president K Annamalai, Congress MP Karti Chidambaram, and former BJP union minister for health Harsh Vardhan. Telangana’s minister of information and communication technology, Kalvakuntla Taraka Rama Rao, is also on the list.

MEITY stated in response to the data leak, “It is old data, we are still confirming it. We have requested a report on the matter.

After the media Report, the bot was disabled, but experts said the incident raised severe issues because the information might be used for identity theft, phishing emails, con games, and extortion calls. The Indian Computer Emergency Response Team (CERT-In), the government’s nodal body, has opened an investigation into the situation

The central government declared the data breach reports regarding the repository of beneficiaries against Covid to be “mischievous in nature” on Monday and claimed the ‘bot’ that purportedly accessed the confidential data was not directly accessing the CoWIN database.

According to the first complaint by CERT-In, the government’s cybersecurity division, the government claimed the bot might be displaying information from “previously stolen data.” Reports.

The health ministry refuted the claim, asserting that no bots could access the information without first verifying with a one-time password.

“It is made clear that all of these rumours are false and malicious. The health ministry’s CoWIN interface is entirely secure and has sufficient data privacy protections. The security of the data on the CoWIN portal is being ensured in every way possible, according to a statement from the health ministry.

Meity said the CoWin program or database was not directly compromised, and the shared information appeared to be taken from a previous intrusion. But the hack again highlights the growing danger of cyber assaults, particularly on official websites.‍

Recent cases of data leak

Dominos India 2021– Dominos India, a division of Jubilant FoodWorks, faced a cyberattack on May 22, 2021, which led to the disclosure of information from 180 million orders. The breach exposed order information, email addresses, phone numbers, and credit card information. Although Jubilant FoodWorks acknowledged a security breach, it refuted any illegal access to financial data.

Air India – A cyberattack that affected Air India in May 2021 exposed the personal information of about 4.5 million customers globally. Personal information recorded between August 26, 2011, and February 3, 2021, including names, dates of birth, contact information, passport information, ticket details, frequent flyer information from Star Alliance and Air India, and credit card information, were exposed in the breach.

Bigbasket – BigBasket, an online supermarket, had a data breach in November 2020, compromising the personal information of approximately 20 million consumers. Email IDs, password hashes, PINs, phone numbers, addresses, dates of birth, localities, and IP addresses were among the information released from an insecure database containing over 15 GB of customer data. BigBasket admitted to the incident and reported it to the Bengaluru Cyber Crime Department.

Unacademy – Unacademy, an online learning platform, experienced a data breach in May 2020, compromising the email addresses of approximately 11 million subscribers. While no sensitive information, such as financial data or passwords, was compromised, user data, including IDs, passwords, date joined, last login date, email IDs, names, and user credentials, was. The breach was detected when user accounts were uncovered for sale on the dark web.

2022 Card Data- Cybersecurity researchers from AI-driven Singapore-based CloudSEK found a threat actor offering a database of 1.2 million cards for free on a Dark Web forum for crimes on October 12, 2022. This came after a second problem involving 7.9 million cardholder records that were reported on the BidenCash website. This comprised information pertaining to State Bank of India (SBI) clients. And other well-known companies were among those targeted in high-profile data breach cases that have surfaced in recent years.

Conclusion

Data breach cases are increasing daily, and attackers are mainly attacking the healthcare sectors and health details as they can easily find personal details. This recent CoWIN case has compromised thousands of people’s data. The All-India Institute of Medical Sciences’ systems were compromised by hackers a few months ago. Over 95% of adults have had their vaccinations, according to the most recent data, even if the precise number of persons impacted by the CoWin privacy breach could not be determined.