#FactCheck - "Deep fake Falsely Claimed as a photo of Arvind Kejriwal welcoming Elon Musk when he visited India to discuss Delhi’s administrative policies.”

Introduction

The Pahalgam terror attack, which took place on April 22, 2025, was a tragic incident that shook the nation. The National Investigation Agency (NIA) formally took over the Pahalgam terrorist attack case on Sunday, April 27, 2025. Following India's strikes on Pakistan, tensions between the two countries have heightened, leading to concerns about potential escalation, including the risk of cyber attacks and the spread of misinformation that could further complicate the situation.  It is crucial for corporations, critical sectors, and all netizens in India to stay proactive and vigilant against cyber attacks, while also being cautious of the risks of misinformation. This includes protecting themselves from being affected and avoiding the inadvertent or deliberate spread of false information.

Be Careful with the Information You Consume and Share

It is crucial to note that the Press Information Bureau (PIB) has alerted citizens to stay cautious of fake narratives being circulated by Pakistani handles. Through an official fact check, PIB debunked several misleading claims aimed at undermining India’s internal stability and security forces. Citizens are urged to verify any suspicious content via PIB Fact Check before sharing it further. As social media becomes a hub for viral content, netizens must be cautious about the information they consume and share. Misleading information, old videos, false claims, and misinformation flood the platform, making it essential to be mindful of the content you consume and share, as spreading unverified content can have severe consequences.

CyberPeace Recommends Following Crucial Cyber Safety Tips to Stay Vigilant Against Potential Digital Threats:

‍

• Do not open/download any video file you receive in social media groups or from unknown sources.
• As per several media reports, a video file named "Dance of the Hilary" is being circulated, which may be intended for a cyber attack on India. Please refrain from clicking, downloading, or sharing any such file. Additionally, there are reports of suspicious files circulating on WhatsApp, including tasksche.exe, OperationSindoor.ppt, and OperationSindhu.pptx. Do not download or open any of these files, as they may pose a serious cyber threat. 
• To receive accurate alerts, you can enable government notifications on your iPhone. Go to Settings > Notifications and scroll down to Government Alerts. Make sure all the toggles under Government Alerts are turned on. This will allow you to receive timely information and important alerts from government agencies, and your device will display critical notifications to keep you informed and safe.
• Turn off automatic media download in WhatsApp to reduce the risk of downloading potentially harmful files.
• To protect your privacy, disable location services on apps like WhatsApp, Instagram, Snapchat, and X unless absolutely necessary.
• Refrain from sharing sensitive information like government data, confidential details, or personal records on unsecured devices or networks.
• To avoid misinformation and manipulation during conflict, verifying and cross-checking the news before sharing it with anyone is crucial. Stay updated with official news updates, and be cautious while sharing information.

Conclusion

In times of heightened tensions, all of us need to stay vigilant, protect our digital spaces, and verify the information we encounter. Together, we can safeguard ourselves from cyber threats and misinformation, ensuring the safety, stability, and digital security of our nation. As proud citizens, let us unite to protect both our physical and digital well-being.

References

• https://www.thehindu.com/news/national/pakistan-has-unleashed-propaganda-machine-in-response-to-successful-operation-sindoor-ib-ministry/article69549084.ece
• https://sambadenglish.com/national-international-news/india/centre-asks-people-to-stay-alert-against-misinformation-in-social-media-9048169
• https://www.youtube.com/watch?v=gLHo_Vd1_H0&t=19s

‍

Introduction

In an era where digital connectivity drives employment, investment, and communication, the most potent weapon of cybercriminals is ‘gaining trust’ with their sophisticated tactics. Prayagraj has been a recent battleground in India's cybercrime landscape. Within a one-year crackdown, over 10,400 SIM cards, 612 mobile device IMEIs, and 59 bank accounts were blocked, exposing a sprawling international fraud network. These activities primarily targeted unsuspecting individuals through Telegram job postings, fake investment tips, and mobile app scams, highlighting the darker side of convenience in cyberspace. With India now experiencing a wave of scams enabled by technology, this crackdown establishes a precedent for concerted cyber policing and awareness among citizens. 

Digital Deceit: How the Scams Operated

SIM cards that have been issued through fake or stolen identities are increasingly being used by cybercriminals in Prayagraj and elsewhere. These SIMs were the initial weapon in a highly organised fraud system, allowing criminals to conduct themselves anonymously while abusing messaging services like WhatsApp and Telegram. The gangs involved in these scams, some of which have been linked by reports to nations like Nepal, Pakistan, China, Dubai, and Myanmar, enticed their victims with rich-yielding stock market advice, remote employment offers, and weekend employment promises. After getting a target engaged, victims were slowly manipulated into sending money in the name of application fees, verification fees, or investment contributions.

API Abuse and OTP Interception

What's more alarming about these scams is their tech-savviness. From Prayagraj's cybercrime squad, several syndicates are reported to have employed API-based mobile applications to intercept OTPs (One-Time Passwords) sent to Indian numbers. Such apps, cleverly disguised as genuine services or work-from-home software, collected personal details like bank account credentials and payment card data, allowing wrongdoers to carry out unauthorised transactions in a matter of minutes. The pilfered funds were then quickly transferred through several mule accounts, rendering the money trail almost untraceable.

The Human Impact: How Citizens Were Trapped

Victims tended to come from job-hunting groups, students, or housewives seeking to earn additional income. Often, the scammers persuaded users to join Telegram channels providing free investment advice or job-referral-based schemes, creating an illusion of authenticity. Once on board, victims were sometimes even paid small commissions initially, creating a false sense of success. This tactic, known as “advance-fee confidence building,” made victims more likely to invest larger sums later, ultimately leading to complete financial loss.

Digital Arrest Threats and Bitcoin Ransom Scams

Aside from investment and job scam complaints, the cybercrime cell also saw several "digital arrest" scams, where victims were forced to send money under the threat of engaging in criminal activities. Bitcoin extortion schemes were also used in some cases, with perpetrators threatening exposure of victims' personal information or browsing history on the internet unless they were paid in cryptocurrency.

Law Enforcement’s Cyber Shield: Local Action, Global Impact

Identifying the extent of the threat, Prayagraj authorities implemented strategic measures to enable local policing. Cyber Units have been formed in each of the 43 police stations in the district, each made up of a sub-inspector, head constable, constable, lady constable, and computer operator. This decentralised model enables response in real-time, improved victim support, and quicker forensic analysis of hacked devices. The nodal officer for cyber operations said that this multi-level action is not punitive but preventive, meant to break syndicates before more harm is caused.

CyberPeace Recommendations: Prevention is Power

As cybercrime gets advanced, citizens will also have to keep pace with it. Prayagraj's experience highlights the importance of public awareness, digital literacy, and instant response processes. To assist in preventing people from falling victim to such scams, CyberPeace advises the following:

• Don't click on dubious APK links sent on WhatsApp or Telegram.
• Do not share OTPs or confidential details, even if the source appears to be familiar.
• Never download unfamiliar apps that demand access to SMS or financial information.
• Block your SIM card, payment cards, and bank accounts at once if your phone is stolen.
• Report all cyber frauds to cybercrime.gov.in or your local Cyber Cell.
• Never join investment or job groups on social sites without verification.
• Refuse video calls from unknown numbers; some scammers use this method of recording or blackmailing victims.

Conclusion

Prayagraj crackdown uncovers both the magnitude and versatility of cybercrime in the present. From trans-border cartels to Telegram job scams, the cyber front is as intricate as ever. But this incident also illustrates what can be achieved when technology, law enforcement, and public awareness come together. To stay safe from cyber threats, a cyber-conscious citizenry is as important as an effective cyber cell for India. At CyberPeace, we know that defending cyberspace begins with cyber resilience, and the story of Prayagraj should encourage communities everywhere to take active digital precautions. 

References

• https://www.hindustantimes.com/cities/lucknow-news/over-10k-sims-blocked-as-job-investment-frauds-rise-in-prayagraj-101753715061234.html
• https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
• https://faq.whatsapp.com/2286952358121083
• https://education.vikaspedia.in/viewcontent/education/digital-litercy/information-security/preventing-online-scams-cert-in-advisory?lgn=en
• https://cybercrime.gov.in/Accept.aspx
• https://www.linkedin.com/pulse/perils-advance-fee-fraud-protecting-yourself-from-scammers-sharma/

‍

Overview:

‘Kia Connect’ is the application that is used to connect ‘Kia’ cars which allows the user control various parameters of the vehicle through the application on his/her smartphone. The vulnerabilities found in most Kias built after 2013 with but little exception. Most of the risks are derived from a flawed API that deals with dealer relations and vehicle coordination. 

Technical Breakdown of Exploitation:

1. API Exploitation: The attack uses the vulnerabilities in Kia’s dealership network. The researchers also noticed that, for example, the logs generated while impersonating a dealer and registering on the Kia dealer portal would be sufficient for deriving access tokens needed for next steps.

2. Accessing Vehicle Information: The license plate number allowed the attackers to get the Vehicle Identification Number (VIN) number of their preferred car. This VIN can then be used to look up more information about the car and is an essential number to determine for the shared car.

3. Information Retrieval: Having the VIN number in hand, attackers can launch a number of requests to backends to pull more sensitive information about the car owner, including:

• Name
• Email address
• Phone number
• Geographical address

4. Modifying Account Access: With this information, attackers could change the accounts settings to make them a second user on the car, thus being hidden from the actual owner of the account.

5. Executing Remote Commands: Once again, it was discovered that attackers could remotely execute different commands on the vehicle, which includes:some text
   • Unlocking doors
   • Starting the engine
   • Monitoring the location of the vehicle in terms of position.
   • Honking the horn 

Technical Execution:

The researchers demonstrated that an attacker could execute a series of four requests to gain control over a Kia vehicle:

1. Generate Dealer Token: The attacker sends an HTTP request in order to create a dealer token.

2. Retrieve Owner Information: As indicated using the generated token, they make another request to another endpoint that returns the owner’s email address and phone number.

3. Modify Access Permissions: The attacker takes advantage of the leaked information (email address and VIN) of the owner to change between users accounts and make himself the second user.

4. Execute Commands: As the last one, they can send commands to perform actions on the operated vehicle.

Security Response and Precautionary Measures for Vehicle Owners

1. Regular Software Updates: Car owners must make sure their cars receive updates on the recent software updates provided by auto producers. 
2. Use Strong Passwords: The owners of Kia Connect accounts should develop specific and complex passwords for their accounts and then update them periodically. They should avoid using numbers like the birth dates, vehicle numbers and simple passwords.
3. Enable Multi-Factor Authentication: For security, vehicle owners should turn on the use of the secondary authentication when it is available to protect against unauthorized access to an account. 
4. Limit Personal Information Sharing: Owners of vehicles should be careful with the details that are connected with the account on their car, like the e-mail or telephone number, sharing them on social networks, for example.
5. Monitor Account Activity: It is also important to monitor the account activity because of change or access attempts that are unauthorized. In case of any abnormality or anything suspicious felt while using the car, report it to Kia customer support.
6. Educate Yourself on Vehicle Security: Being aware of cyber threats that are connected to vehicles and learning about how to safeguard a vehicle from such threats.
7. Consider Disabling Remote Features When Not Needed: If remote features are not needed,  then it is better to turn them off, and then turn them on again when needed. This can prove to help diminish the attack vector for would-be hackers.

Industry Implications:

The findings from this research underscore broader issues within automotive cybersecurity:

• Web Security Gaps: Most car manufacturers pay more attention to equipment running in automobiles instead of the safety of the websites that the car uses to operate thereby exposing automobiles that are connected very much to risks.

• Continued Risks: Vehicles become increasingly connected to internet technologies. Auto makers will have to carry cyber security measures in their cars in the future.

Conclusion:

The weaknesses found in Kia’s connected car system are a key concern for Automotive security. Since cars need web connections for core services, suppliers also face the problem of risks and need to create effective safeguards. Kia took immediate actions to tighten the safety after disclosure; however, new threats will emerge as this is a dynamic domain involving connected technology. With growing awareness of these risks, it is now important for car makers not only to put in proper security measures but also to maintain customer communication on how it safeguards their information and cars against cyber dangers. That being an incredibly rapid approach to advancements in automotive technology, the key to its safety is in our capacity to shield it from ever-present cyber threats.

Reference:

• https://timesofindia.indiatimes.com/auto/cars/hackers-could-unlock-your-kia-car-with-just-a-license-plate-is-yours-safe/articleshow/113837543.cms
• https://www.thedrive.com/news/hackers-found-millions-of-kias-could-be-tracked-controlled-with-just-a-plate-number
• https://www.securityweek.com/millions-of-kia-cars-were-vulnerable-to-remote-hacking-researchers/
• https://news24online.com/auto/kia-vehicles-hack-connected-car-cybersecurity-threat/346248/
• https://www.malwarebytes.com/blog/news/2024/09/millions-of-kia-vehicles-were-vulnerable-to-remote-attacks-with-just-a-license-plate-number
• https://informationsecuritybuzz.com/kia-vulnerability-enables-remote-acces/
• https://samcurry.net/hacking-kia

‍

‍