#FactCheck - Old Japanese Earthquake Footage Falsely Linked to Tibet

Introduction 

Digitalization in India has been a transformative force, India is also marked as the second country in the world in terms of active internet users. With this adoption of digitalization and technology, the country is becoming a digitally empowered society and knowledge-based economy. However, the number of cyber crimes in the country has also seen a massive spike recently with the sophisticated cyber attacks and manipulative techniques being used by cybercriminals to lure innocent individuals and businesses. 

As per recent reports, over 740,000 cybercrime cases were reported to the I4C, in the first four months of 2024, which raises serious concern on the growing nature of cyber crimes in the country. Recently Prime Minister Modi in his Mann Ki Baat address, cautioned the public about a particular rising cyber scam known as ‘digital arrest’ and highlighted the seriousness of the issue and urged people to be aware and alert about such scams to counter them. The government has been keen on making efforts to reduce and combat cyber crimes by introducing new measures and strengthening the regulatory landscape governing cyberspace in India.

Indian Cyber Crime Coordination Centre  

Indian Cybercrime Coordination Centre (I4C) was established by the Ministry of Home Affairs  (MHA) to provide a framework and eco-system for law enforcement agencies (LEAs) to deal with cybercrime in a coordinated and comprehensive manner. I4C handles the ‘National Cyber Crime Reporting Portal’ (https://cybercrime.gov.in) and the 1930 Cyber Crime Helpline. Recently at the Indian Cyber Crime Coordination Centre (I4C) Foundation Day celebration, Union Home Minister Amit Shah launched the Cyber Fraud Mitigation Centre (CFMC), Samanvay platform (Joint Cybercrime Investigation Facilitation System), 'Cyber Commandos' program and Online Suspect Registry as efforts to combat the cyber crimes, establish cyber resilence and awareness and strengthening capabilities of law enforcement agencies.

Regulatory landscape Governing Cyber Crimes 

Information Technology Act, 2000 (IT Act) and the rules made therein, the Intermediary Guidelines, Digital Personal Data Protection Act, 2023 and Bhartiya Nyay Sanhita, 2023 are the major legislation in India governing Cyber Laws.  

CyberPeace Recommendations

There has been an alarming uptick in cybercrimes in the country highlighting the need for proactive approaches to counter these emerging threats. The government should prioritise its efforts by introducing robust policies and technical measures to reduce cybercrime in the country. The law enforcement agencies' capabilities must be strengthened with advanced technologies to deal with cyber crimes especially considering the growing sophisticated nature of cyber crime tactics used by cyber criminals. 

The netizens must be aware of the manipulative tactics used by cyber criminals to target them. Social media companies must also implement robust measures on their respective platforms to counter and prevent cyber crimes. Coordinated approaches by all relevant authorities, including law enforcement, cybersecurity agencies, and regulatory bodies, along with increased awareness and proactive engagement by netizens, can significantly reduce cyber threats and online criminal activities. 

References

• https://www.statista.com/statistics/1499739/india-cyber-crime-cases-reported-to-i4c/#:~:text=Cyber%20crime%20cases%20registered%20by%20I4C%20India%202019%2D2024&text=Over%20740%2C000%20cases%20of%20cyber,related%20to%20online%20financial%20fraud
• https://www.deccanherald.com/india/parliament-panel-to-examine-probe-agencies-efforts-to-tackle-cyber-crime-illegal-immigration-3270314
• https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2003158

‍

Introduction

In the intricate maze of our interconnected world, an unseen adversary conducts its operations with a stealth almost poetic in its sinister intent. This adversary — malware — has extended its tendrils into the digital sanctuaries of Mac users, long perceived as immune to such invasive threats. Our narrative today does not deal with the physical and tangible frontlines we are accustomed to; this is a modern tale of espionage, nestled in the zeros and ones of cyberspace.

The Mac platform, cradled within the fortifications of Apple's walled garden ecosystem, has stood as a beacon of resilience amidst the relentless onslaught of cyber threats. However, this sense of imperviousness has been shaken at its core, heralding a paradigm shift. A new threat lies in wait, bridging the gap between perceived security and uncomfortable vulnerability.

The seemingly invincible Mac OS X, long heralded for its robust security features and impervious resilience to virus attacks, faces an undercurrent of siege tactics from hackers driven by a relentless pursuit for control. This narrative is not about the front-and-centre warfare we see so often reported in media headlines. Instead, it veils itself within the actions of users as benign as the download of pirated software from the murky depths of warez websites.  

The Incident 

The casual act, born out of innocence or economic necessity, to sidestep the financial requisites of licensed software, has become the unwitting point of compromised security. Users find themselves on the battlefield, one that overshadows the significance of its physical counterpart with its capacity for surreptitious harm. The Mac's seeming invulnerability is its Achilles' heel, as the wariness against potential threats has been eroded by the myth of its impregnability.

The architecture of this silent assault is not one of brute force but of guile. Cyber marauders finesse their way through the defenses with a diversified arsenal; pirated content is but a smokescreen behind which trojans lie in ambush. The very appeal of free access to premium applications is turned against the user, opening a rift that permits these malevolent forces to ingress.

The trojans that permeate the defenses of the Mac ecosystem are architects of chaos. They surreptitiously enrol devices into armies of sorts – botnets which, unbeknownst to their hosts, become conduits for wider assaults on privacy and security. These machines, now soldiers in an unconsented war, are puppeteered to distribute further malware, carry out phishing tactics, and breach the sanctity of secure data.

The Trojan of Mac 

A recent exposé by the renowned cybersecurity firm Kaspersky has shone a spotlight on this burgeoning threat. The meticulous investigation conducted in April of this year unveiled a nefarious campaign, engineered to exploit the complacency among Mac users. This operation facilitates the sale of proxy access, linking previously unassailable devices to the infrastructure of cybercriminal networks.

This revelation cannot be overstated in its importance. It illustrates with disturbing clarity the evolution and sophistication of modern malware campaigns. The threat landscape is not stagnant but ever-shifting, adapting with both cunning and opportunity.

Kaspersky's diligence in dissecting this threat detected nearly three dozen popular applications, and tools relied upon by individuals and businesses alike for a multitude of tasks. These apps, now weaponised, span a gamut of functionalities - image editing and enhancement, video compression, data recovery, and network scanning among them. Each one, once a benign asset to productivity, is twisted into a lurking danger, imbued with the power to betray its user.   

The duplicity of the trojan is shrouded in mimicry; it disguises its malicious intent under the guise of 'WindowServer,' a legitimate system process intrinsic to the macOS. Its camouflage is reinforced by an innocuously named file, 'GoogleHelperUpdater.plist' — a moniker engineered to evade suspicion and blend seamlessly with benign processes affiliated with familiar applications.

Mode of Operation 

Its mode of operation, insidious in its stealth, utilises the Transmission Control Protocol(TCP) and User Datagram Protocol(UDP) networking protocols. This modus operandi allows it to masquerade as a benign proxy. The full scope of its potential commands, however, eludes our grasp, a testament to the shadowy domain from which these threats emerge.  

The reach of this trojan does not cease at the periphery of Mac's operating system; it harbours ambitions that transcend platforms. Windows and Android ecosystems, too, find themselves under the scrutiny of this burgeoning threat.

This chapter in the ongoing saga of cybersecurity is more than a cautionary tale; it is a clarion call for vigilance. The war being waged within the circuits and code of our devices underscores an inescapable truth: complacency is the ally of the cybercriminal.

Safety measures and best practices

It is imperative to safeguard the Mac system from harmful intruders, which are constantly evolving. Few measures can play a crucial role in protecting your data in your Mac systems.

• Refrain from Unlicensed Software - Refrain from accessing and downloading pirated software. Plenty of software serves as a decoy for malware which remains dormant till downloaded files are executed.  

• Use Trusted Source: Downloading files from legitimate and trusted sources can significantly reduce the threat of any unsolicited files or malware making its way into your Mac system. 

• Regular system updates: Regular updates to systems released by the company ensure the latest patches are installed in the system critical to combat and neutralize emerging threats. 

• General Awareness: keeping abreast of the latest developments in cyberspace plays a crucial role in avoiding new and emerging threats. It is crucial to keep pace with trends and be well-informed about new threats and ways to combat them. 

Conclusion

In conclusion, this silent conflict, though waged in whispers, echoes with repercussions that reverberate through every stratum of digital life. The cyber threats that dance in the shadows cast by our screens are not figments of paranoia, but very real specters hunting for vulnerabilities to exploit. Mac users, once confident in their platforms' defenses, must awaken to the new dawn of cybersecurity awareness.

The battlefield, while devoid of the visceral carnage of physical warfare, is replete with casualties of privacy and breaches of trust. The soldiers in this conflict are disguised as serviceable code, enacting their insidious agendas beneath a façade of normalcy. The victims eschew physical wounds for scars on their digital identities, enduring theft of information, and erosion of security.

As we course through the daunting terrain of digital life, it becomes imperative to heed the lessons of this unseen warfare. Shadows may lie unseen, but it is within their obscurity that the gravest dangers often lurk, a reminder to remain ever vigilant in the face of the invisible adversary.

References:

• https://indianexpress.com/article/technology/tech-news-technology/hackers-are-using-these-pirated-softwares-to-spread-malware-campaigns-on-mac-9054168/

Introduction

In the age of advanced technology, Cyber threats continue to grow, and so are the cyber hubs. A new name has been added to the cyber hub, Purnia, a city in India, is now evolving as a new and alarming menace-biometric cloning and financial crimes. This emerging cyber threat involves replicating an individual’s biometric data, such as fingerprint or facial recognition, to gain unauthorised access to their bank accounts and carry out fraudulent activities. In this blog, we will have a look at the methods employed, the impact on individuals and institutions, and the necessary steps to mitigate the risk.

The Backdrop

Purnia, a bustling city in the state of Bihar, India, is known for its rich cultural heritage, However, underneath its bright appearance comes a hidden danger—a rising cyber threat with the potential to devastate its citizens’ financial security. Purnia has seen the growth of a dangerous trend in recent years, such as biometric cloning for financial crimes, after several FIRs were registered with Kasba and Amaur police stations. The Police came into action and started an investigation.

Modus Operandi unveiled

The modus Operandi of cyber criminals includes hacking into databases, intercepting data during transactions, or even physically obtaining fingerprints of facial images from objects or surfaces. Let’s understand how they gathered all this data and why Bihar was not targeted.

These criminals are way smart they operate in the three states. They targeted and have open access to obtain registry and agreement paperwork from official websites, albeit it is not available online in Bihar. As a result, the scam was conducted in other states rather than Bihar; further, the fraudsters were involved in downloading the fingerprints, biometrics, and Aadhaar numbers of buyers and sellers from the property registration documents of Andhra Pradesh, Haryana, and Telangana.

After Cloning fingerprints, the fraudster withdrew money after linking with Aadhaar Enabled Payment System (AEPS) from various bank accounts. The fraudsters stamped the fingerprint on rubber trace paper and utilised a polymer stamp machine and heating at a specific temperature with a chemical to make duplicate fingerprints used in unlawful financial transactions from several consumers’ bank accounts.

Investigation Insight

After the breakthrough, the police teams recovered a large number of smartphones, ATM cards, rubber stamps of fingerprints, Aadhar numbers, scanners, Stamp machines, laptops, and chemicals, and along with this, 17 people were arrested.

During the investigation, it was found that the cybercriminals employ Sophisticated money laundering techniques to obscure the illicit origins of the stolen funds. The fraudsters transfer money into various /multiple accounts or use cryptocurrency. Using these tactics makes it more challenging for authorities to trace back money and get it back.

Impact of biometric Cloning scam

The Biometric scam has far-reaching implications both for society, Individuals, and institutions. These kinds of scams cause financial losses and create emotional breakdowns, including anger, anxiety, and a sense of violation. This also broke the trust in a digital system.

It also seriously impacts institutions. Biometric cloning frauds may potentially cause severe reputational harm to financial institutions and organisations. When clients fall prey to such frauds, it erodes faith in the institution’s security procedures, potentially leading to customer loss and a tarnished reputation. Institutions may suffer legal and regulatory consequences, and they must invest money in investigating the incident, paying victims, and improving their security systems to prevent similar instances.

Raising Awareness

Empowering Purnia Residents to Protect Themselves from Biometric Fraud: Purnia must provide its inhabitants with knowledge and techniques to protect their personal information as it deals with the increasing issue of biometric fraud. Individuals may defend themselves from falling prey to these frauds by increasing awareness about biometric fraud and encouraging recommended practices. This blog will discuss the necessity of increasing awareness and present practical recommendations to help Purnia prevent biometric fraud. Here are some tips that one can follow;

• Securing personal Biometric data: It is crucial to safeguard personal biometric data. Individuals should be urged to secure their fingerprints, face scans, and other biometric information in the same way that they protect their passwords or PINs. It is critical to ensure that biometric data is safely maintained and shared with only trustworthy organisations with strong security procedures in place.
• Verifying Service providers: Residents should be vigilant while submitting biometric data to service providers, particularly those providing financial services. Before disclosing any sensitive information, it is important to undertake due diligence and establish the validity and reliability of the organisation. Checking for relevant certificates, reading reviews, and getting recommendations can assist people in making educated judgments and avoiding unscrupulous companies.
• Personal Cybersecurity: Individuals should implement robust cybersecurity practices to reduce the danger of biometric fraud. This includes using difficult and unique passwords, activating two-factor authentication, upgrading software and programs on a regular basis, and being wary of phishing efforts. Individuals should also refrain from providing personal information or biometric data via unprotected networks or through untrustworthy sources.
• Educating the Elderly and Vulnerable Groups: Special attention should be given to educating the elderly and other vulnerable groups who may be more prone to scams. Awareness campaigns may be modified to their individual requirements, emphasising the significance of digital identities, recognising possible risks, and seeking help from reliable sources when in doubt. Empowering these populations with knowledge can help keep them safe from biometric fraud.

Measures to Stay Ahead

As biometric fraud is a growing concern, staying a step ahead is essential. By following these simple steps, one can safeguard themselves.

• Multi-factor Authentication: MFA is one of the best methods for security. MFA creates multi-layer security or extra-layer security against unauthorised access. MFA incorporates a biometric scan and a password.
• Biometric Encryption: Biometric encryption securely stores and transmits biometric data. Rather than keeping raw biometric data, encryption methods transform it into mathematical templates that cannot be reverse-engineered. These templates are utilised for authentication, guaranteeing that the original biometric information is not compromised even if the encrypted data is.
• AI and Machine Learning (ML): AI and ML technologies are critical in detecting and combating biometric fraud. These systems can analyse massive volumes of data in real-time, discover trends, and detect abnormalities. Biometric systems may continually adapt and enhance accuracy by employing AI and ML algorithms, boosting their capacity to distinguish between legitimate users and fraudulent efforts.

Conclusion

The Biometric fraud call needs immediate attention to protect the bankers from the potential consequences. By creating awareness, we can save ourselves; additionally, by working together, we can create a safer digital environment. The use of biometric verification was inculcated to increase factor authentication for a banker. However, we see that the bad actors have already started to bypass the tech and even wreak havoc upon the netizens by draining their accounts of their hard-earned money. The banks and the cyber cells nationwide need to work together in synergy to increase awareness and safety mechanisms to prevent such cyber crimes and create effective and efficient redressal mechanisms for the citizens.

Reference

https://www.hindustantimes.com/cities/patna-news/purnia-emerges-as-cyber-fraud-hotspot-as-biometric-data-used-for-online-swindling-police-arrest-17-and-recover-cloning-equipment-1016841669436