#FactCheck - Uncovered: Viral LA Wildfire Video is a Shocking AI-Generated Fake!

Introduction

Misinformation is, to its basic meaning, incorrect or misleading information, it may or may not include specific malicious intent and includes inaccurate, incomplete, misleading, or false information and selective or half-truths. The main challenges in dealing with misinformation are defining and distinguishing misinformation from legitimate content. This complexity arises due to the rapid evolution and propagation which information undergoes on the digital platforms. Additionally, balancing the fundamental right of freedom of speech and expression with content regulation by state actors poses a significant challenge. It requires careful consideration to avoid censorship while effectively combating harmful misinformation. 

Acknowledging the severe consequences of misinformation and the critical need to combat misinformation, Bharatiya Nyaya Sanhita (BNS), 2023 has implemented key measures to address misinformation in India. These new provisions introduced under the new criminal laws in India penalise the deliberate creation, distribution, or publication of inaccurate information. Previously missing from the IPC, these sections offer an additional legal resource to counter the proliferation of falsehoods, complementing existing laws targeting the same issue.

Section 353 of the BNS on Statements Conducing to Public Mischief criminalises making, publishing, or circulating statements, false information, rumours, or reports, including through electronic means, with the intent or likelihood of causing various harmful outcomes. 

This section thus brings misinformation into its ambit, since misinformation has been traditionally used to induce public fear or alarm that may lead to offences against the State or public tranquillity or inciting one class or community to commit offences against another. The section also penalizes the promotion of enmity, hatred, or ill will among different religious, racial, linguistic, or regional groups. 

BNS also prescribes punishment of imprisonment for up to three years, a fine, or both for offences under section 353. Interestingly, a longer imprisonment of up to 5 years along with a fine has been prescribed to curb such offences in places of worship or during religious ceremonies. The only exception that may be availed under this section is granted to unsuspecting individuals who, believing the misinformation to be true, spread misinformation without any ill intent. However, this exception may not be as effective in curbing misinformation, since at the outset, the offence is hard to trace and has multiple pockets for individuals to seek protection without any mechanism to verify their intent.

The BNS also aims to regulate misinformation through Section 197(1)(d) on Imputations, assertions prejudicial to national integration. Under this provision, anyone who makes or publishes false or misleading information, whether it is in the form of spoken words, written, by signs, in visible representations, or through electronic communication, therefore, results in jeopardising the sovereignty, unity, integrity, or security of India is liable to face punishment in the form of imprisonment for up to three years, a fine, or both and if it occurs in a place of worship or during religious ceremonies, the quantum of punishment is increased to imprisonment for up to five years and may include a fine. Additionally, Section 212 (a) & (b) provides against furnishing false information. If a person who is legally obligated to provide information to a public servant, knowingly or reasonably believes that the information is false, and still furnishes it, they now face a punishment of six months imprisonment or a fine up to five thousand rupees or both. However,  if the false information pertains to the commission or prevention of an offence, or the apprehension of an offender, the punishment increases to imprisonment for up to two years, a fine, or both.

Enforcement Mechanisms: CyberPeace Policy Wing Outlook

To ensure the effective enforcement of these provisions, coordination between the key stakeholders, i.e., the law enforcement agencies, digital platforms, and judicial oversight is essential. Law enforcement agencies must utilize technology such as data analytics and digital forensics for tracking and identifying the origins of false information. This technological capability is crucial for pinpointing the sources and preventing the further spread of misinformation. Simultaneously, digital platforms associated with misinformation content are required to implement robust monitoring and reporting mechanisms to detect and address the generated misleading content proactively. A supporting oversight by judicial bodies plays a critical role in ensuring that enforcement actions are conducted fairly and in line with legal standards. It helps maintain a balance between addressing misinformation and upholding fundamental rights such as freedom of speech. The success of the BNS in addressing these challenges will depend on the effective integration of these mechanisms and ongoing adaptation to the evolving digital landscape.

Resources:

• Bharatiya Nyaya Sanhita, 2023 https://www.mha.gov.in/sites/default/files/250883_english_01042024.pdf 
• https://www.foxmandal.in/changes-brought-forth-by-the-bharatiya-nyaya-sanhita-2023/ 
• https://economictimes.indiatimes.com/news/india/spreading-fake-news-could-land-people-in-jail-for-three-years-under-new-bharatiya-nyaya-sanhita-bill/articleshow/102669105.cms?from=mdr 

‍

Introduction

The Chairman of Vardhman Group, Mr SP Oswal, an India-based textile manufacturer, fell victim to a cyber fraud scheme that cost him ₹7 crore. The scam unfolded on August 28 and 29, conning Mr Oswal into transferring Rs 7 crore into multiple bank accounts. As per the recent reports, the Police have managed to freeze these accounts and recover over Rs 5 crore as of now. The fraudsters convinced Mr SP Oswal that he was a suspect in a money laundering investigation and held on a “Digital Arrest”. These are sophisticated cyber frauds where cyber-criminals impersonate law enforcement officials or other authorities and target innocent individuals with manipulative tactics. The scam targets are often contacted out of the blue, on Instant messaging apps like WhatsApp and informed that their bank accounts, digital identities, or other online assets have been compromised. Criminals play into the victims' fear by threatening them with imminent arrest, legal consequences, or public humiliation if they don't cooperate with a series of urgent demands.

Posing as Officials, Fraudsters Orchestrate ₹7 Crore Scam

The investigation revealed that the fraudsters posed as members of the Central Bureau of Investigation (CBI). They had contacted Mr Oswal and claimed that his Aadhaar had been misused in a case involving fake passports and financial fraud. The imposter conducted a video call in a police uniform using a background with the CBI logo. The fraud escalated further, Mr Oswal got a fake "arrest warrant" on  WhatsApp allegedly authorised by the Supreme Court. Fraudsters convinced Mr Oswal to transfer ₹7 crores to facilitate bail proceedings, claiming he was under "digital arrest". The meticulously planned scam involved fake documents, a virtual courtroom, and relentless intimidation tactics leaving Mr Oswal effectively under "digital arrest" for two days. While the police have successfully recovered over Rs 5 crore so far, this case highlights the alarming threat of digital impersonation of law enforcement authorities.

Legal Outlook on the Validity of Digital Arrests

In India, the main laws governing cyber crimes are the Information Technology Act, of 2000 and the rules made under therein, and the newly enacted Bhartiya Nyaya Sanhita, 2023. Recently enacted new criminal laws do not provide for any provision for law enforcement agencies conducting a digital arrest.  The law only provides for service of the summons and the proceedings in an electronic mode. Hence, there are no provisions for conducting 'digital arrests' as per the laws of the country. 

Further, It should be noted that the Indian Cyber Crime Coordination Centre (I4C), under the Ministry of Home Affairs, coordinates the activities related to combating cybercrime in the country. MHA works closely with other ministries to counter these frauds. The I4C also provides technical support to the police authorities of states/UTs for the identification and investigation of these cases. 

Best Practices to Avoid Digital Arrest Scams 

• To protect yourself from scams, it is crucial to verify the identity of individuals claiming to be law enforcement or government officials and use official contact channels to confirm their credentials. 
• Be cautious of pressure tactics used by fraudsters, especially demands for quick payment over unverified communication platforms like WhatsApp. 
• Cross-check official documents with legal advisors or relevant authorities. 
• Never share sensitive personal information, such as your Aadhaar number, over phone calls, emails, or messages without verifying the request's authenticity. 
• Avoid untraceable payments, such as cryptocurrency or prepaid cards, without validating the transaction's legitimacy, especially under duress. 
• Stay informed on scam techniques, particularly those involving impersonation and digital threats. 
• Enable Two-Factor Authentication (2FA) for sensitive online accounts to prevent misuse. 
• Consult advice from legal professionals if you receive threatening communication involving digital arrest or legal actions and do not take any action on the asks of persons posing as legitimate authorities. 
• In case of any cybercrime, you can file a complaint at cybercrime.gov.in or helpline number 1930. You can also seek assistance from the CyberPeace helpline at +91 9570000066.

Conclusion

The digital arrest of Vardhman Group's CEO underscores the increasing sophistication of cyber fraud schemes, which exploit fear and urgency, leading to severe financial and reputational harm. No one is immune from cybercrime, vigilance is essential at all leadership levels. While laws like the IT Act and initiatives taken by the I4C help combat cybercrime, rapidly evolving threats demand proactive safety measures. Beyond the possibility of financial loss, incidents like this jeopardise brand reputation, investor confidence, and operational stability. Be cautious of such threats and exercise due care and caution while navigating the digital landscape. Be aware of such kinds of scams and the manipulative tactics used by fraudsters to avoid them. By staying vigilant and aware we can avoid the growing scam of digital arrests. 

References

• https://www.business-standard.com/companies/news/digital-arrest-and-rs-7-crore-heist-how-vardhman-group-head-was-tricked-124100100832_1.html
• https://www.hindustantimes.com/business/vardhman-group-chairman-sp-oswal-duped-of-rs-7-crore-fraudsters-posed-as-cbi-101727666912738.html 
• https://www.msspalert.com/native/digital-arrests-the-new-frontier-of-cybercrime

‍

Overview:

The National Payments Corporation of India (NPCI) officially revealed on the 31st of July 2024 that its client C-Edge Technologies had been subject to a ransomware attack. These circumstances have caused C-Edge to be separated from retail payment systems to  eliminate more threats to the national payment systems. More than 200 cooperative and regional rural banks have been affected leading to disruptions in normal services including ATM withdrawals and UPI transactions.

About C-Edge Technologies:

C-Edge Technologies was founded in the year 2010 especially to meet the specific requirements of the Indian banking and other allied sectors accentuating more on the cooperative and the regional rural banks. The company offers a range of services such as Core Banking Solutions by functioning as the center of a bank where customers’ records are managed and accounting of transactions takes place, Payment Solutions through the implementation of payment gateways and mobile banking facilities, cybersecurity through threat detection and incident response to protect banking organizations, data analytics and AI through the analytics of big banking data to reduce risks and detect frauds.

Details of Ransomware attack:

Reports say, this ransomware attack has been attributed by the RansomEXX group which primarily targeted Brontoo Technology Solutions, a key collaborator with  C-Edge, through a misconfigured Jenkins server, which allowed unauthorized access to the systems.

The RansomExx group also known as Defray777 or Ransom X utilized a sophisticated variant known as RansomEXX v2.0 to execute the attack. This group often targets large organizations and demands substantial ransoms.  RansomEXX uses various malware tools such as IcedID, Vatet Loader, and PyXie RAT. It typically infiltrates systems through phishing emails, exploiting vulnerabilities in applications and services, including Remote Desktop Protocol (RDP).  The ransomware encrypts files using the Advanced Encryption Standard (AES), with the encryption key further secured using RSA encryption. This dual-layer encryption complicates recovery efforts for victims. RansomEXX operates on a ransomware-as-a-service model, allowing affiliates to conduct attacks using its infrastructure. Earlier in 2021,  it attacked StarHub and Gigabyte’s servers for ransome.

Impact due to the attack:

The immediate consequences of the ransomware attack include:

• Service Disruption: This has negative implications to consumers especially the citizens who use the banks to do their day to day banking activities such as withdrawals and online transactions. Among the complaints some of them relate to cases where the sender’s account has been debited without the corresponding credit to the receiver account.

• Isolation Measures: Likely, NPCI is already following the right measures as it had disconnected C-Edge from its networks to contain the proliferation of the ransomware. This decision was made as a precautionary measure so that all functional aspects in a larger financial system are safeguarded.

Operations resumed:

The National Payments Corporation of India (NPCI) said it has restored connectivity with C-Edge Technologies Ltd after the latter’s network connection was severed by NPCI over security concerns that were evaluated by an external forensic auditing firm. The audit affirmed that all affected systems were contained in order to avoid the occurrence of ransomware attack contagion. All the affected systems were localized in C-Edge’s data center and no repercussion was evidenced regarding the infrastructure of the cooperative banks or the regional rural banks that are involved in the business. Both NPCI and C-Edge Technologies have resumed normalcy so that the banking and financial services being offered by these banks remain safe and secure.

Major Implications for Banking Sector:

The attack on C-Edge Technologies raises several critical concerns for the Indian banking sector:

• Cybersecurity Vulnerabilities: It also shows the weak linkages which are present within the technology system that help smaller sized banks. Nevertheless, the service has been offered by C-Edge regarding their cybersecurity solution, this attack evidence that the securities required should improve in all types of banks and banking applications.

• Financial Inclusion Risks: Co operative and regional rural banks also have its importance in the financial inclusion especially in rural and semi urban areas. Gradually, interruptions to their services pose a risk to signal diminished improvement in financial literacy for the excluded groups contrary to the common year advancement.

• Regulatory Scrutiny: After this event, agencies such as the Reserve Bank of India (RBI) may enhance the examination of the banking sector’s cybersecurity mechanisms. Some of the directives may even require institutions to adhere to higher compliance measures regarding the defense against cyber threats.

Way Forward: Mitigation  

• Strengthening Cybersecurity: It is important to enhance the cyber security to eliminate this kind of attacks in the future. This may include using  better threat detection systems, penetration testing to find the vulnerabilities, system hardening, and network monitoring  from time to time.

• Transition to Cloud-Based Solutions: The application of adaptations in cloud solutions can contribute to the enhancement in operative efficiency as well as optimization in the utilization of resources. The security features of cloud should be implemented for  safety  and protection against cyber threats for SMEs in the banking sector.

• Leveraging AI and Data Analytics: Development of the AI-based solutions for fraud and risk control means that bank organizations get the chance to address threats and to regain clients’ trust.

Conclusion:

This ransomware attack in C-Edge Technologies in the banking sector provides a warning for all the infrastructures. Initial cleanup methodologies and quarantining are effective. The continuous monitoring of cyber security features in the infrastructure and awareness between employees helps to avoid these kinds of attacks.  Building up cyber security areas will also effectively safeguard the institution against other cyber risks in the future and fortify the confidence and reliability of the financial system, especially the regional rural banks.

Reference:

• https://www.businesstoday.in/technology/news/story/c-edge-technologies-a-deep-dive-into-the-indian-fintech-powerhouse-hit-by-major-cyberattack-439657-2024-08-01
• https://www.thehindu.com/sci-tech/technology/customers-at-several-small-sized-banks-affected-as-tech-provider-c-edge-suffers-ransomware-attack/article68470198.ece
• https://www.cnbctv18.com/technology/ransomware-attack-disrupts-over-200-co-operative-banks-regional-rural-banks-19452521.htm
• https://timesofindia.indiatimes.com/city/ahmedabad/ransomware-breach-at-c-edge-impacts-transactions-for-cooperative-banks/articleshow/112180914.cms
• https://www.emsisoft.com/en/blog/41027/ransomware-profile-ransomexx/

‍