#FactCheck - Viral Photo of Dilapidated Bridge Misattributed to Kerala, Originally from Bangladesh
Executive Summary:
A viral photo on social media claims to show a ruined bridge in Kerala, India. But, a reality check shows that the bridge is in Amtali, Barguna district, Bangladesh. The reverse image search of this picture led to a Bengali news article detailing the bridge's critical condition. This bridge was built-in 2002 to 2006 over Jugia Khal in Arpangashia Union. It has not been repaired and experiences recurrent accidents and has the potential to collapse, which would disrupt local connectivity. Thus, the social media claims are false and misleading.
Claims:
Social Media users share a photo that shows a ruined bridge in Kerala, India.
Fact Check:
On receiving the posts, we reverse searched the image which leads to a Bengali News website named Manavjamin where the title displays, “19 dangerous bridges in Amtali, lakhs of people in fear”. We found the picture on this website similar to the viral image. On reading the whole article, we found that the bridge is located in Bangladesh's Amtali sub-district of Barguna district.
Taking a cue from this, we then searched for the bridge in that region. We found a similar bridge at the same location in Amtali, Bangladesh.
According to the article, The 40-meter bridge over Jugia Khal in Arpangashia Union, Amtali, was built in 2002 to 2006 and was never repaired. It is in a critical condition, causing frequent accidents and risking collapse. If the bridge collapses it will disrupt communication between multiple villages and the upazila town. Residents have made temporary repairs.
Hence, the claims made by social media users are fake and misleading.
Conclusion:
In conclusion, the viral photo claiming to show a ruined bridge in Kerala is actually from Amtali, Barguna district, Bangladesh. The bridge is in a critical state, with frequent accidents and the risk of collapse threatening local connectivity. Therefore, the claims made by social media users are false and misleading.
- Claim: A viral image shows a ruined bridge in Kerala, India.
- Claimed on: Facebook
- Fact Check: Fake & Misleading
Related Blogs
Introduction
DDoS – Distributed Denial of Service Attack is one of the cyber-attacks which has been evolving at the fastest pace, the new technologies have created a blanket of vulnerability for the victim which allows the cyber criminals to stay under the radar and keep launching small scale high intensity cyber attacks. A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like an unexpected traffic jam clogging up the highway, preventing regular traffic from arriving at its destination.
Op Power Off
In a recent Operation by Law enforcement agencies known as Op Power Off, LEAs from United Kingdom, United States of America, Netherlands, Poland, and Germany joined hands to target the cybergroups committing such large-scale attacks which can paralyse the Internet become inaccessible for a large faction of netizens. The services collectively seized were by far the most popular DDoS booter services on the market, receiving top billing on search engines. One such service taken down had been used to carry out over 30 million attacks. As part of this action, seven administrators have been arrested so far in the United States and the United Kingdom, with further actions planned against the users of these illegal services. International police cooperation was central to the success of this operation as the administrators, users, critical infrastructure, and victims were scattered across the world. Europol’s European Cybercrime Centre coordinated the activities in Europe through its Joint Cybercrime Action Taskforce (J-CAT).
Participating Authorities
- United States: US Department of Justice (US DOJ), Federal Bureau of Investigation (FBI)
- United Kingdom: National Crime Agency (NCA)
- The Netherlands: National High Tech Crime Unit Landelijke Eenheid, Cybercrime team Midden-Nederland, Cybercrime team Noord-Holland and Cybercrime team Den Haag
- Germany: Federal Criminal Police Office (Bundeskriminalamt), Hanover Police Department (Polizeidirektion Hannover), Public Prosecutor’s Office Verden (Staatsanwaltschaft Verden)
- Poland: National Police Cybercrime Bureau (Biuro do Walki z Cyber-przestępczością)
Issue related to DDoS Attacks
DDoS booter services have effectively lowered the entry barrier into cybercrime: for a fee as low as EUR 10, any low-skilled individual can launch DDoS attacks with the click of a button, knocking offline whole websites and networks by barraging them with traffic. The damage they can do to victims can be considerable, crippling businesses financially and depriving people of essential services offered by banks, government institutions, and police forces. Emboldened by perceived anonymity, many young IT enthusiasts get involved in this seemingly low-level crime, unaware of the consequences that such online activities can carry. The influence of toolkits available on the dark net has made it easier for criminals to commit such crimes and at times even get away with it as well.
Recent examples of DDoS Attacks
- In February 2020, Amazon Web Services (AWS) suffered a DDoS attack sophisticated enough to keep its incident response teams occupied for several days also affecting customers worldwide.
- In February 2021, the EXMO Cryptocurrency exchange fell victim to a DDoS attack that rendered the organization inoperable for almost five hours.
- Recently, Australia experienced a significant, sustained, state-sponsored DDoS attack.
- Belgium also became a victim of a DDoS attack that targeted the country’s parliament, police services, and universities.
DDoS vs. DoS Attacks: What’s the Difference?
It’s important to avoid confusing a DDoS (distributed denial of service) attack with a DoS (denial of service) attack. Although only one word separates the two, these attacks vary significantly in nature.
- Strictly defined, a typical DDoS attack manipulates many distributed network devices between the attacker and the victim into waging an unwitting attack, exploiting legitimate behavior.
- A traditional DoS attack doesn’t use multiple, distributed devices, nor does it focus on devices between the attacker and the organization. These attacks also tend not to use multiple internet devices.
Conclusion
In this era of cyberspace, it is of paramount importance to maintain digital safety and security equivalent to physical safety, the cybercriminals will not stop at anything and can stoop to any level to target netizens and critical infrastructures in order to commit ransomware and malware attacks. As we can see DDoS-ing is taken seriously by law enforcement, at all levels of users, and are on the radar of law enforcement, be it a gamer booting out the competition out of a video game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain.
Introduction
In order to effectively deal with growing cyber crime and threats the Telangana police has taken initiative by launching Law Enforcement Chief Information Security Officers (CISO) Council, an innovative project launched in Telangana, India, which is a significant response to the growing cyber threat landscape. With cyber incidents increasing in the recent years and concerning statistics such as a tenfold rise in password-based attacks and an increase in ransomware attacks, the Council aims to strengthen the region's digital defenses. It primarily focuses on reducing vulnerability, improving resilience, and providing real-time threat intelligence. By promoting partnerships between the public and private sectors, offering legal and regulatory guidance, and facilitating networking and learning opportunities, this collaborative effort involving industry, academia, and law enforcement is a crucial move towards protecting critical infrastructure and businesses from cyber threats, the Telangana police in partnership with industry and academia, has launched the Law Enforcement CISO (Chief Information Security Officers) Council of India on 7th October 2023. Chief of the Central Crime Station Stephen Ravindra said that the forum is a path-breaking initiative and the Council represents an open platform for all the enforcement agencies in the country. The upcoming inititiative inculcate close association with different stakeholders, which includes government departments, startups, centers of excellence and international collaborations, carving a nieche for a sturdy cybersecurity envirnoment.
Enhancing Cybersecurity is the Need of the Hour:
The recent launch of the Law Enforcement CISO Council in Hyderabad, India emphasized the need for government organizations and industries to prioritize the protection of their digital space. Cyber incidents, ransomware attacks, and threats to critical infrastructure have been on the rise, making it essential to take proactive cybersecurity measures. Disturbing statistics regarding cyber threats, such as password-based attacks, BEC (Business Email Compromise) attempts, and vulnerabilities in the supply chain, highlight the importance of addressing these issues urgently. This initiative aims to provide real-time threat intelligence, legal guidance, and encourages collaboration between public and private organizations in order to combat cybercrime. Given that every cyber attack has criminal elements, the establishment of these councils is a crucial step towards minimizing vulnerabilities, enhancing resilience, and ensuring the security of our digital world.
International Issue & Domestic Issue:
The announcement by the Telangana State Police, is a proactive step to form a first-of-its-kind Law Enforcement CISO Council (LECC), as part of an initiative from the State government to give a further impetus to cyber security. Jointly with its law enforcement partners, the Telangana Police has decided to make cyber cops more efficient and shape them on par with the technology advancements. The Telangana police have proved its commitment for a secure cyber environment by recovering INR 2.2 crore and INR 6.8 crore lost by people in cyber frauds which is industry’s highest rate of helping the victims.
The Police department complemented efforts by corporate executives for their personal interest in the subject and mentioned police officers’ expertise and inputs from professionals from the industry need to work cohesively to prevent further increase in the number of cyber crime cases. Data indicates that the exponential increase in cyber threats in recent times necessitates an informed and prudent action with the cooperation and collaboration of the IT Department of Telangana, centers of excellence, start-ups, white hats or ethical hackers, and international associations.
A report from Telangana commissioner states the trend of a surge in the number of cyber incidents and vulnerabilities of Government organizations, Critical Infrastructure and MSMEs and stressed that every cyber security breaches have an element of criminality in it. The Law Enforcement CISO Council is a progressive step in this direction which ensures a reduced cyber attacks, enhanced resilience, actionable strategic and tactical real-time threat intelligence, legal guidance, opportunities for public private partnerships, networking, learning and much more.
The Secretary of SCSC, shared some alarming statistics on the threats that are currently rampant across the digital world. To combat it in today’s era of widespread digital dependence, the program launched by the Telangana Police stands as a commendable step or an initiative that offers a glimmer of aspiration. It brings together all the heroes who want to protect the digital spaces and counter the growing number of threats.
Contribution of Telangana Police for carving a niche to be followed:
The launch of the Law Enforcement CISO Council in Telangana represents a pivotal step in addressing the pressing challenges posed by escalating cyber threats. As highlighted by the Director General of Police, the initiative recognizes the critical need to combat cybercrime, which is growing at an alarming rate. The Council not only acknowledges the casual approach often taken towards cybersecurity but also aims to rectify it by fostering collaboration between law enforcement, industry, and academia.
One of the most significant positive aspects of this initiative is its commitment to sharing intelligence, ensuring that the hard-earned lessons from cyber fraud victims are translated into protective measures for others. By collaborating with the IT Department of Telangana, centers of excellence, startups, and ethical hackers, the Council is poised to develop robust Standard Operating Protocols (SOPs) and innovative tools to counter cyber threats effectively.
Moreover, the Council's emphasis on Public-Private Partnerships (PPPs) underscores its proactive approach in dealing with the evolving landscape of cyber threats. It offers a platform for networking and learning, enabling information sharing, and will contribute to reducing the attack surface, enhancing resilience, and providing real-time threat intelligence. Additionally, the Council will provide legal and regulatory guidance, which is crucial in navigating the complex realm of cybercrime. This collective effort represents a promising way forward in safeguarding digital spaces, critical infrastructure, and industries against cyber threats and ensuring a safer digital future for all.
Conclusion:
The Law Enforcement CISO Council in Telangana is an innovative effort to strengthen cybersecurity in the state. With the rise in cybercrimes and vulnerabilities, the council brings together expertise from various sectors to establish a strong defense against digital threats. Its goals include reducing vulnerabilities, improving resilience, and ensuring timely threat intelligence. Additionally, the council provides guidance on legal and regulatory matters, promotes collaborations between the public and private sectors, and creates opportunities for networking and knowledge-sharing. Through these important initiatives, the CISO Council will play a crucial role in establishing digital security and protecting the state from cyber threats.
References:
- http://www.uniindia.com/telangana-police-launches-india-s-first-law-enforcement-ciso-council/south/news/3065497.html
- https://indtoday.com/telangana-police-launched-indias-first-law-enforcement-ciso-council/
- https://www.technologyforyou.org/telangana-police-launched-indias-first-law-enforcement-ciso-council/
- https://timesofindia.indiatimes.com/city/hyderabad/victims-of-cyber-fraud-get-back-rs-2-2-cr-lost-money-in-bank-a/cs/articleshow/104226477.cms?from=mdr
Introduction
The Digital Personal Data Protection (DPDP) Act, of 2023, introduces a framework for the protection of personal data in India. Data fiduciaries are the entity that essentially determines the purpose and means of processing of personal data. The small-scale industries also fall within the ambit of the term. Startups/Small companies and Micro, Small, and Medium Enterprises (MSMEs) while determining the purpose of processing of personal data in the capacity of ‘data fiduciary’ are also required to comply with the DPDP Act provisions. The obligations set for the data fiduciary will apply to them unilaterally, though compliance with this Act and can be challenging due to resource constraints and limited expertise in data protection.
DPDP Act, 2023 Section 17(3) gives power to the Central Government to exempt Startups from being obligated to comply with the Act, taking into account the volume and nature of personal data processed. It is the nation's first standalone law on data protection and privacy, which sets forth strict rules on how data fiduciaries can collect and process personal data, focusing on consent-based mechanisms and personal data protection. Small-scale industries are given more time to comply with the DPDP Act. The detailed provisions to be notified in further rulemaking called ‘DPDP rules’.
Obligations on Data Fiduciary under the DPDP Act, 2023
The DPDP Act focuses on processing digital personal data in a manner that recognizes both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes and for matters connected therewith or incidental thereto. Hence, small-scale industries also need to comply with provisions aimed at protecting digital personal data.
The key requirements to be considered:
- Data Processing Principles: Ensuring that data processing is done lawfully, fairly, and transparently. Further, the collection and processing of personal data is only for specific, clear, and legitimate purposes and only the data necessary for the stated purpose. Ensuring that the data is accurate and up to date is also necessary. An important part is that the data is not retained longer than necessary and appropriate security measures are taken to protect the said data.
- Consent Management: Clear and informed consent should be obtained from individuals before collecting their personal data. Further, individuals have the option to withdraw their consent easily.
- Rights of Data Principals: Data principals (individuals) whose data is being collected have the right to Information, the right to correction and erasure of data, the right to grievance redressa, Right to nominate.the right to access, correct, and delete their personal data. Data fiduciaries need to be mindful of mechanisms to handle requests from data principals regarding their concerns.
- Data Breach Notifications: Data fiduciaries are required to notify the data protection board and the affected individuals in case a data breach has occurred.
- Appropriate technical and organisational measures: A Data Fiduciary shall implement appropriate technical and organisational measures to ensure effective observance of the provisions of this Act and the rules made thereunder.Cross-border Data Transfers: Compliance with regulations in relation to the transfer of personal data outside of India should be ensured.
Challenges for Small Scale Industries for the DPDP Act Compliance
While small-scale industries have high aims for their organisational growth and now in the digital age they also need to place reliance on online security measures and handling of personal data, with the DPDP act in the picture it becomes an obligation to consider and comply with. As small-scale industries including MSMEs, they might face certain challenges in fulfilling these obligations but digital data protection measures will also boost the competitive market and customer growth in their business. Bringing reforms in methods aimed at better data governance in today's digital era is significant.
One of the major challenges for small-scale industries could be ensuring a skilled workforce that understands and educates internal stakeholders about the DPDP Act compliances. This could undoubtedly become an additional burden.
Further, the limited resources can make the implementation of data protection, which is oftentimes complex for a layperson in the case of a small-scale industry, difficult to implement. Limitations in resources are often financial or human resources.
Cybersecurity, cyber awareness, and protection from cyber threats need some form of expertise, which is lacking in small enterprises. The outsourcing of such expertise is a decision that is sometimes taken too late, and some form of harm can take place between the periods by which an incident can occur.
Investment in the core business or enterprise many times doesn't include technology other than the basic requirements to run the business, nor towards ensuring that the data is secure and all compliances are met. However, in the fast-moving digital world, all industries need to be mindful of their efforts to protect personal data and proper data governance.
Recommendations
To ensure the proper and effective personal data handling practices as per the provisions of the act, the small companies/startups need to work backend and frontend and ensure that they take adequate measures to comply with the act. While such industries have been given more time to ensure compliance, there are some suggestions for them to be compliant with the new law.
Small companies can ensure compliance with the DPDP Act by implementing robust data protection policies, investing in and providing employee training on data privacy, using age-verification mechanisms, and adopting privacy-by-design principles. Conduct a gap analysis to identify areas where current practices fall short of DPDP Act requirements. Regular audits, secure data storage solutions, and transparent communication with users about data practices are also essential. Use cost-effective tools and technologies for data protection and management.
Conclusion
Small-scale industries must take proactive steps to align with the DPDP Act, 2023 provisions. By understanding the requirements, leveraging external expertise, and adopting best practices, small-scale industries can ensure compliance and protect personal data effectively. In the long run, complying with the new law would lead to greater trust and better business for the enterprises, resulting in a larger revenue share for them.
References
- https://pib.gov.in/PressReleaseIframePage.aspx?PRID=1959161
- https://www.financialexpress.com/business/digital-transformation-dpdp-act-managing-data-protection-compliance-in-businesses-3305293/
- https://economictimes.indiatimes.com/tech/technology/big-tech-coalition-seeks-12-18-month-extension-to-comply-with-indias-dpdp-act/articleshow/104726843.cms?from=mdr