#FactCheck - Viral Post of Gautam Adani’s Public Arrest Found to Be AI-Generated

Introduction

The Supreme Court of India recently ruled that telecom companies cannot be debarred from reissuing the deactivated numbers to a new subscriber. Notably, such reallocation of deactivated numbers is allowed only after the expiration of the period of 90 days. The Apex Court of India also mentioned that it is the responsibility of the user to delete their associated data with their number or any WhatsApp account data to ensure privacy. The  Centre has recently also blocked 22 apps which were part of unlawful operations including betting and money laundering. Meanwhile, in the digital landscape, the Intervention of legislature and judiciary is playing a key role in framing policies or coming up with guidelines advocating for a true cyber-safe India.  The government initiatives are encouraging the responsible use of technologies and Internet-availed services. 

Supreme Court stated that  telecom companies cannot be barred from reissuing deactivated numbers

Taking note of a petition before the Supreme Court of India, seeking direction from the Telecom Regulatory Authority of India (TRAI) to instruct mobile service providers to stop issuing deactivated mobile numbers, the Apex Court dismissed it by stating that mobile service providers in India are allowed to allocate the deactivated numbers to new users or subscribers but only after 90 days from the deactivation of the number. 

A concern of Breach of Confidential Data

The Court further stated, “It is for the earlier subscriber to take adequate steps to ensure that privacy is maintained.” stating that it is the responsibility of the user to delete their WhatsApp account attached to the previous phone number and erase their data. The Court further added that users need to be aware of the Supreme Court ruling that once the number is deactivated for non-use and disconnection, it can not be reallocated before the expiry of the 90-day period of such deactivation. However, after the allotted time passes, such reallocation of numbers to a new user is allowed.   

MEITY issued blocking orders against 22 illegal betting apps & websites

The government of India has been very critical in safeguarding Indian cyberspace by banning and blocking various websites and apps that have been operating illegally by scamming/dupping people of huge sums of money and also committing cyber crimes like data breaches. In recent developments, the Ministry of Electronic and Information Technology (Meity), on November 5, 2023, banned 22 apps including Mahadev Book and Reddyannaprestopro. The Centre has taken this decision on recommendations from the Enforcement Directorate (ED). ED raids on the Mahadev book app in Chattisgarh also revealed unlawful operations. This investigation has been underway for the past few months by the ED.

Applicable laws to prevent money laundering and the power of government to block such websites and apps

On the other hand, the Prevention of Money Laundering Act (PMLA) 2002 is a legislation already in place which aims to prevent and prosecute cases of money laundering. The government also has the power to block or recommend shutting down websites and apps under section 69A of the Information and Technology Act, 2000, under some specific condition as enumerated in the same.

Conclusion

In the evolving digital landscape, cyberspace covers several aspects while certain regulations or guidelines are required for smooth and secure functioning.  We sometimes change our phone numbers or deactivate them, hence, it is significantly important to delete the data associated with the phone number or any such social media account data attached to it. Hence, such a number is eligible for reallocation to a new or early subscriber after the expiration of a period of 90 days from such deactivation. On the other hand, the centre has also blocked the websites or apps that were found to be part of illegal operations including betting and money laundering. Users have also been advised not to misuse the Internet-availed services. Hence, trying to create a lawful and safe Internet environment for all. 

‍

References:

• https://timesofindia.indiatimes.com/india/cant-bar-telecom-companies-from-reissuing-deactivated-numbers-says-supreme-court/articleshow/104993401.cms
• https://pib.gov.in/PressReleseDetailm.aspx?PRID=1974901#:~:text=Ministry%20of%20Electronics%20and%20Information,including%20Mahadev%20Book%20and%20Reddyannaprestopro 

Overview:

WazirX is the platform for cryptocurrencies, based in India that has been hacked, and it made a loss of more than $230 million in cryptocurrency. This case concerned an unauthorized transaction with a multisignature or multisig, wallet controlled through Liminal’a digital asset management platform. These attacking incidents have thereafter raised more questions on the security of the Cryptocurrency exchanges and efficiency of the existing policies and laws.

Wallet Configuration and Security Measures

This wallet was breached and had a multisig setting meaning that more than one signature was needed to authorize a transaction. Specifically, it had six signatories: five are funded by WazirX and one is funded by Liminal. Every transaction needed the approval of at least three signatories of WazirX, all of whom had addressed security concerns by using Ledger’s hardware wallets; while the Liminal, too, had a signatory, for approval.

To further increase the level of security of the transactions, a whitelisting policy was introduced, only limited addresses were authorized to receive funds. This system was rather vulnerable, and the attackers managed to grasp the discrepancy between the information available through Liminal’s interface and the content of the transaction to seize unauthorized control over the wallet and implement the theft.

Modus Operandi: Attack Mechanics

The cyber attack appears to have been carefully carried out, with preliminary investigations suggesting the following tactics: 

• Payload Manipulation: The attackers apparently substituted the transaction’s payload during signing; hence, they can reroute the collected funds into an unrelated wallet. 

• Chain Hopping: To make it much harder to track their movements, the attackers split large amounts of money across multiple blockchains and broke tens of thousands of dollars into thousands of transactions involving different cryptocurrencies. This technique makes it difficult to trace people and things. 

• Zero Balance Transactions: There were also some instances where it ended up with no Ethereum (ETH) in the balance and such wallets also in use for the purpose of further anonymization of the transactions.

• Analysis of the blockchain data suggested the enemy might have been making the preparations for this attack for several days prior to their attack and involved a high amount of planning. 

Actions taken by WazirX:

Following the attack, WazirX implemented a series of immediate actions:

• User Notifications: The users were immediately notified of the occurrence of the breach and the possible risk it posed to them. 

• Law Enforcement Engagement: The matters were reported to the National Cyber Crime Reporting Portal and specific authorities of which the Financial Intelligence Unit (FIU) and the Computer Emergency Response Team (CERT-In). 

• Service Suspension: WazirX had suspended all its trading operations and user deposits’ and withdrawals’ to minimize further cases and investigate. 

• Global Outreach: The exchange contacted more than 500 cryptocurrency exchanges and requested to blacklist the wallet’s addresses linked to the theft. 

• Bounty Program: A bounty program was announced to encourage people to share information that can enable the authorities to retrieve the stolen money. A maximum of 23 million dollars was placed on the bounty. 

Further  Investigations 

WazirX stated that it has contracted the services of cybersecurity professionals to help in the prosecution process of identifying and compensating for the losses. The exchange is still investigating the forensic data and working with the police for tracking the stolen assets. Nevertheless, the prospects of full recovery may be quite questionable primarily because of complexity of the attack and the methods used by the attackers. 

Precautionary measures: 

 The WazirX cyber attack clearly implies that there is the necessity to improve the security and the regulation of the cryptocurrency industry. As exchanges become increasingly targeted by hackers, there is a pressing need for: 

• Stricter Security Protocols: The commitment to technical innovations, such as integration of MFA, as well as constant monitoring of the users’ wallets’ activities. 

• Regulatory Oversight: Formalization of the laws that require proper security for the cryptocurrency exchange platforms to safeguard their users as well as their investments. 

• Community Awareness: To bypass such predicaments, there is a need to study on emergent techniques in spreading awareness, particularly in cases of scams or phishing attempts that are likely to follow such breaches. 

Conclusion:

The cyber attack on WazirX in the field of cryptocurrency market, shows weaknesses and provides valuable lessons for enhancing the security.  This attack highlights critical vulnerabilities in cryptocurrency exchanges, even though employing advanced security measures like multisignature wallets and whitelisting policies. The attack's complexity, involving payload manipulation, chain hopping, and zero balance transactions, underscores the attackers' meticulous planning and the challenges in tracing stolen assets. This case brings a strong message regarding the necessity of solid security measures, and constant attention to security in the rapidly growing world of digital assets. Furthermore, the incident highlights the importance of community awareness and education on emerging threats like scams and phishing attempts, which usually follow such breaches. By fostering a culture of vigilance and knowledge, the cryptocurrency community can better defend against future attacks.

Reference:

https://wazirx.com/blog/important-update-cyber-attack-incident-and-measures-to-protect-your-assets/

https://www.moneycontrol.com/news/opinion/the-230-million-crypto-theft-at-wazirx-is-a-wake-up-call-for-indian-regulators-government-12772563.html

https://www.linkedin.com/pulse/wazirx-cyberattack-in-depth-analysis-jyqxf

‍

Introduction

There is a rising desire for artificial intelligence (AI) laws that limit threats to public safety and protect human rights while allowing for a flexible and inventive setting. Most AI policies prioritize the use of AI for the public good. The most compelling reason for AI innovation as a valid goal of public policy is its promise to enhance people's lives by assisting in the resolution of some of the world's most difficult difficulties and inefficiencies and to emerge as a transformational technology, similar to mobile computing. This blog explores the complex interplay between AI and internet governance from an Indian standpoint, examining the challenges, opportunities, and the necessity for a well-balanced approach.

Understanding Internet Governance

Before delving into an examination of their connection, let's establish a comprehensive grasp of Internet Governance. This entails the regulations, guidelines, and criteria that influence the global operation and management of the Internet. With the internet being a shared resource, governance becomes crucial to ensure its accessibility, security, and equitable distribution of benefits.

The Indian Digital Revolution

India has witnessed an unprecedented digital revolution, with a massive surge in internet users and a burgeoning tech ecosystem. The government's Digital India initiative has played a crucial role in fostering a technology-driven environment, making technology accessible to even the remotest corners of the country. As AI applications become increasingly integrated into various sectors, the need for a comprehensive framework to govern these technologies becomes apparent.

AI and Internet Governance Nexus

The intersection of AI and Internet governance raises several critical questions. How should data, the lifeblood of AI, be governed? What role does privacy play in the era of AI-driven applications? How can India strike a balance between fostering innovation and safeguarding against potential risks associated with AI?

• AI's Role in Internet Governance: 

Artificial Intelligence has emerged as a powerful force shaping the dynamics of the internet. From content moderation and cybersecurity to data analysis and personalized user experiences, AI plays a pivotal role in enhancing the efficiency and effectiveness of Internet governance mechanisms. Automated systems powered by AI algorithms are deployed to detect and respond to emerging threats, ensuring a safer online environment.

A comprehensive strategy for managing the interaction between AI and the internet is required to stimulate innovation while limiting hazards. Multistakeholder models including input from governments, industry, academia, and civil society are gaining appeal as viable tools for developing comprehensive and extensive governance frameworks.

The usefulness of multistakeholder governance stems from its adaptability and flexibility in requiring collaboration from players with a possible stake in an issue. Though flawed, this approach allows for flaws that may be remedied using knowledge-building pieces. As AI advances, this trait will become increasingly important in ensuring that all conceivable aspects are covered.

The Need for Adaptive Regulations

While AI's potential for good is essentially endless, so is its potential for damage - whether intentional or unintentional. The technology's highly disruptive nature needs a strong, human-led governance framework and rules that ensure it may be used in a positive and responsible manner. The fast emergence of GenAI, in particular, emphasizes the critical need for strong frameworks. Concerns about the usage of GenAI may enhance efforts to solve issues around digital governance and hasten the formation of risk management measures.

Several AI governance frameworks have been published throughout the world in recent years, with the goal of offering high-level guidelines for safe and trustworthy AI development. The OECD's "Principles on Artificial Intelligence" (OECD, 2019), the EU's "Ethics Guidelines for Trustworthy AI" (EU, 2019), and UNESCO's "Recommendations on the Ethics of Artificial Intelligence" (UNESCO, 2021) are among the multinational organizations that have released their own principles. However, the advancement of GenAI has resulted in additional recommendations, such as the OECD's newly released "G7 Hiroshima Process on Generative Artificial Intelligence" (OECD, 2023).

Several guidance documents and voluntary frameworks have emerged at the national level in recent years, including the "AI Risk Management Framework" from the United States National Institute of Standards and Technology (NIST), a voluntary guidance published in January 2023, and the White House's "Blueprint for an AI Bill of Rights," a set of high-level principles published in October 2022 (The White House, 2022). These voluntary policies and frameworks are frequently used as guidelines by regulators and policymakers all around the world. More than 60 nations in the Americas, Africa, Asia, and Europe had issued national AI strategies as of 2023 (Stanford University).

Conclusion

Monitoring AI will be one of the most daunting tasks confronting the international community in the next centuries. As vital as the need to govern AI is the need to regulate it appropriately. Current AI policy debates too often fall into a false dichotomy of progress versus doom (or geopolitical and economic benefits versus risk mitigation). Instead of thinking creatively, solutions all too often resemble paradigms for yesterday's problems. It is imperative that we foster a relationship that prioritizes innovation, ethical considerations, and inclusivity. Striking the right balance will empower us to harness the full potential of AI within the boundaries of responsible and transparent Internet Governance, ensuring a digital future that is secure, equitable, and beneficial for all.

References

1. The Key Policy Frameworks Governing AI in India - Access Partnership
2. AI in e-governance: A potential opportunity for India (indiaai.gov.in)
3. India and the Artificial Intelligence Revolution - Carnegie India - Carnegie Endowment for International Peace
4. Rise of AI in the Indian Economy (indiaai.gov.in)
5. The OECD Artificial Intelligence Policy Observatory - OECD.AI
6. Artificial Intelligence | UNESCO
7. Artificial intelligence | NIST