#FactCheck- Delhi Metro Rail Corporation Price Hike

Introduction

We consume news from various sources such as news channels, social media platforms and the Internet etc. In the age of the Internet and social media, the concern of misinformation has become a common issue as there is widespread misinformation or fake news on the Internet and social media platforms.

Misinformation on social media platforms

The wide availability of user-provided content on online social media platforms facilitates the spread of misinformation. With the vast population on social media platforms, the information gets viral and spreads all over the internet. It has become a serious concern as such misinformation, including rumours, morphed images, unverified information, fake news, and planted stories, spread easily on the internet, leading to severe consequences such as public riots, lynching, communal tensions, misconception about facts, defamation etc.

Platform-centric measures to mitigate the spread of misinformation

• Google introduced the ‘About this result’ feature’. This allows the users to help with better understand the search results and websites at a glance.
• During the covid-19 pandemic, there were huge cases of misinformation being shared. Google, in April 2020, invested $6.5 million in funding to fact-checkers and non-profits fighting misinformation around the world, including a check on information related to coronavirus or on issues related to the treatment, prevention, and transmission of Covid-19.
• YouTube also have its Medical Misinformation Policy which prevents the spread of information or content which is in contravention of the World Health Organization (WHO) or local health authorities.
• At the time of the Covid-19 pandemic, major social media platforms such as Facebook and Instagram have started showing awareness pop-ups which connected people to information directly from the WHO and regional authorities.
• WhatsApp has a limit on the number of times a WhatsApp message can be forwarded to prevent the spread of fake news. And also shows on top of the message that it is forwarded many times. WhatsApp has also partnered with fact-checking organisations to make sure to have access to accurate information.
• On Instagram as well, when content has been rated as false or partly false, Instagram either removes it or reduces its distribution by reducing its visibility in Feeds.

Fight Against Misinformation

Misinformation is rampant all across the world, and the same needs to be addressed at the earliest. Multiple developed nations have synergised with tech bases companies to address this issue, and with the increasing penetration of social media and the internet, this remains a global issue. Big tech companies such as Meta and Google have undertaken various initiatives globally to address this issue. Google has taken up the initiative to address this issue in India and, in collaboration with Civil Society Organisations, multiple avenues for mass-scale awareness and upskilling campaigns have been piloted to make an impact on the ground.

How to prevent the spread of misinformation?

Conclusion

In the digital media space, there is a widespread of misinformative content and information. Platforms like Google and other social media platforms have taken proactive steps to prevent the spread of misinformation. Users should also act responsibly while sharing any information. Hence creating a safe digital environment for everyone.

Introduction

Cyber financial offences in India have experienced an alarming surge both in terms of frequency and complexity. Be it phishing attacks or organised fraud syndicates, the nation has been facing a spurt in online financial threats, which leave the victims at their mercy because of procedural lags on the part of law enforcement agencies. To counter this, the Government of India has stepped up measures to create a Cyber-Secure Bharat, focusing on speedy resolution, accountability, and digital empowerment. A key move in this direction is the introduction of the e-Zero FIR initiative, brought forth by the Ministry of Home Affairs (MHA) with Union Home Minister Amit Shah at the helm. This newly developed digital-first system is expected to revolutionise the way cyber financial crimes, particularly those that result in high monetary losses, are handled and investigated.

What Is the e-Zero FIR Initiative?

The e-Zero FIR program is a technology-based platform that enables the automated registration of Zero FIRs for value cyber financial crimes. Led by the Indian Cybercrime Coordination Centre (I4C), Ministry of Home Affairs, the programme is now piloted in Delhi and aims to fill a pressing lacuna: the time lag involved in transitioning cybercrime complaints to First Information Reports (FIRs).

Complaints of financial frauds worth more than ₹10 lakh, reported through the National Cybercrime Reporting Portal (NCRP) or helpline number 1930, will be automatically turned into e-Zero FIRs under this scheme. Such electronic FIRs are directed to the e-Crime Police Station in Delhi, regardless of jurisdiction, and then relayed to the corresponding territorial cybercrime unit. Complainants can visit the cybercrime Police Station within 3 days and get the Zero FIR converted into a regular FIR.

Key Features of the Initiative

1. Pilot Implementation in Delhi

Launched as a pilot project in Delhi, it will later serve as the first use case for the national rollout. The success of the pilot will determine its implementation in other states and Union Territories.

2. Seamless Digital Integration

The project provides strong back-end integration between:

• NCRP (National Cybercrime Reporting Portal)
• e-FIR System (Delhi Police)
• CCTNS (Crime and Criminal Tracking Network & Systems – NCRB)

This integrated model enables complaints to pass smoothly between platforms and agencies.

3. Zero FIR Auto-Registration and Routing

Now, for complaints lodged through 1930 or the National Cyber Crime Reporting Portal related to financial losses exceeding the threshold of ₹10 lakh, the system will automatically register a Zero FIR to the e-Crime Police Station of Delhi and then route it to the concerned territorial cybercrime police station, triggering immediate case processing.

4. Victim-Centric Conversion Mechanism

Complainants are given 3 days from the time of filing to physically report to the police station and transform the e-Zero FIR into a conventional regular FIR under Section 173 (1) and 1(ii) of the newly enacted Bhartiya Nagrik Suraksha Sanhita (BNSS). This ensures legal redress is quicker and easier.

Impact and Significance: The CyberPeace View

The e-Zero FIR system is a significant change in India's cybercrime enforcement, offering quicker response times and improved recovery opportunities. Cyber fraud reported within the "golden hour" can boost recovery levels of financial fraud. The system also eliminates jurisdictional barriers and procedural bottlenecks, making it more victim-friendly. Union Home Minister Amit Shah emphasised the initiative's alignment with Prime Minister Narendra Modi's vision of a digitally resilient India. The system is a scalable national model of tech-based policing supported by organised digital workflows. The initiative allows for real-time analysis of fraud graphs and detection of fraud syndicates through identification and device-based clustering. This is a step towards more automated, context-aware cyber policing, focusing on AI, identity graphs, and velocity to prevent crimes. The system is a step towards a next-generation cyber law enforcement strategy, focusing on AI, identity graphs, and velocity.

Conclusion

The roll-out of the e-Zero FIR program is a turning point in India's battle against cybercrime. By marrying automation with inter-agency coordination and easy-to-use mechanisms, the government has eradicated one of the major stumbling blocks for victims, the delay in taking legal action. Though its pilot phase targets high-value financial frauds in Delhi, its potential for having a countrywide impact is vast. With digital transactions on the upswing and frauds getting more cunning, efforts like these are the key to making a safe, responsive, and victim-centric cyber environment. CyberPeace commends and welcomes this important move towards establishing a Cyber-Secure Bharat, wherein all citizens can make digital transactions with confidence.

References

• https://www.pib.gov.in/PressReleasePage.aspx?PRID=2129715
• https://www.mha.gov.in/en
• https://cybercrime.gov.in/
• https://www.ncrb.gov.in/
• https://economictimes.indiatimes.com/wealth/save/new-e-zero-fir-govt-launches-pilot-for-swift-action-against-cybercrimes-how-it-can-help-you/articleshow/121314437.cms?from=mdr

‍

Introduction

The digital realm is evolving at a rapid pace, revolutionising cyberspace at a breakneck speed. However, this dynamic growth has left several operational and regulatory lacunae in the fabric of cyberspace, which are exploited by cybercriminals for their ulterior motives. One of the threats that emerged rapidly in 2024 is proxyjacking, in which vulnerable systems are exploited by cyber criminals to sell their bandwidth to third-party proxy servers. This cyber threat poses a significant threat to organisations and individual servers. 

Proxyjacking is a kind of cyber attack that leverages legit bandwidth sharing services such as Peer2Profit and HoneyGain. These are legitimate platforms but proxyjacking occurs when such services are exploited without user consent. These services provide the opportunity to monetize their surplus internet bandwidth by sharing with other users. The model itself is harmless but provides an avenue for numerous cyber hostilities.  The participants install net-sharing software and add the participating system to the proxy network, enabling users to route their traffic through the system. This setup intends to enhance privacy and provide access to geo-locked content. 

The Modus Operandi

These systems are hijacked by cybercriminals, who sell the bandwidth of infected devices. This is achieved by establishing Secure Shell (SSH) connections to vulnerable servers. While hackers rarely use honeypots to render elaborate scams, the technical possibility of them doing so cannot be discounted. Cowrie Honeypots, for instance, are engineered to emulate UNIX systems. Attackers can use similar tactics to gain unauthorized access to poorly secured systems. Once inside the system, attackers utilise legit tools such as public docker images to take over proxy monetization services. These tools are undetectable to anti-malware software due to being genuine software in and of themselves. Endpoint detection and response (EDR) tools also struggle with the same threats.

The Major Challenges 

Limitation Of Current Safeguards – current malware detection software is unable to distinguish between malicious and genuine use of bandwidth services, as the nature of the attack is not inherently malicious. 

Bigger Threat Than Crypto-Jacking – Proxyjacking poses a bigger threat than cryptojacking, where systems are compromised to mine crypto-currency. Proxyjacking uses minimal system resources rendering it more challenging to identify. As such, proxyjacking offers perpetrators a higher degree of stealth because it is a resource-light technique, whereas cryptojacking can leave CPU and GPU usage footprints.

Role of Technology in the Fight Against Proxyjacking

Advanced Safety Measures- Implementing advanced safety measures is crucial in combating proxyjacking. Network monitoring tools can help detect unusual traffic patterns indicative of proxyjacking. Key-based authentication for SSH can significantly reduce the risk of unauthorized access, ensuring that only trusted devices can establish connections. Intrusion Detection Systems and Intrusion Prevention Systems can go a long way towards monitoring unusual outbound traffic.

Robust Verification Processes- sharing services must adopt robust verification processes to ensure that only legitimate users are sharing bandwidth. This could include stricter identity verification methods and continuous monitoring of user activities to identify and block suspicious behaviour. 

Policy Recommendations

Verification for Bandwidth Sharing Services – Mandatory verification standards should be enforced for bandwidth-sharing services, including stringent Know Your Customer (KYC) protocols to verify the identity of users. A strong regulatory body would ensure proper compliance with verification standards and impose penalties. The transparency reports must document the user base, verification processes and incidents. 

Robust SSH Security Protocols – Key-based authentication for SSH across organisations should be mandated, to neutralize the risk of brute force attacks. Mandatory security audits of SSH configuration within organisations to ensure best practices are complied with and vulnerabilities are identified will help. Detailed logging of SSH attempts will streamline the process of identification and investigation of suspicious behaviour. 

Effective Anomaly Detection System – Design a standard anomaly detection system to monitor networks. The industry-wide detection system should focus on detecting inconsistencies in traffic patterns indicating proxy-jacking. Establishing mandatory protocols for incident reporting to centralised authority should be implemented. The system should incorporate machine learning in order to stay abreast with evolving attack methodologies.

Framework for Incident Response – A national framework should include guidelines for investigation, response and remediation to be followed by organisations. A centralized database can be used for logging and tracking all proxy hacking incidents, allowing for information sharing on a real-time basis. This mechanism will aid in identifying emerging trends and common attack vectors. 

Whistleblower Incentives – Enacting whistleblower protection laws will ensure the proper safety of individuals reporting proxyjacking activities. Monetary rewards provide extra incentives and motivate individuals to join whistleblowing programs. To provide further protection to whistleblowers, secure communication channels can be established which will ensure full anonymity to individuals. 

Conclusion

Proxyjacking represents an insidious and complicated threat in cyberspace. By exploiting legitimate bandwidth-sharing services, cybercriminals can profit while remaining entirely anonymous. Addressing this issue requires a multifaceted approach, including advanced anomaly detection systems, effective verification systems, and comprehensive incident response frameworks. These measures of strong cyber awareness among netizens will ensure a healthy and robust cyberspace. 

References 

• https://gridinsoft.com/blogs/what-is-proxyjacking/
• https://www.darkreading.com/cyber-risk/ssh-servers-hit-in-proxyjacking-cyberattacks
• https://therecord.media/hackers-use-log4j-in-proxyjacking-scheme

‍