#FactCheck-Mosque fire in India? False, it's from Indonesia

Introduction:

Cybercriminals can hack your phone using or exploiting some public charging stations such as at airports, Malls, hotel rooms, etc. When you plug in your phone or laptop devices into a power charger using USB, you may be plugging into a hacker. Juice jacking poses a security threat at public charging stations at airports, shopping malls and other public places that provide free charging stations for mobile, tablet, and laptop devices. 

Cybercriminals can either hack into the public charging spot or download malware or viruses through the USB port into your system. When you plug your phone, laptop, tablet or other such devices for charging at public charging stations, it can download malware to your phone and other such devices, and then hackers can access your personal information or passwords, It is really a problem since hackers can even get access to your bank account for unauthorised transactions by accessing your passwords and personal information. 

Hence it is important to think twice before using public charging spots, as it might lead to serious consequences such as malware, data leak and hacking. Hacking can gain unauthorised access to your personal information by installing malware in your device and they might monitor your device by installing monitor software or spyware to your device. This scam is referred to as juice jacking. 

FBI issued an advisory  warning about using public charging stations:

The Federal Bureau of Investigation (FBI), In May 2023, advised users to avoid using free charging stations in airports, hotels, or shopping centres. The warning comes as threat actors have figured out ways to inject malware into devices attached to publicly installed USB ports.

Updated Security measures:

We all must have seen public charging points such as airports, shopping malls, metro, and other public places that provide charging stations for mobile devices. But it can be a threat to your stored data on your device. During the charging process, your data can be transferred which can ultimately lead to a data breach. Hence utmost care should be taken to protect your information and data. iPhones and other devices have security measures in place, When you plug your phone into a charging power source, a pop-up appears to ask permission to allow or disallow the transfer of Data. There is also a default setting in the phones where data transfer is disabled. In the latest models, when you plug your device into a new port or a computer, a pop-up appears asking whether the device is trusted or not. 

Two major risks involved in the threat of Juice jacking: 

1. Malware installation: – Malware apps can be used by bad actors to clone your phone data to their device, Your personal data is transferred leading to a data breach. Some types of malware include Trojans, adware, spyware, crypto-miners, etc. Once this malware is injected into your device, It is easy for cybercriminals to extort a ransom to restore the information they have unauthorized access to.
2. Data Theft: It is important to give emphasis to the question of whether your data is protected at public charging stations? When we use a USB cable and connect to a public charging station port, cyber-criminals by injecting malware into the charging port system, can inject the malware into your device or your data can be transferred to the bad actors. USB cords can be exploited by cybercriminals to commit malicious activities.

‍

Best practices: 

• Avoid using public charging stations: Using public charging stations is not safe. It is very possible for a cybercriminal to load malware into a charging station with a USB cord. Hence It is advisable not to use public charging spots, try to make sure you charge your phone, and laptop devices in your car, at home or office so it will help you to avoid public charging stations.
• Alternative method of charging: You can carry a power bank along with you to avoid the use of public charging stations.
• Lock your phone: Lock your phone once connected to the charging port. Locking your device once connected to the charging station will prevent it from being able to sync or transfer data.
• Software update: It is important to enable and use your device’s software security measures. Mobile devices have certain technical protections against such vulnerabilities and security threats. 
• Review Settings: Disable your device’s option to automatically transfer data when a charging cable is connected. This is the default on iOS devices. Android users should disable this option in the Settings app. If your device displays a prompt asking you to “trust this computer,” it means you are connected to another device, not simply a power outlet. Deny the permission, as trusting the computer will enable data transfers to and from your device.  So when you plug your device into a USB port and a prompt appears asking permission to "share data" or “trust this computer” or “charge only,” always select “charge only.”

Conclusion:

Cybercriminals or bad actors exploit public charging stations. There have been incidents where malware was planted in the system by the use of a USB cord, During the charging process, the USB cord opens a path into your device that a cybercriminal can exploit, which means the devices can exchange data. That's called juice jacking. Hence avoid using public charging stations, our safety is in our hands and it is significantly important to give priority to best practices and stay protected in the evolving digital landscape. 

References: 

• https://www.cbsnews.com/philadelphia/news/fbi-issue-warning-about-juice-jacking-when-using-free-cell-phone-charging-kiosks/
• https://www.comparitech.com/blog/information-security/juice-jacking/#:~:text=Avoid%20public%20charging%20stations,guaranteed%20success%20with%20this%20method
• https://www.fcc.gov/juice-jacking-tips-to-avoid-it

‍

Introduction

In an alarming event, one of India’s premier healthcare institutes, AIIMS Delhi, has fallen victim to a malicious cyberattack for the second time in the year. The Incident serves as a clear-cut reminder of the escalating threat landscape faced by the healthcare organisation in this digital age. In the attack, which unfolded with grave implications, the attackers not only explored the vulnerabilities present in the healthcare sector, but this also raised the concern about the security of patient data and the uninterrupted delivery of critical healthcare services. In this blog post, we will explore the incident, what happened, and what safety measures can be taken.

Backdrop

The cyber-security systems deployed in AIIMS, New Delhi, recently detected a malware attack. The nature and scope of the attack were both sophisticated and targeted. This second hack acts as a wake-up call for healthcare organisations nationwide. As the healthcare business increasingly depends on digital technology to improve patient care and operational efficiency, cybersecurity must be prioritised to protect sensitive data. To minimise cyber-attack dangers, healthcare organisations must invest in robust defences such as multi-factor authentication, network security, frequent system upgrades, and employee training.

The attempt was successfully prevented, and the deployed cyber-security systems neutralised the threat. The e-Hospital services remain to be fully secure and are functioning normally.

Impact on AIIMS

Healthcare services have been under hackers’ radar worldwide, and the healthcare sector has been impacted badly. The attack on AIIMS Delhi’s effects has been both immediate and far-reaching. The organisation, which is recognised for delivering excellent healthcare services and performing breakthrough medical research, faced significant interruptions in its everyday operations. Patient care and treatment processes were considerably impeded, resulting in delays, cancellations, and the inability to access essential medical documents. The stolen data raises serious concerns about patient privacy and confidentiality, raising doubts about the institution’s capacity to protect sensitive information. Furthermore, the financial ramifications of the assault, such as the cost of recovery, deploying more robust cybersecurity measures, and potential legal penalties and forensic analyses, contribute to the scale of the effect. The event has also generated public concerns about the institution’s ability to preserve personal information, undermining confidence and degrading AIIMS Delhi’s image.

Impact on Patients: The attacks not only impact the institutes but also have serious implications for the patients and here are some key highlights:

Healthcare Service Disruption: The hack has affected the seamless delivery of healthcare services at AIIMS Delhi. Appointments, surgeries, and other medical treatments may be delayed, cancelled, or rescheduled. This disturbance can result in longer wait times, longer treatment periods, and potential problems from delayed or interrupted therapy.

Patient Privacy and Confidentiality are jeopardised because of the breach of sensitive patient data. Medical data, test findings, and treatment plans may have been compromised. This breach may diminish patient faith in the institution’s capacity to safeguard their personal information, discouraging them from seeking care or submitting sensitive information in the future.

As a result of the cyberattack, patients may endure mental anguish and worry. Fear of possible exploitation of personal health information, confusion about the scope of the breach, and concerns about the security of their healthcare data can all have a negative impact on their mental health. This stress might aggravate pre-existing medical issues and impede total recovery.

Trust at stake: A data breach may harm patients’ faith and confidence in AIIMS Delhi and the healthcare system. Patients rely on healthcare facilities to keep their information secure and confidential while providing safe, high-quality care. A hack can doubt the institution’s ability to safeguard patient data, affecting patients’ overall faith in the organisation and potentially leading to patients seeking care elsewhere.

Cybersecurity Measures

To avoid future hacks and protect patient data, AIIMS Delhi must prioritize enhancing its cybersecurity procedures. The institution can strengthen its resistance to changing threats by establishing strong security practices. The following steps can be considered.

Using Multi-factor Authentication: By forcing users to submit several forms of identity to access systems and data, multi-factor authentication offers an extra layer of protection. AIIMS Delhi may considerably lower the danger of unauthorised access by applying this precaution, even in the case of leaked passwords or credentials. Biometrics and one-time passwords, for example, should be integrated into the institution’s authentication systems.

Improving Network Security and Firewalls: AIIMS Delhi should improve network security by implementing strong firewalls, intrusion detection and prevention systems, and network segmentation. These techniques serve to construct barriers between internal systems and external threats, reducing attackers’ lateral movement within the network. Regular network traffic monitoring and analysis can assist in recognising and mitigating any security breaches.

Risk Assessment: Regular penetration testing and vulnerability assessments are required to uncover possible flaws and vulnerabilities in AIIMS Delhi’s systems and infrastructure. Security professionals can detect vulnerabilities and offer remedial solutions by carrying out controlled simulated assaults. This proactive strategy assists in identifying and addressing any security flaws before attackers exploit them.

Educating and training Healthcare Professionals: Education and training have a crucial role in enhancing cybersecurity practices in healthcare facilities. Healthcare workers, including physicians, nurses, administrators, and support staff, must be well-informed about the importance of cybersecurity and trained in risk-mitigation best practices. This will empower healthcare professionals to actively contribute to protecting the patient’s data and maintaining the trust and confidence of patients.

Learnings from Incidents

AIIMS Delhi should embrace cyber-attacks as learning opportunities to strengthen its security posture. Following each event, a detailed post-incident study should be performed to identify areas for improvement, update security policies and procedures, and improve employee training programs. This iterative strategy contributes to the institution’s overall resilience and preparation for future cyber-attacks. AIIMS Delhi can effectively respond to cyber incidents, minimise the impact on operations, and protect patient data by establishing an effective incident response and recovery plan, implementing data backup and recovery mechanisms, conducting forensic analysis, and promoting open communication. Proactive measures, constant review, and regular revisions to incident response plans are critical for staying ahead of developing cyber threats and ensuring the institution’s resilience in the face of potential future assaults.

Conclusion

To summarise, developing robust healthcare systems in the digital era is a key challenge that healthcare organisations must prioritise. Healthcare organisations can secure patient data, assure the continuation of key services, and maintain patients’ trust and confidence by adopting comprehensive cybersecurity measures, building incident response plans, training healthcare personnel, and cultivating a security culture. Adopting a proactive and holistic strategy for cybersecurity is critical to developing a healthcare system capable of withstanding and successfully responding to digital-age problems.

Introduction

Twitter is a popular social media plate form with millions of users all around the world. Twitter’s blue tick system, which verifies the identity of high-profile accounts, has been under intense scrutiny in recent years. The platform must face backlash from its users and brands who have accused it of basis, inaccuracy, and inconsistency in its verification process. This blog post will explore the questions raised on the verification process and its impact on users and big brands.

What is Twitter’s blue trick System?

The blue tick system was introduced in 2009 to help users identify the authenticity of well-known public figures, Politicians, celebrities, sportspeople, and big brands. The Twitter blue Tick system verifies the identity of high-profile accounts to display a blue badge next to your username.

According to a survey, roughly there are 294,000 verified Twitter Accounts which means they have a blue tick badge with them and have also paid the subscription for the service, which is nearly $7.99 monthly, so think about those subscribers who have paid the amount and have also lost their blue badge won’t they feel cheated?

The Controversy

Despite its initial aim, the blue tick system has received much criticism from consumers and brands. Twitter’s irregular and non-transparent verification procedure has sparked accusations of prejudice and inaccuracy. Many Twitter users have complained that the network’s verification process is random and favours account with huge followings or celebrity status. In contrast, others have criticised the platform for certifying accounts that promote harmful or controversial content.

Furthermore, the verification mechanism has generated user confusion, as many need to understand the significance of the blue tick badge. Some users have concluded that the blue tick symbol represents a Twitter endorsement or that the account is trustworthy. This confusion has resulted in users following and engaging with verified accounts that promote misleading or inaccurate data, undermining the platform’s credibility.

How did the Blue Tick Row start in India?

On 21 May 2021, when the government asked Twitter to remove the blue badge from several profiles of high-profile Indian politicians, including the Indian National Congress Party Vice-President Mr Rahul Ghandhi.

The blue badge gives the users an authenticated identity. Many celebrities, including Amitabh Bachchan, popularly known as Big B, Vir Das, Prakash Raj, Virat Kohli, and Rohit Sharma, have lost their blue tick despite being verified handles.

What is the Twitter policy on blue tick?

To Twitter’s policy, blue verification badges may be removed from accounts if the account holder violates the company’s verification policy or terms of service. In such circumstances, Twitter typically notifies the account holder of the removal of the verification badge and the reason for the removal. In the instance of the “Twitter blue badge row” in India, however, it appears that Twitter did not notify the impacted politicians or their representatives before revoking their verification badges. Twitter’s lack of communication has exacerbated the controversy around the episode, with some critics accusing the company of acting arbitrarily and not following due process.

Is there a solution?

The “Twitter blue badge row” has no simple answer since it involves a complex convergence of concerns about free expression, social media policies, and government laws. However, here are some alternatives:

• Establish clear guidelines: Twitter should develop and constantly implement clear guidelines and policies for the verification process. All users, including politicians and government officials, would benefit from greater transparency and clarity.
• Increase transparency: Twitter’s decision-making process for deleting or restoring verification badges should be more open. This could include providing explicit reasons for badge removal, notifying impacted users promptly, and offering an appeals mechanism for those who believe their credentials were removed unfairly.
• Engage in constructive dialogue: Twitter should engage in constructive dialogue with government authorities and other stakeholders to address concerns about the platform’s content moderation procedures. This could contribute to a more collaborative approach to managing online content, leading to more effective and accepted policies.
• Follow local rules and regulations: Twitter should collaborate with the Indian government to ensure it conforms to local laws and regulations while maintaining freedom of expression. This could involve adopting more precise standards for handling requests for material removal or other actions from governments and other organisations.

Conclusion

To sum up, the “Twitter blue tick row” in India has highlighted the complex challenges that Social media faces daily in handling the conflicting interests of free expression, government rules, and their own content moderation procedures. While Twitter’s decision to withdraw the blue verification badges of several prominent Indian politicians garnered anger from the government and some public members, it also raised questions about the transparency and uniformity of Twitter’s verification procedure. In order to deal with this issue, Twitter must establish clear verification procedures and norms, promote transparency in its decision-making process, participate in constructive communication with stakeholders, and adhere to local laws and regulations. Furthermore, the Indian government should collaborate with social media platforms to create more effective and acceptable laws that balance the necessity for free expression and the protection of citizens’ rights. The “Twitter blue tick row” is just one example of the complex challenges that social media platforms face in managing online content, and it emphasises the need for greater collaboration among platforms, governments, and civil society organisations to develop effective solutions that protect both free expression and citizens’ rights.