#FactCheck: Viral video blast of fuel tank in UAE Al Hariyah Port portray as Russia-Ukraine Conflict

Introduction

Twitter Inc.’s appeal against barring orders for specific accounts issued by the Ministry of Electronics and Information Technology was denied by a single judge on the Karnataka High Court. Twitter Inc. was also given an Rs. 50 lakh fine by Justice Krishna Dixit, who claimed the social media corporation had approached the court defying government directives.

As a foreign corporation, Twitter’s locus standi had been called into doubt by the government, which said they were ineligible to apply Articles 19 and 21 to their situation. Additionally, the government claimed that because Twitter was only designed to serve as an intermediary, there was no “jural relationship” between Twitter and its users.

The Issue

In accordance with Section 69A of the Information Technology Act, the Ministry issued the directives. Nevertheless, Twitter had argued in its appeal that the orders “fall foul of Section 69A both substantially and procedurally.” Twitter argued that in accordance with 69A, account holders were to be notified before having their tweets and accounts deleted. However, the Ministry failed to provide these account holders with any notices.

On June 4, 2022, and again on June 6, 2022, the government sent letters to Twitter’s compliance officer requesting that they come before them and provide an explanation for why the Blocking Orders were not followed and why no action should be taken against them.

Twitter replied on June 9 that the content against which it had not followed the blocking orders does not seem to be a violation of Section 69A. On June 27, 2022, the Government issued another notice stating Twitter was violating its directions. On June 29, Twitter replied, asking the Government to reconsider the direction on the basis of the doctrine of proportionality. On June 30, 2022, the Government withdrew blocking orders on ten account-level URLs but gave an additional list of 27 URLs to be blocked. On July 10, more accounts were blocked. Compiling the orders “under protest,” Twitter approached the HC with the petition challenging the orders.

Legality

Additionally, the government claimed that because Twitter was only designed to serve as an intermediary, there was no “jural relationship” between Twitter and its users.

Government attorney Additional Solicitor General R Sankaranarayanan argued that tweets mentioning “Indian Occupied Kashmir” and the survival of LTTE commander Velupillai Prabhakaran were serious enough to undermine the integrity of the nation.

Twitter, on the other hand, claimed that its users have pushed for these rights. Additionally, Twitter maintained that under Article 14 of the Constitution, even as a foreign company, they were entitled to certain rights, such as the right to equality. They also argued that the reason for the account blocking in each case was not stated and that Section 69a’s provision for blocking a URL should only apply to the offending URL rather than the entire account because blocking the entire account would prevent the creation of information while blocking the offending tweet only applied to already-created information.

Conclusion

The evolution of cyberspace has been substantiated by big tech companies like Facebook, Google, Twitter, Amazon and many more. These companies have been instrumental in leading the spectrum of emerging technologies and creating a blanket of ease and accessibility for users. Compliance with laws and policies is of utmost priority for the government, and the new bills and policies are empowering the Indian cyberspace. Non Compliance will be taken very seriously, and the same is legalised under the Intermediary Guidelines 2021 and 2022 by Meity. Referring to Section 79 of the Information Technology Act, which pertains to an exemption from liability of intermediary in some instances, it was said, “Intermediary is bound to obey the orders which the designate authority/agency which the government fixes from time to time.”

Introduction

Google.org is committed to stepping ahead to enhance Internet safety and responsible online behaviour. ‘Google for INDIA 2023’, an innovative conclave, took place on 19th October 2023. Google.org has embarked on its vision for a safer Internet and combating misinformation, financial frauds and other threats that come from bad actors. Alphabet Big Tech is committed to leading this charter and engaging with all stakeholders, including government agencies. Google.org has partnered with CyberPeace Foundation to foster a safer online environment and empower users on informed decisions on the Internet. CyberPeace will run a nationwide awareness and capacity-building Initiative equipping more than 40 Million Indian netizens with fact-checking techniques, tools, SoPs, and guidance for responsible and safe online behaviour. The campaign will be deployed in 15 Indian regional languages as a comprehensive learning outcome for the whole nation. Together, Google.org and CyberPeace Foundation aim to make the Internet safer for everyone and work in a direction to ensure that progress for everyone is built on a strong foundation of trusted information available on the Internet and pursuing the true spirit of “Technology for Good”.

Google.org and CyberPeace together for enhanced online safety

A new $4 million grant to CyberPeace Foundation will support a nationwide awareness-building program and comprehensive multilingual digital resource hub with content available in up to 15 Indian languages to empower nearly 40 million underserved people across the country in building resilience against misinformation and practice responsible online behaviour.  Together, Google.org and CyberPeace are on their way to creating a strong pathway of trusted Internet and a safer digital environment. The said campaign will be undertaken for a duration of 3 years, and the following key components will run at the core of the same: 

• CyberPeace Corps Volunteers: This will be a pan India volunteer engagement initiative to create a community of 9 million CyberPeace Ambassadors/First Responders/Volunteers to fight misinformation and promote responsible online behaviour going far into the rural, marginalised and most vulnerable strata of society. 
• Digital Resource Hub: In pursuance of the campaign, CyberPeace is developing a cutting-edge platform offering a wealth of resources on media literacy, responsible content creation, and cyber hygiene translated into 15 Indian regional languages for a widespread impact on the ground. 
• Public Sensitisation: CyberPeace will be conducting an organic series of online and offline events focusing on empowering netizens to discern fact from fiction. These sensitisation drives will be taken on by start master trainers from different regions of India to ensure all states and UTs are impacted. 
• CyberPeace Quick Reaction Team: A specialised team of tech enthusiasts that will work closely with platforms to rapidly address new-age cyber threats and misinformation campaigns in real-time and establish best practices and SoPs for the diverse elements in the industries. 
• Engaging Multimedia Content: With CyberPeace’s immense expertise in E-Course and digital content, the campaign will produce a range of multilingual multimedia resources, including informative videos, posters, games, contests, infographics, and more.
• Fact-check unit: Fact-check units will play a crucial role in monitoring, identifying, and doing fact analysis of the suspected information and overall busting the growing incidents of misinformation. Fake news or misinformation has negative consequences on society at large. The fact-check units play a significant role in controlling the widespread of misinformation. 

‍

Fight Against Misinformation 

Misinformation is rampant all across the world and requires attention. With the increasing penetration of social media and the internet, this remains a global issue. Google.org has taken up the initiative to address this issue in India and, in collaboration with CyberPeace Foundation taken a proactive step to multiple avenues for mass-scale awareness and upskilling campaigns have been piloted to make an impact on the ground with the vision of upskilling over 40 Million people in the country and building resilience against misinformation and practicing responsible online behavior. 

‍

Maj Vineet Kumar, Founder of CyberPeace, said,

"In an era in which digital is deeply intertwined with our lives, knowing how to discern, act on, and share the credible from the wealth of information available online is critical to our well-being, and of our families and communities. Through this initiative, we’re committing to help Internet users across India become informed, empowered and responsible netizens leading through conversations and actions. Whether it’s in fact-checking information before sharing it, or refraining from sharing unverified news, we all play an important role in building a web that is a safe and inclusive space for everyone, and we are extremely grateful to Google.org for propelling us forward in this mission with their grant support.”

‍

Annie Lewin, Senior Director of Global Advocacy and Head of Asia Pacific, Google.org said:

“We have a longstanding commitment to supporting changemakers using technology to solve humanity's biggest challenges. And, the innovation and zeal of Indian nonprofit organisations has inspired us to deepen our commitment in India. With the new grant to CyberPeace Foundation, we are proud to support solutions that speak directly to Google’s DNA, helping first-time internet users chart their path in a digital world with confidence. Such solutions give us pride and hope that each step, built on a strong foundation of trusted information, will translate into progress for all.”

‍

Conclusion

Google.org has partnered with government agencies and other Indian organisations with the vision of future-proof India for digital public infrastructure and staying a step ahead for Internet safety, keeping the citizens safe online. Google.org is taking its largest step yet towards online safety in India. There is widespread misinformative content and information in the digital media space or on the internet. This proactive initiative of Google.org in collaboration with CyberPeace is a commendable step to prevent the spread of misinformation and empower users to act responsibly while sharing any information and making informed decisions while using the Internet, hence creating a safe digital environment for everyone.

‍References:

• https://www.youtube.com/live/-b4lTVjOsXY?feature=shared
• https://blog.google/intl/en-in/products/google-for-india-2023-product-announcements/
• https://blog.google/intl/en-in/partnering-indias-success-in-a-new-digital-paradigm/
• https://telecom.economictimes.indiatimes.com/news/internet/google-to-debut-credit-in-india-announces-a-slew-of-ai-powered-launches/104547623
• https://theprint.in/economy/google-for-india-2023-tech-giant-says-it-removed-2-million-violative-videos-in-q2-2023/1810201/

‍

Overview:

WazirX is the platform for cryptocurrencies, based in India that has been hacked, and it made a loss of more than $230 million in cryptocurrency. This case concerned an unauthorized transaction with a multisignature or multisig, wallet controlled through Liminal’a digital asset management platform. These attacking incidents have thereafter raised more questions on the security of the Cryptocurrency exchanges and efficiency of the existing policies and laws.

Wallet Configuration and Security Measures

This wallet was breached and had a multisig setting meaning that more than one signature was needed to authorize a transaction. Specifically, it had six signatories: five are funded by WazirX and one is funded by Liminal. Every transaction needed the approval of at least three signatories of WazirX, all of whom had addressed security concerns by using Ledger’s hardware wallets; while the Liminal, too, had a signatory, for approval.

To further increase the level of security of the transactions, a whitelisting policy was introduced, only limited addresses were authorized to receive funds. This system was rather vulnerable, and the attackers managed to grasp the discrepancy between the information available through Liminal’s interface and the content of the transaction to seize unauthorized control over the wallet and implement the theft.

Modus Operandi: Attack Mechanics

The cyber attack appears to have been carefully carried out, with preliminary investigations suggesting the following tactics: 

• Payload Manipulation: The attackers apparently substituted the transaction’s payload during signing; hence, they can reroute the collected funds into an unrelated wallet. 

• Chain Hopping: To make it much harder to track their movements, the attackers split large amounts of money across multiple blockchains and broke tens of thousands of dollars into thousands of transactions involving different cryptocurrencies. This technique makes it difficult to trace people and things. 

• Zero Balance Transactions: There were also some instances where it ended up with no Ethereum (ETH) in the balance and such wallets also in use for the purpose of further anonymization of the transactions.

• Analysis of the blockchain data suggested the enemy might have been making the preparations for this attack for several days prior to their attack and involved a high amount of planning. 

Actions taken by WazirX:

Following the attack, WazirX implemented a series of immediate actions:

• User Notifications: The users were immediately notified of the occurrence of the breach and the possible risk it posed to them. 

• Law Enforcement Engagement: The matters were reported to the National Cyber Crime Reporting Portal and specific authorities of which the Financial Intelligence Unit (FIU) and the Computer Emergency Response Team (CERT-In). 

• Service Suspension: WazirX had suspended all its trading operations and user deposits’ and withdrawals’ to minimize further cases and investigate. 

• Global Outreach: The exchange contacted more than 500 cryptocurrency exchanges and requested to blacklist the wallet’s addresses linked to the theft. 

• Bounty Program: A bounty program was announced to encourage people to share information that can enable the authorities to retrieve the stolen money. A maximum of 23 million dollars was placed on the bounty. 

Further  Investigations 

WazirX stated that it has contracted the services of cybersecurity professionals to help in the prosecution process of identifying and compensating for the losses. The exchange is still investigating the forensic data and working with the police for tracking the stolen assets. Nevertheless, the prospects of full recovery may be quite questionable primarily because of complexity of the attack and the methods used by the attackers. 

Precautionary measures: 

 The WazirX cyber attack clearly implies that there is the necessity to improve the security and the regulation of the cryptocurrency industry. As exchanges become increasingly targeted by hackers, there is a pressing need for: 

• Stricter Security Protocols: The commitment to technical innovations, such as integration of MFA, as well as constant monitoring of the users’ wallets’ activities. 

• Regulatory Oversight: Formalization of the laws that require proper security for the cryptocurrency exchange platforms to safeguard their users as well as their investments. 

• Community Awareness: To bypass such predicaments, there is a need to study on emergent techniques in spreading awareness, particularly in cases of scams or phishing attempts that are likely to follow such breaches. 

Conclusion:

The cyber attack on WazirX in the field of cryptocurrency market, shows weaknesses and provides valuable lessons for enhancing the security.  This attack highlights critical vulnerabilities in cryptocurrency exchanges, even though employing advanced security measures like multisignature wallets and whitelisting policies. The attack's complexity, involving payload manipulation, chain hopping, and zero balance transactions, underscores the attackers' meticulous planning and the challenges in tracing stolen assets. This case brings a strong message regarding the necessity of solid security measures, and constant attention to security in the rapidly growing world of digital assets. Furthermore, the incident highlights the importance of community awareness and education on emerging threats like scams and phishing attempts, which usually follow such breaches. By fostering a culture of vigilance and knowledge, the cryptocurrency community can better defend against future attacks.

Reference:

https://wazirx.com/blog/important-update-cyber-attack-incident-and-measures-to-protect-your-assets/

https://www.moneycontrol.com/news/opinion/the-230-million-crypto-theft-at-wazirx-is-a-wake-up-call-for-indian-regulators-government-12772563.html

https://www.linkedin.com/pulse/wazirx-cyberattack-in-depth-analysis-jyqxf

‍