#FactCheck: Viral Video Showing Pakistan Shot Down Indian Air Force' MiG-29 Fighter Jet

Introduction

Who would have predicted that the crime of slavery would haunt our lives through the digital world? In a recent unfolding of events, the cyber wing of Maharashtra has saved 60 Indian nationals from a cyber slavery racket run by armed rebel groups operating in Myanmar and arrested five suspects who acted as recruiting agents, including a foreign national. As per the reports, the racketeers made contact with various individuals, enticing them with offers of high-paying jobs in East Asian countries. The operation unfolds a carefully designed crime network that operates through bordering states, Myanmar, Thailand, and Malaysia, targeting vulnerable individuals through deceptive means and forcing them to commit cyber fraud and financial crimes, operating as an authentic industrial setup. The disturbing set of events makes up only one of many such cyber-slavery incidents that are uncovered and various other rackets that operate in the shadows of cyberspace. Another similar event was reported in March 2025, where the disturbing ordeal of a 52-year-old father from Bihar’s Gopalganj, whose son was lured into working in a scam call centre under the pretence of a data entry job in Thailand.

Counting the Unseen: The Dark Metrics of Cyber Slavery

As per the United Nations report from October 2024, a large number of young individuals are enslaved, acting under the impression they will be employed in high-paying jobs, often on social media platforms, and what follows is an intricate web of cybercriminals operating from illegal scam compounds.  According to the UN Office on Drugs and Crime (UNODC), financial losses from scams in Southeast Asia reached between $18 billion (Rs 1.6 lakh crore) and $37 billion (Rs 3.2 lakh crore) in 2023, much of it linked to organised crime in these three countries. Also, acting on a similar premise, the Indian Cyber Crime Coordination Centre (I4C), a division under the Ministry of Home Affairs (MHA), organised an inter-ministerial committee to address a significant rise in cybercrime in Southeast Asian countries, which includes Cambodia, Myanmar, and Laos. 

The data from the Bureau of Immigration in the Union Ministry of Home Affairs, which included around 29,466 Indians who travelled on visitor visas to Thailand, Vietnam, Myanmar, and Cambodia between January 2022 and May 2024, has gone missing.

From Rescue to Reform: How India is Tackling Cyber Slavery 

The recent events that unfolded have agitated the government to undertake vigilant rescue operations for the missing individuals who became victims of this modern-day trafficking and coordinate with foreign ministries in Myanmar, Thailand and Cambodia for extradition and repatriation. It is notable that in the year 2015, India along with seven other countries in South Asia, including Afghanistan, Bangladesh, Bhutan, Maldives, Nepal, Pakistan and Sri Lanka, came together to address transnational threats that transcend geographical and cultural borders in cooperation with the United Nations Office on Drugs and Crimes (UNODC). The collaboration brought together a Compendium of Bilateral and Regional Instruments for South Asia providing for International Cooperation in Criminal Matters. Further, in January 2025, UNODC and the European Union launched a €9 million regional project titled "Preventing and Addressing Trafficking in Human Beings and the Smuggling of Migrants in South Asia." The Government of India, through its various agencies, also lays down various guidelines and advisories on the National Cyber Crime Reporting Portal. Additionally, law enforcement agencies are actively involved, and cybersecurity NGOs are proactively spreading awareness about identifying red flags associated with threats such as cyber slavery.

Recommendations: A Call to Action

• The various advisories released by the Gov. of India emphasise the need for Indian nationals to verify the credentials of the employer through the Indian Embassy located in that country.
• The authorities and various agencies also stress the need for individuals to refrain from sharing personal information such as location details, contact information or any information pertaining to personal relationships that can be exploited by such criminals.
• The fundamental manner of tackling the crime of cyber slavery is to ensure digital literacy and increase awareness through public campaigns and educational programmes
• The need of the hour is international cooperation and collaboration to undertake a concerted effort to bring back the victims and penalise all those who facilitate such criminal activities. 

References

• https://www.thehindu.com/news/national/more-than-60-indians-forced-into-cyber-slavery-rescued-from-myanmar-5-arrested/article69438991.ece 
• https://www.indiatoday.in/india-today-insight/story/cyber-slavery-the-new-job-con-trapping-indian-youth-abroad-2637157-2024-11-21 
• https://indianexpress.com/article/india/mha-high-powered-committee-cybercrimes-from-se-asia-9345843/ ‍
• https://www.unodc.org/documents/terrorism/Publications/SAARC%20compendium/SA_Compendium_Volume-2.pdf

Overview:

After the blackout on July 19, 2024, which affected CrowdStrike’s services worldwide, cybercriminals began to launch many phishing attacks and distribute malware. These activities mainly affect CrowdStrike customers, using the confusion as a way to extort information through fake support sites. The analysis carried out by the Research Wing of CyberPeace and Autobot Infosec has identified several phishing links and malicious campaigns.

The Exploitation:

Cyber adversaries have registered domains that are similar to CrowdStrike’s brand and have opened fake accounts on social media platforms. These are fake platforms that are employed to defraud users into surrendering their personal and sensitive details for use in other fraudulent activities.

Phishing Campaign Links:

• crowdstrike-helpdesk[.]com
• crowdstrikebluescreen[.]com
• crowdstrike-bsod[.]com
• crowdstrikedown[.]site
• crowdstrike0day[.]com
• crowdstrikedoomsday[.]com
• crowdstrikefix[.]com
• crashstrike[.]com
• crowdstriketoken[.]com
• fix-crowdstrike-bsod[.]com
• bsodsm8r[.]xamzgjedu[.]com
• crowdstrikebsodfix[.]blob[.]core[.]windows[.]net
• crowdstrikecommuication[.]app
• fix-crowdstrike-apocalypse[.]com
• supportportal-crowdstrike-com[.]translate[.]goog
• crowdstrike-cloudtrail-storage-bb-126d5e[.]s3[.]us-west-1[.]amazonaws[.]com
• crowdstrikeoutage[.]info
• clownstrike[.]co[.]uk
• crowdstrikebsod[.]com
• whatiscrowdstrike[.]com
• clownstrike[.]co
• microsoftcrowdstrike[.]com
• crowdfalcon-immed-update[.]com
• crowdstuck[.]org
• failstrike[.]com
• winsstrike[.]com
• crowdpass[.]com

In one case, a PDF file is being circulated with CrowdStrike branding, saying ‘Download The Updater,’ which is a link to a ZIP file. The ZIP file is a compressed file that has an executable file with a virus. This is a clear sign that the hackers are out to take advantage of the current situation by releasing the malware as an update.

‍

‍

‍

In another case, there is a malicious Microsoft Word document that is currently being shared, which claims to offer a solution on how to deal with this CrowdStrike BSOD bug. But there is a hidden risk in the document. When users follow the instructions and enable the embedded macro, it triggers the download of an information-stealing malware from a remote host. This is a form of malware that is used to steal information and is not well recognized by most security software. Also it sends the stolen data to the samesame remote host but with different port number, which likey works as the CnC server for the campaign.

• Name New_Recovery_Tool_to_help_with_CrowdStrike_issue_impacting_Windows[.]docm
• MD5 dd2100dfa067caae416b885637adc4ef
• SHA-1 499f8881f4927e7b4a1a0448f62c60741ea6d44b
• SHA-256 803727ccdf441e49096f3fd48107a5fe55c56c080f46773cd649c9e55ec1be61
  
• URLS http://172.104.160[.]126:8099/payload2.txt, http://172.104.160[.]126:5000/Uploadss

‍

Recent Outage Impact:

On July 19, 2024, CrowdStrike faced a global outage that originated from an update of its Falcon Sensor security software. This outage affected many government organizations and companies in different industries, such as finance, media, and telecommunications. The event led to numerous complaints from the users who experienced problems like blue screen of death and system failure. Although, CrowdStrike has admitted to the problem and is in the process of fixing it. 

Preventive Measures:

• Organize regular awareness sessions to educate the employees about the phishing techniques and how they can avoid the phishing scams, emails, links, and websites.
• MFA should be used for login to the sensitive accounts and systems for an improvement on the security levels.
• Make sure all security applications including the antivirus and anti-malware are up to date to help in the detection of phishing scams.
• This includes putting in place of measures such as alert on account activity or login patterns to facilitate early detection of phishing attempts.
• Encourage employees and users to inform the IT department as soon as they have any suspicions regarding phishing attempts.

Conclusion:

The recent CrowdStrike outage is a perfect example of how cybercriminals take advantage of the situation and user’s confusion and anxiety. Thus, people and organizations can keep themselves from these threats and maintain the confidentiality of their information by being cautious and adhering to the proper standards. To get the current information on the BSOD problem and the detailed instructions on its solution, visit CrowdStrike’s support center. Reported problems should be handled with caution and regular backup should be made to minimize the effects.

References:

• https://app.any.run/tasks/2c0ffc87-4059-4d6f-8306-1258cf33aa54/
• https://app.any.run/tasks/48e18e33-2007-49a8-aa60-d04c21e8fa11
• https://www.virustotal.com/gui/file/19001dd441e50233d7f0addb4fcd405a70ac3d5e310ff20b331d6f1a29c634f0/relations
• https://www.virustotal.com/gui/file/803727ccdf441e49096f3fd48107a5fe55c56c080f46773cd649c9e55ec1be61/detection
• https://www.joesandbox.com/analysis/1478411#iocs

‍

CAPTCHA, or the Completely Automated Public Turing Test to Tell Computers and Humans Apart function, is an image or distorted text that users have to identify or interpret to prove they are human. 2007 marked the inception of CAPTCHA, and Google developed its free service called reCAPTCHA, one of the most commonly used technologies to tell computers apart from humans. CAPTCHA protects websites from spam and abuse by using tests considered easy for humans but were supposed to be difficult for bots to solve. 

But, now this has changed. With AI becoming more and more sophisticated, it is now capable of solving CAPTCHA tests at a rate that is more accurate than humans, rendering them increasingly ineffective. This raises the question of whether CAPTCHA is still effective as a detection tool with the advancements of AI.

CAPTCHA Evolution: From 2007 Till Now

CAPTCHA has evolved through various versions to keep bots at bay. reCAPTCHA v1 relied on distorted text recognition, v2 introduced image-based tasks and behavioural analysis, and v3 operated invisibly, assigning risk scores based on user interactions. While these advancements improved user experience and security, AI now solves CAPTCHA with 96% accuracy, surpassing humans (50-86%). Bots can mimic human behaviour, undermining CAPTCHA’s effectiveness and raising the question: is it still a reliable tool for distinguishing real people from bots?

Smarter Bots and Their Rise

AI advancements like machine learning, deep learning and neural networks have developed at a very fast pace in the past decade, making it easier for bots to bypass CAPTCHA. They allow the bots to process and interpret the CAPTCHA types like text and images with almost human-like behaviour. Some examples of AI developments against bots are OCR or Optical Character Recognition. The earlier versions of CAPTCHA relied on distorted text: AI because of this tech is able to recognise and decipher the distorted text, making CAPTCHA useless. AI is trained on huge datasets which allows Image Recognition by identifying the objects that are specific to the question asked. These bots can mimic human habits and patterns by Behavioural Analysis and therefore fool the CAPTCHA. 

To defeat CAPTCHA, attackers have been known to use Adversarial Machine Learning, which refers to AI models trained specifically to defeat CAPTCHA. They collect CAPTCHA datasets and answers and create an AI that can predict correct answers. The implications that CAPTCHA failures have on platforms can range from fraud to spam to even cybersecurity breaches or cyberattacks. 

CAPTCHA vs Privacy: GDPR and DPDP

GDPR and the DPDP Act emphasise protecting personal data, including online identifiers like IP addresses and cookies. Both frameworks mandate transparency when data is transferred internationally, raising compliance concerns for reCAPTCHA, which processes data on Google’s US servers. Additionally, reCAPTCHA's use of cookies and tracking technologies for risk scoring may conflict with the DPDP Act's broad definition of data. The lack of standardisation in CAPTCHA systems highlights the urgent need for policymakers to reevaluate regulatory approaches.

CyberPeace Analysis: The Future of Human Verification

CAPTCHA, once a cornerstone of online security, is losing ground as AI outperforms humans in solving these challenges with near-perfect accuracy. Innovations like invisible CAPTCHA and behavioural analysis provided temporary relief, but bots have adapted, exploiting vulnerabilities and undermining their effectiveness. This decline demands a shift in focus. 

Emerging alternatives like AI-based anomaly detection, biometric authentication, and blockchain verification hold promise but raise ethical concerns like privacy, inclusivity, and surveillance. The battle against bots isn’t just about tools but it’s about reimagining trust and security in a rapidly evolving digital world.

AI is clearly winning the CAPTCHA war, but the real victory will be designing solutions that balance security, user experience and ethical responsibility. It’s time to embrace smarter, collaborative innovations to secure a human-centric internet.

References

• https://www.business-standard.com/technology/tech-news/bot-detection-no-longer-working-just-wait-until-ai-agents-come-along-124122300456_1.html 
• https://www.milesrote.com/blog/ai-defeating-recaptcha-the-evolving-battle-between-bots-and-web-security 
• https://www.technologyreview.com/2023/10/24/1081139/captchas-ai-websites-computing/‍
• https://datadome.co/guides/captcha/recaptcha-gdpr/