#FactCheck: Viral Video Showing Pakistan Shot Down Indian Air Force' MiG-29 Fighter Jet

Introduction

The information of hundreds of thousands of Indians who received the COVID vaccine was Leaked in a significant data breach and posted on a Telegram channel. Numerous reports claim that sensitive information, including a person’s phone number, gender, ID card details, and date of birth, leaked over Telegram. It could be obtained by typing a person’s name into a Telegram bot.

What really happened?

The records pertaining to the mobile number registered in the CoWin portal are accessible on the Malayalam news website channel. It is also feasible to determine which vaccination was given and where it was given.

According to The Report, the list of individuals whose data was exposed includes BJP Tamil Nadu president K Annamalai, Congress MP Karti Chidambaram, and former BJP union minister for health Harsh Vardhan. Telangana’s minister of information and communication technology, Kalvakuntla Taraka Rama Rao, is also on the list.

MEITY stated in response to the data leak, “It is old data, we are still confirming it. We have requested a report on the matter.

After the media Report, the bot was disabled, but experts said the incident raised severe issues because the information might be used for identity theft, phishing emails, con games, and extortion calls. The Indian Computer Emergency Response Team (CERT-In), the government’s nodal body, has opened an investigation into the situation

The central government declared the data breach reports regarding the repository of beneficiaries against Covid to be “mischievous in nature” on Monday and claimed the ‘bot’ that purportedly accessed the confidential data was not directly accessing the CoWIN database.

According to the first complaint by CERT-In, the government’s cybersecurity division, the government claimed the bot might be displaying information from “previously stolen data.” Reports.

The health ministry refuted the claim, asserting that no bots could access the information without first verifying with a one-time password.

“It is made clear that all of these rumours are false and malicious. The health ministry’s CoWIN interface is entirely secure and has sufficient data privacy protections. The security of the data on the CoWIN portal is being ensured in every way possible, according to a statement from the health ministry.

Meity said the CoWin program or database was not directly compromised, and the shared information appeared to be taken from a previous intrusion. But the hack again highlights the growing danger of cyber assaults, particularly on official websites.‍

Recent cases of data leak

Dominos India 2021– Dominos India, a division of Jubilant FoodWorks, faced a cyberattack on May 22, 2021, which led to the disclosure of information from 180 million orders. The breach exposed order information, email addresses, phone numbers, and credit card information. Although Jubilant FoodWorks acknowledged a security breach, it refuted any illegal access to financial data.

Air India – A cyberattack that affected Air India in May 2021 exposed the personal information of about 4.5 million customers globally. Personal information recorded between August 26, 2011, and February 3, 2021, including names, dates of birth, contact information, passport information, ticket details, frequent flyer information from Star Alliance and Air India, and credit card information, were exposed in the breach.

Bigbasket – BigBasket, an online supermarket, had a data breach in November 2020, compromising the personal information of approximately 20 million consumers. Email IDs, password hashes, PINs, phone numbers, addresses, dates of birth, localities, and IP addresses were among the information released from an insecure database containing over 15 GB of customer data. BigBasket admitted to the incident and reported it to the Bengaluru Cyber Crime Department.

Unacademy – Unacademy, an online learning platform, experienced a data breach in May 2020, compromising the email addresses of approximately 11 million subscribers. While no sensitive information, such as financial data or passwords, was compromised, user data, including IDs, passwords, date joined, last login date, email IDs, names, and user credentials, was. The breach was detected when user accounts were uncovered for sale on the dark web.

2022 Card Data- Cybersecurity researchers from AI-driven Singapore-based CloudSEK found a threat actor offering a database of 1.2 million cards for free on a Dark Web forum for crimes on October 12, 2022. This came after a second problem involving 7.9 million cardholder records that were reported on the BidenCash website. This comprised information pertaining to State Bank of India (SBI) clients. And other well-known companies were among those targeted in high-profile data breach cases that have surfaced in recent years.

Conclusion

Data breach cases are increasing daily, and attackers are mainly attacking the healthcare sectors and health details as they can easily find personal details. This recent CoWIN case has compromised thousands of people’s data. The All-India Institute of Medical Sciences’ systems were compromised by hackers a few months ago. Over 95% of adults have had their vaccinations, according to the most recent data, even if the precise number of persons impacted by the CoWin privacy breach could not be determined.

Introduction

Generative AI models are significant consumers of computational resources and energy required for training and running models. While AI is being hailed as a game-changer, however underneath the shiny exterior, cracks are present which significantly raises concerns for its environmental impact. The development, maintenance, and disposal of AI technology all come with a large carbon footprint. The energy consumption of AI models, particularly large-scale models or image generation systems, these models rely on data centers powered by electricity, often from non-renewable sources, which exacerbates environmental concerns and contributes to substantial carbon emissions.

As AI adoption grows, improving energy efficiency becomes essential. Optimising algorithms, reducing model complexity, and using more efficient hardware can lower the energy footprint of AI systems. Additionally, transitioning to renewable energy sources for data centers can help mitigate their environmental impact. There is a growing need for sustainable AI development, where environmental considerations are integral to model design and deployment.

A breakdown of how generative AI contributes to environmental risks and the pressing need for energy efficiency:

• Gen AI during the training phase has high power consumption, when vast amounts of computational power which is often utilising extensive GPU clusters for weeks or at times even months, consumes a substantial amount of electricity. Post this phase, the inference phase where the deployment of these models takes place for real-time inference, can be energy-extensive especially when we take into account the millions of users of Gen AI.
• The main source of energy used for training and deploying AI models often comes from non-renewable sources which then contribute to the carbon footprint. The data centers where the computations for Gen AI take place are a significant source of carbon emissions if they rely on the use of fossil fuels for their energy needs for the training and deployment of the models. According to a study by MIT, training an AI can produce emissions that are equivalent to around 300 round-trip flights between New York and San Francisco. According to a report by Goldman Sachs, Data Companies will use 8% of US power by 2030, compared to 3% in 2022 as their energy demand grows by 160%.
• The production and disposal of hardware (GPUs, servers) necessary for AI contribute to environmental degradation. Mining for raw materials and disposing of electronic waste (e-waste) are additional environmental concerns. E-waste contains hazardous chemicals, including lead, mercury, and cadmium, that can contaminate soil and water supplies and endanger both human health and the environment. 

Efforts by the Industry to reduce the environmental risk posed by Gen AI 

There are a few examples of how companies are making efforts to reduce their carbon footprint, reduce energy consumption and overall be more environmentally friendly in the long run. Some of the efforts are as under:

• Google's TPUs in particular the Google Tensor are designed specifically for machine learning tasks and offer a higher performance-per-watt ratio compared to traditional GPUs, leading to more efficient AI computations during the shorter periods requiring peak consumption. 
• Researchers at Microsoft, for instance, have developed a so-called “1 bit” architecture that can make LLMs 10 times more energy efficient than the current leading system. This system simplifies the models’ calculations by reducing the values to 0 or 1, slashing power consumption but without sacrificing its performance.
• OpenAI has been working on optimizing the efficiency of its models and exploring ways to reduce the environmental impact of AI and using renewable energy as much as possible including the research into more efficient training methods and model architectures.

Policy Recommendations

We advocate for the sustainable product development process and press the need for Energy Efficiency in AI Models to counter the environmental impact that they have. These improvements would not only be better for the environment but also contribute to the greater and sustainable development of Gen AI.  Some suggestions are as follows:

• AI needs to adopt a Climate justice framework which has been informed by a diverse context and perspectives while working in tandem with the UN’s (Sustainable Development Goals) SDGs.
• Working and developing more efficient algorithms that would require less computational power for both training and inference can reduce energy consumption. Designing more energy-efficient hardware, such as specialized AI accelerators and next-generation GPUs, can help mitigate the environmental impact. 
• Transitioning to renewable energy sources (solar, wind, hydro) can significantly reduce the carbon footprint associated with AI. The World Economic Forum (WEF) projects that by 2050, the total amount of e-waste generated will have surpassed 120 million metric tonnes.
• Employing techniques like model compression, which reduces the size of AI models without sacrificing performance, can lead to less energy-intensive computations. Optimized models are faster and require less hardware, thus consuming less energy.
• Implementing scattered learning approaches, where models are trained across decentralized devices rather than centralized data centers, can lead to a better distribution of energy load evenly and reduce the overall environmental impact.
• Enhancing the energy efficiency of data centers through better cooling systems, improved energy management practices, and the use of AI for optimizing data center operations can contribute to reduced energy consumption.

Final Words

The UN Sustainable Development Goals (SDGs) are crucial for the AI industry just as other industries as they guide responsible innovation. Aligning AI development with the SDGs will ensure ethical practices, promoting sustainability, equity, and inclusivity. This alignment fosters global trust in AI technologies, encourages investment, and drives solutions to pressing global challenges, such as poverty, education, and climate change, ultimately creating a positive impact on society and the environment. The current state of AI is that it is essentially utilizing enormous power and producing a product not efficiently utilizing the power it gets. AI and its derivatives are stressing the environment in such a manner which if it continues will affect the clean water resources and other non-renewable power generation sources which contributed to the huge carbon footprint of the AI industry as a whole.  

References

• https://cio.economictimes.indiatimes.com/news/artificial-intelligence/ais-hunger-for-power-can-be-tamed/111302991
• https://earth.org/the-green-dilemma-can-ai-fulfil-its-potential-without-harming-the-environment/ 
• https://www.technologyreview.com/2019/06/06/239031/training-a-single-ai-model-can-emit-as-much-carbon-as-five-cars-in-their-lifetimes/
• https://www.scientificamerican.com/article/ais-climate-impact-goes-beyond-its-emissions/ ‍
• https://insights.grcglobalgroup.com/the-environmental-impact-of-ai/

Introduction

The whole world is shifting towards a cashless economy, with innovative payment transaction systems such as UPI payments, card payments, etc. These payment systems require processing, storage, and movement of millions of cardholders data which is crucial for any successful transaction.

And therefore to maintain the credibility of this payment ecosystem, security or secure movement and processing of cardholders data becomes paramount. Entities involved in a payment ecosystem are responsible for the security of cardholders data. Security is also important because if breaches happen in cardholders data it would amount to financial loss. Fraudsters are attempting smart ways to leverage any kind of security loopholes in the payment system.

So these entities which are involved in the payment ecosystem need to maintain some security standards set by one council of network providers in the payment industry popularly known as the Payment Card Industry Security Standard Council.

Overview of what is PCI and PCI DSS Compliance

Earlier every network providers in the payment industry have their own set of security standards but later they all together i.e., Visa, Mastercard, American Express, Discover, and JCB constituted an independent body to come up with comprehensive security standards like PCI DSS, PA DSS, PCI-PTS, etc.  And these network providers ensure the enforcement of the security standards by putting conditions on services being provided to the merchant or acquirer bank.

In other words, PCI DSS particularly is the global standard that provides a baseline of technical and operational requirements designed to protect account data. PCI DSS is a security standard specially designed for merchants and service providers in the payment ecosystem to protect the cardholders data against any fraud or theft.

It applies to all the entities including third-party vendors which are involved in processing storing and transmitting cardholders data. In organization, even all CDE (Card Holder Data Environment) including system components or network component that stores and process cardholders data, has to comply with all the requirements of PCI compliance.  Recently PCI has released a new version of PCI DSS v4.0 a few months ago with certain changes from the previous version after three years of the review cycle.

12 Requirements of PCI DSS

This is the most important part of PCI DSS as following these requirements can make any organization to some extent PCI compliant. So what are these requirements:

• Installing firewalls or maintaining security controls in the networks
• Use strong password in order to secure the CDE( Card holders data environment)
• Protection of cardholder data
• Encrypting the cardholder data during transmission over an open and public network.
• Timely detection and protection of the cardholders data environment from any malicious activity or software.
• Regular updating the software thereby maintaining a secure system.
• Rule of business need to know should apply to access the cardholders data
• Identification and authentication of the user are important to access the system components.
• Physical access to cardholders data should be restricted.
• Monitoring or screening of system components to know the malicious activity internally in real-time.
• Regular auditing of security control and finding any vulnerabilities available in the systems.
• Make policies and programs accordingly in order to support information security.

How organization can become PCI compliant

• Scope: First step is to determine all the system components or networks storing and processing cardholders data i.e., Cardholders Data Environment.
• Assess: Then test whether these systems or networks are complying with all the requirements of PCI DSS COMPLIANCE.
• Report: Documenting all the assessment through self assessment questionnaire by answering following questions like whether the requirements are met or not? Whether the requirements are met with customized approach.
• Attest: Then the next step is to complete the attestation process available on the website of PCI SSC.
• Submit: Then organization can submit all the documents including reports and other supporting documents if it is requested by other entities such as payment brands, merchant or acquirer.
• Remediate: Then the organisation should take remedial action for the requirements which are not in place on the system components or networks.

Conclusion

One of the most important issues facing those involved in the digital payment ecosystem is cybersecurity. The likelihood of being exposed to cybersecurity hazards including online fraud, information theft, and virus assaults is rising as more and more users prefer using digital payments.

And thus complying and adopting with these security standards is the need of the hour. And moreover RBI has also mandated all the regulated entities ( NBFCs Banks etc) under one recent notification to comply with these standards.