Using incognito mode and VPN may still not ensure total privacy, according to expert

Introduction

Devices and interconnectivity are the pipelines which drive the data into cyberspace, and in turn, the users consume this data to perform different tasks in the digital age. The security of devices and networks is essential as they are the first defenders of cyberspace. Bad actors often target systems and networks with malware and ransomware, these attacks are differently motivated, but all wreak havoc upon the system and can impact individuals and organisations alike. Mobile users worldwide prefer iOS or Android, but both operating systems are vulnerable to cyberattacks these days. Some of these attacks go undetected for a long time.

Op Triangulation

As reported by Kaspersky, While monitoring the network traffic of their own corporate Wi-Fi network dedicated to mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), Kaspersky noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices from the inside, they created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise. This is known as Operation Triangulation and has been in action since 2019 and got detected in 2023.

The Malware

A portion of the filesystem, including some of the user data and service databases, is included in mobile device backups. The files, directories, and database entries’ timestamps make it possible to reconstruct the events that happened to the device roughly. The “timeline.csv” file created by the mvt-ios software contains a sorted timeline of events that is comparable to the super-timeline utilised by traditional digital forensic tools. Pinpointing particular artefacts that show the compromise using this timeframe. This made it possible to advance the research and reassemble the broad infection sequence:

Through the iMessage service, a message with an attachment containing an exploit is delivered to the target iOS device.

The message initiates a vulnerability that results in code execution without any user input.

The exploit’s code downloads multiple additional stages, including additional exploits for privilege escalation, from the C&C server.

After successful exploitation, a fully functional APT platform is downloaded as the final payload from the C&C server.

The first message and the attachment’s exploit are removed

The lack of persistence support in the harmful toolset is most likely a result of OS restrictions. Multiple devices’ timeframes suggest that after rebooting, they might get infected again. The earliest signs of infection that we found date to 2019. The most recent version of the devices that have been successfully attacked as of the time of writing in June 2023 is iOS 15.7.

The final payload analysis is still ongoing. The programme executes with root rights, implements a set of commands for gathering user and system data, and can run any code downloaded as plugin modules from the C&C server.

Malicious Domains

Using the forensic artefacts, it was possible to identify the domain name set used by the exploits and further malicious stages. They can be used to check the DNS logs for historical information and to identify the devices currently running the malware:

addatamarket[.]net

backuprabbit[.]com

businessvideonews[.]com

cloudsponcer[.]com

datamarketplace[.]net

mobilegamerstats[.]com

snoweeanalytics[.]com

tagclick-cdn[.]com

topographyupdates[.]com

unlimitedteacup[.]com

virtuallaughing[.]com

web-trackers[.]com

growthtransport[.]com

anstv[.]netAns7tv[.]net

Safeguards for iOS users

Despite its world-class safety and privacy architecture, iOS is vulnerable to a few attacks; the following steps can be undertaken to safeguard iOS users –

Keeping Device updated

Security patches

Disabling iMessage would prevent Zero clicks exploits or the Triangulation attacks

Paying zero attention to unwanted, unsolicited messages

The user should make sure that any application they are downloading or installing; it should be from a trusted source ( This Zero click attack does not occur by any other means, It exploits / it targets software vulnerabilities in operating systems networks and applications)

Being cautious with the messaging app and emails

Implement device restrictions (management features like parental control and restrictions over using necessary applications)

Conclusion

Operation Triangulation is one of the recent operations combating cyber attacks, but such operations are launched nearly daily. This is also due to a rapid rise in internet and technology penetration across the world. Cyberattacks have taken a new face as they have evolved with the new and emerging technology. The influence of the Darknet has allowed many hackers to remain on the black hat side due to easy accessibility to illegal tools and material over the dark net, which facilitates such crimes.

Introduction

Intricate and winding are the passageways of the modern digital age, a place where the reverberations of truth effortlessly blend, yet hauntingly contrast, with the echoes of falsehood. Within this complex realm, the World Economic Forum (WEF) has illuminated the darkened corners with its powerful spotlight, revealing the festering, insidious network of misinformation and disinformation that snakes through the virtual and physical worlds alike. Gravely identified by the “WEF's Global Risks Report 2024” as the most formidable and immediate threats to our collective well-being, this malignant duo—misinformation and disinformation. 

The report published with the solemn tone suitable for the prelude to such a grand international gathering as the Annual Summit in Davos, the report presents a vivid tableau of our shared global landscape—one that is dominated by the treacherous pitfalls of deceits and unverified claims. These perils, if unrecognised and unchecked by societal checks and balances, possess the force to rip apart the intricate tapestry of our liberal institutions, shaking the pillars of democracies and endangering the vulnerable fabric of social cohesion.

Election Mania 

As we find ourselves perched on the edge of a future, one where the voices of nearly three billion human beings make their mark on the annals of history—within the varied electoral processes of nations such as Bangladesh, India, Indonesia, Mexico, Pakistan, the United Kingdom, and the United States. However, the spectre of misinformation can potentially corrode the integrity of the governing entities that will emerge from these democratic processes. The warning issued by the WEF is unambiguous: we are flirting with the possibility of disorder and turmoil, where the unchecked dispersion of fabrications and lies could kindle flames of unrest, manifesting in violent protests, hate-driven crimes, civil unrest, and the scourge of terrorism.

Derived from the collective wisdom of over 1,400 experts in global risk, esteemed policymakers, and industry leaders, the report crafts a sobering depiction of our world's journey. It paints an ominous future that increasingly endows governments with formidable power—to brandish the weapon of censorship, to unilaterally declare what is deemed 'true' and what ought to be obscured or eliminated in the virtual world of sharing information. This trend signals a looming potential for wider and more comprehensive repression, hindering the freedoms traditionally associated with the Internet, journalism, and unhindered access to a panoply of information sources—vital fora for the exchange of ideas and knowledge in a myriad of countries across the globe.

Prominence of AI 

When the gaze of the report extends further over a decade-long horizon, the prominence of environmental challenges such as the erosion of biodiversity and alarming shifts in the Earth's life-support systems ascend to the pinnacle of concern. Yet, trailing closely, the digital risks continue to pulsate—perpetuated by the distortions of misinformation, the echoing falsities of disinformation, and the unpredictable repercussions stemming from the utilization and, at times, the malevolent deployment of artificial intelligence (AI). These ethereal digital entities, far from being illusory shades, are the precursors of a disintegrating world order, a stage on which regional powers move to assert and maintain their influence, instituting their own unique standards and norms.

The prophecies set forth by the WEF should not be dismissed as mere academic conjecture; they are instead a trumpet's urgent call to mobilize. With a startling 30 percent of surveyed global experts bracing for the prospect of international calamities within the mere span of the coming two years, and an even more significant portion—nearly two-thirds—envisaging such crises within the forthcoming decade, it is unmistakable that the time to confront and tackle these looming risks is now. The clarion is sounding, and the message is clear: inaction is no longer an available luxury.

Maldives and India Row

To pluck precise examples from the boundless field of misinformation, we might observe the Lakshadweep-Malé incident wherein an ordinary boat accident off the coast of Kerala was grotesquely transformed into a vessel for the far-reaching tendrils of fabricated narratives, erroneously implicating Lakshadweep in the spectacle. Similarly, the tension-laden India-Maldives diplomatic exchange becomes a harrowing testament to how strained international relations may become fertile ground for the rampant spread of misleading content. The suspension of Maldivian deputy ministers following offensive remarks, the immediate tumult that followed on social media, and the explosive proliferation of counterfeit news targeting both nations paint a stark and intricate picture of how intertwined are the threads of politics, the digital platforms of social media, and the virulent propagation of falsehoods.

Yet, these are mere fragments within the extensive and elaborate weave of misinformation that threatens to enmesh our globe. As we venture forth into this dangerous and murky topography, it becomes our collective responsibility to maintain a sense of heightened vigilance, to consistently question and verify the sources and content of the information that assails us from all directions, and to cultivate an enduring culture anchored in critical thinking and discernment. The stakes are colossal—for it is not merely truth itself that we defend, but rather the underlying tenets of our societies and the sanctity of our cherished democratic institutions.

Conclusion 

In this fraught era, marked indelibly by uncertainty and perched precariously on the cusp of numerous pivotal electoral ventures, let us refuse the role of passive bystanders to unraveling our collective reality. We must embrace our role as active participants in the relentless pursuit of truth, fortified with the stark awareness that our entwined futures rest precariously on our willingness and ability to distinguish the veritable from the spurious within the perilous lattice of falsehoods of misinformation. We must continually remind ourselves that, in the quest for a stable and just global order, the unerring discernment of fact from fiction becomes not only an act of intellectual integrity but a deed of civic and moral imperative.

References 

• https://www.businessinsider.in/politics/world/election-fuelled-misinformation-is-serious-global-risk-in-2024-says-wef/articleshow/106727033.cms
• https://www.deccanchronicle.com/nation/current-affairs/100124/misinformation-tops-global-risks-2024.html
• https://www.msn.com/en-in/news/India/fact-check-in-lakshadweep-male-row-kerala-boat-accident-becomes-vessel-for-fake-news/ar-AA1mOJqY
• https://www.boomlive.in/news/india-maldives-muizzu-pm-modi-lakshadweep-fact-check-24085
• https://www.weforum.org/press/2024/01/global-risks-report-2024-press-release/

Introduction

Cyber slavery is a form of modern exploitation that begins with online deception and evolves into physical human trafficking. In recent times, cyber slavery has emerged as a serious threat that involves exploiting individuals through digital means under coercive or deceptive conditions. Offenders target innocent individuals and lure them by giving fake promises to offer them employment or alike. Cyber slavery can occur on a global scale, targeting vulnerable individuals worldwide through the internet and is a disturbing continuum of online manipulation that leads to real-world abuse and exploitation, where individuals are entrapped by false promises and subjected to severe human rights violations. It can take many different forms, such as coercive involvement in cybercrime, forced employment in online frauds, exploitation in the gig economy, or involuntary slavery. This issue has escalated to the highest level where Indians are being trafficked for jobs in countries like Laos and Cambodia. Recently over 5,000 Indians were reported to be trapped in Southeast Asia, where they are allegedly being coerced into carrying out cyber fraud. It was reported that particularly Indian techies were lured to Cambodia for high-paying jobs and later they found themselves trapped in cyber fraud schemes, forced to work 16 hours a day under severe conditions. This is the harsh reality for thousands of Indian tech professionals who are lured under false pretences to employment in Southeast Asia, where they are forced into committing cyber crimes.

Over 5,000 Indians Held in Cyber Slavery and Human Trafficking Rings

India has rescued 250 citizens in Cambodia who were forced to run online scams, with more than 5,000 Indians stuck in Southeast Asia. The victims, mostly young and tech-savvy, are lured into illegal online work ranging from money laundering and crypto fraud to love scams, where they pose as lovers online. It was reported that Indians are being trafficked for jobs in countries like Laos and Cambodia, where they are forced to conduct cybercrime activities. Victims are often deceived about where they would be working, thinking it will be in Thailand or the Philippines. Instead, they are sent to Cambodia, where their travel documents are confiscated and they are forced to carry out a variety of cybercrimes, from stealing life savings to attacking international governmental or non-governmental organizations. The Indian embassy in Phnom Penh has also released an advisory warning Indian nationals of advertisements for fake jobs in the country through which victims are coerced to undertake online financial scams and other illegal activities.

Regulatory Landscape

Trafficking in Human Beings (THB) is prohibited under the Constitution of India under Article

23 (1). The Immoral Traffic (Prevention) Act, of 1956 (ITPA) is the premier legislation for the prevention of trafficking for commercial sexual exploitation. Section 111 of the Bharatiya Nyaya Sanhita (BNS), 2023, is a comprehensive legal provision aimed at combating organized crime and will be useful in persecuting people involved in such large-scale scams. India has also ratified certain bilateral agreements with several countries to facilitate intelligence sharing and coordinated efforts to combat transnational organized crime and human trafficking.

CyberPeace Policy Recommendations

● Misuse of Technology has exploited the new genre of cybercrimes whereby cybercriminals utilise social media platforms as a tool for targeting innocent individuals. It requires collective efforts from social media companies and regulatory authorities to time to time address the new emerging cybercrimes and develop robust preventive measures to counter them.

● Despite the regulatory mechanism in place, there are certain challenges such as jurisdictional challenges, challenges in detection due to anonymity, and investigations challenges which significantly make the issue of cyber human trafficking a serious evolving threat. Hence International collaboration between the countries is encouraged to address the issue considering the present situation in a technologically driven world. Robust legislation that addresses both national and international cases of human trafficking and contains strict penalties for offenders must be enforced.

● Cybercriminals target innocent people by offering fake high-pay job opportunities, building trust and luring them. It is high time that all netizens should be aware of such tactics deployed by bad actors and recognise the early signs of them. By staying vigilant and cross-verifying the details from authentic sources, netizens can safeguard themselves from such serious threats which even endanger their life by putting them under restrictions once they are being trafficked. It is a notable fact that the Indian government and its agencies are continuously making efforts to rescue the victims of cyber human trafficking or cyber slavery, they must further develop robust mechanisms in place to conduct specialised operations by specialised government agencies to rescue the victims in a timely manner.

● Capacity building and support mechanisms must be encouraged by government entities, cyber security experts and Non-Governmental Organisations (NGOs) to empower the netizens to follow best practices while navigating the online landscape, providing them with helpline or help centres to report any suspicious activity or behaviour they encounter, and making them empowered to feel safe on the Internet while simultaneously building defenses to stay protected from cyber threats.

References:

1. https://www.news18.com/india/shock-treatment-physical-abuse-indians-getting-trafficked-for-cyber-slavery-to-dupe-other-indians-8954038.html

2. https://www.bbc.com/news/world-asia-india-68705913

3. https://therecord.media/india-rescued-cambodia-scam-centers-citizens

4. https://www.the420.in/rescue-indian-tech-workers-cambodia-cyber-fraud-awareness/

5. https://www.hindustantimes.com/india-news/360-indian-citizens-working-as-cyber-slaves-in-cambodia-return-home-101716431762282.html

6. https://www.ndtv.com/india-news/14-indians-rescued-from-cyber-slavery-in-cambodia-wait-to-return-home-6147228

7. https://www.dyami.services/post/intel-brief-250-indian-citizens-rescued-from-cyber-slavery

8. https://www.mea.gov.in/human-trafficking.htm

9. https://www.drishtiias.com/blog/the-vicious-cycle-of-human-trafficking-and-cybercrime

‍