#FactCheck - Claim That Palki Sharma’s Viral Video Questions Jordan’s Protocol Is False; Video Is AI-Manipulated

Introduction

‍

Cyberwarfare has evolved into one of the most decisive instruments of statecraft and conflict. The increasing digitisation of critical infrastructure like power grids, water systems, transportation systems, healthcare networks, and energy sources has made these systems new targets in the war of algorithms. Military logic is evolving to paralyse the nation’s critical infrastructure to keep its resources engaged in repairing them and thereby break the nation’s ability to deter and counter attacks, all without firing a single bullet. 

‍

From Ransomware to an Invisible Sabotage: The changing nature of warfare

‍

The operational technology (OT) landscape has become the epicentre of cyber operations, all around the world. Once, which was insulated, related to industrial systems that controlled turbines, pipelines, or dams, they now stand connected to the Internet through supervisory control and data acquisition (SCADA) and the Internet of Things. These connections have also become gateways for attackers, besides enhancing the efficiency of the infrastructural lifelines of the nation.   

Groups like Volt Typhoon, Sandworm, Laurionite, and Cyberavengers have transformed the art of digital infiltration into a strategic shift. Volt Typhoon, which is linked to China, has used “living-off-the-land” techniques to exploit the legitimate administrative tools to remain invisible while scanning the critical infrastructures in the US. Sandworm, which is aligned with Russia’s GRU (Glavnoye Razvedyvatelnoye Upravlenie) or Main Intelligence Directorate (in English), has demonstrated the power of cyber sabotage in real time, as its attacks on Ukraine’s power grids in 2015 and 2021 had left millions in darkness, coinciding with kinetic missile strikes. Meanwhile, the Iranian-affiliated Cyberavengers group, which has weaponised the AI-assisted malware, such as IOCONTROL, that are capable of hijacking water and energy control systems. Each of these systems used in these operations reflects a shift from direct espionage activities to a state of strategic paralysis. 

In comparison to the traditional cybercrime activities that are aimed at stealing data and extortion of money, these campaigns repeatedly target the physical systems, which consist of the machinery that sustains civilian life and military preparedness.  

‍

The Military Logic behind Cyber Targeting: A Web of Vulnerabilities 

‍

A critical infrastructure is a complex ecosystem that covers power generation, transportation, communication, and manufacturing are all interconnected, which means a single compromised node can cascade into a national paralysis. For instance, a breach in the systems of the dam can flood an entire city, a grid shutdown can halt water supply to hospitals, and even affect air traffic. The 2015 Black Energy Malware attack in Ukraine has proved this possibility when three utilities were hacked, plunging thousands of homes into darkness. The Iranian hackers once again gained access to the Bowman Avenue Dam of New York and controlled its floodgates, which gave a chilling demonstration of the destructive reality of digital manipulation. 

‍

The systems remain vulnerable mainly for 3 reasons such as- 

‍

• Legacy Architectures: Many of these industrial systems were designed decades ago with no built-in cybersecurity mechanisms. 
• Slow Patching and Segmentation Gaps: All updates and segmentation between IT and TO networks often lag, providing open entry points for attackers. 
• Converging with IoT: The integration of smart sensors and cloud-based management tools has expanded the attack surface exponentially. 

‍

This interconnected fragility has turned our critical infrastructures into both a weapon and a target or a tool for coercion in modern hybrid warfare. Between 2023 and 2024, over 420 cyberattacks were witnessed in several critical global infrastructures, which averaged to 13 attacks per second, according to a news report. These were not just random acts of digital vandalism; they were deliberate and coordinated operational attempts by state-led actors from China, Russia, and Iran. 

‍

Developing a new Resilience as the new tool of Deterrence 

‍

Cyber deterrence no longer rests on the fear of retaliation, it relies on the need for resilience. Nations that can absorb attacks, maintain continuity, and recover rapidly would be the true superpowers of this digital age. Segmentation, real-time threat detection, and AI-assisted recovery models are vital pillars of this model of resilience. The logic of modern cyberwarfare is clear, which means that the more a nation digitizes, the more it will need to defend itself. 

However, as the line between war and peace blurs, safeguarding critical infrastructure is no longer just an IT priority; rather, it is a national security doctrine. In this silent theatre of cyberwarfare, survival will depend not only on firepower, but on firewalls. 

‍

References

‍

• https://rmcglobal.com/critical-infrastructure-under-siege-the-top-ot-threats-of-2025/
• https://ccdcoe.org/uploads/2018/10/Geers2009_The-Cyber-Threat-to-National-Critical-Infrastructures.pdf
• https://www.researchgate.net/publication/335752979_Cybersecurity_of_Critical_Infrastructure 
• https://arxiv.org/html/2510.04118v1 ‍
• https://www.anapaya.net/blog/top-5-critical-infrastructure-cyberattacks

In the tapestry of our modern digital ecosystem, a silent, pervasive conflict simmers beneath the surface, where the quest for cyber resilience seems Sisyphean at times. It is in this interconnected cyber dance that the obscure orchestrator, StripedFly, emerges as the maestro of stealth and disruption, spinning a complex, mostly unseen web of digital discord. StripedFly is not some abstract concept; it represents a continual battle against the invisible forces that threaten the sanctity of our digital domain.

This saga of StripedFly is not a tale of mere coincidence or fleeting concern. It is emblematic of a fundamental struggle that defines the era of interconnected technology—a struggle that is both unyielding and unforgiving in its scope. Over the past half-decade, StripedFly has slithered its way into over a million devices, creating a clandestine symphony of cybersecurity breaches, data theft, and unintentional complicity in its agenda. Let's delve deep into this grand odyssey to unravel the odious intricacies of StripedFly and assess the reverberations felt across our collective pursuit of cyber harmony.

The StripedFly malware represents the epitome of a digital chameleon, a master of cyber camouflage, masquerading as a mundane cryptocurrency miner while quietly plotting the grand symphony of digital bedlam. Its deceptive sophistication has effortlessly skirted around the conventional tripwires laid by our cybersecurity guardians for years. The Russian cybersecurity giant Kaspersky's encounter with StripedFly in 2017 brought this ghostly figure into the spotlight—hitherto, a phantom whistling past the digital graveyard of past threats.

How Does it work 

Distinctive in its composition, StripedFly conceals within its modular framework the potential for vast infiltration—an exploitation toolkit designed to puncture the fortifications of both Linux and Windows systems. In an emboldened maneuver, it utilizes a customized version of the EternalBlue SMBv1 exploit—a technique notoriously linked to the enigmatic Equation Group. Through such nefarious channels, StripedFly not only deploys its malicious code but also tenaciously downloads binary files and executes PowerShell scripts with a sinister adeptness unbeknownst to its victims.

Despite its insidious nature, perhaps its most diabolical trait lies in its array of plugin-like functions. It's capable of exfiltrating sensitive information, erasing its tracks, and uninstalling itself with almost supernatural alacrity, leaving behind a vacuous space where once tangible evidence of its existence resided.

In the intricate chess game of cyber threats, StripedFly plays the long game, prioritizing persistence over temporary havoc. Its tactics are calculated—the meticulous disabling of SMBv1 on compromised hosts, the insidious utilization of pilfered keys to propagate itself across networks via SMB and SSH protocols, and the creation of task scheduler entries on Windows systems or employing various methods to assert its nefarious influence within Linux environments.

The Enigma around the Malware

This dualistic entity couples its espionage with monetary gain, downloading a Monero cryptocurrency miner and utilizing the shadowy veils of DNS over HTTPS (DoH) to camouflage its command and control pool servers. This intricate masquerade serves as a cunning, albeit elaborate, smokescreen, lulling security mechanisms into complacency and blind spots.

StripedFly goes above and beyond in its quest to minimize its digital footprint. Not only does it store its components as encrypted data on code repository platforms, deftly dispersed among the likes of Bitbucket, GitHub, and GitLab, but it also harbors a bespoke, efficient TOR client to communicate with its cloistered C2 server out of sight and reach in the labyrinthine depths of the TOR network.

One might speculate on the genesis of this advanced persistent threat—its nuanced approach to invasion, its parallels to EternalBlue, and the artistic flare that permeates its coding style suggest a sophisticated architect. Indeed, the suggestion of an APT actor at the helm of StripedFly invites a cascade of questions concerning the ultimate objectives of such a refined, enduring campaign.

How to deal with it 

To those who stand guard in our ever-shifting cyber landscape, the narrative of StripedFly is a clarion call. StObjective reminders of the trench warfare we engage in to preserve the oasis of digital peace within a desert of relentless threats. The StripedFly chronicle stands as a persistent, looming testament to the necessity for heeding the sirens of vigilance and precaution in cyber practice.

Reaffirmation is essential in our quest to demystify the shadows cast by StripedFly, as it punctuates the critical mission to nurture a more impregnable digital habitat. Awareness and dedication propel us forward—the acquisition of knowledge regarding emerging threats, the diligent updating and patching of our systems, and the fortification of robust, multilayered defenses are keystones in our architecture of cyber defense. Together, in concert and collaboration, we stand a better chance of shielding our digital frontier from the dim recesses where threats like StripedFly lurk, patiently awaiting their moment to strike.

References:

https://thehackernews.com/2023/11/stripedfly-malware-operated-unnoticed.html?m=1

‍

Introduction 
‍

Freedom of speech and expression is fundamental to democracy and is constitutionally entrenched in Article 19(1)(a) of the Indian Constitution. The explosion of online spaces, brought about by the digital age, in the form of social media, blogs, and messaging apps, has reinterpreted how information is authored, disseminated, and consumed. This digital revolution has galvanised individuals to engage further inclusively in public debate, but has also fanatically magnified the risks of misinformation, hate speech, and threats to public order. Against this background, the judiciary is increasingly called upon to determine the limits of free speech, primarily where state regulation seeks to infringe upon constitutional protection.
‍

Constitutional and Statutory Framework related to Freedom of Speech 
‍

The judiciary plays an integral role in balancing the fundamental right of freedom of speech with the regulation of online content, especially during the fast-paced evolution of the digital world. In India, with Article 19(1)(a) of the Constitution guaranteeing the freedom of speech, the courts bear the critical responsibility of protecting this liberty while recognising the State's legitimate interests in restricting harmful or unlawful content on a digital scale. This adjudicatory dilemma is even trickier because the said right has been held by the Supreme Court not to be an absolute one and is subject to "reasonable restrictions" as in Article 19(2), which recognises restrictions in the interest of sovereignty, security, public order, decency, and morality.  Freedom of speech, being the cornerstone of democracy in India, does have an umbrella of reasonable restrictions under which the state can regulate any form of speech that infringes upon other equally compelling societal interests. However, with the coming of the internet and other digital communication arrangements, there was a need to develop new statutory instruments, i.e., Information Technology Act, 2000 (IT Act) and Rules made thereunder, including Information Technology (Intermediary Guidelines) and Digital Media Ethics Code Rules, 2021. These enactments attempt to regulate digital content, confronting issues such as hate speech, misinformation, and content that threatens public order. The judiciary's mandate is to interpret the enactments within the constitutional precincts, thus ensuring that the arbitrariness of State action is not aggravated or that the regulation is not overbroad. Judicial Landmark Decisions Affirming Balance The judiciary has played a front-ranking role in elaborating a jurisprudence protecting free speech in delineating legitimate regulation thereof. The Supreme Court judgment in Shreya Singhal v. Union of India, 2015, is seminal. Section 66A of the IT Act was struck down as it was vague and overly broad, causing a chilling effect on online speech. The Court has emphasised that any limitation on speech must be precise and fall strictly within the parameters laid down in Article 19(2). While the Court recognises that harmful online content needs to be addressed, the remedy must not encroach upon free political debate, satire, and criticism vital for democracy. 

Following this, the Anuradha Bhasin case clarified the convergence of free speech and online access. The court held that the right to free speech had a vital medium in the form of the internet and that it would have to be an inevitable, proportionate shutdown, and transparent for challenge before the judiciary for any shutdown of the internet. This reaffirmed that restrictions on online speech must be rigorously tested.

Subsequent cases involve limitations on the 2021 IT Rules, whereby such government bodies can demand that “fake” or “misleading” material be taken off the internet. Courts move with circumspection, recognising the government's interest in fighting bogus information but remaining vigilant against over-regulation that can be code for pre-emptive censorship and threatening healthy discourses. 

The virtual world raises particular and deeper questions: the viral nature of online speech multiplies its impact, distributing both democratic ideas and abusive material instantaneously. The courts recognise this twinning. While pressurising the legislature and executive to formulate clearer, more precise rules, courts simultaneously act as constitutional Guardians, avoiding breaches of the right with executive excess or vague laws. There is a strain between judicial activism, which promotes constitutional rights aggressively, and the fear of judicial paternalism, courts overreaching into policy arenas. But there is a need for vigilance by the judiciary due to the rapidly changing nature of digital technologies and threats to the freedoms of democracy. The judiciary continues to give contours to free speech and online regulation. There are enforcement issues, such as ongoing abuse of struck-down provisions, such as Section 66A, that the court counters with reaffirmation of constitutional directives. The evolving jurisprudence balances on thin stilts, upholding the democratic spirit of India by securing speech on online spaces and sanctioning reasonable, transparent moderation of harmful speech.

‍

Conclusion
‍

The Indian judiciary's leadership in balancing online content regulation with the freedom of speech is central and refined. The courts continually emphasise that speech on the digital medium is highly constitutionally protected and that restrictions must be legally valid, specific, essential, and proportionate. By classical decisions and constant review of new regulating actions, courts safeguard democratic participation in the digital public domain from unmeritorious censorship. Concurrently, the courts recognize the responsibility of the state in regulating digital ills such as mis recipe and hate speech, demanding parameters that uphold constitutional freedoms and the due process. The balancing act of the judiciary continues to be fundamental in defining India's digital democracy so that free speech can thrive even as the state upholds public order and human dignity in the digital communication age.

‍