DEA to Social Media Companies
Introduction
A bill requiring social media companies, providers of encrypted communications, and other online services to report drug activity on their platforms to the U.S. The Drug Enforcement Administration (DEA) advanced to the Senate floor, alarming privacy advocates who claim the legislation transforms businesses into de facto drug enforcement agents and exposes many of them to liability for providing end-to-end encryption.
Why is there a requirement for online companies to report drug activity?
The reason behind the bill is that there was a Kansas teenager died after unknowingly taking a fentanyl-laced pill he purchased on Snapchat. The bill requires social media companies and other web communication providers to provide the DEA with users’ names and other information when the companies have “actual knowledge” that illicit drugs are being distributed on their platforms.
There is an urgent need to look into this matter as platforms like Snapchat and Instagram are the constant applications that netizens use. If these kinds of apps promote the selling of drugs, then it will result in major drug-selling vehicles and become drug-selling platforms.
Threat to end to end encryption
End-to-end encryption has long been criticised by law enforcement for creating a “lawless space” that criminals, terrorists, and other bad actors can exploit for their illicit purposes. End- to end encryption is important for privacy, but it has been criticised as criminals also use it for bad purposes that result in cyber fraud and cybercrimes.
Cases of drug peddling on social media platforms
It is very easy to get drugs on social media, just like calling an Uber. It is that simple to get the drugs. The survey discovered that access to illegal drugs is “staggering” on social media applications, which has contributed to the rising number of fentanyl overdoses, which has resulted in suicide, gun violence, and accidents.
According to another survey, drug dealers use slang, emoticons, QR codes, and disappearing messages to reach customers while avoiding content monitoring measures on social networking platforms. Drug dealers are frequently active on numerous social media platforms, advertising their products on Instagram while providing their WhatApps or Snapchat names for queries, making it difficult for law officials to crack down on the transactions.
There is a need for social media platforms to report these kinds of drug-selling activity on specific platforms to the Drug enforcement administration. The bill requires online companies to report drug cases going on websites, such as the above-mentioned Snapchat case. There are so many other cases where drug dealers sell the drug through Instagram, Snapchat etc. Usually, if Instagram blocks one account, they create another account for the drug selling. Just by only blocking the account does not help to stop drug trafficking on social media platforms.
Will this put the privacy of users at risk?
It is important to report the cybercrime activities of selling drugs on social media platforms. The companies will only detect the activity regarding the drugs which are being sold through social media platforms which are able to detect bad actors and cyber criminals. The detection will be on the particular activities on the applications where it is happening because the social media platforms lack regulations to govern them, and their convenience becomes the major vehicle for the drugs sale.
Conclusion
Social media companies are required to report these kinds of activities happening on their platforms immediately to the Drugs enforcement Administration so that the DEA will take the required steps instead of just blocking the account. Because just blocking does not stop these drug markets from happening online. There must be proper reporting for that. And there is a need for social media regulations. Social media platforms mostly influence people.
Related Blogs
Introduction:
This report examines ongoing phishing scams targeting "State Bank of India (SBI)" customers, India's biggest public bank using fake SelfKYC APKs to trick people. The image plays a part in a phishing plan to get users to download bogus APK files by claiming they need to update or confirm their "Know Your Customer (KYC)" info.
Fake Claim:
A picture making the rounds on social media comes with an APK file. It shows a phishing message that says the user's SBI YONO account will stop working because of their "Old PAN card." It then tells the user to install the "WBI APK" APK (Android Application Package) to check documents and keep their account open. This message is fake and aims to get people to download a harmful app.
Key Characteristics of the Scam:
- The messages "URGENTLY REQUIRED" and "Your account will be blocked today" show how scammers try to scare people into acting fast without thinking.
- PAN Card Reference: Crooks often use PAN card verification and KYC updates as a trick because these are normal for Indian bank customers.
- Risky APK Downloads: The message pushes people to get APK files, which can be dangerous. APKs from places other than the Google Play Store often have harmful software.
- Copying the Brand: The message looks a lot like SBI's real words and logos to seem legit.
- Shady Source: You can't find the APK they mention on Google Play or SBI's website, which means you should ignore the app right away.
Modus Operandi:
- Delivery Mechanism: Typically, users of messaging services like "WhatsApp," "SMS," or "email" receive identical messages with an APK link, which is how the scam is distributed.
- APK Installation: The phony APK frequently asks for a lot of rights once it is installed, including access to "SMS," "contacts," "calls," and "banking apps."
- Data Theft: Once installed, the program may have the ability to steal card numbers, personal information, OTPs, and banking credentials.
- Remote Access: These APKs may occasionally allow cybercriminals to remotely take control of the victim's device in order to carry out fraudulent financial activities.
While the user installs the application on their device the following interface opens:
It asks the user to allow the following:
- SMS is used to send and receive info from the bank.
- User details such as Username, Password, Mobile Number, and Captcha.
Technical Findings of the Application:
Static Analysis:
- File Name: SBI SELF KYC_015850.apk
- Package Name: com.mark.dot.comsbione.krishn
- Scan Date: Sept. 25, 2024, 6:45 a.m.
- App Security Score: 52/100 (MEDIUM RISK)
- Grade: B
File Information:
- File Name: SBI SELF KYC_015850.apk
- Size: 2.88MB
- MD5: 55fdb5ff999656ddbfa0284d0707d9ef
- SHA1: 8821ee6475576beb86d271bc15882247f1e83630
- SHA256: 54bab6a7a0b111763c726e161aa8a6eb43d10b76bb1c19728ace50e5afa40448
App Information:
- App Name: SBl Bank
- Package Name:: com.mark.dot.comsbione.krishn
- Main Activity: com.mark.dot.comsbione.krishn.MainActivity
- Target SDK: 34
- Min SDK: 24
- Max SDK:
- Android Version Name:: 1.0
- Android Version Code:: 1
App Components:
- Activities: 8
- Services: 2
- Receivers: 2
- Providers: 1
- Exported Activities: 0
- Exported Services: 1
- Exported Receivers: 2
- Exported Providers:: 0
Certificate Information:
- Binary is signed
- v1 signature: False
- v2 signature: True
- v3 signature: False
- v4 signature: False
- X.509 Subject: CN=PANDEY, OU=PANDEY, O=PANDEY, L=NK, ST=NK, C=91
- Signature Algorithm: rsassa_pkcs1v15
- Valid From: 20240904 07:38:35+00:00
- Valid To: 20490829 07:38:35+00:00
- Issuer: CN=PANDEY, OU=PANDEY, O=PANDEY, L=NK, ST=NK, C=91
- Serial Number: 0x1
- Hash Algorithm: sha256
- md5: 4536ca31b69fb68a34c6440072fca8b5
- sha1: 6f8825341186f39cfb864ba0044c034efb7cb8f4
- sha256: 6bc865a3f1371978e512fa4545850826bc29fa1d79cdedf69723b1e44bf3e23f
- sha512:05254668e1c12a2455c3224ef49a585b599d00796fab91b6f94d0b85ab48ae4b14868dabf16aa609c3b6a4b7ac14c7c8f753111b4291c4f3efa49f4edf41123d
- PublicKey Algorithm: RSA
- Bit Size: 2048
- Fingerprint: a84f890d7dfbf1514fc69313bf99aa8a826bade3927236f447af63fbb18a8ea6
- Found 1 unique certificate
App Permission
1. Normal Permissions
- Access_network_state: Allows the App to View the Network Status of All Networks.
- Foreground_service: Enables Regular Apps to Use Foreground Services.
- Foreground_service_data_sync: Allows Data Synchronization With Foreground Services.
- Internet: Grants Full Internet Access.
2. Signature Permission:
- Broadcast_sms: Sends Sms Received Broadcasts. It Can Be Abused by Malicious Apps to Forge Incoming Sms Messages.
3. Dangerous Permissions:
- Read_phone_numbers: Grants Access to the Device’s Phone Number(S).
- Read_phone_state: Reads the Phone’s State and Identity, Including Phone Features and Data.
- Read_sms: Allows the App to Read Sms or Mms Messages Stored on the Device or Sim Card. Malicious Apps Could Use This to Read Confidential Messages.
- Receive_sms: Enables the App to Receive and Process Sms Messages. Malicious Apps Could Monitor or Delete Messages Without Showing Them to the User.
- Send_sms: Allows the App to Send Sms Messages. Malicious Apps Could Send Messages Without the User’s Confirmation, Potentially Leading to Financial Costs.
On further analysis on virustotal platform using md5 hash file, the following results were retrieved where there are 24 security vendors out of 68, marked this apk file as malicious and the graph represents the distribution of malicious file in the environment.
Key Takeaways:
- Normal Permissions: Generally Safe for Accessing Basic Functionalities (Network State, Internet).
- Signature Permissions: May Pose Risks When Misused, Especially Related to Sms Broadcasts.
- Dangerous Permissions: Provide Sensitive Data Access, Such as Phone Numbers and Device Identity, Which Can Be Exploited by Malicious Apps.
- The Dangerous Permissions Pose Risks Regarding the Reading, Receiving, and Sending of Sms, Which Can Lead to Privacy Breaches or Financial Consequences.
How to Identify the Scam:
- Official Statement: SBI never asks clients to download unauthorized APKs for upgrades related to KYC or other services. All formal correspondence takes place via the SBI YONO app, which may be found in reputable app shops.
- No Immediate Threats: Bank correspondence never employs menacing language or issues harsh deadlines, such as "your account will be blocked today."
- Email Domain and SMS Number: Verified email addresses or phone numbers are used for official SBI correspondence. Generic, unauthorized numbers or addresses are frequently used in scams.
- Links and APK Files: Steer clear of downloading APK files from unreliable sources at all times. For app downloads, visit the Apple App Store or Google Play Store instead.
CyberPeace Advisory:
- The Research team recommends that people should avoid opening such messages sent via social platforms. One must always think before clicking on such links, or downloading any attachments from unauthorised sources.
- Downloading any application from any third party sources instead of the official app store should be avoided. This will greatly reduce the risk of downloading a malicious app, as official app stores have strict guidelines for app developers and review each app before it gets published on the store.
- Even if you download the application from an authorised source, check the app's permissions before you install it. Some malicious apps may request access to sensitive information or resources on your device. If an app is asking for too many permissions, it's best to avoid it.
- Keep your device and the app-store app up to date. This will ensure that you have the latest security updates and bug fixes.
- Falling into such a trap could result in a complete compromise of the system, including access to sensitive information such as microphone recordings, camera footage, text messages, contacts, pictures, videos, and even banking applications and could lead users to financial loss.
- Do not share confidential details like credentials, banking information with such types of Phishing scams.
- Never share or forward fake messages containing links on any social platform without proper verification.
Conclusion:
Fake APK phishing scams target financial institutions more often. This report outlines safety steps for SBI customers and ways to spot and steer clear of these cons. Keep in mind that legitimate banks never ask you to get an APK from shady websites or threaten to close your account right away. To stay safe, use SBI's official YONO app on both systems and get apps from trusted places like Google Play or the Apple App Store. Check if the info is true before you do anything turn on 2FA for all your bank and money accounts, and tell SBI or your local cyber police about any scams you see.
.jpg)
Introduction
The Indian Cabinet has approved a comprehensive national-level IndiaAI Mission with a budget outlay ofRs.10,371.92 crore. The mission aims to strengthen the Indian AI innovation ecosystem by democratizing computing access, improving data quality, developing indigenous AI capabilities, attracting top AI talent, enabling industry collaboration, providing startup risk capital, ensuring socially-impactful A projects, and bolstering ethical AI. The mission will be implemented by the'IndiaAI' Independent Business Division (IBD) under the Digital India Corporation (DIC) and consists of several components such as IndiaAI Compute Capacity, IndiaAI Innovation Centre (IAIC), IndiaAI Datasets Platform, India AI Application Development Initiative, IndiaAI Future Skills, IndiaAI Startup Financing, and Safe & Trusted AI over the next 5 years.
This financial outlay is intended to befulfilled through a public-private partnership model, to ensure a structured implementation of the IndiaAI Mission. The main objective is to create and nurture an ecosystem for India’s AI innovation. This mission is intended to act as a catalyst for shaping the future of AI for India and the world. AI has the potential to become an active enabler of the digital economy and the Indian government aims to harness its full potential to benefit its citizens and drive the growth of its economy.
Key Objectives of India's AI Mission
● With the advancements in data collection, processing and computational power, intelligent systems can be deployed in varied tasks and decision-making to enable better connectivity and enhance productivity.
● India’s AI Mission will concentrate on benefiting India and addressing societal needs in primary areas of healthcare, education, agriculture, smart cities and infrastructure, including smart mobility and transportation.
● This mission will work with extensive academia-industry interactions to ensure the development of core research capability at the national level. This initiative will involve international collaborations and efforts to advance technological frontiers by generating new knowledge and developing and implementing innovative applications.
The strategies developed for implementing the IndiaAI Mission are via Public-Private Partnerships, Skilling initiatives and AI Policy and Regulation. An example of the work towards the public-private partnership is the pre-bid meeting that the IT Ministry hosted on 29th August2024, which saw industrial participation from Nvidia, Intel, AMD, Qualcomm, Microsoft Azure, AWS, Google Cloud and Palo Alto Networks.
Components of IndiaAI Mission
The IndiaAI Compute Capacity: The IndiaAI Compute pillar will build a high-end scalable AI computing ecosystem to cater to India's rapidly expanding AI start-ups and research ecosystem. The ecosystem will comprise AI compute infrastructure of 10,000 or more GPUs, built through public-private partnerships. An AI marketplace will offer AI as a service and pre-trained models to AI innovators.
The IndiaAI Innovation Centre will undertake the development and deployment of indigenous Large Multimodal Models (LMMs) and domain-specific foundational models in critical sectors. The IndiaAI Datasets Platform will streamline access to quality on-personal datasets for AI innovation.
The IndiaAI Future Skills pillar will mitigate barriers to entry into AI programs and increase AI courses in undergraduate, master-level, and Ph.D. programs. Data and AI Labs will be set up in Tier 2 and Tier 3 cities across India to impart foundational-level courses.
The IndiaAI Startup Financing pillar will support and accelerate deep-tech AI startups, providing streamlined access to funding for futuristic AI projects.
The Safe & Trusted AI pillar will enable the implementation of responsible AI projects and the development of indigenous tools and frameworks, self-assessment check lists for innovators, and other guidelines and governance frameworks by recognising the need for adequate guardrails to advance the responsible development, deployment, and adoption of AI.
CyberPeace Considerations for the IndiaAI Mission
● Data privacy and security are paramount as emerging privacy instruments aim to ensure ethical AI use. Addressing bias and fairness in AI remains a significant challenge, especially with poor-quality or tampered datasets that can lead to flawed decision-making, posing risks to fairness, privacy, and security.
● Geopolitical tensions and export control regulations restrict access to cutting-edge AI technologies and critical hardware, delaying progress and impacting data security. In India, where multilingualism and regional diversity are key characteristics, the unavailability of large, clean, and labeled datasets in Indic languages hampers the development of fair and robust AI models suited to the local context.
● Infrastructure and accessibility pose additional hurdles in India’s AI development. The country faces challenges in building computing capacity, with delays in procuring essential hardware, such as GPUs like Nvidia’s A100 chip, hindering businesses, particularly smaller firms. AI development relies heavily on robust cloud computing infrastructure, which remains in its infancy in India. While initiatives like AIRAWAT signal progress, significant gaps persist in scaling AI infrastructure. Furthermore, the scarcity of skilled AI professionals is a pressing concern, alongside the high costs of implementing AI in industries like manufacturing. Finally, the growing computational demands of AI lead to increased energy consumption and environmental impact, raising concerns about balancing AI growth with sustainable practices.
Conclusion
We advocate for ethical and responsible AI development adoption to ensure ethical usage, safeguard privacy, and promote transparency. By setting clear guidelines and standards, the nation would be able to harness AI's potential while mitigating risks and fostering trust. The IndiaAI Mission will propel innovation, build domestic capacities, create highly-skilled employment opportunities, and demonstrate how transformative technology can be used for social good and enhance global competitiveness.
References
● https://pib.gov.in/PressReleasePage.aspx?PRID=2012375
In the pulsating heart of the digitized era, our world is rapidly morphing into a tightly knit network of interconnections. Concurrently, the vast expanse of the cyber realm continues to broaden at an unparalleled pace. As we, denizens of the Information Revolution, pioneer this challenging new frontier, a novel notion is steadily gaining traction as an essential instrument for tackling the multifaceted predicaments and hazards emanating from our escalating dependency on digital technology. This novel notion is cyber diplomacy.
Recently, a riveting discourse unraveling the continually evolving topography of cyber diplomacy unfolded on the podcast 'Patching the System.' Two distinguished personalities graced the conversation - Benedikt Wechsler, Switzerland's Ambassador for Digitization, and Kaja Ciglic, Senior Director of Digital Diplomacy at Microsoft. This thought-provoking dialogue provides a mesmerizing peek into the intricate maze of this freshly minted diplomatic domain - a landscape still in the process of carving out its rules against an ever-escalating high stakes backdrop.
Call for Robust International Norms
During their enlightening exchange, Wechsler and Ciglic shed light on the dire need of robust international norms and regulations in dynamic cyberspace. The drew comparison with well established norms governing maritime and airspace activities, suggesting a similar framework to maneuver the intricacies of the digital realm. The necessity of this mammoth task is accentuated by swift technological development and the unique nature of the internet where participation is diverse.
Their discourse also underscores the critical argument that cyberspace cannot be commoditized. It has evolved into critical infrastructure that demands collective supervision. Wechsler also advocated for collaboration and the importance of a united front composed of big tech giants and the government working in tandem for creation of a resilient and secured digital landscape.
Dual Edged Sword
Their conversation courageously plunged into the more sinister depths of the digital world and dissected the rising tide of cyberspace militarisation. Illustrative case point, recent cyber operations in Ukraine starkly underscore how malevolent elements have exploited digital tools to disastrous effect. Ciglic astutely pointed out the inherent dual nature of this scenario - while malignant entities will persistently manipulate technologies like AI, these identical tools can simultaneously serve as critical allies in reinforcing cyber defenses.
In finality, the dialogue unspools a potent call to arms. Both Wechsler and Ciglic fervently endorse the inception of a permanent body under the United Nations' purview specifically designed to tackle cyber-related quandaries. They also amplified the significance of an inclusive engagement process involving diverse stakeholders cutting across sectors - private entities, academia, civil society.
In India, this strategy is very practical. India has been making proactive investments in cybersecurity and digital resilience due to its rapidly developing digital ecosystem and strong IT industry. The government of the country, business executives, and academic institutions understand how strategically important it is to protect vital digital infrastructure and data. For example, India has seen a number of high-profile assaults on its vital infrastructure, like the Mumbai power outage in 2020, which emphasizes the necessity for extensive cybersecurity protections. The security components of the digital ecosystem have been given top priority by the Indian government's "Digital India" project, which aims to promote digital inclusion. This program has improved cybersecurity while simultaneously making great progress toward closing the nation's digital gap, especially in rural areas.
India's growing influence on global affairs and its prowess in the digital realm highlight how important it is to incorporate Indian viewpoints into the larger plan. By doing this, it guarantees a thorough and all-encompassing strategy that negotiates the intricacies of the Indian and global digital ecosystems. This strategy enhances cybersecurity at the national level and establishes India as a key global partner in the endeavor to make the internet a safer and more secure place for everyone. The whole community may benefit greatly from India's experiences and activities in combating cyber dangers and enhancing resilience in an increasingly interconnected world.
Conclusion
As we meticulously chart our trajectory across the cyber wilderness, the wisdom disseminated by Wechsler and Ciglic emerges as a priceless navigational aid. They inspire us to remember that while the gauntlet we face may be daunting, the opportunities unfurling before us are equally, if not more, monumental in their potential. By embracing a multi-faceted, synergistic approach, we set the stage for a shared journey towards a safer, resilient digital habitat.
The timeless words of Albert Einstein echo these sentiments: 'Technology advances could have made human life carefree and happy if the development of the organizing power of men [and women] had been able to keep pace with its technical advances.' As we grapple with the perplexities and burstiness of the digital age, let these words guide our collective endeavor as we strive to balance our organizing prowess with our rapid technological advancements.
