DPDP Bill 2023 A Comparative Analysis
Introduction
THE DIGITAL PERSONAL DATA PROTECTION BILL, 2022 Released for Public Consultation on November 18, 2022THE DIGITAL PERSONAL DATA PROTECTION BILL, 2023Tabled at LokSabha on August 03. 2023Personal data may be processed only for a lawful purpose for which an individual has given consent. Consent may be deemed in certain cases.The 2023 bill imposes reasonable obligations on data fiduciaries and data processors to safeguard digital personal data.There is a Data Protection Board under the 2022 bill to deal with the non-compliance of the Act.Under the 2023 bill, there is the Establishment of a new Data Protection Board which will ensure compliance, remedies and penalties.
Under the new bill, the Board has been entrusted with the power of a civil court, such as the power to take cognisance in response to personal data breaches, investigate complaints, imposing penalties. Additionally, the Board can issue directions to ensure compliance with the act.The 2022 Bill grants certain rights to individuals, such as the right to obtain information, seek correction and erasure, and grievance redressal.The 2023 bill also grants More Rights to Individuals and establishes a balance between user protection and growing innovations. The bill creates a transparent and accountable data governance framework by giving more rights to individuals. In the 2023 bill, there is an Incorporation of Business-friendly provisions by removing criminal penalties for non-compliance and facilitating international data transfers.
The new 2023 bill balances out fundamental privacy rights and puts reasonable limitations on those rights.Under the 2022 bill, Personal data can be processed for a lawful purpose for which an individual has given his consent. And there was a concept of deemed consent.The new data protection board will carefully examine the instance of non-compliance by imposing penalties on non-compiler.The bill does not provide any express clarity in regards to compensation to be granted to the Data Principal in case of a Data Breach.Under 2023 Deemed consent is there in its new form as ‘Legitimate Users’.The 2022 bill allowed the transfer of personal data to locations notified by the government.There is an introduction of the negative list, which restricts cross-data transfer.
Related Blogs

Introduction
We live in a time where technological change is no longer slow or subtle. Robotics, automation, artificial intelligence, and digital systems are transforming the way we work, think, and even imagine the future. This is often celebrated as great progress. But a deeper question quietly waits behind the noise. Is every advancement truly an uplift when seen through the lens of scriptures, culture, and Indian philosophical thought? Are we creating for the good of humanity, or are we only chasing convenience and speed? And what kind of future are we actually preparing, not just for ourselves, but for those who will be born into this world shaped by these tools from the very beginning?
India has long been seen as a land that values balance, purity, and harmony with nature. Its rivers, mountains, forests, and traditions are not just geography or history, they are part of a civilizational way of thinking that connects life, duty, and responsibility. In this context, it becomes important to ask what the long-term cost of our technological appetite might be. Every invention has a footprint. Industries change landscapes. Energy demands reshape ecosystems. Convenience today often hides consequences that only appear years later. Progress, when measured only in speed and output, forgets to ask what it takes away in silence.
There is also a quieter change happening inside the human mind. As tools become smarter, humans begin to feel more powerful. The thought slowly shifts from “I can use this” to “I control this.” With artificial intelligence, the language becomes even bolder. We start hearing phrases like “we can create worlds, faces, voices, even minds.” But history have always warned us about ‘overreach’. Not because power is evil, but because pride blinds judgment. When ability grows faster than wisdom, imbalance follows. We can already see early signs of this in concerns about shrinking attention spans, weakening cognitive habits, and a growing dependence on systems that think for us before we learn to think for ourselves deeply.
None of this is an argument to reject innovation. The idea is not to blacklist technology or romanticise the past. The real question is about direction and responsibility. Advancements are not only for the comfort of the present generation. They shape the mental, moral, and emotional world of future generations who will grow up surrounded by these systems as something normal and unavoidable. What values will guide that world? What habits will it encourage? What will it quietly take away?
This is where the richness of Indian thought becomes relevant, not as nostalgia, but as guidance. Ideas of dharma, restraint, balance, and ethical action were never anti-progress. They were reminders that power without responsibility becomes dangerous, and that ability without humility leads to decline. In modern terms, we talk about safety by design, ethical innovation, and human-centred technology. In older language, we talked about duty, limits, and the consequences of unchecked desire. The words have changed, but the concern is the same.
Perhaps the real question is not whether we are becoming creators, but whether we remember that we are also caretakers. We do not bring existence out of nothing. We reshape what already exists. And in that reshaping, the line between wisdom and arrogance, between progress and pride, becomes the most important line of all.
The futuristic impact of AI, robotics, and technologies
In every yuga, humans have extended the limits of what they can do. What changes is not the desire, but the form it takes. Our ancient history speak of extraordinary abilities, not as fantasies, but as reminders of how power tests character. Figures like Naradmuni (a prominent divine sage (Rishiraja) in Hinduism) are described as moving from one place to another in moments. Others gained immense strength, knowledge, or influence through years of discipline and tapasya. Ravana (Figure from Ramayana) himself was learned and powerful, far beyond ordinary human measure. Sanjaya (the charioteer and advisor of King Dhritarashtra in the Mahabharata) receives the gift of divya drishti and narrates the events of the battlefield without being physically present there, seeing and speaking across distance in a way that still feels remarkable even today.
In this yuga, that ancient search for power and reach has not disappeared, it has only changed its language, and today it speaks through robotics, artificial intelligence, and advanced technologies, making us ask whether we are truly creators or only very advanced arrangers of what already exists.
In this age, science and technology are attempting something similar in a different language. We may not travel like Naradmuni, but we send our voices, images, and thoughts across the world in seconds. We build machines that can see, listen, respond, and even imitate human thinking. Artificial intelligence and robotics promise comfort, speed, and efficiency, and in many ways, they truly improve human life. Yet the old question remains. Not just what can we do, but how far should we go, and at what cost.
When we primarily build for human convenience, we often fail to thoroughly examine the long-term consequences. The environmental impact of large-scale technology is already visible in the pressure on resources, the growth of waste, and the slow damage to air, water, and soil. Nature does not recover at the pace of human ambition. What feels like small compromises today can become heavy burdens for tomorrow.
There is also the impact on the human mind. As systems become more capable, humans risk becoming more dependent. When answers arrive instantly, patience weakens. When machines start deciding for us, the habit of deep thinking slowly fades. Over time, this can affect attention, memory, and judgment. Knowledge becomes easier to reach, but wisdom becomes harder to build. Just as in old stories, the danger is not in having power, but in losing clarity while using it.
Future generations will not encounter these technologies as new inventions. They will be born into them. What we treat today as tools, they will experience as the normal environment of life. This makes responsibility unavoidable. The real question is not only whether these systems work, but what kind of humans they will shape.
The purpose of this reflection is not to reject progress. It is to ask for balance. Building for human comfort is important, but building without studying long-term impact is risky. If this age has the power to create intelligent systems, it must also have the wisdom to protect the environment, care for future generations, and preserve the depth of the human mind. Otherwise, advancement becomes speed without direction, and power without responsibility.
The Acceleration of the Technological Age
The current era has reached a state where technological progress now occurs through instantaneous changes which transform our methods of working and decision-making and future planning. People often view robotics and automation and artificial intelligence as signs of progress yet a less audible inquiry persists through time which asks whether every technological advancement enhances human existence or whether we merely pursue efficient and easy solutions without thinking about their implications. Indian philosophical thought offers a useful lens here, one that does not reject progress but asks whether it aligns with balance, responsibility, and long-term harmony. The definition of intelligence according to this perspective extends beyond computational skills and pattern imitation because it requires people to achieve awareness and intent and their complete understanding. Current machines possess the ability to mimic human reasoning and produce language while they can replicate decision-making processes, but they lack both consciousness and personal experience.
Power, Responsibility, and Ethical Imbalance
The development of new technological capabilities brings with it ethical responsibilities which every society must handle. Human beings must take on new ethical duties which match their increasing capabilities according to historical evidence. The current situation shows that people create new things at a speed which exceeds their ability to think about those innovations. Systems exist to enhance operational performance while they determine human actions and extend their power but they do not always evaluate their complete impact. Indian traditions emphasize dharma, the principle of balance and rightful action, which shows that power without ethical grounding creates destructive human force. The state of imbalance exists without showing its presence at all times. The process of imbalance development takes place through three channels: environmental degradation, social inequalities, and the gradual decline of human control.
The current society demonstrates this transformation through its existing results. The algorithms now determine our consumption choices and our methods of understanding everything around us. The system provides users with personalized comfort, but it also creates hidden patterns that determine their preferences. The process starts with decision assistance before it progresses to decision influence which eventually leads to decision conditioning. The concept of swatantrata as inner freedom becomes more complicated within such an environment. People stop making freedom choices when they find it easier to select between things that exist in their surroundings because they lose their ability to choose. People start to measure their work activities and personal identity through systems that use optimization techniques and digital validation systems, which leads to a decrease of space that exists for individuals to think and consider matters independently.
Technology, Ecology, and Civilizational Values
The environmental impact of technological demand exists together with social transformations. All systems need power while all infrastructure creates environmental effects and all products, we use contain unknown expenses which become apparent after many years. India's civilizational values maintain their dedication to nature because people see rivers and forests and ecosystems as essential parts of existence. Success in modern society measures output as the main achievement while actual value disappears through the evaluation process. The future requires us to create new things but we must also decide which things to keep intact.
The current situation requires progress to be defined differently because it needs to be measured through precise management instead of continuous rapid development. The question now extends beyond technological advancement to include the need for technologies to be operated through intelligent guidance. The increasing abilities of machines create a greater need for people to maintain their essential human characteristics. Human beings must actively maintain their capacity to make ethical decisions and understand their life's meaning and purpose. The future depends on two factors: the “innovations that will emerge and the values that will guide their development.”
Conclusion
It is high time we pause and honestly examine the path we are taking. The question is not whether technology should grow, but whether its overreach should be allowed to shape the future without restraint. We are building faster than ever, developing systems that touch every part of life. That makes it even more important to study their long-term impact, not only on markets or productivity, but on nature, on the human mind, and on the generations who will inherit this tech-driven world.
Progress should benefit those who come after us, not quietly weaken them. A future where people are born into pure convenience, surrounded by tools that think, decide, and act for them, may look comfortable, but comfort alone does not build strong, aware, or responsible human beings. Growth without effort and ease without discipline slowly takes away depth, resilience, and clarity. Technology should support human potential, not replace it.
This is why morality, ethics, and balance cannot be treated as optional ideas. They must guide innovation, not follow it. We do not need to overcreate. We need to create ‘wisely’. We need to build systems that remain under human control, not systems that slowly train humans to surrender their judgment, attention, and responsibility. Tools should remain tools. They should serve life, not define it.
Indian thought has always placed intention at the centre of action. Karma is not judged only by outcome, but by the spirit in which an act is performed. A tool in itself is neither pure nor impure. It becomes one or the other through the hand that uses it. This is a lens through which modern technology can also be examined. Artificial intelligence can help doctors read scans faster, help farmers predict weather patterns, and help students in remote areas access knowledge. At the same time, it can be used to watch, to sort, to exclude, and to reduce human beings to data points that fit neatly into a system. The difference lies not in the machine, but in the values of those who design and deploy it.
The purpose of this reflection is simple. We should build, but we should build with responsibility. We should innovate, but with awareness of consequences. True progress is not just about what is possible today. It is about what remains healthy, meaningful, and sustainable tomorrow. If this age can combine intelligence with humility, and power with restraint, then technology will not become a symbol of overreach. It will become a sign of maturity.

Executive Summary:
BrazenBamboo’s DEEPDATA malware represents a new wave of advanced cyber espionage tools, exploiting a zero-day vulnerability in Fortinet FortiClient to extract VPN credentials and sensitive data through fileless malware techniques and secure C2 communications. With its modular design, DEEPDATA targets browsers, messaging apps, and password stores, while leveraging reflective DLL injection and encrypted DNS to evade detection. Cross-platform compatibility with tools like DEEPPOST and LightSpy highlights a coordinated development effort, enhancing its espionage capabilities. To mitigate such threats, organizations must enforce network segmentation, deploy advanced monitoring tools, patch vulnerabilities promptly, and implement robust endpoint protection. Vendors are urged to adopt security-by-design practices and incentivize vulnerability reporting, as vigilance and proactive planning are critical to combating this sophisticated threat landscape.
Introduction
The increased use of zero-day vulnerabilities by more complex threat actors reinforces the importance of more developed countermeasures. One of the threat actors identified is BrazenBamboo uses a zero-day vulnerability in Fortinet FortiClient for Windows through the DEEPDATA advanced malware framework. This research explores technical details about DEEPDATA, the tricks used in its operations, and its other effects.
Technical Findings
1. Vulnerability Exploitation Mechanism
The vulnerability in Fortinet’s FortiClient lies in its failure to securely handle sensitive information in memory. DEEPDATA capitalises on this flaw via a specialised plugin, which:
- Accesses the VPN client’s process memory.
- Extracts unencrypted VPN credentials from memory, bypassing typical security protections.
- Transfers credentials to a remote C2 server via encrypted communication channels.
2. Modular Architecture
DEEPDATA exhibits a highly modular design, with its core components comprising:
- Loader Module (data.dll): Decrypts and executes other payloads.
- Orchestrator Module (frame.dll): Manages the execution of multiple plugins.
- FortiClient Plugin: Specifically designed to target Fortinet’s VPN client.
Each plugin operates independently, allowing flexibility in attack strategies depending on the target system.
3. Command-and-Control (C2) Communication
DEEPDATA establishes secure channels to its C2 infrastructure using WebSocket and HTTPS protocols, enabling stealthy exfiltration of harvested data. Technical analysis of network traffic revealed:
- Dynamic IP switching for C2 servers to evade detection.
- Use of Domain Fronting, hiding C2 communication within legitimate HTTPS traffic.
- Time-based communication intervals to minimise anomalies in network behavior.
4. Advanced Credential Harvesting Techniques
Beyond VPN credentials, DEEPDATA is capable of:
- Dumping password stores from popular browsers, such as Chrome, Firefox, and Edge.
- Extracting application-level credentials from messaging apps like WhatsApp, Telegram, and Skype.
- Intercepting credentials stored in local databases used by apps like KeePass and Microsoft Outlook.
5. Persistence Mechanisms
To maintain long-term access, DEEPDATA employs sophisticated persistence techniques:
- Registry-based persistence: Modifies Windows registry keys to reload itself upon system reboot.
- DLL Hijacking: Substitutes legitimate DLLs with malicious ones to execute during normal application operations.
- Scheduled Tasks and Services: Configures scheduled tasks to periodically execute the malware, ensuring continuous operation even if detected and partially removed.
Additional Tools in BrazenBamboo’s Arsenal
1. DEEPPOST
A complementary tool used for data exfiltration, DEEPPOST facilitates the transfer of sensitive files, including system logs, captured credentials, and recorded user activities, to remote endpoints.
2. LightSpy Variants
- The Windows variant includes a lightweight installer that downloads orchestrators and plugins, expanding espionage capabilities across platforms.
- Shellcode-based execution ensures that LightSpy’s payload operates entirely in memory, minimising artifacts on the disk.
3. Cross-Platform Overlaps
BrazenBamboo’s shared codebase across DEEPDATA, DEEPPOST, and LightSpy points to a centralised development effort, possibly linked to a Digital Quartermaster framework. This shared ecosystem enhances their ability to operate efficiently across macOS, iOS, and Windows systems.
Notable Attack Techniques
1. Memory Injection and Data Extraction
Using Reflective DLL Injection, DEEPDATA injects itself into legitimate processes, avoiding detection by traditional antivirus solutions.
- Memory Scraping: Captures credentials and sensitive information in real-time.
- Volatile Data Extraction: Extracts transient data that only exists in memory during specific application states.
2. Fileless Malware Techniques
DEEPDATA leverages fileless infection methods, where its payload operates exclusively in memory, leaving minimal traces on the system. This complicates post-incident forensic investigations.
3. Network Layer Evasion
By utilising encrypted DNS queries and certificate pinning, DEEPDATA ensures that network-level defenses like intrusion detection systems (IDS) and firewalls are ineffective in blocking its communications.
Recommendations
1. For Organisations
- Apply Network Segmentation: Isolate VPN servers from critical assets.
- Enhance Monitoring Tools: Deploy behavioral analysis tools that detect anomalous processes and memory scraping activities.
- Regularly Update and Patch Software: Although Fortinet has yet to patch this vulnerability, organisations must remain vigilant and apply fixes as soon as they are released.
2. For Security Teams
- Harden Endpoint Protections: Implement tools like Memory Integrity Protection to prevent unauthorised memory access.
- Use Network Sandboxing: Monitor and analyse outgoing network traffic for unusual behaviors.
- Threat Hunting: Proactively search for indicators of compromise (IOCs) such as unauthorised DLLs (data.dll, frame.dll) or C2 communications over non-standard intervals.
3. For Vendors
- Implement Security by Design: Adopt advanced memory protection mechanisms to prevent credential leakage.
- Bug Bounty Programs: Encourage researchers to report vulnerabilities, accelerating patch development.
Conclusion
DEEPDATA is a form of cyber espionage and represents the next generation of tools that are more advanced and tunned for stealth, modularity and persistence. While Brazen Bamboo is in the process of fine-tuning its strategies, the organisations and vendors have to be more careful and be ready to respond to these tricks. The continuous updating, the ability to detect the threats and a proper plan on how to deal with incidents are crucial in combating the attacks.
References:

Executive Summary
A video of US Secretary of State Marco Rubio is rapidly going viral on social media, in which he can allegedly be heard making a statement regarding the 2025 India-Pakistan conflict. Along with the video, it is being claimed that the US played a crucial role in ending the conflict between the two countries, but India was the first to initiate a ceasefire with Pakistan. Users are sharing this video believing it to be true.
Research by the CyberPeace Research Wing revealed that the video has been digitally manipulated. Rubio did state that the United States played a role in ending the conflict, but he never said that India was the first to request a ceasefire from Pakistan. This alleged statement was not part of the original video and was added later to alter the clip.
Claim
A user on a Facebook page shared the viral video and wrote, "Marco Rubio's statement has clearly brought out the truth, weakening India's claim. During 'Maarka-e-Haq', after suffering heavy losses, India was the first party to request a ceasefire from Pakistan. This highlights the gap between India's public claims and the ground reality, where the military..." The post link, archive link, and screenshot can be seen below. https://www.facebook.com/reel/1015648544746728
https://www.facebook.com/reel/1015648544746728

Fact Check
We investigated the viral video using the InVid tool and extracted several of its keyframes. These keyframes were then subjected to a reverse image search via Google Lens. The investigation revealed that the exact same video had been shared on social media previously, showing the same background and setting. The post link and screenshot can be seen below.
https://www.facebook.com/reel/1015648544746728

In the next step of our investigation, we found a video published on Reuters' official YouTube channel on June 2, 2026, whose background matches the viral video. However, nowhere in this original video is Marco Rubio heard saying that India was the first to request a ceasefire from Pakistan. The post link and screenshot can be seen below.
https://www.youtube.com/watch?v=qSpp5IYO6Cs

At the 2-hour 8-minute 55-second mark of the Reuters video, Rubio only states that the US played a role in ending the India-Pakistan conflict. Following this, he discusses the Thailand-Cambodia conflict. This makes it clear that the alleged statement in the viral video was digitally added or edited in, and is not part of the original footage.
Taking the investigation further, we scanned the suspicious audio portion of the viral video using the AI detection tool 'Resemble AI'. According to the analysis results, clear signs of audio manipulation were detected.

Conclusion:
Our investigation revealed that the video has been digitally manipulated. Rubio did state that the United States played a role in ending the conflict, but he never said that India was the first to request a ceasefire from Pakistan. This alleged statement was not part of the original video and was altered by adding it later.