#FactCheck - Bangladeshi Migrant’s Arrest Misrepresented as Indian in Viral Video!

Introduction

Who would have predicted that the crime of slavery would haunt our lives through the digital world? In a recent unfolding of events, the cyber wing of Maharashtra has saved 60 Indian nationals from a cyber slavery racket run by armed rebel groups operating in Myanmar and arrested five suspects who acted as recruiting agents, including a foreign national. As per the reports, the racketeers made contact with various individuals, enticing them with offers of high-paying jobs in East Asian countries. The operation unfolds a carefully designed crime network that operates through bordering states, Myanmar, Thailand, and Malaysia, targeting vulnerable individuals through deceptive means and forcing them to commit cyber fraud and financial crimes, operating as an authentic industrial setup. The disturbing set of events makes up only one of many such cyber-slavery incidents that are uncovered and various other rackets that operate in the shadows of cyberspace. Another similar event was reported in March 2025, where the disturbing ordeal of a 52-year-old father from Bihar’s Gopalganj, whose son was lured into working in a scam call centre under the pretence of a data entry job in Thailand.

Counting the Unseen: The Dark Metrics of Cyber Slavery

As per the United Nations report from October 2024, a large number of young individuals are enslaved, acting under the impression they will be employed in high-paying jobs, often on social media platforms, and what follows is an intricate web of cybercriminals operating from illegal scam compounds.  According to the UN Office on Drugs and Crime (UNODC), financial losses from scams in Southeast Asia reached between $18 billion (Rs 1.6 lakh crore) and $37 billion (Rs 3.2 lakh crore) in 2023, much of it linked to organised crime in these three countries. Also, acting on a similar premise, the Indian Cyber Crime Coordination Centre (I4C), a division under the Ministry of Home Affairs (MHA), organised an inter-ministerial committee to address a significant rise in cybercrime in Southeast Asian countries, which includes Cambodia, Myanmar, and Laos. 

The data from the Bureau of Immigration in the Union Ministry of Home Affairs, which included around 29,466 Indians who travelled on visitor visas to Thailand, Vietnam, Myanmar, and Cambodia between January 2022 and May 2024, has gone missing.

From Rescue to Reform: How India is Tackling Cyber Slavery 

The recent events that unfolded have agitated the government to undertake vigilant rescue operations for the missing individuals who became victims of this modern-day trafficking and coordinate with foreign ministries in Myanmar, Thailand and Cambodia for extradition and repatriation. It is notable that in the year 2015, India along with seven other countries in South Asia, including Afghanistan, Bangladesh, Bhutan, Maldives, Nepal, Pakistan and Sri Lanka, came together to address transnational threats that transcend geographical and cultural borders in cooperation with the United Nations Office on Drugs and Crimes (UNODC). The collaboration brought together a Compendium of Bilateral and Regional Instruments for South Asia providing for International Cooperation in Criminal Matters. Further, in January 2025, UNODC and the European Union launched a €9 million regional project titled "Preventing and Addressing Trafficking in Human Beings and the Smuggling of Migrants in South Asia." The Government of India, through its various agencies, also lays down various guidelines and advisories on the National Cyber Crime Reporting Portal. Additionally, law enforcement agencies are actively involved, and cybersecurity NGOs are proactively spreading awareness about identifying red flags associated with threats such as cyber slavery.

Recommendations: A Call to Action

• The various advisories released by the Gov. of India emphasise the need for Indian nationals to verify the credentials of the employer through the Indian Embassy located in that country.
• The authorities and various agencies also stress the need for individuals to refrain from sharing personal information such as location details, contact information or any information pertaining to personal relationships that can be exploited by such criminals.
• The fundamental manner of tackling the crime of cyber slavery is to ensure digital literacy and increase awareness through public campaigns and educational programmes
• The need of the hour is international cooperation and collaboration to undertake a concerted effort to bring back the victims and penalise all those who facilitate such criminal activities. 

References

• https://www.thehindu.com/news/national/more-than-60-indians-forced-into-cyber-slavery-rescued-from-myanmar-5-arrested/article69438991.ece 
• https://www.indiatoday.in/india-today-insight/story/cyber-slavery-the-new-job-con-trapping-indian-youth-abroad-2637157-2024-11-21 
• https://indianexpress.com/article/india/mha-high-powered-committee-cybercrimes-from-se-asia-9345843/ ‍
• https://www.unodc.org/documents/terrorism/Publications/SAARC%20compendium/SA_Compendium_Volume-2.pdf

Introduction 

AI has revolutionized the way we look at growing technologies. AI is capable of performing complex tasks in fasten time. However, AI’s potential misuse led to increasing cyber crimes. As there is a rapid expansion of generative AI tools, it has also led to growing cyber scams such as Deepfake, voice cloning, cyberattacks targeting Critical Infrastructure and other organizations, and threats to data protection and privacy. AI is empowered by giving the realistic output of AI-created videos, images, and voices, which cyber attackers misuse to commit cyber crimes. 

‍

It is notable that the rapid advancement of technologies such as generative AI(Artificial Intelligence), deepfake, machine learning, etc. Such technologies offer convenience in performing several tasks and are capable of assisting individuals and business entities. On the other hand, since these technologies are easily accessible, cyber-criminals leverage AI tools and technologies for malicious activities or for committing various cyber frauds. By such misuse of advanced technologies such as AI, deepfake, and voice clones. Such new cyber threats have emerged. 

‍

What is Deepfake?

Deepfake is an AI-based technology. Deepfake is capable of creating realistic images or videos which in actuality are created by machine algorithms. Deepfake technology, since easily accessible, is misused by fraudsters to commit various cyber crimes or deceive and scam people through fake images or videos that look realistic. By using the Deepfake technology, cybercriminals manipulate audio and video content which looks very realistic but, in actuality, is fake. Voice cloning is also a part of deepfake. To create a voice clone of anyone's, audio can be deepfaked too, which closely resembles a real one but, in actuality, is a fake voice created through deepfake technology. 

‍

How Deepfake Can Harm Organizations or Enterprises?

• Reputation: Deepfakes have a negative impact on the reputation of the organization. It’s a reputation which is at stake. Fake representations or interactions between an employee and user, for example,  misrepresenting  CEO online, could damage an enterprise’s credibility, resulting in user and other financial losses. To be protective against such incidents of deepfake, organisations must thoroughly monitor online mentions and keep tabs on what is being said or posted about the brand. Deepfake-created content can also be misused to Impersonate leaders, financial officers and officials of the organisation.
• Misinformation: Deepfake can be used to spread misrepresentation or misinformation about the organisation by utilising the deepfake technology in the wrong way. 
• Deepfake Fraud calls misrepresenting the organisation: There have been incidents where bad actors pretend to be from legitimate organisations and seek personal information. Such as helpline fraudsters, fake representatives from hotel booking departments, fake loan providers, etc., where bad actors use voice clones or deepfake-oriented fake video calls in order to propose themselves as belonging to legitimate organisations and, in actuality, they are deceiving people.

‍

How can organizations combat AI-driven cybercrimes such as deepfake? 

• Cybersecurity strategy: Organisations need to keep in place a wide range of cybersecurity strategies or use advanced tools to combat the evolving disinformation and misrepresentation caused by deepfake technology.  Cybersecurity tools can be utilised to detect deepfakes. 
• Social media monitoring: Social media monitoring can be done to detect any unusual activity. Organisations can select or use relevant tools and implement technologies to detect deepfakes and demonstrate media provenance. Real-time verification capabilities and procedures can be used. Reverse image searches, like TinEye, Google Image Search, and Bing Visual Search, can be extremely useful if the media is a composition of images.
• Employee Training: Employee education on cybersecurity will also play a significant role in strengthening the overall cybersecurity posture of the organisation.

Conclusion

There have been incidents where AI-driven tools or technology have been misused by cybercriminals or bad actors.  Synthetic videos developed by AI are used by bad actors. Generative AI has gained significant popularity for many capabilities that produce synthetic media. There are concerns about synthetic media, such as its misuse of disinformation operations designed to influence the public and spread false information. In particular, synthetic media threats that organisations most often face include undermining the brand, financial gain, threat to the security or integrity of the organisation itself and Impersonation of the brand’s leaders for financial gain.

Synthetic media attempts to target organisations intending to defraud the organisation for financial gain. Example includes fake personal profiles on social networking sites and deceptive deepfake calls, etc. The organisation needs to have the proper cyber security strategy in place to combat such evolving threats. Monitoring and detection should be performed by the organisations and employee training on empowering on cyber security will also play a crucial role to effectively deal with evolving threats posed by the misuse of AI-driven technologies. 

References:

• https://media.defense.gov/2023/Sep/12/2003298925/-1/-1/0/CSI-DEEPFAKE-THREATS.PDF
• https://www.securitymagazine.com/articles/98419-how-to-mitigate-the-threat-of-deepfakes-to-enterprise-organizations

‍

Executive Summary:

In the recent advisory the Indian Computer Emergency Response Team (CERT-In) has released a high severity warning in the older versions of the software across Apple devices. This high severity rating is because of the multiple vulnerabilities reported in Apple products which could allow the attacker to unfold the sensitive information, and execute arbitrary code on the targeted system. This warning is extremely useful to remind of the necessity to have the software up to date to prevent threats of a cybernature. It is important to update the software to the latest versions and cyber hygiene practices.

Devices Affected:

CERT-In advisory highlights significant risks associated with outdated software on the following Apple devices:

• iPhones and iPads: iOS versions that are below 18 and the 17.7 release.
• Mac Computers: All macOS builds before 14.7 (20G71), 13.7 (20H34), and  earlier 20.2 for Sonoma, Ventura, Sequoia, respectively.
• Apple Watches: watchOS versions prior to 11
• Apple TVs: tvOS versions prior to 18
• Safari Browsers: versions prior to 18
• Xcode: versions prior to 16
• visionOS: versions prior to 2

Details of the Vulnerabilities:

The vulnerabilities discovered in these Apple products could potentially allow attackers to perform the following malicious activities:

1. Access sensitive information: The attackers could easily access the sensitive information stored in other parts of the violated gadgets.
2. Execute arbitrary code: The web page could be compromised with malcode and run on the targeted system which in the worst scenario would give the intruder full Administrator privileges on the device.
3. Bypass security restrictions: Measures agreed to safeguard the device and information contained on it may be easily bypassed and the system left open to more proliferation.
4. Cause denial-of-service (DoS) attacks: The vulnerabilities could be used to cause the targeted device or service to be unavailable to the rightful users.
5. Perform spoofing attacks: There could be a situation where the attackers created fake entities or users or accounts to have a way into important information or do other unauthorized activities.
6. Elevate privileges: It is also stated that weaknesses might be exploited to authorize the attacker a higher level of privileges in the system they are targets.
7. Engage in cross-site scripting (XSS) attacks: Some of them make the associated Web applications/sites prone to XSS attacks by injecting hostile scripts into Web page code.

‍

Vulnerabilities:

CVE-2023-42824

• Attack vector could allow a local attacker to elevate their privileges and potentially execute arbitrary code.

Affected System

• Apple's iOS and iPadOS software

CVE-2023-42916

• To improve the out of bounds read it was mitigated with improved input validation which was resolved later.

Affected System

• Safari, iOS, iPadOS, macOS, and Apple Watch Series 4 and later devices running watchOS 10.2

CVE-2023-42917

• leads to arbitrary code execution, and there have been reports of it being exploited in earlier versions of iOS.

Affected System

• Apple's Safari browser, iOS, iPadOS, and macOS Sonoma systems

Recommended Actions for Users:

To mitigate these risks, that users take immediate action:

• Update Software: Ensure all your devices are on the most current version of the operating systems they use. Repetitive updates have important security updates that fix identified weaknesses or flaws within the system.
• Monitor Device Activity: Stay vigilant if something doesn’t seem right; if your gadgets are accessed by someone who isn’t you.
• Always use strong, distinct passwords and use two-factor authentication.
• Install and update the antivirus and Firewall softwares.
• Avoid downloading any applications or clicking   link from unknown sources 

Conclusion:

The advisory from CERT-In, clearly demonstrates the fundamental need of keeping the software on all Apple devices up to date. Consumers need to act right away to patch their devices and apply best security measures like using multiple factors for login and system scanning.  This advisory has come out when Apple has just released new products into the market such as the iPhone 16 series in India. When consumers embrace new technologies it is important for them to observe relevant measures of security precautions. Maintaining good cyber hygiene is a critical process for the protection against new threats.

Reference:

• https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES02&VLCODE=CIAD-2023-0043
• https://www.cve.org/CVERecord?id=CVE-2023-42916
• https://www.cve.org/CVERecord?id=CVE-2023-42917
• https://www.bizzbuzz.news/technology/gadjets/cert-in-issues-advisory-on-vulnerabilities-affecting-iphones-ipads-and-macs-1337253#google_vignette
• https://www.wionews.com/videos/india-warns-apple-users-of-high-severity-security-risks-in-older-software-761396

‍

‍