#FactCheck - Debunking the AI-Generated Image of an Alleged Israeli Army Dog Attack

Introduction

Sexual Offences against children have recently come under scrutiny after the decision of the Madras High Court which has ruled that watching and downloading child sexual porn is an inchoate crime. In response, the Supreme Court, on 23 September 2024, ruled that Section 15 of the POCSO and Section 67B of the IT Act penalise any form of use of child pornography, including storing and watching such pornographic content. Along with this, the Supreme Court has further recommended replacing the term “Child Pornography” which it said acts as a misnomer and does not capture the full extent of the crime, with a more inclusive term “Child Sexual Exploitative and Abuse Material” (CESAM). This term would more accurately reflect the reality that these images and videos are not merely pornographic but are records of incidents, where a child has either been sexually exploited and abused or where any abuse of children has been portrayed through any self-generated visual depiction.

Intermediaries cannot claim exemption from Liability U/S 79 

Previously, intermediaries claimed safe harbour by only complying with the requirements stipulated under the  MOU. As per the decision of the SC, now, an intermediary cannot claim exemption from the liability under Section 79 of the IT Act for any third-party information, data, or communication link made available or hosted by it unless due diligence is conducted by it and compliance is made of these provisions of the POCSO Act. This is as per the provisions of Sections 19 and 20 of the POCSO read with Rule 11 of the POCSO Rules which have a mandatory nature.

The due diligence under section 79 of the IT Act includes the removal of child pornographic content and immediate reporting of such content to the concerned police units in the manner specified under the POCSO Act and the Rules. In this way, the Supreme Court has broadened the Interpretation and scope of the ‘Due Diligence’ obligation under section 79 of the IT Act. It was also stated that is to be duly noted that merely because an intermediary complies with the IT Act, will not absolve it of any liability under the POCSO. This is unless it duly complies with the requirements and procedure set out under it, particularly Section 20 of the POCSO Act and Rule 11 of the POCSO Rules.

Bar on Judicial Use of the term ‘Child Porn’

Supreme Court found that the term child pornography can be trivialised as pornography is often seen as a consensual act between adults. Supreme Court emphasised using the term Child Sexual Exploitative and Abuse Material  (CESAM) as it would emphasise the exploitation of children highlight the criminality of the act and shift the focus to a more robust framework to counter these crimes. The Supreme Court also stated that the Union of India should consider amending the POCSO Act to replace the "child pornography" term with "child sexual exploitative and abuse material" (CSEAM). This would reflect more accurately on the reality of such offences. Supreme Court also directed that the term "child pornography" shall not be used in any judicial order or judgment, and instead, the term "CSEAM" should be endorsed.

Curbing CSEAM Content on Social Media Platforms

Social Media Intermediaries and Expert Organisations play an important role in curbing CESAM content. Per the directions of the Apex Court, a need to impart positive age-appropriate sex education to prevent youth from engaging in harmful sexual behaviours, including the distribution, and viewing of CSEAM is important and all stakeholders must engage in proactive measures to counter these offences which are under the umbrella of CSEAM. This should entail promoting age-appropriated and lawful content on social media platforms and social media platforms to ensure compliance with applicable provisions.  

Conclusion 

In light of the Supreme Court’s landmark ruling, it is imperative to acknowledge the pressing necessity of establishing a safer online environment that shields children from exploitation. The shift towards using "Child Sexual Exploitative and Abuse Material" (CSEAM) emphasizes the severity of the crime and the need for a vigilant response. The social media intermediaries must respect their commitment to report and remove exploitive content and must ensure compliance with POCSO and IT regulations. Furthermore, comprehensive, age-appropriate sex education can also be used as a preventive measure, educating young people about the moral and legal ramifications of sexual offences, encouraging respect and awareness and ensuring safer cyberspace. 

References

• https://www.scconline.com/blog/post/2024/09/23/storing-watching-child-pornography-crime-supreme-court-pocso-it-act/#:~:text=Supreme%20Court%3A%20The%20bench%20of,watching%20of%20such%20pornographic%20content
• https://timesofindia.indiatimes.com/india/supreme-court-viewing-child-porn-is-offence-under-pocso-it-acts/articleshow/113613572.cms
• https://bwlegalworld.com/article/dont-use-term-child-pornography-says-sc-urges-parliament-to-amend-pocso-act-534053  
• https://indianexpress.com/article/india/child-pornography-law-pocso-it-supreme-court-9583376/

‍

Overview:

‘Kia Connect’ is the application that is used to connect ‘Kia’ cars which allows the user control various parameters of the vehicle through the application on his/her smartphone. The vulnerabilities found in most Kias built after 2013 with but little exception. Most of the risks are derived from a flawed API that deals with dealer relations and vehicle coordination. 

Technical Breakdown of Exploitation:

1. API Exploitation: The attack uses the vulnerabilities in Kia’s dealership network. The researchers also noticed that, for example, the logs generated while impersonating a dealer and registering on the Kia dealer portal would be sufficient for deriving access tokens needed for next steps.

2. Accessing Vehicle Information: The license plate number allowed the attackers to get the Vehicle Identification Number (VIN) number of their preferred car. This VIN can then be used to look up more information about the car and is an essential number to determine for the shared car.

3. Information Retrieval: Having the VIN number in hand, attackers can launch a number of requests to backends to pull more sensitive information about the car owner, including:

• Name
• Email address
• Phone number
• Geographical address

4. Modifying Account Access: With this information, attackers could change the accounts settings to make them a second user on the car, thus being hidden from the actual owner of the account.

5. Executing Remote Commands: Once again, it was discovered that attackers could remotely execute different commands on the vehicle, which includes:some text
   • Unlocking doors
   • Starting the engine
   • Monitoring the location of the vehicle in terms of position.
   • Honking the horn 

Technical Execution:

The researchers demonstrated that an attacker could execute a series of four requests to gain control over a Kia vehicle:

1. Generate Dealer Token: The attacker sends an HTTP request in order to create a dealer token.

2. Retrieve Owner Information: As indicated using the generated token, they make another request to another endpoint that returns the owner’s email address and phone number.

3. Modify Access Permissions: The attacker takes advantage of the leaked information (email address and VIN) of the owner to change between users accounts and make himself the second user.

4. Execute Commands: As the last one, they can send commands to perform actions on the operated vehicle.

Security Response and Precautionary Measures for Vehicle Owners

1. Regular Software Updates: Car owners must make sure their cars receive updates on the recent software updates provided by auto producers. 
2. Use Strong Passwords: The owners of Kia Connect accounts should develop specific and complex passwords for their accounts and then update them periodically. They should avoid using numbers like the birth dates, vehicle numbers and simple passwords.
3. Enable Multi-Factor Authentication: For security, vehicle owners should turn on the use of the secondary authentication when it is available to protect against unauthorized access to an account. 
4. Limit Personal Information Sharing: Owners of vehicles should be careful with the details that are connected with the account on their car, like the e-mail or telephone number, sharing them on social networks, for example.
5. Monitor Account Activity: It is also important to monitor the account activity because of change or access attempts that are unauthorized. In case of any abnormality or anything suspicious felt while using the car, report it to Kia customer support.
6. Educate Yourself on Vehicle Security: Being aware of cyber threats that are connected to vehicles and learning about how to safeguard a vehicle from such threats.
7. Consider Disabling Remote Features When Not Needed: If remote features are not needed,  then it is better to turn them off, and then turn them on again when needed. This can prove to help diminish the attack vector for would-be hackers.

Industry Implications:

The findings from this research underscore broader issues within automotive cybersecurity:

• Web Security Gaps: Most car manufacturers pay more attention to equipment running in automobiles instead of the safety of the websites that the car uses to operate thereby exposing automobiles that are connected very much to risks.

• Continued Risks: Vehicles become increasingly connected to internet technologies. Auto makers will have to carry cyber security measures in their cars in the future.

Conclusion:

The weaknesses found in Kia’s connected car system are a key concern for Automotive security. Since cars need web connections for core services, suppliers also face the problem of risks and need to create effective safeguards. Kia took immediate actions to tighten the safety after disclosure; however, new threats will emerge as this is a dynamic domain involving connected technology. With growing awareness of these risks, it is now important for car makers not only to put in proper security measures but also to maintain customer communication on how it safeguards their information and cars against cyber dangers. That being an incredibly rapid approach to advancements in automotive technology, the key to its safety is in our capacity to shield it from ever-present cyber threats.

Reference:

• https://timesofindia.indiatimes.com/auto/cars/hackers-could-unlock-your-kia-car-with-just-a-license-plate-is-yours-safe/articleshow/113837543.cms
• https://www.thedrive.com/news/hackers-found-millions-of-kias-could-be-tracked-controlled-with-just-a-plate-number
• https://www.securityweek.com/millions-of-kia-cars-were-vulnerable-to-remote-hacking-researchers/
• https://news24online.com/auto/kia-vehicles-hack-connected-car-cybersecurity-threat/346248/
• https://www.malwarebytes.com/blog/news/2024/09/millions-of-kia-vehicles-were-vulnerable-to-remote-attacks-with-just-a-license-plate-number
• https://informationsecuritybuzz.com/kia-vulnerability-enables-remote-acces/
• https://samcurry.net/hacking-kia

‍

‍

Background

‍

Cyber slavery and online trafficking have become alarming challenges in Southeast Asia. Against this backdrop, India successfully rescued 197 of its citizens from Mae Sot in Thailand on November 10, 2025, using two Indian Air Force flights. The evacuees had fled Myanmar’s Myawaddy region in October after intense military operations forced them to escape. This was India’s second rescue effort within a week, following the November 6 mission that brought back 270 nationals from similar conditions. The operations were coordinated by the Indian Embassy in Bangkok and the Consulate in Chiang Mai, with crucial assistance from the Royal Thai Government.

‍

The Operation and Bilateral Cooperation

‍

The operation was carried out with the presence and supervision of Prime Minister Anutin Charnvirakul of Thailand and Indian Ambassador Nagesh Singh, who were both present at the ceremony in Mae Sot. This way, the two countries have not only proved but also cemented their bond to fight the crimes which were mentioned before and more than that, they have even promised to facilitate communication between their authorities. Prime Minister Charnvirakul thanked India for the quick intervention and added that Thailand would be giving the needed support for the repatriation of the other victims as well.

“Both parties reaffirmed their strong commitment to the fight against cross-border crimes, including cyber scams and human trafficking, in the region and to improving cooperation among the relevant agencies in both countries.”, Embassy of India, Bangkok.

‍

The Cyber Scam Network

‍

The Myawaddy area in Myanmar has made a quick shift to become a hotspot for the entire world of cybercrimes. Moreover, the crimes are especially committed by the organised criminal groups that take advantage of foreign nationals. After the Myanmar military imposed a restriction in late October, over 1,500 people from 28 nations moved to Thailand because of the KK Park cyber hub and other centres being raided.

A UN report (2025) indicated that this fraud activity is part of a larger network that extends the countries populated with very low-tech criminals who target the most naïve, and they are the very ones who end up being tortured. The trafficked persons often belong to the local population or come from neighbouring countries and are recruited with the promise of high salaries as IT or customer service agents, only to be imprisoned in a compound where they are forced to perform phishing, investment fraud, and cryptocurrency scams aimed at the victims all over the globe. These centres operate in border territories having poor governance, easy-to-cross borders, and little police presence, hence making human trafficking a major factor contributing to cybercrime.

‍

India’s Response and Preventive Measures

‍

The Indian Embassy in Thailand worked hand in hand with the Thai government to facilitate bringing back and repatriating the Indian citizens who had entered Thailand illegally when they were escaping Myanmar.

The embassy was far from helpless in the matter. In the case of the embassy's advisory, they suggested to the citizens that:

• It is mandatory to check the authenticity of the job offers and the agents before securing employment in other countries.
• Such employment by means of tourist or visa-free entry permits should be avoided, as such entries allow only for a short-duration visit or tourism.
• Be careful of ads claiming high pay for online or remote work in Southeast Asia.

‍

The embassy reiterated the Government of India’s commitment to ensuring easy access to assistance for citizens overseas and to addressing the growing intersection between cyber fraud and human trafficking.

‍

CyberPeace Analysis and Advisory

‍

The case of Myawaddy demonstrates that cybercrime and human trafficking have grappled to become a complicated global threat. The scam centres gradually come to depend on the trafficked labour of people who are being forced to commit the fraud digitally under coercion. This underlines the requirement for the cybersecurity measures that consider the rights of humans and the protection of the victims, not only the technical defence.

‍

1. Cybercrime–Human Trafficking Convergence: 

Cybercrime has moved up to the level of a human trafficking operation. The unwilling victims of such fraud schemes are scared for their very lives or even more, not of a reliable way out. This situation is such that one cannot tell where cyber exploitation ends and forced labour begins.

2. Cross-Border Enforcement Challenges:

To effectively carry out their unlawful acts, the criminals use legal and jurisdictional loopholes that are present across borders. Dismantling such networks requires the regional cooperation of India, Thailand, and ASEAN countries.

3. Socioeconomic Vulnerability:

The situation with unemployment being stagnant and the public not being educated about the situation makes people, especially the youth, very prone to scams of getting hired overseas. Thus, to prevent this uneducated flocking to the fraudsters, it is necessary to constantly implant in them the knowledge of online literacy and the importance of verification of job offers.

4. Public–Private Coordination: 

The scammers’ mode of operation usually includes online recruitment through social media and encrypted platforms where their victims can be found and contacted. In this regard, cooperation among government institutions, tech platforms, and civil society is imperative to put an end to the operation of these digital trafficking channels.

‍

CyberPeace Expert Advisory

To lessen the possibility of such incidents, CyberPeace suggests the following preventive and policy measures:

‍

Individuals:

‍

• Trust but verify: Before giving your approval to anything, always verify the job offer by official embassy websites or MEA-approved recruiting agencies first.
• Watch out for red flags: If a recruiter offers a very high salary for almost no work, asks for tourist visas, or gives no written contract, be very careful and pull out immediately.
• Protect your documents: Give a trusted person the responsibility of keeping both digital and physical copies of your passport and visa, and also register your travel with the MADAD portal.
• Report if in doubt: If an agent looks suspicious, contact the nearest Indian Embassy or Consulate or report it to cybercrime.gov.in or the 1930 Helpline.

‍

Policymakers and Agencies:

‍

• Strengthen Bilateral Task Forces: Set up armed forces of cyber and human trafficking enforcement units in South and Southeast Asian countries.
• Support Regional Awareness Campaigns: In addition to targeted advisories in local languages, the most vulnerable job seekers in Tier-2 and Tier-3 cities should also receive such awareness in their languages.
• Overseas Employment Advertising should be regulated: All digital job postings should be made to meet transparency standards and fraudulent recruitment should be punished with heavy fines.
• Invest in Digital Forensics and Intelligence Sharing: Create common databases for monitoring international cybercriminal groups.

‍

Conclusion

‍

The return of Indian citizens from Thailand represents a significant humanitarian and diplomatic milestone and highlights that cybercrime, though carried out through digital channels, remains deeply human in nature. International cooperation, well-informed citizens, and a rights-based cybersecurity approach are the minimum requirements for a global campaign against the new breed of cybercrime that is characterised by fraud and trafficking working hand in hand. CyberPeace reminds everyone that digital vigilance, verification, and collaboration across borders are the most effective ways to prevent online abuse and such crimes.

Reference

‍

• https://www.ndtv.com/india-news/197-indians-repatriated-from-thailand-by-special-indian-air-force-flights-9611934
• https://www.thehindu.com/news/national/india-airlifts-citizens-who-worked-in-myanmar-cybercrime-hub-from-thailand/article70264322.ece
• https://www.mea.gov.in/Images/attach/03-List-4-2024.pdf

‍