#FactCheck - Edited Video Falsely Claims as an attack on PM Netanyahu in the Israeli Senate

Introduction

In the rapidly evolving landscape of cyber threats, a novel menace has surfaced the concept of Digital Arrest. The impostors impersonating law enforcement officers deceive the victims into believing that their bank account, SIM card, Aadhaar card, or bank card has been used unlawfully. They coerce victims into paying them money. Digital Arrest involves the virtual restraint of individuals. These suspensions can vary from restricted access to the account(s), and digital platforms, to implementing measures to prevent further digital activities or being restrained on video calling or being monitored through video calling. In the era of digitisation where the technology is growing on an exponential phase, various existing loopholes are being utilised by the wrongdoers which has given rise to this sinister trend known as “digital arrest fraud”. In this scam, the defrauder manipulates the victims, who impersonate law enforcement officials and further traps the victims into a web of deception involving threats of imminent digital restraint and coerced financial transactions.   

Recognizing the Danger of Digital Arrest

A recent case involving an interactive voice response (IVR) call that targeted a victim sheds light on the complexities of the "digital arrest" cybercrime. The victim was notified by the scammers—who were pretending to be law enforcement officers—that a SIM card in her name had apparently been utilised in a criminal incident in Mumbai. The call proceeded to a video conversation with an FBI agent who falsely accused her of being involved in money laundering. The victim was forced into a web of dishonesty because she now believed she was involved in a criminal case, underscoring the psychological manipulation these hackers were using.

Recent incidents of digital arrest fraud  

• Recently, a complaint was registered at the Noida Cyber Crime Police Station made by a 50-year-old victim, who was deceived of over Rs 11 lakh and exposed to "digital arrest". By using the identities of an IPS officer in the CBI and the founder of an airline that was grounded, the attackers, masquerading as law enforcement officers, falsely accused the victim of being involved in a fake money-laundering case. She was told that she had another SIM card in her name that was used for fraudulent activities in Mumbai. The complaint made by the victim asserted “Victim’s call was transferred to a person (who identified himself as a Mumbai Police officer) who conducted the initial interrogation over the call and then on Skype VC, where she stayed from 9:30 AM to around 7 in the evening. The woman ended up transferring around ₹11.11 lakh. The scammers then ended contact with her, after which she realised she had been scammed. 
• Another recent case of digital arrest fraud came from Faridabad. Where a 23-year-old girl got a call from a fraudster posing as a Lucknow customs officer. The caller said that a package was being shipped to Cambodia that included cards and passports associated with the victim's Aadhaar number. The victim was forced to believe that she was a part of illegal activity, which included trafficking in humans. Under the guise of police officials, the hackers made up allegations before extorting money from the victim. After that, she was told by a man acting as a CBI official that she needed to pay five per cent of the total which was Rs 15 lakh. She said the cybercriminals instructed her not to log off Skype. In the meantime, she ended up transferring Rs 2.5 lakh to a bank account shared by cybercriminals. 

Measures to protect oneself from digital arrest

Sustaining a practical and observant approach towards cybersecurity is the key to lowering the peril of being targeted and experiencing digital arrest. Following are certain best practices for ensuring the same:

• Cyber Hygiene: This includes maintaining cyber hygiene by regularly updating passwords, and software and also enabling two-factor authentications to reduce the chances of unauthorized access.

• Phishing Attempts: These can be evaded by refraining from clicking on dubious links or downloading attachments from unknown sources and also authenticating the legitimacy of emails and messages before sharing any personal information.

• Secured devices: By installing reputable antivirus and anti-malware solutions and keeping operating systems and applications up to date with the latest security protocols.

• Virtual Private Networks (VPNs): VPNs can be employed to encrypt internet connections thus enhancing privacy and security. However one must be cautious of free VPN services and OTP only for trustworthy providers.  

• Monitor online services: A regular review of online accounts for any unauthorized or unlawful activities and setting up alerts for any changes to account settings or login attempts may help in the early detection of cybercrime and coping with it.

• Secure communication channels: Using secure communication techniques such as encryption can be done for the protection of sensitive information. Sharing of passwords and other information must be cautiously done especially in public forums.

• Awareness: The increasing prevalence of cybercrime known as "digital arrest" underscores the need for preventive measures and increased public awareness. Educational initiatives that draw attention to prevalent cyber threats—especially those that include law enforcement impersonation—can enable people to identify and fend off scams of this kind. The collaboration of law enforcement agencies and telecommunication companies can effectively limit the access points used by fraudsters by identifying and blocking susceptible calls.

Conclusion

The rise of Digital Arrest presents a noteworthy and innovative threat to cybersecurity by taking advantage of people's weaknesses through deceitful impersonation and coercive measures. The case in Noida is a prime example of the boldness and skill of cybercriminals who use fear and false information to trick victims into thinking they are in danger of suffering harsh legal repercussions and taking large amounts of money. In order to combat this increasing cybercrime, people need to take a proactive and watchful stance when it comes to cybersecurity. Cyber hygiene techniques, such as two-factor authentication and frequent password changes, are essential for lowering the possibility of unwanted access. Important precautions include being aware of phishing efforts, protecting devices with reliable antivirus software, and using Virtual Private Networks (VPNs) to increase privacy. Cybercriminals and fraudsters often use fear as a powerful tool to manipulate people and exploit their vulnerabilities for illicit gains in the realms of cybercrime and financial fraud. To protect themselves against the sneaky threat of Digital Arrest, netizens must traverse the constantly changing cyber threat landscape with collective knowledge, educated practices, and strong cybersecurity measures. 

References:

1. https://www.business-standard.com/india-news/new-cyber-crime-trend-unravelled-in-up-woman-held-under-digital-arrest-123120200485_1.html
2. https://www.businessinsider.in/india/news/noida-woman-scammed-11-lakh-in-digital-arrest-scam-everything-you-need-to-know/articleshow/105727970.cms
3. https://m.timesofindia.com/life-style/parenting/moments/23-year-old-faridabad-girl-on-digital-arrest-for-17-days-how-to-protect-your-children-from-cyber-crime/photostory/105442556.cms

Introduction

The Department of Telecommunications (DoT) has launched the 'Digital Intelligence Platform (DIP)'and the 'Chakshu' facility on the Sanchar Saathi portal to combat cybercrimes and financial frauds. Union telecom, IT and railways minister Ashwini Vaishnaw announced the initiatives, stating that the government has been working to counter cyber frauds at national, organizational, and individual levels. The Sanchar Saathi portal has successfully tackled such attacks, and the two new portals will further enhance the capacity to check any kind of cyber security threat.

The Digital Intelligence Platform is a secure and integrated platform for real-time intelligence sharing, information exchange, and coordination among stakeholders, including telecom operators, law enforcement agencies, banks, financial institutions, social media platforms, and identity document issuing authorities. It also contains information regarding cases detected as misuse of telecom resources.

The 'Chakshu' facility allows citizens to report suspected fraud communication received over call, SMS, or WhatsApp with the intention of defrauding, such as KYC expiry, bank account/payment wallet/SIM/gas connection/electricity connection, sextortion, impersonations a government official/relative for sending money, and disconnection of all mobile numbers by the Department of Telecommunications.

The launch of these proactive initiatives or steps represents another significant stride by the Ministry of Communications and the Department of Telecommunications in combating cybersecurity threats to citizens' digital assets.

In this age of technology, there is a reason to be concerned about the threats posed by cybercrooks to individuals and organizations. The risk of using digital means for communication, e-commerce, and critical infrastructure has increased significantly. It is important to have proper measures in place to prevent cybercrime and destructive behavior. The Department of Telecommunication has unveiled "Chakshu," a digital intelligence portal aimed at combating cybercrimes. This platform seeks to enhance the country's cyber defense capabilities by providing enforcement agencies with effective tools and actionable intelligence for countering cybercrimes, including financial frauds.

Digital Intelligence Platform (DIP)

Digital Intelligence Platform (DIP) developed by the Department of Telecommunications is a secure and integrated platform for real-time intelligence sharing, information exchange and coordination among the stakeholders i.e. Telecom Service Providers(TSPs), law enforcement agencies (LEAs), banks and financial institutions(FIs), social media platforms, identity document issuing authorities etc. The portal also contains information regarding the cases detected as misuse of telecom resources. The shared information could be useful to the stakeholders in their respective domains. It also works as a backend repository for the citizen-initiated requests on the Sanchar Saathi portal for action by the stakeholders. The DIP is accessible to the stakeholders through secure connectivity, and the relevant information is shared based on their respective roles. However, the platform is not accessible to citizens.‍

What is Chakshu?

Chakshu, which means “eye” in Hindi, is a new feature on the Sanchar Saathi portal. This citizen-friendly platform allows you to report suspicious communication you receive via calls, SMS, or WhatsApp. “Chakshu” is a new advanced tool to safeguard against modern-day cybercriminal activities. Chakshu is a sophisticated design that uses the latest technologies for assembling and analyzing digital information and provides law enforcement agencies with useful data on what should be done next. Below are some of its attributes.

Here are some examples of what you can report:

-       Fraudulent messages claiming your KYC (Know Your Customer)details need to be updated.

-       Fraudulent requests to update your bank account, payment wallet, or SIM card details.

-       Phishing attempts impersonating government officials or relatives asking for money.

-       Fraudulent threats of disconnection of your sim connections.

How Chakshu Aims to crackdown Cybercrime and Financial Frauds

Chakshu is a new tool on the Sanchar Saathi platform that invites individuals to report suspected fraudulent communications received by phone, SMS, or WhatsApp. These fraudulent activities may include attempts to deceive individuals through schemes such as KYC expiry or update requests for bank accounts, payment wallets, SIM cards, gas connections, and electricity connections, sextortion, impersonation of government officials or relatives for financial gain, or false claims of mobile number disconnection by the Department of Telecommunications.

The tool is well-designed and equipped to help the investigators with actionable intelligence and insights, enabling LEAs to conduct targeted investigations on financial frauds and cyber-crimes; the tool helps in gathering a comprehensive data analysis and evidence collection capability by mapping out the connection between individuals, organizations and illicit activities, it, therefore, allows the law enforcement agencies in dismantling criminal activities and help the law enforcement agencies.

Chakshu’s Impact

India has launched Chakshu, a digital intelligence tool that strengthens the country's cybersecurity policy. Chakshu employs modern technology and real-time data analysis to enhance India's cyber defenses. Law enforcement can detect and neutralize possible threats by taking proactive approach to threat analysis and prevention before they become significant crises. Chakshu also improves the resilience of critical infrastructure and digital ecosystems, safeguarding them against cyber-attacks. Overall, Chakshu plays an important role in India's cybersecurity posture and the protection of national interests in the digital era.

Where can Chaksu be accessed?

Chakshu can be accessed through the government's Sanchar Saathi web portal:https://sancharsaathi.gov.in

Conclusion

The launch of the Digital Intelligence Platform and Chakshu facility is a step forward in safeguarding citizens from cybercrimes and financial fraud. These initiatives use advanced technology and stakeholder collaboration to empower law enforcement agencies. The Department of Telecommunications' proactive approach demonstrates the government's commitment to cybersecurity defenses and protecting digital assets, ensuring a safer digital environment for citizens and critical infrastructure.

References

• https://telecom.economictimes.indiatimes.com/news/policy/dot-launches-digital-intelligence-portal-chakshu-facility-to-curb-cybercrimes-financial-frauds/108220814
• https://bankingfrontiers.com/digital-intelligence-platform-launched-to-curb-cybercrime-financial-fraud/
• https://www.business-standard.com/india-news/calcutta-hc-justice-abhijit-gangopadhyay-sends-his-resignation-to-prez-cji-124030500367_1.html
• https://www.the420.in/dip-chakshu-government-launches-powerful-weapons-against-cybercrime/
• https://pib.gov.in/PressReleaseIframePage.aspx?PRID=2011383

‍

Introduction

The Central Electricity Authority (CEA) has released the Draft Central Electricity Authority (Cyber Security in Power Sector) Regulations, 2024, inviting ‘comments’ from stakeholders, including the general public, which are to be submitted by 10 September 2024. The new regulation is intended to make India’s power sector more cyber-resilient and responsive to counter emerging cyber threats and safeguard the nation's power infrastructure.

Key Highlights of the CEA’s New (Cyber Security in Power Sector) Regulations, 2024

• Central Electricity Authority has framed the ‘Cyber Security in Power Sector Regulations, 2024’ in the exercise of the powers conferred by sub-section (1) of 177 of the Electricity Act, 2003 in order to make regulations for measures relating to Cyber Security in the power sector.
• The scope of the regulation entails that these regulations will be applicable to all Responsible Entities, Regional Power Committees, Appropriate Commission, Appropriate Government and Associated Power Sector Government Organizations, and Training Institutes recognized by the Authority, Authority and Vendors.
• One key aspect of the proposed regulation is the establishment of a dedicated Computer Security Incident Response Team (CSIRT) for the power sector. This team will coordinate a unified cyber defense strategy throughout the sector, establishing security frameworks, and serving as the main agency for handling incident response and recovery. The CSIRT will also be responsible for creating/developing Standard Operating Procedures (SOPs), security policies, and best practices for incident response activities in consultation with CERT-In and NCIIPC. The detailed roles and responsibilities of CSIRT are outlined under Chapter 2 of the said regulations.
• All responsible entities in the power sector as mentioned under the scope of the regulation, are mandated to appoint a Chief Information Security Officer (CISO) and an alternate CISO, who need to be Indian nationals and who are senior management employees. The regulations specify that these officers must directly report to the  CEO/Head of the Responsible Entity. Thus emphasizing the critical nature of CISO’s roles in safeguarding the nation’s power grid sector assets.
• All Responsible Entities shall establish an Information Security Division (ISD) dedicated to ensuring Cyber Security, headed by the CISO and remain operational around the clock. The schedule under regulation entails that the minimum workforce required for setting up an ISD is 04 (Four) officers including CISO and 04 officers/officials for shift operations. Sufficient workforce and infrastructure support shall be ensured for ISD. The detailed functions and responsibilities of ISD are outlined under Chapter 5 regulation 10. Furthermore, the ISD shall be manned by sufficient numbers of officers, having valid certificates of successful completion of domain-specific Cyber Security courses.
• The regulation obliged the entities to have a defined, documented and maintained Cyber Security Policy which is approved by the Board or Head of the entity. The regulation also obliged the entities to have a Cyber Crisis Management Plan (CCMP) approved by the higher management.
• As regards upskilling and empowerment the regulation advocates for organising or conducting periodic Cyber Security awareness programs and Cyber Security exercises including mock drills and tabletop exercises.

CyberPeace Policy Outlook

CyberPeace Policy & Advocacy Vertical has submitted its detailed recommendations on the proposed ‘Cyber Security in Power Sector Regulations, 2024’ to the Central Electricity Authority, Government of India. We have advised on various aspects within the regulation including harmonisation of these regulations with other rules as issued by CERT-In and NCIIPC, at present. As this needs to be clarified which set of guidelines will supersede in case of any discrepancy that may arise. Additionally, we advised on incorporating or making modifications to specific provisions under the regulation for a more robust framework. We have also emphasized legal mandates and penalties for non-compliance with cybersecurity, so as to make sure that these regulations do not only act as guiding principles but also provide stringent measures in case of non-compliance.

References: 

1. https://cea.nic.in/wp-content/uploads/notification/2024/08/Draft_CEA_Cyber_Security_in_Power_Sectyor_Regulations_2024_English_Version.pdf

‍