#FactCheck - Viral Photos Falsely Linked to Iranian President Ebrahim Raisi's Helicopter Crash

Executive Summary:

Recently, CyberPeace faced a case involving a fraudulent Android application imitating the Punjab National Bank (PNB). The victim was tricked into downloading an APK file named "PNB.apk" via WhatsApp. After the victim installed the apk file, it resulted in unauthorized multiple transactions on multiple credit cards.

Case Study: The Attack: Social Engineering Meets Malware

The incident started when the victim clicked on a Facebook ad for a PNB credit card. After submitting basic personal information, the victim receives a WhatsApp call from a profile displaying the PNB logo. The attacker, posing as a bank representative, fakes the benefits and features of the Credit Card and convinces the victim to install an application named PNB.apk.  The so called bank representative sent the app through WhatsApp, claiming it would expedite the credit card application. The application was installed in the mobile device as a customer care application. It asks for permissions such as  to send or view SMS messages. The application opens only if the user provides this permission. 

‍

It extracts the credit card details from the user such as Full Name, Mobile Number, complain, on further pages irrespective of  Refund, Pay or Other. On further processing, it asks for other information such as credit card number, expiry date and cvv number. 

‍

Now the scammer has access to all the details of the credit card information, access to read or view the sms to intercept OTPs. 

The victim, thinking they were securely navigating the official PNB website, was unaware that the malware was granting the hacker remote access to their phone. This led to ₹4 lakhs worth of 11 unauthorized transactions across three credit cards.

The Investigation & Analysis:

Upon receiving the case through CyberPeace helpline, the CyberPeace Research Team acted swiftly to neutralize the threat and secure the victim’s device. Using a secure remote access tool, we gained control of the phone with the victim’s consent. Our first step was identifying and removing the malicious "PNB.apk" file, ensuring no residual malware was left behind. 

Next, we implemented crucial cyber hygiene practices:

1. Revoking unnecessary permissions – to prevent further unauthorized access.
2. Running antivirus scans – to detect any remaining threats.
3. Clearing sensitive data caches – to remove stored credentials and tokens.

The CyberPeace Helpline team assisted the victim to report the fraud to the National Cybercrime Portal and helpline (1930) and promptly blocked the compromised credit cards.

The technical analysis for the app was taken ahead and by using the md5 hash file id. This app was marked as malware in virustotal and it has all the permissions such as Send/Receive/Read SMS, System Alert Window.  

‍

In the similar way, we have found another application in the name of “Axis Bank” which is circulated through whatsapp which is having similar permission access and the details found in virus total are as follows:

‍

‍

‍

Recommendations:

This case study implies the increasingly sophisticated methods used by cybercriminals, blending social engineering with advanced malware. Key lessons include:

• Be vigilant when downloading the applications, even if they appear to be from legitimate sources. It is advised to install any application after checking through an application store and not through any social media. 
• Always review app permissions before granting access.
• Verify the identity of anyone claiming to represent financial institutions.
• Use remote access tools responsibly for effective intervention during a cyber incident.

By acting quickly and following the proper protocols, we successfully secured the victim’s device and prevented further financial loss.

‍

Introduction

Sexual Offences against children have recently come under scrutiny after the decision of the Madras High Court which has ruled that watching and downloading child sexual porn is an inchoate crime. In response, the Supreme Court, on 23 September 2024, ruled that Section 15 of the POCSO and Section 67B of the IT Act penalise any form of use of child pornography, including storing and watching such pornographic content. Along with this, the Supreme Court has further recommended replacing the term “Child Pornography” which it said acts as a misnomer and does not capture the full extent of the crime, with a more inclusive term “Child Sexual Exploitative and Abuse Material” (CESAM). This term would more accurately reflect the reality that these images and videos are not merely pornographic but are records of incidents, where a child has either been sexually exploited and abused or where any abuse of children has been portrayed through any self-generated visual depiction.

Intermediaries cannot claim exemption from Liability U/S 79 

Previously, intermediaries claimed safe harbour by only complying with the requirements stipulated under the  MOU. As per the decision of the SC, now, an intermediary cannot claim exemption from the liability under Section 79 of the IT Act for any third-party information, data, or communication link made available or hosted by it unless due diligence is conducted by it and compliance is made of these provisions of the POCSO Act. This is as per the provisions of Sections 19 and 20 of the POCSO read with Rule 11 of the POCSO Rules which have a mandatory nature.

The due diligence under section 79 of the IT Act includes the removal of child pornographic content and immediate reporting of such content to the concerned police units in the manner specified under the POCSO Act and the Rules. In this way, the Supreme Court has broadened the Interpretation and scope of the ‘Due Diligence’ obligation under section 79 of the IT Act. It was also stated that is to be duly noted that merely because an intermediary complies with the IT Act, will not absolve it of any liability under the POCSO. This is unless it duly complies with the requirements and procedure set out under it, particularly Section 20 of the POCSO Act and Rule 11 of the POCSO Rules.

Bar on Judicial Use of the term ‘Child Porn’

Supreme Court found that the term child pornography can be trivialised as pornography is often seen as a consensual act between adults. Supreme Court emphasised using the term Child Sexual Exploitative and Abuse Material  (CESAM) as it would emphasise the exploitation of children highlight the criminality of the act and shift the focus to a more robust framework to counter these crimes. The Supreme Court also stated that the Union of India should consider amending the POCSO Act to replace the "child pornography" term with "child sexual exploitative and abuse material" (CSEAM). This would reflect more accurately on the reality of such offences. Supreme Court also directed that the term "child pornography" shall not be used in any judicial order or judgment, and instead, the term "CSEAM" should be endorsed.

Curbing CSEAM Content on Social Media Platforms

Social Media Intermediaries and Expert Organisations play an important role in curbing CESAM content. Per the directions of the Apex Court, a need to impart positive age-appropriate sex education to prevent youth from engaging in harmful sexual behaviours, including the distribution, and viewing of CSEAM is important and all stakeholders must engage in proactive measures to counter these offences which are under the umbrella of CSEAM. This should entail promoting age-appropriated and lawful content on social media platforms and social media platforms to ensure compliance with applicable provisions.  

Conclusion 

In light of the Supreme Court’s landmark ruling, it is imperative to acknowledge the pressing necessity of establishing a safer online environment that shields children from exploitation. The shift towards using "Child Sexual Exploitative and Abuse Material" (CSEAM) emphasizes the severity of the crime and the need for a vigilant response. The social media intermediaries must respect their commitment to report and remove exploitive content and must ensure compliance with POCSO and IT regulations. Furthermore, comprehensive, age-appropriate sex education can also be used as a preventive measure, educating young people about the moral and legal ramifications of sexual offences, encouraging respect and awareness and ensuring safer cyberspace. 

References

• https://www.scconline.com/blog/post/2024/09/23/storing-watching-child-pornography-crime-supreme-court-pocso-it-act/#:~:text=Supreme%20Court%3A%20The%20bench%20of,watching%20of%20such%20pornographic%20content
• https://timesofindia.indiatimes.com/india/supreme-court-viewing-child-porn-is-offence-under-pocso-it-acts/articleshow/113613572.cms
• https://bwlegalworld.com/article/dont-use-term-child-pornography-says-sc-urges-parliament-to-amend-pocso-act-534053  
• https://indianexpress.com/article/india/child-pornography-law-pocso-it-supreme-court-9583376/

‍

Introduction

The advancement of technology has brought about remarkable changes in the aviation industry, including the introduction of inflight internet access systems. While these systems provide passengers with connectivity during their flights, they also introduce potential vulnerabilities that can compromise the security of aircraft systems.

Inflight Internet Access Systems

Inflight internet access systems have become integral to the modern air travel experience, allowing passengers to stay connected even at 30,000 feet. However, these systems can also be attractive targets for hackers, raising concerns about the safety and security of aircraft operations.

The Vulnerabilities of Inflight Internet Access Systems:

Securing Networked Avionics

Avionics, the electronic systems that support aircraft operation, play a crucial role in flight safety and navigation. While networked avionics are designed with robust security measures, they are not invulnerable to cyber threats. Therefore, it is essential to implement comprehensive security measures to protect these critical systems.

1. Ensuring Robust Architecture: Networked avionics should be designed with a strong focus on security. Implementing secure network architectures, such as segmentation and isolation, can minimise the risk of unauthorised access and limit the potential impact of a breach.
2. Rigorous Security Testing: Avionics systems should undergo rigorous security testing to identify vulnerabilities and weaknesses. Regular assessments, penetration testing, and vulnerability scanning are essential to proactively address any security flaws.
3. Collaborative Industry Efforts: Collaboration between manufacturers, airlines, regulatory bodies, and security researchers is crucial in strengthening the security of networked avionics. Sharing information, best practices, and lessons learned can help identify and address emerging threats effectively.
4. Continuous Monitoring and Updtes: Networked avionics should be continuously monitored for any potential security breaches. Prompt updates and patches should be applied to address newly discovered vulnerabilities and protect against known attack vectors.

Best practices to be adopted for the security of  Aircraft Systems

1. Holistic Security Approach: Recognizing the interconnectedness of inflight internet access systems and networked avionics is essential. A holistic security approach should be adopted to address vulnerabilities in both systems and protect the overall aircraft infrastructure.
2. Comprehensive Security Measures: The security of inflight internet access systems should be on par with any other internet-connected device. Strong authentication, encryption, intrusion detection, and prevention systems should be implemented to mitigate risks and ensure the integrity of data transmissions.
3. Responsible Practices and Industry Collaboration: Encouraging responsible practices and fostering collaboration between security researchers and industry stakeholders can accelerate the identification and remediation of vulnerabilities. Open communication channels and a cooperative mindset are vital in addressing emerging threats effectively.
4. Robust Access Controls: Strong access controls, such as multi-factor authentication and role-based access, should be implemented to limit unauthorised access to avionics systems. Only authorised personnel should have the necessary privileges to interact with these critical systems.

Conclusion

Inflight internet access systems bring convenience and connectivity to air travel but also introduce potential risks to the security of aircraft systems. It is crucial to understand and address the vulnerabilities associated with these systems to protect networked avionics and ensure passenger safety. By implementing robust security measures, conducting regular assessments, fostering collaboration, and adopting a comprehensive approach to aircraft cybersecurity, the aviation industry can mitigate the risks and navigate the sky with enhanced safety and confidence. Inflight internet access systems and networked avionics are vital components of modern aircraft, providing connectivity and supporting critical flight operations. Balancing connectivity and cybersecurity is crucial to ensure the safety and integrity of aircraft systems.