Using incognito mode and VPN may still not ensure total privacy, according to expert

PUBLISHED ON
Feb 14, 2023
10

SVIMS Director and Vice-Chancellor B. Vengamma lighting a lamp to formally launch the cybercrime awareness programme conducted by the police department for the medical students in Tirupati on Wednesday.

An awareness meet on safe Internet practices was held for the students of Sri Venkateswara University University (SVU) and Sri Venkateswara Institute of Medical Sciences (SVIMS) here on Wednesday.

“Cyber criminals on the prowl can easily track our digital footprint, steal our identity and resort to impersonation,” cyber expert I.L. Narasimha Rao cautioned the college students.

Addressing the students in two sessions, Mr. Narasimha Rao, who is a Senior Manager with CyberPeace Foundation, said seemingly common acts like browsing a website, and liking and commenting on posts on social media platforms could be used by impersonators to recreate an account in our name.

Turning to the youth, Mr. Narasimha Rao said the incognito mode and Virtual Private Network (VPN) used as a protected network connection do not ensure total privacy as third parties could still snoop over the websites being visited by the users. He also cautioned them tactics like ‘phishing’, ‘vishing’ and ‘smishing’ being used by cybercriminals to steal our passwords and gain access to our accounts.

“After cracking the whip on websites and apps that could potentially compromise our security, the Government of India has recently banned 232 more apps,” he noted.

Additional Superintendent of Police (Crime) B.H. Vimala Kumari appealed to cyber victims to call 1930 or the Cyber Mitra’s helpline 9121211100. SVIMS Director B. Vengamma stressed the need for caution with smartphones becoming an indispensable tool for students, be it for online education, seeking information, entertainment or for conducting digital transactions.

Reference Link: https://www.thehindu.com/news/national/andhra-pradesh/students-cautioned-against-leaving-digital-footprint-at-cybercrime-awareness-meet-in-tirupati/article66486031.ece

PUBLISHED ON
Feb 14, 2023
Category
Data Privacy
TAGS
#
DataPrivacy
#
Incognito
#
VirtualPrivateNetworks(VPNs)

Related Blogs

Cyber interface
Key change in the Data protection bill
India's Digital Personal Data Protection Bill 2023 may change the age of consent for data processing to 14, raising concerns about children's data privacy
10
July 20, 2023

Introduction

According to a draft of the Digital Personal Data Protection Bill, 2023, the Indian government may have the authority to reduce the age at which users can agree to data processing to 14 years. Companies requesting consent to process children’s data, on the other hand, must demonstrate that the information is handled in a “verifiably safe” manner.

The Central Government might change the age limit for consent

The proposed Digital Personal Data Protection Bill 2022 in India attempts to protect child’s personal data under the age of 14 through several provisions. The proposed lower age of consent in India under the Digital Personal Data Protection Bill 2022 is to loosen relevant norms and fulfil the demands of Internet corporations. After a year, the government may reconsider the definition of a child with the goal of expanding coverage to children under the age of 14. The proposed shift in the age of consent has elicited varied views, with some experts suggesting that it might potentially expose children to data processing concerns.

The definition of a child is understood to have been amended in the data protection Bill, which is anticipated to be submitted in Parliament’s Monsoon session, to an “individual who has not completed the age of eighteen years or such lower age as the central government may notify.” A child was defined as an “individual who has not completed eighteen years of age” in the 2022 draft.

Under deemed consent, the government has also added the 'legitimate business interest' clause

This clause allows businesses to process personal data without obtaining explicit consent if it is required for their legitimate business interests. The measure recognises that corporations have legitimate objectives, such as innovation, that can be pursued without jeopardising privacy.

Change in Data Protection Boards

The Digital Personal Data Protection Bill 2022, India’s new plan to secure personal data, represents a significant shift in strategy by emphasising outcomes rather than legislative compliance. This amendment will strengthen the Data Protection Board’s position, as its judgments on noncompliance complaints will establish India’s first systematic jurisprudence on data protection. The Cabinet has approved the bill and may be introduced in Parliament in the Monsoon session starting on July 20.

The draft law leaves the selection of the Data Protection Board’s chairperson and members solely to the discretion of the central government, making it a central government set-up board. The government retains control over the board’s composition, terms of service, and so on. The bill does specify, however, that the Data Protection Board would be completely independent and will have a strictly adjudicatory procedure to adjudicate data breaches. It has the same status as a civil court, and its rulings can be appealed.

India's first regulatory body in Charge of preserving privacy

Some expected amendments to the law include a blacklist of countries to which Indian data cannot be transferred and fewer penalties for data breaches. The bill’s scope is limited to processing digital personal data within Indian territory, which means that any offline personal data and anything not digitised will be exempt from the legislation’s jurisdiction. Furthermore, the measure is silent on the governance of digital paper records.

Conclusion

The Digital Personal Data Protection Bill 2022 is a much-needed piece of legislation that will replace India’s current data protection regime and assist in preserving individuals’ rights. Central Government is looking for a change in the age for consent from 18 to 14 years. The bill underlines the need for verifiable parental consent before processing a child’s personal data, including those under 18. This section seeks to ensure that parents or legal guardians have a say in the processing of their child’s personal data.

#FactCheck-AI-Generated Video Falsely Shows Samay Raina Making a Joke on Rekha
#FactCheck-AI-Generated Video Falsely Shows Samay Raina Making a Joke on Rekha
#FactCheck-AI-Generated Video Falsely Shows Samay Raina Making a Joke on Rekha
10
February 21, 2025

Executive Summary:

A viral video circulating on social media that appears to be deliberately misleading and manipulative is shown to have been done by comedian Samay Raina casually making a lighthearted joke about actress Rekha in the presence of host Amitabh Bachchan which left him visibly unsettled while shooting for an episode of Kaun Banega Crorepati (KBC) Influencer Special. The joke pointed to the gossip and rumors of unspoken tensions between the two Bollywood Legends. Our research has ruled out that the video is artificially manipulated and reflects a non genuine content. However, the specific joke in the video does not appear in the original KBC episode. This incident highlights the growing misuse of AI technology in creating and spreading misinformation, emphasizing the need for increased public vigilance and awareness in verifying online information.

Claim:

The claim in the video suggests that during a recent "Influencer Special" episode of KBC, Samay Raina humorously asked Amitabh Bachchan, "What do you and a circle have in common?" and then delivered the punchline, "Neither of you and circle have Rekha (line)," playing on the Hindi word "rekha," which means 'line'.ervicing routes between Amritsar, Chandigarh, Delhi, and Jaipur. This assertion is accompanied by images of a futuristic aircraft, implying that such technology is currently being used to transport commercial passengers.

Fact Check:

To check the genuineness of the claim, the whole Influencer Special episode of Kaun Banega Crorepati (KBC) which can also be found on the Sony Set India YouTube channel was carefully reviewed. Our analysis proved that no part of the episode had comedian Samay Raina cracking a joke on actress Rekha. The technical analysis using Hive moderator further found that the viral clip is AI-made.

Conclusion:

A viral video on the Internet that shows Samay Raina making a joke about Rekha during KBC was released and completely AI-generated and false. This poses a serious threat to manipulation online and that makes it all the more important to place a fact-check for any news from credible sources before putting it out. Promoting media literacy is going to be key to combating misinformation at this time, with the danger of misuse of AI-generated content.

  • Claim: Fake AI Video: Samay Raina’s Rekha Joke Goes Viral
  • Claimed On: X (Formally known as Twitter)
  • Fact Check: False and Misleading
WazirX Hack: A Critical Alert for Crypto Security
WazirX Hack: A Critical Alert for Crypto Security
10
July 30, 2024

Overview:

WazirX is the platform for cryptocurrencies, based in India that has been hacked, and it made a loss of more than $230 million in cryptocurrency. This case concerned an unauthorized transaction with a multisignature or multisig, wallet controlled through Liminal’a digital asset management platform. These attacking incidents have thereafter raised more questions on the security of the Cryptocurrency exchanges and efficiency of the existing policies and laws.

Wallet Configuration and Security Measures

This wallet was breached and had a multisig setting meaning that more than one signature was needed to authorize a transaction. Specifically, it had six signatories: five are funded by WazirX and one is funded by Liminal. Every transaction needed the approval of at least three signatories of WazirX, all of whom had addressed security concerns by using Ledger’s hardware wallets; while the Liminal, too, had a signatory, for approval.

To further increase the level of security of the transactions, a whitelisting policy was introduced, only limited addresses were authorized to receive funds. This system was rather vulnerable, and the attackers managed to grasp the discrepancy between the information available through Liminal’s interface and the content of the transaction to seize unauthorized control over the wallet and implement the theft.

Modus Operandi: Attack Mechanics

The cyber attack appears to have been carefully carried out, with preliminary investigations suggesting the following tactics: 

  • Payload Manipulation: The attackers apparently substituted the transaction’s payload during signing; hence, they can reroute the collected funds into an unrelated wallet. 
  • Chain Hopping: To make it much harder to track their movements, the attackers split large amounts of money across multiple blockchains and broke tens of thousands of dollars into thousands of transactions involving different cryptocurrencies. This technique makes it difficult to trace people and things. 
  • Zero Balance Transactions: There were also some instances where it ended up with no Ethereum (ETH) in the balance and such wallets also in use for the purpose of further anonymization of the transactions.
  • Analysis of the blockchain data suggested the enemy might have been making the preparations for this attack for several days prior to their attack and involved a high amount of planning. 

Actions taken by WazirX:

Following the attack, WazirX implemented a series of immediate actions:

  • User Notifications: The users were immediately notified of the occurrence of the breach and the possible risk it posed to them. 
  • Law Enforcement Engagement: The matters were reported to the National Cyber Crime Reporting Portal and specific authorities of which the Financial Intelligence Unit (FIU) and the Computer Emergency Response Team (CERT-In). 
  • Service Suspension: WazirX had suspended all its trading operations and user deposits’ and withdrawals’ to minimize further cases and investigate. 
  • Global Outreach: The exchange contacted more than 500 cryptocurrency exchanges and requested to blacklist the wallet’s addresses linked to the theft. 
  • Bounty Program: A bounty program was announced to encourage people to share information that can enable the authorities to retrieve the stolen money. A maximum of 23 million dollars was placed on the bounty. 

Further  Investigations 

WazirX stated that it has contracted the services of cybersecurity professionals to help in the prosecution process of identifying and compensating for the losses. The exchange is still investigating the forensic data and working with the police for tracking the stolen assets. Nevertheless, the prospects of full recovery may be quite questionable primarily because of complexity of the attack and the methods used by the attackers. 

Precautionary measures: 

 The WazirX cyber attack clearly implies that there is the necessity to improve the security and the regulation of the cryptocurrency industry. As exchanges become increasingly targeted by hackers, there is a pressing need for: 

  • Stricter Security Protocols: The commitment to technical innovations, such as integration of MFA, as well as constant monitoring of the users’ wallets’ activities. 
  • Regulatory Oversight: Formalization of the laws that require proper security for the cryptocurrency exchange platforms to safeguard their users as well as their investments. 
  • Community Awareness: To bypass such predicaments, there is a need to study on emergent techniques in spreading awareness, particularly in cases of scams or phishing attempts that are likely to follow such breaches. 

Conclusion:

The cyber attack on WazirX in the field of cryptocurrency market, shows weaknesses and provides valuable lessons for enhancing the security.  This attack highlights critical vulnerabilities in cryptocurrency exchanges, even though employing advanced security measures like multisignature wallets and whitelisting policies. The attack's complexity, involving payload manipulation, chain hopping, and zero balance transactions, underscores the attackers' meticulous planning and the challenges in tracing stolen assets. This case brings a strong message regarding the necessity of solid security measures, and constant attention to security in the rapidly growing world of digital assets. Furthermore, the incident highlights the importance of community awareness and education on emerging threats like scams and phishing attempts, which usually follow such breaches. By fostering a culture of vigilance and knowledge, the cryptocurrency community can better defend against future attacks.

Reference:

https://wazirx.com/blog/important-update-cyber-attack-incident-and-measures-to-protect-your-assets/

https://www.moneycontrol.com/news/opinion/the-230-million-crypto-theft-at-wazirx-is-a-wake-up-call-for-indian-regulators-government-12772563.html

https://www.linkedin.com/pulse/wazirx-cyberattack-in-depth-analysis-jyqxf

Become a part of our vision to make the digital world safe for all!

Numerous avenues exist for individuals to unite with us and our collaborators in fostering  global cyber security

Awareness

Stay Informed: Elevate Your Awareness with Our Latest Events and News Articles Promoting Cyber Peace and Security.

CyberPeace Corps Induction Workshop
The Missing Link Trust to combat online child trafficking
Cyber Safety Carnival
Safer Internet Day 2023
Indian schools and colleges under digital siege: Massive cyber breach crisis exposed
Over 2 lack cyberattacks, 4 lakh data breaches hit Indian educational institutions in 9 months
Lessons in Cybersecurity Required: 2 Lakh Cyberattacks Shake Indian Education Sector in Just Nine Months
2 lakh cyberattacks, 4 lakh data breaches in Indian educational sector in 9 months

Engagement

Your institution or organization can partner with us in any one of our initiatives or policy research activities and complement the region-specific resources and talent we need.

Discover ways to collaborate
Request for Proposals

Play your part for CyberPeace

Donate to us directly to help us build more pioneering initiatives.

Donate Now