Viral Video Claiming Snowfall Near Ambience Mall in Gurugram Is Misleading

Introduction

In the vast, cosmic-like expanse of international relations, a sphere marked by the gravitational pull of geopolitical interests, a singular issue has emerged, casting a long shadow over the fabric of Indo-Canadian diplomacy. It is a narrative spun from an intricate loom, interlacing the yarns of espionage and political machinations, shadowboxing with the transient, yet potent, specter of state-sanctioned violence. The recent controversy undulating across this geopolitical landscape owes its origins to the circulation of claims which the Indian Ministry of External Affairs (MEA) vehemently dismisses as a distorted tapestry of misinformation—a phantasmagoric fable divorced from reality. 

This maelstrom of contention orbits around the alleged existence of a 'secret memo', a document reportedly dispatched with stealth from the helm of the Indian government to its consulates peppered across the vast North American continent. This mysterious communique, assuming its spectral presence within the report, was described as a directive catalyzing a 'sophisticated crackdown scheme' against specific Sikh diaspora organizations. A proclamation that MEA has repudiated with adamantine certainty, branding the report as a meticulously fabricated fiction.

THE MEA Stance 

The official statement from the Indian Ministry of External Affairs (MEA) emerged as a paragon of clarity cutting through the dense fog of accusations, 'We strongly assert that such reports are fake and emphatically concocted. The referenced memo is non-existent. This narrative is a chapter in the protracted saga of a disinformation campaign aimed against India.' The outlet responsible for airing this contentious story, as per the Indian authorities, has a historical penchant for circulating narratives aligned with the interests of rival intelligence agencies, particularly those associated with Pakistani strategic circles—a claim infusing yet another complex layer to the situation at hand.

The report that catapulted itself onto the stage with the force of an untamed tempest insists the 'secret memo' was decked with several names—all belonging to individuals under the hawk-like gaze of Indian intelligence. 

The Plague of Disinformation

The profoundly intricate confluence of diplomacy is one that commands grace, poise, and an acute sense of balance—nations effortlessly tip-toeing around sensitivities, proffering reciprocity and an equitable stance within the grand ballroom of international affairs. Hence, when S. Jaishankar, India's Minister of External Affairs, found himself fielding inquiries on the perceived inconsistent treatment afforded to Canada compared to the US—despite similar claims emanating from both—his response was the embodiment of diplomatic discretion: 'As far as Canada is concerned, there was a glaring absence of specific evidence or inputs provided to us. The robust question of equitable treatment between two nations, where only one has furnished substantive input and the other has not, is naturally unmerited.'

The articulation from the Ministry's spokesperson, Arindam Bagchi, further solidified India's stance. He calls into question the credibility of The Intercept—the publication that initially disseminated the report—accusing it of acting as a vessel for 'invented narratives' propagated under the auspices of Pakistani intelligence interests.

Conclusion 

In the grand theater of international politics, the distinction between reality and deception is frequently obscured by the heavy drapes of secrecy and diplomatic guile. The persistent denial by the Indian government of any 'secret memo' serves as a critical reminder of the blurred lines between narrative and counter-narrative in the global concert of power and persuasion. As observant spectators within the arena of world politics, we are endowed with the unenviable task of untangling the convoluted web of claims and counterclaims, hoping to uncover the enduring truths that linger therein. In this domain of authentic and imaginary tales, the only unwavering certainty is the persistent rhythm of diplomatic interplay and the subtle shadows it casts upon the international stage. The Ministry of External Affairs fact-checked a claim on the secret memo, rubbishing it as fake and fabricated. The government has said there is a deliberate disinformation campaign that has been on against India. 

References

• https://timesofindia.indiatimes.com/india/mea-denies-report-it-issued-secret-memo-on-nijjar-to-missions/articleshow/105884217.cms?from=mdr
• https://www.hindustantimes.com/india-news/india-denies-secret-memo-against-nijjar-report-peddled-by-pak-intelligence-101702229753576.html

Introduction

Cybersecurity threats have been globally prevalent for quite some time now. All nations, organisations and individuals stand at risk from new and emerging potential cybersecurity threats, putting finances, privacy, data, identities and sometimes human lives at stake. The latest Data Breach Report by IBM revealed that nearly a staggering 83% of organisations experienced more than one data breach instance during 2022. As per the 2022 Data Breach Investigations Report by Verizon, the total number of global ransomware attacks surged by 13%, indicating a concerning rise equal to the last five years combined. The statistics clearly showcase how the future is filled with potential threats as we advance further into the digital age.  

Who is Okta?  

Okta is a secure identity cloud that links all your apps, logins and devices into a unified digital fabric. Okta has been in existence since 2009 and is based out of San Francisco, USA and has been one of the leading service providers in the States. The advent of the company led to early success based on the high-quality services and products introduced by them in the market. Although Okta is not as well-known as the big techs, it plays a vital role in big organisations' cybersecurity systems. More than 18,000 users of the identity management company's products rely on it to give them a single login for the several platforms that a particular business uses. For instance, Zoom leverages Okta to provide "seamless" access to its Google Workspace, ServiceNow, VMware, and Workday systems with only one login, thus showing how Okta is fundamental in providing services to ease the human effort on various platforms. In the digital age, such organisations are instrumental in leading the pathway to innovation and entrepreneurship. 

The Okta Breach

The last Friday, 20 October, Okta reported a hack of its support system, leading to chaos and havoc within the organisation. The result of the hack can be seen in the market in the form of the massive losses incurred by Okta in the stock exchange. 

Since the attack, the company's market value has dropped by more than $2 billion. The well-known incident is the most recent in a long line of events connected to Okta or its products, which also includes a wave of casino invasions that caused days-long disruptions to hotel rooms in Las Vegas, casino giants Caesars and MGM were both affected by hacks as reported earlier this year. Both of those attacks, targeting MGM and Caesars’ Okta installations, used a sophisticated social engineering attack that went through IT help desks.

What can be done to prevent this? 

Cybersecurity attacks on organisations have become a very common occurrence ever since the pandemic and are rampant all across the globe. Major big techs have been successful in setting up SoPs, safeguards and precautionary measures to protect their companies and their digital assets and interests. However, the Medium, Mico and small business owners are the most vulnerable to such unknown high-intensity attacks. The governments of various nations have established Computer Emergency Response Teams to monitor and investigate such massive-scale cyberattacks both on organisations and individuals. The issue of cybersecurity can be better addressed by inculcating the following aspects into our daily digital routines: 

• Team Upskilling: Organisations need to be critical in creating upskilling avenues for employees pertaining to cybersecurity and threats. These campaigns should be run periodically, focusing on both the individual and organisational impact of any threat.  
• Reporting Mechanism for Employees and Customers: Business owners and organisations need to deploy robust, sustainable and efficient reporting mechanisms for both employees well as customers. The mechanism will be fundamental in pinpointing the potential grey areas and threats in the cyber security mechanism as well. A dedicated reporting mechanism is now a mandate by a lot of governments around the world as it showcases transparency and natural justice in terms of legal remedies.  
• Preventive, Precautionary and Recovery Policies: Organisations need to create and deploy respective preventive, precautionary and recovery policies in regard to different forms of cyber attacks and threats. This will be helpful in a better understanding of threats and faster response in cases of emergencies and attacks. These policies should be updated regularly, keeping in mind the emerging technologies. Efficient deployment of the policies can be done by conducting mock drills and threat assessment activities.  
• Global Dialogue Forums: It is pertinent for organisations and the industry to create a community of cyber security enthusiasts from different and diverse backgrounds to address the growing issues of cyberspace; this can be done by conducting and creating global dialogue forums, which will act as the beacon of sharing best practices, advisories, threat assessment reports, potential threats and attacks thus establishing better inter-agency and inter-organisation communication and coordination.  
• Data Anonymisation and Encryption: Organisations should have data management/processing policies in place for transparency and should always store data in an encrypted and anonymous manner, thus creating a blanket of safety in case of any data breach.
• Critical infrastructure: The industry leaders should push the limits of innovation by setting up state-of-the-art critical cyber infrastructure to create employment, innovation, and entrepreneurship spirit among the youth, thus creating a whole new generation of cyber-ready professionals and dedicated netizens. Critical infrastructures are essential in creating a safe, secure, resilient and secured digital ecosystem. 
• Cysec Audits & Sandboxing: All organisations should establish periodic routines of Cybersecurity audits, both by internal and external entities, to find any issue/grey area in the security systems. This will create a more robust and adaptive cybersecurity mechanism for the organisation and its employees. All tech developing and testing companies need to conduct proper sandboxing exercises for all or any new tech/software creation to identify its shortcomings and flaws. 

‍Conclusion 

In view of the rising cybersecurity attacks on organisations, especially small and medium companies, a lot has been done, and a lot more needs to be done to establish an aspect of safety and security for companies, employees and customers. The impact of the Okta breach very clearly show how cyber attacks can cause massive repercussion for any organisation in the form of monetary loss, loss of business, damage to reputation and a lot of other factors. One should take such instances as examples and learnings for ourselves and prepare our organisation to combat similar types of threats, ultimately working towards preventing these types of threats and eradicating the influence of bad actors from our digital ecosystem altogether. 

‍

References: 

• https://hbr.org/2023/05/the-devastating-business-impacts-of-a-cyber-breach#:~:text=In%202022%2C%20the%20global%20average,legal%20fees%2C%20and%20audit%20fees.
• https://www.okta.com/intro-to-okta/#:~:text=Okta%20is%20a%20secure%20identity,use%20to%20work%2C%20instantly%20available.
• https://www.cyberpeace.org/resources/blogs/mgm-resorts-shuts-down-it-systems-after-cyberattack

‍

‍

What Is a VPN and its Significance 

A Virtual Private Network (VPN) creates a secure and reliable network connection between a device and the internet. It hides your IP address by rerouting it through the VPN’s host servers. For example, if you connect to a US server, you appear to be browsing from the US, even if you’re in India. It also encrypts the data being transferred in real-time so that it is not decipherable by third parties such as ad companies, the government, cyber criminals, or others.

All online activity leaves a digital footprint that is tracked for data collection, and surveillance, increasingly jeopardizing user privacy. VPNs are thus a powerful tool for enhancing the privacy and security of users, businesses, governments and critical sectors. They also help protect users on public Wi-Fi networks ( for example, at airports and hotels), journalists, activists and whistleblowers, remote workers and businesses, citizens in high-surveillance states, and researchers by affording them a degree of anonymity. 

What VPNs Do and Don’t 

‍

•  What VPNs Can Do:
  
  • Mask your IP address to enhance privacy.
  • Encrypt data to protect against hackers, especially on public Wi-Fi.
  • Bypass geo-restrictions (e.g., access streaming content blocked in India).
•  What VPNs Cannot Do:
  
  • Make you completely anonymous and protect your identity (websites can still track you via cookies, browser fingerprinting, etc.).
  • Protect against malware or phishing.
  • Prevent law enforcement from tracing you if they have access to VPN logs.
  • Free VPNs usually even share logs with third parties. 

VPNs in the Context of India’s Privacy Policy Landscape 

In April 2022, CERT-In (Computer Emergency Response Team- India) released Directions under Section 70B (6) of the Information Technology (“IT”) Act, 2000, mandating VPN service providers to store customer data such as “validated names of subscribers/customers hiring the services, period of hire including dates, IPs allotted to / being used by the members, email address and IP address and time stamp used at the time of registration/onboarding, the purpose for hiring services, validated address and contact numbers, and the ownership pattern of the subscribers/customers hiring services” collected as part of their KYC (Know Your Customer) requirements, for a period of five years, even after the subscription has been cancelled. While this directive was issued to aid with cybersecurity investigations, it undermines the core purpose of VPNs- anonymity and privacy. It also gave operators very little time to carry out compliance measures. 

Following this, operators such as NordVPN, ExpressVPN, ProtonVPN, and others pulled their physical servers out of India, and now use virtual servers hosted abroad (e.g., Singapore) with Indian IP addresses. While the CERT-In Directions have extra-territorial applicability, virtual servers are able to bypass them since they physically operate from a foreign jurisdiction. This means that they are effectively not liable to provide user information to Indian investigative agencies, beating the whole purpose of the directive. To counter this, the Indian government could potentially block non-compliant VPN services in the future. Further, there are concerns about overreach since the Directions are unclear about how long CERT-In can retain the data it acquires from VPN operators, how it will be used and safeguarded, and the procedure of holding VPN operators responsible for compliance. 

Conclusion: The Need for a Privacy-Conscious Framework

The CERT-In Directions reflect a governance model which, by prioritizing security over privacy, compromises on safeguards like independent oversight or judicial review to balance the two. The policy design renders a lose-lose situation because virtual VPN services are still available, while the government loses oversight. If anything, this can make it harder for the government to track suspicious activity.  It also violates the principle of proportionality established in the landmark privacy judgment, Puttaswamy v. Union of India (II) by giving government agencies the power to collect excessive VPN data on any user. These issues underscore the need for a national-level, privacy-conscious cybersecurity framework that informs other policies on data protection and cybercrime investigations. In the meantime, users who use VPNs are advised to choose reputable providers, ensure strong encryption, and follow best practices to maintain online privacy and security.

References 

• https://www.kaspersky.com/resource-center/definitions/what-is-a-vpn 
• https://internetfreedom.in/top-secret-one-year-on-cert-in-refuses-to-reveal-information-about-compliance-notices-issued-under-its-2022-directions-on-cybersecurity/#:~:text=tl;dr,under%20this%20new%20regulatory%20mandate. 
• https://www.wired.com/story/vpn-firms-flee-india-data-collection-law/#:~:text=Starting%20today%2C%20the%20Indian%20Computer,years%2C%20even%20after%20they%20have

‍