#FactCheck - 2013 Aircraft Video Misleadingly Shared as Ajit Pawar’s Plane Accident

About Global Commission on Internet Governance 

The Global Commission on Internet Governance was established in January 2014 with the goal of formulating and advancing a strategic vision for Internet governance going forward. Independent research on Internet-related issues of international public policy is carried out and supported over the two-year initiative. An official commission report with particular policy recommendations for the future of Internet governance will be made available as a result of this initiative.

There are two goals for the Global Commission on Internet Governance. First, it will encourage a broad and inclusive public discussion on how Internet governance will develop globally. Second, through its comprehensive policy-oriented report and the subsequent marketing of this final report, the Global Commission on Internet Governance will present its findings to key stakeholders at major Internet governance events.‍

‍The Internet: exploring the world wide web and the deep web

The Internet can be thought of as a vast networking infrastructure, or network of networks. By linking millions of computers worldwide, it creates a network that allows any two computers, provided they are both online, to speak with one another.

The Hypertext Transfer Protocol is the only language spoken over the Internet and is used by the Web to transfer data. Email, which depends on File Transfer Protocol, Usenet newsgroups, Simple Mail Transfer Protocol, and instant messaging, is also used on the Internet—not the Web. Thus, even though it's a sizable chunk, the Web is only a part of the Internet [1]. In summary, the deep Web is the portion of the Internet that is not visible to the naked eye. It is stuff from the World Wide Web that isn't available on the main Web. Standard search engines cannot reach it. More than 500 times larger than the visible Web is this enormous subset of the Internet [1-2].

The Global Commission on Internet Governance will concentrate on four principal themes:

• Improving the legitimacy of government, including standards and methods for regulation;

• Promoting economic innovation and expansion, including the development of infrastructure, competition laws, and vital Internet resources; 

• Safeguarding online human rights, including establishing the idea of technological neutrality for rights to privacy, human rights, and freedom of expression;

• Preventing systemic risk includes setting standards for state behaviour, cooperating with law enforcement to combat cybercrime, preventing its spread, fostering confidence, and addressing disarmament-related issues.

Dark Web 

The part of the deep Web that has been purposefully concealed and is unreachable using conventional Web browsers is known as the "dark Web." Dark Web sites are a platform for Internet users who value their anonymity since they shield users from prying eyes and typically utilize encryption to thwart monitoring. The Tor network is a well-known source for content that may be discovered on the dark web. Only a unique Web browser known as the Tor browser is required to access the anonymous Tor network (Tor 2014). It was a technique for anonymous online communication that the US Naval Research Laboratory first introduced as The Onion Routing (Tor) project in 2002. Many of the functionality offered by Tor are also available on I2P, another network. On the other hand, I2P was intended to function as a network inside the Internet, with traffic contained within its boundaries. Better anonymous access to the open Internet is offered by Tor, while a more dependable and stable "network within the network" is provided by I2P [3].

Cybersecurity in the dark web

Cyber crime is not any different than crime in the real world — it is just executed in a new medium: “Virtual criminality’ is basically the same as the terrestrial crime with which we are familiar. To be sure, some of the manifestations are new. But a great deal of crime committed with or against computers differs only in terms of the medium. While the technology of implementation, and particularly its efficiency, may be without precedent, the crime is fundamentally familiar. It is less a question of something completely different than a recognizable crime committed in a completely different way [4].”

Dark web monitoring

The dark Web, in general, and the Tor network, in particular, offer a secure platform for cybercriminals to support a vast amount of illegal activities — from anonymous marketplaces to secure means of communication, to an untraceable and difficult to shut down infrastructure for deploying malware and botnets.

As such, it has become increasingly important for security agencies to track and monitor the activities in the dark Web, focusing today on Tor networks, but possibly extending to other technologies in the near future. Due to its intricate webbing and design, monitoring the dark Web will continue to pose significant challenges. Efforts to address it should be focused on the areas discussed below [5].

Hidden service directory of dark web

A domain database used by both Tor and I2P is based on a distributed system called a "distributed hash table," or DHT. In order for a DHT to function, its nodes must cooperate to store and manage a portion of the database, which takes the shape of a key-value store. Owing to the distributed character of the domain resolution process for hidden services, nodes inside the DHT can be positioned to track requests originating from a certain domain [6].

Conclusion

The deep Web, and especially dark Web networks like Tor (2004), offer bad actors a practical means of transacting in products anonymously and lawfully.

The absence of discernible activity in non-traditional dark web networks is not evidence of their nonexistence. As per the guiding philosophy of the dark web, the actions are actually harder to identify and monitor. Critical mass is one of the market's driving forces. It seems unlikely that operators on the black Web will require a great degree of stealth until the repercussions are severe enough, should they be caught. It is possible that certain websites might go down, have a short trading window, and then reappear, which would make it harder to look into them.

References

1. Ciancaglini, Vincenzo, Marco Balduzzi, Max Goncharov and Robert McArdle. 2013. “Deepweb and Cybercrime: It’s Not All About TOR.” Trend Micro Research Paper. October. 
2. Coughlin, Con. 2014. “How Social Media Is Helping Islamic State to Spread Its Poison.” The Telegraph, November 5. 
3. Dahl, Julia. 2014. “Identity Theft Ensnares Millions while the Law Plays Catch Up.” CBS News, July 14. 
4. Dean, Matt. 2014. “Digital Currencies Fueling Crime on the Dark Side of the Internet.” Fox Business, December 18.
5. Falconer, Joel. 2012. “A Journey into the Dark Corners of the Deep Web.” The Next Web, October 8. 
6. Gehl, Robert W. 2014. “Power/Freedom on the Dark Web: A Digital Ethnography of the Dark Web Social Network.” New Media & Society, October 15. http://nms.sagepub.com/content/early/2014/ 10/16/1461444814554900.full#ref-38.

‍

Introduction

Significantly, in March 2023, the Prevention of Money Laundering Act, 2002's regulations placed Virtual Digital Asset Service Providers functioning located under the purview of the Anti Money Laundering/Counter Financing of Terrorism (AML-CFT) scheme. An important step toward controlling VDA SP operations and guaranteeing adherence to Anti-Money Laundering and Combating the Financing of Terrorism (AML-CFT) regulations.

The significance of AML-CFT procedures

The AML-CFT framework's incorporation of Virtual Digital Asset Service Providers (VDA SPs) is essential for protecting the banking industry from illegal activities including the laundering of funds and counter-financing of terrorist attacks. These regulations become more crucial as the market for digital assets develops and becomes more well-known.

The practice of money laundering is hiding the source of the sum received illegally, thus it's critical to have strict policies in place to track down and stop these kinds of operations. Furthermore, funding for terrorism is a serious danger to international safety, hence stopping the flow of money to terrorist companies is a top concern for global officials.

The goal of policymakers' move to include VDA SPs in the AML-CFT architecture is to set up control and surveillance procedures that will guarantee these organisations' open and honest operations. This involves tracking transactions, flagging questionable activity, and conducting extensive customer investigations. Incorporating such procedures not only reduces the potential for financial crimes but also builds confidence and trust in the electronic asset market.

It is important to see the significance of AML-CFT procedures and the changes in the legal framework to reflect the evolving characteristics of digital currencies. These procedures are essential to preserving the reliability and safety of the wider banking system.

Notifications of Compliance Show Cause

Under Section 13 of the PMLA Act 2002, FIU IND sent adherence Show Cause Notices to nine offshore Virtual Digital Asset Service Providers (VDA SPs) as part of its dedication to upholding compliance with regulations. This affirmative step requires organisations to be scrutinised and attempted to bring them under inspection.

Governmental Response

The Director of FIU IND has addressed the Secretary of the Ministry of Electronics and Information Technology to take further measures due to the disregard of offshore firms. According to the notification, URLs connected to these organisations that operate in India in violation of the PML Act's requirements must be blocked. 

Mandatory Registration for VDA SPs

Virtual Digital Asset Service Providers (both onshore and offshore) who perform a range of operations, including the trading of digital goods for monetary currencies, the distribution of digital currency, and the management or preservation of electronic assets, are now obliged to register with FIU.

Range of Statutory Responsibilities

In accordance with the PML Act, VDA SPs are subject to several requirements, including documentation, disclosure, and other duties. One of their responsibilities is to register with the FIU IND. The primary focus is on guaranteeing that VDA SPs comply with AML-CFT protocols, hence enhancing the general reliability of the banking industry.

Difficulties with Offshore Compliance

There are many obstacles in guaranteeing that offshore organisations comply with Anti Money Laundering/Counter Financing of Terrorism (AML-CFT), chief amongst them being their unwillingness to undergo registration. Some overseas Virtual Digital Asset Service Providers (VDA SPs) have been reluctant to comply with the existing rules and regulations, even though they cater to a significant number of Indian users. There are several reasons for this hesitation, such as worries about heightened monitoring, the expense of compliance, and the apparent complexity of governmental processes. Regulatory organisations have taken steps to close the discrepancy between offshore businesses' real activities and the regulations they must follow. In addition to maintaining the trustworthiness of the economic system, resolving the issues with offshore adherence is essential for promoting confidence and openness in the market for electronic assets.

Conclusion

FIU IND has demonstrated its dedication to creating an effective regulatory framework for Virtual Digital Asset Service Providers through its recent measures. India hopes to fortify its countermeasures against money laundering and safeguard the financial well-being of its users by expanding the AML-CFT legislation to offshore firms. The continuous efforts to restrict the URLs of non-compliant companies show a proactive approach to stopping illicit activity and fostering a safe and law-abiding virtual asset ecosystem. The safety and soundness of the banking sector will be crucially maintained by laws and regulations as the digital world develops.

References

• https://pib.gov.in/PressReleasePage.aspx?PRID=1991372
• https://www.thehindubusinessline.com/books/reviews/business-economy/fiu-ind-issues-compliance-showcause-notices-to-nine-offshore-vda-sps/article67684613.ece
• https://business.outlookindia.com/news/fiu-issues-notice-to-9-offshore-crypto-platforms-writes-to-meity-for-blocking-of-urls

Executive Summary:

On July 4, 2024, a giant password dump,  “RockYou2024” was posted on a cybercrime marketplace containing 9,948,575,739 plain-text credentials. This blog explains the technical aspects of this leakage and its consequences in the sphere of information security. 

RockYou2024 is a list of passwords obtained from different data breaches ranging over the course of more than twenty years. It integrates older passwords with the lexical database with the additional passwords from the recent hacks, thereby, cumulating the database of genuine and existing passwords. The compilation is said to contain data from more than 4,000 databases putting the tool in the hands of potential attackers. RockYou owns the name to this type of attack since a data breach attacked a social media company named , “RockYou'' and released  3.2 million users’ passwords as a .txt file. Since then, the term gained a common meaning connected with mass password data breaches. 

Technical Implications:

• Credential Stuffing Attacks: The RockYou2024 list comprises a great number of actual passwords that increases the likelihood of credential stuffing attacks. With this, the attackers help themselves with an opportunity to try to gain unlawful access into several online accounts that a user may have, particularly ones where an individual re-uses the same password. 

• Brute-Force Attacks: The collection is extensive for brute force attack on systems that have no protection against such exercise. This is especially the case for devices and services that are exposed to the internet and which may use either weak or factory-set alphanumeric codes. 

• Password Cracking: Web compilations that include such lists are often employed by security specialists and penetration testers who use John the Ripper or Hashcat to check the password’s strength or the system’s susceptibility to attacks. 

• Machine Learning Models: The dataset could be used to create machine learning models for password prediction or analysis, which would only lead to further better methods to be used in the attacks. 

Countermeasures / Mitigation:

Below are the technical risk/process operating proposed to reduce the risks associated with RockYou2024: 

• Password Hashing: It is necessary to ensure that all the passwords required to be saved should be encrypted in one of the most secure algorithms like bcrypt, Argon2, or PBKDF2 along with a reasonable number of iterations. 

• Salt and Pepper: The features for both salting and peppering should also be enabled to complicate the cracking of passwords even after the hashed password databases have been procured. 

• Multi-Factor Authentication (MFA): Ensure the usage of complex passwords in addition to deploying MFA across all the technological systems and services within the company. 

• Password Strength Policies: Adhere to  password policies for features  like the length, strength of the passwords and the change in password frequency. 

• Rate Limiting and Account Lockouts: Inactivity methods must be used on consecutive attempts to log in and to the temporary lock out after so many attempts in a bid to discourage brute force attacks. 

• Monitoring and Alerting: There should be measures in place to monitor for any violations such as login tappings or a form of credential stuffings and there should be alerts, where securities risks are likely to arise, in real time. 

• API Security: The following proper API security measures that will result in the prevention of the following attacks; rate limiting, input validation, and token. 

• Web Application Firewalls (WAF): To defend against threats from the internet for potential credential stuffing or brute-forcing the authentication process, utilize WAFs to operate at the application layer. 

Analyzing the Impact:

To understand the potential impact of RockYou2024, organizations should assess the possible effects of RockYou2024, such as: 

• Conduct Password Audits: LeakYou2024 scan current passwords database with RockYou2024 (in ethical and safe methods) and see which accounts have been compromised. 

• Implement Continuous Monitoring: If this is a monthly or weekly event then there must be new information on data breaches and act on it concerning new security changes. 

• Educate Users: Continued security consciousness training, regarding the effective protection of an individual’s password in combination with a password generator. 

• Perform Penetration Testing: It is suggested to conduct penetration testing at least twice a year to find out if there are vulnerabilities in the systems and applications in the current use. 

Conclusion:

The RockYou2024 leaked password database is a serious security risk; it contains almost 10 billion account credentials. This unprecedented leak further increases the exposure to credential stuffing, brute force and password cracking attacks. To deal with these threats, organizations need to have measures that include password hashing, multi-factor authentication, password strengthening and password audit. Patching, user awareness, bandit activities are imperative to prevent future invasions and strengthen the cyber security posture.

References :

• https://statanalytica.com/blog/rockyou-2024-txt-password/
• https://dig.watch/updates/rockyou2024-password-leak-exposes-nearly-10-billion-unique-passwords
• https://complexdiscovery.com/rockyou2024-leak-nearly-10-billion-passwords-exposed-heightening-cybersecurity-risks-for-businesses/

‍