#FactCheck - An edited video of Bollywood actor Ranveer Singh criticizing PM getting viral

Introduction

This tale, the Toothbrush Hack, straddles the ordinary and the sophisticated; an unassuming household item became the tool for committing cyber crime. Herein lies the account of how three million electronic toothbrushes turned into the unwitting infantry in a cyber skirmish—a Distributed Denial of Service (DDoS) assault that flirted with the thin line that bridges the real and the outlandish.

In January, within the  Swiss borders, a story began circulating—first reported by the Aargauer Zeitung, a Swiss German-language daily newspaper. A legion of cybercriminals, with honed digital acumen, had planted malware on some three million electric toothbrushes. These devices, mere slivers of plastic and circuitry, became agents of chaos, converging their electronic requests upon the servers of an undisclosed Swiss firm, hurling that digital domain into digital blackout for several hours and wreaking an economic turmoil calculated in seven-figure sums.

The entire Incident

It was claimed that three million electric toothbrushes were allegedly used for a distributed denial-of-service (DDoS) attack, first reported by the Aargauer Zeitung, a Swiss German-language daily newspaper. The article claimed that cybercriminals installed malware on the toothbrushes and used them to access a Swiss company's website, causing the site to go offline and causing significant financial loss. However, cybersecurity experts have questioned the veracity of the story, with some describing it as "total bollocks" and others pointing out that smart electric toothbrushes are connected to smartphones and tablets via Bluetooth, making it impossible for them to launch DDoS attacks over the web. Fortinet clarified that the topic of toothbrushes being used for DDoS attacks was presented as an illustration of a given type of attack and that no IoT botnets have been observed targeting toothbrushes or similar embedded devices.

The Tech Dilemma - IOT Hack

Imagine the juxtaposition of this narrative against our common expectations of technology: 'This example, which could have been from a cyber thriller, did indeed occur,' asserted the narratives that wafted through the press and social media. The story radiated outward with urgency, painting the image of IoT devices turned to evil tools of digital unrest. It was disseminated with such velocity that face value became an accepted currency amid news cycles. And yet, skepticism took root in the fertile minds of those who dwell in the domains of cyber guardianship.

Several cyber security and IOT experts, postulated that the information from Fortinet had been contorted by the wrench of misinterpretation. They and their ilk highlighted a critical flaw: smart electric toothbrushes are bound to their smartphone or tablet counterparts by the tethers of Bluetooth, not the internet, stripping them of any innate ability to conduct DDoS or any other type of cyber attack directly.

With this unraveling of an incident fit for our cyber age, we are presented with a sobering reminder of the threat spectrum that burgeons as the tendrils of the Internet of Things (IoT) insinuate themselves into our everyday fabrics. Innocuous devices, previously deemed immune to the internet's shadow, now stand revealed as potential conduits for cyber evil. The layers of impact are profound, touching the private spheres of individuals, the underpinning frameworks of national security, and the sinews that clutch at our economic realities. The viral incident was a misinformation. 

IOT Weakness

IoT devices bear inherent weaknesses for twin reasons: the oft-overlooked element of security and the stark absence of a means to enact those security measures. Ponder this problem Is there a pathway to traverse the security settings of an electric toothbrush? Or to install antivirus measures within the cooling confines of a refrigerator? The answers point to an unsettling simplicity—you cannot.

How to Protect 

Vigilance - What then might be the protocol to safeguard our increasingly digital space? It begins with vigilance, the cornerstone of digital self-defense. Ensure the automatic updating of all IoT devices when they beckon with the promise of a new security patch. 

Self Awareness - Avoid the temptation of public USB charging stations, which, while offering electronic succor to your devices, could also stand as the Trojan horses for digital pathogens. Be attuned to signs of unusual power depletion in your gadgets, for it may well serve as the harbinger of clandestine malware. Navigate the currents of public Wi-Fi with utmost care, as they are as fertile for data interception as they are convenient for your connectivity needs.

Use of Firewall - A firewall can prove stalwart against the predators of the internet interlopers. Your smart appliances, from the banality of a kitchen toaster to the novelty of an internet-enabled toilet, if shielded by this barrier, remain untouched, and by extension, uncompromised. And let us not dismiss this notion with frivolity, for the prospect of a malware-compromised toilet or any such smart device leaves a most distasteful specter.

Limit the use of IOT -  Additionally, and this is conveyed with the gravity warranted by our current digital era, resist the seduction of IoT devices whose utility does not outweigh their inherent risks. A smart television may indeed be vital for the streaming aficionado amongst us, yet can we genuinely assert the need for a connected laundry machine, an iron, or indeed, a toothbrush? Here, prudence is a virtue; exercise it with judicious restraint.

Conclusion 

As we step forward into an era where connectivity has shifted from a mere luxury to an omnipresent standard, we must adopt vigilance and digital hygiene practices with the same fervour as those for our corporal well-being. Let the toothbrush hack not simply be a tale of caution, consigned to the annals of internet folklore, but a fable that imbues us with the recognition of our role in maintaining discipline in a realm where even the most benign objects might be mustered into service by a cyberspace adversary.

References 

• https://www.bleepingcomputer.com/news/security/no-3-million-electric-toothbrushes-were-not-used-in-a-ddos-attack/ 
• https://www.zdnet.com/home-and-office/smart-home/3-million-smart-toothbrushes-were-not-used-in-a-ddos-attack-but-they-could-have-been/
• https://www.securityweek.com/3-million-toothbrushes-abused-for-ddos-attacks-real-or-not/

https://www.cxodigitalpulse.com/hackers-use-electric-toothbrushes-in-massive-cyber-attack-results-in-huge-financial-loss/

Introduction

In the intricate maze of our interconnected world, an unseen adversary conducts its operations with a stealth almost poetic in its sinister intent. This adversary — malware — has extended its tendrils into the digital sanctuaries of Mac users, long perceived as immune to such invasive threats. Our narrative today does not deal with the physical and tangible frontlines we are accustomed to; this is a modern tale of espionage, nestled in the zeros and ones of cyberspace.

The Mac platform, cradled within the fortifications of Apple's walled garden ecosystem, has stood as a beacon of resilience amidst the relentless onslaught of cyber threats. However, this sense of imperviousness has been shaken at its core, heralding a paradigm shift. A new threat lies in wait, bridging the gap between perceived security and uncomfortable vulnerability.

The seemingly invincible Mac OS X, long heralded for its robust security features and impervious resilience to virus attacks, faces an undercurrent of siege tactics from hackers driven by a relentless pursuit for control. This narrative is not about the front-and-centre warfare we see so often reported in media headlines. Instead, it veils itself within the actions of users as benign as the download of pirated software from the murky depths of warez websites.  

The Incident 

The casual act, born out of innocence or economic necessity, to sidestep the financial requisites of licensed software, has become the unwitting point of compromised security. Users find themselves on the battlefield, one that overshadows the significance of its physical counterpart with its capacity for surreptitious harm. The Mac's seeming invulnerability is its Achilles' heel, as the wariness against potential threats has been eroded by the myth of its impregnability.

The architecture of this silent assault is not one of brute force but of guile. Cyber marauders finesse their way through the defenses with a diversified arsenal; pirated content is but a smokescreen behind which trojans lie in ambush. The very appeal of free access to premium applications is turned against the user, opening a rift that permits these malevolent forces to ingress.

The trojans that permeate the defenses of the Mac ecosystem are architects of chaos. They surreptitiously enrol devices into armies of sorts – botnets which, unbeknownst to their hosts, become conduits for wider assaults on privacy and security. These machines, now soldiers in an unconsented war, are puppeteered to distribute further malware, carry out phishing tactics, and breach the sanctity of secure data.

The Trojan of Mac 

A recent exposé by the renowned cybersecurity firm Kaspersky has shone a spotlight on this burgeoning threat. The meticulous investigation conducted in April of this year unveiled a nefarious campaign, engineered to exploit the complacency among Mac users. This operation facilitates the sale of proxy access, linking previously unassailable devices to the infrastructure of cybercriminal networks.

This revelation cannot be overstated in its importance. It illustrates with disturbing clarity the evolution and sophistication of modern malware campaigns. The threat landscape is not stagnant but ever-shifting, adapting with both cunning and opportunity.

Kaspersky's diligence in dissecting this threat detected nearly three dozen popular applications, and tools relied upon by individuals and businesses alike for a multitude of tasks. These apps, now weaponised, span a gamut of functionalities - image editing and enhancement, video compression, data recovery, and network scanning among them. Each one, once a benign asset to productivity, is twisted into a lurking danger, imbued with the power to betray its user.   

The duplicity of the trojan is shrouded in mimicry; it disguises its malicious intent under the guise of 'WindowServer,' a legitimate system process intrinsic to the macOS. Its camouflage is reinforced by an innocuously named file, 'GoogleHelperUpdater.plist' — a moniker engineered to evade suspicion and blend seamlessly with benign processes affiliated with familiar applications.

Mode of Operation 

Its mode of operation, insidious in its stealth, utilises the Transmission Control Protocol(TCP) and User Datagram Protocol(UDP) networking protocols. This modus operandi allows it to masquerade as a benign proxy. The full scope of its potential commands, however, eludes our grasp, a testament to the shadowy domain from which these threats emerge.  

The reach of this trojan does not cease at the periphery of Mac's operating system; it harbours ambitions that transcend platforms. Windows and Android ecosystems, too, find themselves under the scrutiny of this burgeoning threat.

This chapter in the ongoing saga of cybersecurity is more than a cautionary tale; it is a clarion call for vigilance. The war being waged within the circuits and code of our devices underscores an inescapable truth: complacency is the ally of the cybercriminal.

Safety measures and best practices

It is imperative to safeguard the Mac system from harmful intruders, which are constantly evolving. Few measures can play a crucial role in protecting your data in your Mac systems.

• Refrain from Unlicensed Software - Refrain from accessing and downloading pirated software. Plenty of software serves as a decoy for malware which remains dormant till downloaded files are executed.  

• Use Trusted Source: Downloading files from legitimate and trusted sources can significantly reduce the threat of any unsolicited files or malware making its way into your Mac system. 

• Regular system updates: Regular updates to systems released by the company ensure the latest patches are installed in the system critical to combat and neutralize emerging threats. 

• General Awareness: keeping abreast of the latest developments in cyberspace plays a crucial role in avoiding new and emerging threats. It is crucial to keep pace with trends and be well-informed about new threats and ways to combat them. 

Conclusion

In conclusion, this silent conflict, though waged in whispers, echoes with repercussions that reverberate through every stratum of digital life. The cyber threats that dance in the shadows cast by our screens are not figments of paranoia, but very real specters hunting for vulnerabilities to exploit. Mac users, once confident in their platforms' defenses, must awaken to the new dawn of cybersecurity awareness.

The battlefield, while devoid of the visceral carnage of physical warfare, is replete with casualties of privacy and breaches of trust. The soldiers in this conflict are disguised as serviceable code, enacting their insidious agendas beneath a façade of normalcy. The victims eschew physical wounds for scars on their digital identities, enduring theft of information, and erosion of security.

As we course through the daunting terrain of digital life, it becomes imperative to heed the lessons of this unseen warfare. Shadows may lie unseen, but it is within their obscurity that the gravest dangers often lurk, a reminder to remain ever vigilant in the face of the invisible adversary.

References:

• https://indianexpress.com/article/technology/tech-news-technology/hackers-are-using-these-pirated-softwares-to-spread-malware-campaigns-on-mac-9054168/

The concept of web accessibility (i.e., access to the internet) stems from the recognition of internet access as an inalienable right. In 2016, the United Nations Human Rights Commission (UNHRC) General Assembly referred to the access to Internet as an essential human right. The Supreme Court of India also declared such internet access as a fundamental right under the Constitution of India. Various international instruments of which India is a signatory, such as the United Nations Convention on Rights of Persons with Disabilities (UNCRPD) mandate access to information. The heavy reliance on the internet and websites necessitates making the web space inclusive, navigational and accessible to all individuals, including persons with disabilities.

Various laws mandate web accessibility:

• Right of Persons with Disability Act, 2016: The Right of Persons with Disability Act 2016 Is the primary document for the protection of the rights of persons with disabilities to ensure their full participation. The Act provides several direct and indirect provisions (such as Section 2(y) “Reasonable Accommodation”, Section 40 on “Accessibility”, and Section 42 on “Access to Information and Communication Technology”) to ensure that technology products and services are accessible to a person with disabilities. 
• Rights of Persons with Disabilities Rules 2017: The 2017 rules under Rule 15 (2) task the respective Ministries and Departments to ensure compliance with accessibility standards.
• Guidelines for Indian Government Websites (GIGW): The GIGW provide a framework for websites to be designed in accordance with Web Content Accessibility Guidelines (WCAG) 2.0 standards. The GIGW enables websites to obtain certification by the Standardisation Testing and Quality Certification Directorate, after audit. 

Various other policies include;

• National Policy on Universal Electronic Accessibility, 2013: The National Policy ("Policy") on Electronic Accessibility recognizes the need to eliminate discrimination on the basis of disabilities and to facilitate equal access to Electronics & ICTs. The National Policy also recognizes the diversity of differently-abled persons and provides for their specific needs. The Policy covers accessibility requirements in the area of Electronics & ICT by different stakeholders. It recognizes the need to ensure that accessibility standards, guidelines and universal design concepts are adopted and adhered to.
• Web Content Accessibility Guidelines (WCAG): The WCAG defines how to make web content more accessible to persons with disabilities. While adhering to these guidelines is optional, various versions of the WCAG have been issued. It operates on four principles; perceivable, operable, understandable and robust. It provides a path to ensuring compliance and demonstrating reasonable accommodation for persons with disabilities.

However, despite the laws, web accessibility remains a challenge. A vast majority of Indian websites, especially e-commerce entities and several government websites remain inaccessible to persons with disabilities and most often do not conform with international accessibility standards. A report by the Centre of Internet and Society states that out of the 7800 websites of the Government of India, 5815 had accessibility barriers and 1985 websites failed to open. The report also notes that more than half of the websites had no navigation markup and only 52 websites had the option to change colours. The Ministry of Electronics and Information Technology (MeITy), during the 258^th Session of the Rajya Sabha on 9 December 2022 noted that 95 websites of the Central Government have been made accessible to persons with disabilities during the COVID-19 pandemic, however, only 45 websites of the Central Government have been certified as compliant under the Guidelines for Indian Government Websites (GIGW). As of that date, certification of the remaining governmental websites remains incomplete due to the pandemic. Meity also stated that the Department of Empowerment of Persons with Disabilities in 2017 sanctioned a project to be implemented by ERNET India for making 917 websites of State and Union territories. Under the project, a total of 647 websites have been made accessible as of that date.

Conclusion 

While India has established a robust legal framework and policies emphasizing the importance of web accessibility as a fundamental right, the existing gap between legislation and effective implementation poses a significant challenge. The reported accessibility barriers on numerous government and e-commerce websites indicate a pressing need for heightened efforts in enforcing and enhancing accessibility standards. 

In addressing these challenges, continued collaboration between government agencies, private entities and advocacy groups can play a crucial role. Ongoing monitoring, regular audits and public awareness campaigns may contribute to improving accessibility for persons with disabilities to ensure an inclusive environment and compliance with fundamental laws.

References:

1. https://www.legalserviceindia.com/legal/article-2967-right-to-internet-and-fundamental-rights.html 
2. https://www.indiacode.nic.in/bitstream/123456789/15939/1/the_rights_of_persons_with_disabilities_act%2C_2016.pdf 
3. https://www.meity.gov.in/writereaddata/files/National%20Policy%20on%20Universal%20Electronics%281%29_0.pdf 
4. https://www.meity.gov.in/writereaddata/files/National%20Policy%20on%20Universal%20Electronics%281%29_0.pdf 
5. https://www.w3.org/TR/WCAG21/#:~:text=Web%20Content%20Accessibility%20Guidelines%20(WCAG)%202.1%20defines%20how%20to%20make,%2C%20learning%2C%20and%20neurological%20disabilities. 
6. https://www.boia.org/blog/india-digital-accessibility-laws-an-overview
7. https://cis-india.org/accessibility/accessibility-of-govt-websites.pdf/view 
8. https://sansad.in/rs/questions/questions-and-answers