#FactCheck - Debunking Manipulated Photos of Smiling Secret Service Agents During Trump Assassination Attempt

Introduction:

The Ministry of Civil Aviation, GOI, established the initiative ‘DigiYatra’ to ensure hassle-free and health-risk-free journeys for travellers/passengers. The initiative uses a single token of face biometrics to digitally validate identity, travel, and health along with any other data needed to enable air travel. 

Cybersecurity is a top priority for the DigiYatra platform administrators, with measures implemented to mitigate risks of data loss, theft, or leakage. With over 6.5 million users, DigiYatra is an important step forward for India, in the direction of secure digital travel with seamless integration of proactive cybersecurity protocols. This blog focuses on examining the development, challenges and implications that stand in the way of securing digital travel. 

What is DigiYatra? A Quick Overview

DigiYatra is a flagship initiative by the Government of India to enable paperless travel, reducing identity checks for a seamless airport experience. This technology allows the entry of passengers to be automatically processed based on a facial recognition system at all the checkpoints at the airports, including main entry, security check areas, aircraft boarding, and more. 

This technology makes the boarding process quick and seamless as each passenger needs less than three seconds to pass through every touchpoint. Passengers’ faces essentially serve as their documents (ID proof and if required, Vaccine Proof) and their boarding passes. 

DigiYatra has also enhanced airport security as passenger data is validated by the Airlines Departure Control System. It allows only the designated passengers to enter the terminal. Additionally, the entire DigiYatra Process is non-intrusive and automatic. In improving long-standing security and operational airport protocols, the platform has also significantly improved efficiency and output for all airport professionals, from CISF personnel to airline staff members. 

Policy Origins and Framework

Rooted in the Government of India's Digital India campaign and enabled by the National Civil Aviation Policy (NCAP) 2016, DigiYatra aims to modernise air travel by integrating Aadhaar-based passenger identification. While Aadhaar is currently the primary ID, efforts are underway to include other identification methods. The platform, supported by stakeholders like the Airports Authority of India (26%) and private airports (14.8% each), must navigate stringent cybersecurity demands. Compliance with the Digital Personal Data Protection Act, 2023, ensures the secure use of sensitive facial recognition data, while the Aircraft (Security) Rules, 2023, mandate robust interoperability and data protection mechanisms across stakeholders. DigiYatra also aspires to democratise digital travel, extending its reach to underserved airports and non-tech-savvy travellers. As India refines its cybersecurity and privacy frameworks, learning from global best practices is essential to safeguarding data and ensuring seamless, secure air travel operations.

International Practices 

Global practices offer crucial lessons to strengthen DigiYatra's cybersecurity and streamline the seamless travel experience. Initiatives such as CLEAR in the USA and Seamless Traveller initiatives in Singapore offer actionable insights into further expanding the system to its full potential. CLEAR is operational in 58 airports and has more than 17 million users.  Singapore has made Seamless Traveller active since the beginning of 2024 and aims to have a 95% shift to automated lanes by 2026. 

Some additional measures that India can adopt from international initiatives are regular audits and updates to the cybersecurity policies. Further, India can aim for a cross-border policy for international travel. By implementing these recommendations, DigiYatra can not only improve data security and operational efficiency but also establish India as a leader in global aviation security standards, ensuring trust and reliability for millions of travellers

CyberPeace Recommendations

Some recommendations for further improving upon our efforts for seamless and secure digital travel are: 

• Strengthen the legislation on biometric data usage and storage.
• Collaborate with global aviation bodies to develop standardised operations.
• Cybersecurity technologies, such as blockchain for immutable data records, should be adopted alongside encryption standards, data minimisation practices, and anonymisation techniques.
• A cybersecurity-first culture across aviation stakeholders.

Conclusion

DigiYatra represents a transformative step in modernising India’s aviation sector by combining seamless travel with robust cybersecurity. Leveraging facial recognition and secure data validation enhances efficiency while complying with the Digital Personal Data Protection Act, 2023, and Aircraft (Security) Rules, 2023.

DigiYatra must address challenges like secure biometric data storage, adopt advanced technologies like blockchain, and foster a cybersecurity-first culture to reach its full potential. Expanding to underserved regions and aligning with global best practices will further solidify its impact. With continuous innovation and vigilance, DigiYatra can position India as a global leader in secure, digital travel.

References

• https://government.economictimes.indiatimes.com/news/governance/digi-yatra-operates-on-principle-of-privacy-by-design-brings-convenience-security-ceo-digi-yatra-foundation/114926799 
• https://www.livemint.com/news/india/explained-what-is-digiyatra-how-it-will-work-and-other-questions-answered-11660701094885.html 
• https://www.civilaviation.gov.in/sites/default/files/2023-09/ASR%20Notification_published%20in%20Gazette.pdf 

‍

Procedural History: 

‍

The case started with a 2011 Madras High Court ruling that included the appellant’s personal information. In the case discussed, the court decided in 2024, the appellant went to the Madurai Bench of the Madras High Court to request that his name and other identifying information from that previous ruling be redacted. He argued that his right to privacy under Article 21 of the Indian Constitution was violated by the ongoing release of such private information into the public arena. He claimed that the revelation had hurt him in real ways, such as having his application for an Australian visa denied. Therefore, without compromising the ideals of open justice, the current procedures aimed to have the court recognize a person’s “Right to be Forgotten” within a broader framework of privacy and data protection.

‍

Background and Factual Matrix

‍

The appellant was charged under Sections 417 and 376 of the IPC. The trial court convicted him in 201, but later, the High Court in 2014 fully, completely and unconditionally acquitted him, which was not based on the benefit of doubt. Following the acquittal, he remarried and has three children. The judgment of both the High Court and the Trial Court has personal and intimate details about him. Being available in the public domain has caused him significant repercussions, as he was denied a visa to travel to Australia by authorities, citing the criminal cases. The appellant has filed a plea seeking a mandamus directing the Registrar General, Additional Registrar General, and Registrar (IT-Statistics) as R1, R2, R3 to redact his name and other identities from the acquittal judgment. He has sought a direction from Ikanoon Software Development Private Limited (R4) to reflect the redaction in its publication. 

‍

Issue 

‍

1. Whether a writ of mandamus can lie against a High Court for redaction of personal details from its own judgment, or does such a prayer tantamount to a High Court issuing a writ against itself?
2. Whether the High Court, being a Court of Record under Article 215 of the Indian Constitution, is entitled to preserve its record for perpetuity in its original form without any modification or redaction?
3. Whether the ‘Right to be Forgotten' can be recognised and enforced in the absence of a specific statutory provision or Supreme Court direction, given that it constitutes an exception to the fundamental principle of open courts and open justice?

‍

Adjudication and Reasoning

The division bench has allowed the Writ appeal and granted the following relief:

1. R4 directed to take down the judgment in Crl.A. (MD) No.321 of 2011 dated 30.04.2014 forthwith.
2. R1 to R3 directed to redact the name and other details of the Writ Petitioner relating to his identity from the judgment dated 30.04.2014 in Crl.A.(MD) No. 321 of 2011 and ensure that only the redacted judgment is available for publication or for uploading.

‍

Rule 

‍

1. Courts have a wide discretion in deciding whether to allow redaction or not. Such discretion can either be granted at the request of the party seeking redaction or, in appropriate cases, even suo moto by the court.
2. The accused who have earned full, complete and unconditional acquittal without any benefit of doubt have a legitimate claim to move forward for redaction of personal information.
3. The open Court doesn’t require absolute disclosure of all personal information, and the courts, while deciding the concern of privacy and the right to ensure that in litigations to leave behind parts of their past which are no longer relevant, have to balance the concept of open Court on the one hand and privacy concerns of a citizen on the other.
4. As the High Court is the repository of a wide range of information and is entitled to preserve the original record in perpetuity. However, without diluting the sanctity of the original record, the public reflection of that record can be moderated to preserve the privacy of the person to whom that record pertains.

‍

Reasoning 

‍

1. Drawing on the judgment K.S. Puttaswamy v. Union of India, the court found Article 21 to protect not only informational privacy but also the "right to be forgotten," which gives individuals the right to request the deletion of any personal data when there is no longer any legitimate public interest in retaining such information. Such irreparable reputational damage is thus an infringement on constitutional privacy that demands judicial redaction. 
2. The court rejected the argument that a writ against its own order is impermissible, drawing a distinction between challenging the legal correctness of a judgment and seeking redaction of personal information. Allowing redaction will not question the validity of the judgment; rather, it will simply change its public appearance to ensure privacy.
3. Since a High Court is a Court of Record with an obligation to preserve its judgments in their unaltered form forever, the court held here that such internal maintenance of complete records was not incompatible with the issuance of a redacted public version. Institutional integrity is maintained when the original kept in the archives is supplemented with a public version that masks the privacy areas.
4. Open justice principles work to establish transparency, accountability, and public confidence, but these are not absolute. The court took a proportionality stance: personal identifiers, where they neither educate nor have precedential value and continue to inflict harm, may be expunged without affecting the established legal principles of judgment.
5. Although the DPDP Act exempts courts from several statutory obligations, the court held that it can, by virtue of its inherent discretion, protect personal data, and in so doing, exercise that power without the need for any legislative command. Traditionally the Madras High Court rules provide for the possibility of restriction of certified copies, thus establishing redaction as feasible both legally and administratively.

‍

Overview:

A recent addition to the  list of cybercrime  is SharpRhino, a RAT (Remote Access Trojan) actively used by Hunters International ransomware group. SharpRhino is highly developed and penetrates into the network mask of IT specialists, primarily due to the belief in the tools’ legitimacy. Going under the genuine software installer, SharpRhino started functioning in mid-June 2024. However, Quorum Cyber discovered it in early August 2024 while investigating ransomware.

About Hunters International Group:

Hunters International emerged as one of the most notorious groups focused on ransomware attacks, having compromised over 134 targets worldwide in the first seven months of 2024. It is believed that the group is the rebranding of Hive ransomware group that was previously active, and there are considerable similarities in the code. Its focus on IT employees in particular demonstrates the fact that they move tactically in gaining access to the organizations’ networks.

Modus Operandi:

1. Typosquatting Technique 

SharpRhino is mainly distributed by a domain that looks like the genuine Angry IP Scanner, which is a popular network discovery tool. The malware installer, labeled as ipscan-3.9.1-setup. It is a 32-bit Nullsoft installer which embeds a password protected 7z archive in it. 

2. Installation Process 

• Execution of Installer: When the victim downloads and executes the installer and changes the windows registry in order to attain persistence. This is done by generating a registry entry that starts a harmful file, Microsoft. AnyKey. exe, are fakes originating from fake versions of true legitimate Microsoft Visual Studio tools. 

• Creation of Batch File: This drops a batch file qualified as LogUpdate at the installer.bat, that runs the PowerShell scripts on the device. These scripts are to compile C# code into memory to serve as a means of making the malware covert in its operation. 

• Directory Creation: The installer establishes two directories that allow the C2 communication – C:\ProgramData\Microsoft: WindowsUpdater24 and LogUpdateWindows. 

3. Execution and Functionality: 

• Command Execution: The malware can execute PowerShell commands on the infected system, these actions may involve privilege escalation and other extended actions such as lateral movement. 

• C2 Communication: SharpRhino interacts with command and control servers located on domains from platforms such as Cloudflare. This communication is necessary for receiving commands from the attackers and for returning any data of interest to the attackers. 

• Data Exfiltration and Ransomware Deployment: Once SharpRhino has gained control, it can steal information and then proceed to encrypt it with a .locked extension. The procedure generally concludes with a ransom message, which informs users on how to purchase the decryption key. 

4. Propagation Techniques: 

Also, SharpRhino can spread through the self-copying method, this is the virus may copy itself to other computers using the network account of the victim and pretending to be trustworthy senders such as emails or network-shared files. Moreover, the victim’s machine may then proceed to propagate the malware to other systems like sharing in the company with other employees.

Indicators of Compromise (IOCs):

• LogUpdate.bat
• Wiaphoh7um.t
• ipscan-3.9.1-setup.exe
• kautix2aeX.t
• WindowsUpdate.bat

Command and Control Servers:

• cdn-server-1.xiren77418.workers.dev
• cdn-server-2.wesoc40288.workers.dev
• Angryipo.org
• Angryipsca.com

Analysis:

‍

‍

Graph:

Precautionary measures to be taken:

To mitigate the risks posed by SharpRhino and similar malware, organizations should implement the following measures:

• Implement Security Best Practices: It is important only to download software from official sites and avoid similar sites to confuse the user by changing a few letters.

• Enhance Detection Capabilities: Use technology in detection that can detect the IOCs linked to Sharp Rhino.

• Educate Employees: Educate IT people and employees on phishing scams and the requirement to check the origin of the application.

• Regular Backups: It is also important to back up important files from systems and networks in order to minimize the effects of ransomware attacks on a business.

Conclusion:

SharpRhino could be deemed as the evolution of the strategies used by organizations like Hunters International and others involved in the distribution of ransomware. SharpRhino primarily focuses on the audience of IT professionals and employs complex delivery and execution schemes, which makes it an extremely serious threat for corporate networks. To do so it is imperative that organizations have an understanding of its inner workings in order to fortify their security measures against this relatively new threat. Through the enforcement of proper security measures and constant enlightenment of organizations on the importance of cybersecurity, firms can prevent the various risks associated with SharpRhino and related malware. Be safe, be knowledgeable, and most importantly, be secure when it comes to cyber security for your investments.

Reference: 

https://cybersecuritynews.com/sharprhino-ransomware-alert/

https://cybersecsentinel.com/sharprhino-explained-key-facts-and-how-to-protect-your-data/

https://www.dataprivacyandsecurityinsider.com/2024/08/sharprhino-malware-targeting-it-professionals/

‍