#FactCheck – Human Helicopter or AI Illusion? The Truth Behind the Viral Flying Man Video

Risk Management

‍

The ‘Information Security Profile’ prioritises and informs cybersecurity operations based on the company's risk administration procedures. It assists in choosing areas of focus for security operations that represent the desired results for producers by supporting periodic risk evaluations and validating company motivations. A thorough grasp of the business motivations and safety requirements unique to the Production system and its surroundings is necessary in order to manage cybersecurity threats. Because every organisation has different risks and uses ICS and IT in different ways, there will be variations in how the profile is implemented.

Companies are currently adopting industry principles and cybersecurity requirements, which the Manufacturing Information is intended to supplement, not replace. Manufacturers have the ability to identify crucial operations for key supply chains and can order expenditures in a way that will optimise their impact on each dollar. The Profile's primary objective is to lessen and manage dangers associated with cybersecurity more effectively. The Cybersecurity Framework and the Profile are not universally applicable methods for controlling security risks for essential infrastructure.

Producers will always face distinct risks due to their distinct dangers, weaknesses, and tolerances for danger. Consequently, the ways in which companies adopt security protocols will also change.

‍

Key Cybersecurity Functions: Identify, Protect, Detect, Respond, and Recover

‍

1. Determine 

Create the organisational knowledge necessary to control the potential hazards of cybersecurity to information, systems, resources, and competencies. The Identify Function's tasks are essential for using the Framework effectively. An organisation can concentrate its efforts in a way that aligns with its approach to risk mitigation and company needs by having a clear understanding of the business environment, the financial resources that assist with vital operations, and the associated cybersecurity threats. Among the outcome characteristics that fall under this function are risk evaluation, mitigation strategy, the administration of assets, leadership, and the business environment.

‍

2.  Protect

Create and put into place the necessary measures to guarantee the provision of crucial infrastructure amenities. The Protect Function's operations enable the limitation or containment of the possible impact of a cybersecurity incident. Instances of results Access Management, Knowledge and Instruction, Data Safety and Security, Data Protection Processes and Instructions, Repair, and Defensive Systems are some of the classifications that fall under this role.

‍

3. Detect

Create and carry out the necessary actions to determine whether a cybersecurity event has occurred. The Detect Function's operations make it possible to find vulnerability occurrences in an efficient way. This function's result subcategories include things like abnormalities and incidents, constant security monitoring, and identification processes.

‍

4. React

Create and carry out the necessary plans to address a cybersecurity event that has been discovered. The Response Function's operations facilitate the capacity to mitigate the effects of a possible cybersecurity incident. Within this Scope, emergency planning, interactions, analysis, prevention, and enhancements are a few examples of result categories.

‍

5. Recover

Create and carry out the necessary actions to uphold resilience tactics and restore any services or competencies that were hampered by a cybersecurity incident. In order to lessen the effects of a vulnerability incident, the Recovery Function's efforts facilitate a prompt return to regular operations. The following are a few instances of outcome subcategories under this role: communications, enhancements, and recovery planning.

‍

Conclusion

‍

The Information Security Profile, when seen in the framework of risk mitigation, offers producers a tactical method to deal with the ever-changing cybersecurity danger scenario. The assessment directs safeguarding operations prioritisation by recognising specific business reasons and connecting with corporate goals. The Profile enhances the cybersecurity standards and established industry guidelines by taking into account the differences in vulnerabilities and organisational subtleties among producers. It highlights the significance of a customised strategy, acknowledging that every business has unique risks and weaknesses. 

The fundamental tasks of the Framework, to Identify, Protect, Detect, Respond, and Recover, serve as a thorough roadmap, guaranteeing a proactive and flexible approach to cybersecurity. The Profile's ultimate goal is to increase the efficacy of risk mitigation techniques, understanding that cybersecurity is a constantly shifting and evolving subject for the manufacturing sector.

‍

References

• https://csrc.nist.gov/news/2020/cybersecurity-framework-v1-1-manufacturing-profile
• https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8183r1.pdf
• https://mysecuritymarketplace.com/reports/cybersecurity-framework-version-1-1-manufacturing-profile/

‍

Introduction

‍

In the sprawling and ever-evolving landscape of cybercrime, phishing links, phoney emails, and dubious investment offers are no longer the only tools used by scammers. Cybercriminals are becoming skilled at taking advantage of commonplace digital behaviours, undermining confidence, and turning popular features of our most essential apps into weapons. A fast expanding international threat has been revealed by the National Cybercrime Threat Analytics Unit (NCTAU) of the Indian Cybercrime Coordination Centre(I4C)’s most recent advisory on “WhatsApp account renting”. This scam uses QR codes to trick users into connecting their WhatsApp accounts to fraudulent sites under the guise of a “quick income” opportunity. What initially appears innocuous turns into a tool for thieves to take control of accounts and use them for illicit purposes. 

‍

The Global Rise of Cyber Mule Networks

‍

Initially the word “mule” in cybercrime networks referred to a bank account used, knowingly often unknowingly, to transfer or “launder” money obtained from fraud and illegal activities. In light of the evolving nature of this cybercrime, Cyber mules in the present scenario can be referred to as, individuals who knowingly or unknowingly allow their digital identities, devices, or bank accounts to be used for illegal activity. 

Various cybersecurity companies as well as Europol and Interpol, have frequently cautioned that hackers are increasingly using digital mule recruiting, which frequently takes the form of the following:

• Work-from-home Offers
• Streams of passive income
• Monetisation of social media
• Roles for verification assistants 
• Apps that earn commissions

Earlier versions involved money transfers through personal bank accounts . Criminals now want your digital identity rather than just your money, as the trend has been reported to be changing. 

Scammers frequently “rent” victims’ Facebook, LINE, Telegram, and WeChat accounts in parts of Southeast Asia and Africa in order to conduct impersonation frauds or assist with criminal operations. The WhatsApp variant that is making its way to India is a logical progression, although it comes only with the widely used WhatsApp Web linked-device capability. 

‍

How the WhatsApp Account Renting Scam Works

‍

I4C’s advisory dated 15th October, 2025, highlights a sophisticated yet psychologically simple scheme that exploits trust, curiosity, and the illusion of easy income.The scam’s lifetime is as follows:

‍

‍1. The Hook: “Automatically Earn Passive Income”

Threat actors claim users can earn daily rewards by connecting their WhatsApp accounts to a new “partner platform” in their polished and professional Instagram and Facebook ads.

This strategy imitates international scam factories in Cambodia and Myanmar, where victims are lured into investment schemes or bogus tasks by social media advertisements.

‍‍

2.The Redirect: Rogue APKs & Fake Websites

When victims click on the advertisement, they are sent to

• Fake dashboards for earnings 
• Untrustworthy websites that imitate authentic financial interfaces
• Instructions for installing Android APKs from sources other than the Play Store
• These APKs often carry spyware or remote-access malware.

‍‍

3.The Trap: Scanning a QR Code

The user is asked to scan a QR code through WhatsApp’s “Linked Devices” feature, which is normally used for WhatsApp Web.

Without ever touching the victim’s phone, the con artist obtains complete session access to their WhatsApp account as soon as the QR is scanned.

Threat actors are able to:

• Transmit and receive messages
• Get access to contact lists 
• Participate in or start groups 
• Assume the victim’s identity
• Conduct frauds using their identities

‍

4.The Illusion: A Multi-Level Commission Structure

A pyramid-style earnings model is displayed to maintain credibility:

• 10% off direct invites
• 5% of secondary invites
• 2% of tertiary invitations

These figures are designed to encourage victims to recruit more users, increasing the number of compromised WhatsApp accounts.

‍‍

5.The Misuse: “Mule WhatsApp accounts”

The victim’s account becomes a digital mule once it is connected, allowing fraudsters to:

• Start UPI fraud and phishing
• Distribute harmful links
• Impersonate the victim to scam their contacts
• Participate in bulk messaging campaigns
• Get additional mule accounts

Precautions Issued by I4C

I4C has advised citizens to take the following precautions:

• You could face criminal charges or similar consequences if you carelessly rent or link your WhatsApp account for money
• Installing APKs from non-official app shops should be avoided
• Advertisements that promise automatic revenue, referral bonuses, or passive income should be avoided.
• Regularly check linked devices on WhatsApp: Settings → Linked Devices
• Use WhatsApp’s Official support page to report hacked accounts or impersonation: https://www.whatsapp.com/contact/forms/1534459096974129 
• Report financial fraud immediately by calling 1930 or visiting cybercrime.gov.in 

‍

CyberPeace Outlook

‍

The WhatsApp account rental fraud is not an isolated phenomenon; rather, it is the latest mutation of a global cybercrime apparatus that feeds on social engineering, digital identity theft, and international mule networks. Its simplicity, all it takes to take over your digital life is a QR code scan, makes it especially hazardous. I4C’s timely warning serves as an important reminder that easy money is nearly always a trap in the digital world and that, if we let our guard down, our most reliable platforms can become attack surfaces. Stay informed, and stay safe. In order to protect our identities, data, and communities, cyber hygiene is now a must.  

‍

References 

‍

• https://www.cnbctv18.com/personal-finance/mule-account-fraud-on-the-rise-what-it-is-and-how-to-shttps://i4c.mha.gov.in/theme/resources/advisories/Mule%20Whatsapp%20V1.4.pdftay-safe-19662507.htm 
• https://i4c.mha.gov.in/theme/resources/advisories/Mule%20Whatsapp%20V1.4.pdf 

‍

In an exciting milestone achieved by CyberPeace, an ICANN APRALO At-Large organization, in collaboration with the Internet Corporation for Assigned Names and Numbers (ICANN), has successfully deployed and made operational an L-root server instance in Ranchi, Jharkhand. This initiative marks a significant step toward enhancing the resilience, speed, and security of internet connectivity in eastern India.

Understanding the DNS hierarchy – Starting from Root

Internet users access online information through different domain names and interactions with any web browser takes place through IP (Internet Protocol) addresses. Domain Name System (DNS) functions as the internet's equivalent of Yellow Pages or the phonebook of cyberspace. When a person uses a domain name like www.cyberpeace.org to access a website, their browser communicates with the internet protocol, and DNS converts the domain name to the corresponding IP address so that web browsers may load the web pages. The function of a DNS is to convert domain names to Internet Protocol addresses. It enables the respective browsers to load the resources from the Internet.

When a user types a domain name into your browser, a DNS query works behind the scenes to find the website’s IP address. First, your device asks a DNS resolver—often provided by your ISP or a third-party service—for the address. The resolver checks its cache for a match, and if none is found, it queries a root server to locate the top-level domain (TLD) server (like .com or .org). The resolver then asks the TLD server for the Authoritative nameserver responsible for the particular domain, which provides the specific IP address. Finally, the resolver sends this address back to your device, enabling it to connect to the website’s server and load the page. The entire process happens in milliseconds, ensuring seamless browsing.

Special focus on Root Server:

A root server is a name server that directly answers queries for records in the root zone and redirects requests for more specific domains to the appropriate top-level domain (TLD) servers. Root servers are an integral part of this system, acting as the first step in resolving a domain name into its corresponding IP address. They provide the initial direction needed to locate the authoritative servers for any domain.

The DNS root zone is served by 13 unique IP addresses, supported by hundreds of redundant root servers distributed worldwide connected through Anycast Routing to manage requests efficiently. As of January 8, 2025, the global root server system consists of 1921 instances operated by 12 independent root server operators. These servers ensure the smooth functioning of the internet by managing the backbone of DNS queries.

Type of Root Server Instances:

Well, in this regard,  there are two types of root server instances that can be found– Global instance and Local instance. 

Global root server instances are the primary root servers distributed strategically around the world. Local instances, on the other hand, are replicas of these global servers deployed in specific regions to handle local DNS traffic more efficiently. In each operator's list of sites, some instances are marked as global (globe icon) and some are marked as local (flag icon). The difference is in how widely available that instance will be, because of how routing for that instance is done. Recall that the routes for an instance are announced by BGP, the inter-domain routing protocol.

For global instances, the route advertisement is permitted to spread throughout the Internet, i.e., any router on the Internet could know the path to that instance. Of course, for a particular source, the route to that instance may not be the optimal route, so some other instance could be chosen as the destination.

With a local instance, however, the route advertisement is limited to only nearby networks. For example, the instance may be visible to just one ISP, or to ISPs that connect at a particular exchange point. Sources from farther away will not be able to see and query that local instance.

Deployment in Ranchi - The Journey & Significance:

CyberPeace in Collaboration with ICANN has successfully deployed an L-root server instance in Ranchi, marking a significant milestone in enhancing regional Internet infrastructure. This deployment, part of a global network of root servers, ensures faster and more reliable DNS query resolution for the region, reducing latency and enhancing cybersecurity. 

‍
The Journey of deploying the L-Root instance in Collaboration with ICANN followed the steps-
‍

• Signing the Agreement: Finalized the L-SINGLE Hosting Agreement with ICANN to formalize the partnership.
• Procuring the Hardware: Acquired the required hardware appliance to meet technical standards for hosting the L-root server.
• Setup and Installation: Configured and installed the appliance to prepare it for seamless operation.
• Joining the Anycast Network: Integrated the server into ICANN's global Anycast network using BGP (Border Gateway Protocol) for efficient DNS traffic management.

The deployment of the L-root server in Ranchi marks a significant boost to the region’s digital ecosystem. It accelerates DNS query resolution, reducing latency and enhancing internet speed and reliability for users.

This instance strengthens cyber defenses by mitigating Distributed Denial of Service (DDoS) risks and managing local traffic efficiently. It also underscores Eastern India’s advanced digital infrastructure, aligning with initiatives like Digital India to meet evolving digital demands.

By handling local queries, the L-root server eases the load on global servers, contributing to a more stable and resilient global internet.

CyberPeace’s Commitment to a Secure and resilient Cyberspace

As an organization dedicated to promoting peace, security and resilience in cyberspace, CyberPeace views this collaboration with ICANN as a significant achievement in its mission. By strengthening the internet’s backbone in eastern India, this deployment underscores our commitment to enabling a secure, accessible, and resilient digital ecosystem. 

Way forward and Roadmap for Strengthening India’s DNS Infrastructure:

The successful deployment of the L-root instance in Ranchi is a stepping stone toward bolstering India's digital ecosystem. CyberPeace aims to promote awareness about DNS infrastructure through workshops and seminars, emphasizing its critical role in a resilient digital future.

With plans to deploy more such root server instances across India, the focus is on expanding local DNS infrastructure to enhance efficiency and security. Collaborative efforts with government agencies, ISPs, and tech organizations will drive this vision forward. A robust monitoring framework will ensure optimal performance and long-term sustainability of these initiatives.

Conclusion

The deployment of the L-root server instance in Eastern India represents a monumental step toward strengthening the region’s digital foundation. As Ranchi joins the network of cities hosting root server instances, the benefits will extend not only to the local community but also to the global internet ecosystem. With this milestone, CyberPeace reaffirms its commitment to driving innovation and resilience in cyberspace, paving the way for a more connected and secure future.

‍