#FactCheck - Stunning 'Mount Kailash' Video Exposed as AI-Generated Illusion!

Introduction

The unprecedented cyber espionage attempt on the Indian Air Force has shocked the military fraternity in the age of the internet where innovation is vital to national security. The attackers have shown a high degree of expertise in their techniques, using a variant of the infamous Go Stealer and current military acquisition pronouncements as a cover to obtain sensitive information belonging to the Indian Air Force. In this recent cyber espionage revelation, the Indian Air Force faces a sophisticated attack leveraging the infamous Go Stealer malware. The timing, coinciding with the Su-30 MKI fighter jets' procurement announcement, raises serious questions about possible national security espionage actions.

A sophisticated attack using the Go Stealer malware exploits defense procurement details, notably the approval of 12 Su-30 MKI fighter jets. Attackers employ a cunningly named ZIP file, "SU-30_Aircraft_Procurement," distributed through an anonymous platform, Oshi, taking advantage of heightened tension surrounding defense procurement.

Advanced Go Stealer Variant:

The malware, coded in Go language, introduces enhancements, including expanded browser targeting and a unique data exfiltration method using Slack, showcasing a higher level of sophistication.

Strategic Targeting of Indian Air Force Professionals:

The attack strategically focuses on extracting login credentials and cookies from specific browsers, revealing the threat actor's intent to gather precise and sensitive information.

Timing Raises Espionage Concerns:

The cyber attack coincides with the Indian Government's Su-30 MKI fighter jets procurement announcement, raising suspicions of targeted attacks or espionage activities.

The Deceitful ZIP ArchiveSU-30 Aircraft Acquisition

The cyberattack materialised as a sequence of painstakingly planned actions. Using the cleverly disguised ZIP file "SU-30_Aircraft_Procurement," the perpetrators took benefit of the authorisation of 12 Su-30 MKI fighter jets by the Indian Defense Ministry in September 2023. Distributed via the anonymous file storage network Oshi, the fraudulent file most certainly made its way around via spam emails or other forms of correspondence.

The Spread of Infection and Go Stealer Payload:

The infiltration procedure progressed through a ZIP file to an ISO file, then to a.lnk file, which finally resulted in the Go Stealer payload being released. This Go Stealer version, written in the programming language Go, adds sophisticated capabilities, such as a wider range of browsing focussed on and a cutting-edge technique for collecting information using the popular chat app Slack.

Superior Characteristics of the Go Stealer Version

Different from its GitHub equivalent, this Go Stealer version exhibits a higher degree of complexity. It creates a log file in the machine owned by the victim when it is executed and makes use of GoLang utilities like GoReSym for in-depth investigation. The malware focuses on cookies and usernames and passwords from web browsers, with a particular emphasis on Edge, Brave, and Google Chrome.

This kind is unique in that it is more sophisticated. Its deployment's cyber enemies have honed its strengths, increasing its potency and detection resistance. Using GoLang tools like GoReSym for comprehensive evaluation demonstrates the threat actors' careful planning and calculated technique.

Go Stealer: Evolution of Threat

The Go Stealer first appeared as a free software project on GitHub and quickly became well-known for its capacity to stealthily obtain private data from consumers who aren't paying attention. Its effectiveness and stealthy design rapidly attracted the attention of cyber attackers looking for a sophisticated tool for clandestine data exfiltration. It was written in the Go programming language.

Several cutting-edge characteristics distinguish the Go Stealer from other conventional data thieves. From the beginning, it showed a strong emphasis on browser focusing on, seeking to obtain passwords and login information from particular websites including Edge, Brave, and Google Chrome.The malware's initial iteration was nurtured on the GitHub database, which has the Go Stealer initial edition. Threat actors have improved and altered the code to serve their evil goals, even if the basic structure is freely accessible.

The Go Stealer version that has been discovered as the cause of the current internet spying by the Indian Air Force is not limited to its GitHub roots. It adds features that make it more dangerous, like a wider range of browsers that may be targeted and a brand-new way to exfiltrate data via Slack, a popular messaging app.

Secret Communications and Information Expulsion

This variation is distinguished by its deliberate usage of the Slack API for secret chats. Slack was chosen because it is widely used in company networks and allows harmful activity to blend in with normal business traffic. The purpose of the function "main_Vulpx" is specifically to upload compromised information to the attacker's Slack route, allowing for covert data theft and communication.

The Time and Strategic Objective

There are worries about targeted assaults or espionage activities due to the precise moment of the cyberattack, which coincides with the Indian government's declaration of its acquisition of Su-30 MKI fighter fighters. The deliberate emphasis on gathering cookies and login passwords from web browsers highlights the threat actor's goal of obtaining accurate and private data from Indian Air Force personnel.

Using Caution: Preventing Possible Cyber Espionage

• Alertness Against Misleading Techniques: Current events highlight the necessity of being on the lookout for files that appear harmless but actually have dangerous intent. The Su-30 Acquisition ZIP file is a stark illustration of how these kinds of data might be included in larger-scale cyberespionage campaigns.
• Potentially Wider Impact: Cybercriminals frequently plan coordinated operations to target not just individuals but potentially many users and government officials. Compromised files increase the likelihood of a serious cyber-attack by opening the door for larger attack vectors.
• Important Position in National Security: Recognize the crucial role people play in the backdrop of national security in the age of digitalisation. Organised assaults carry the risk of jeopardising vital systems and compromising private data.
• Establish Strict Download Guidelines: Implement a strict rule requiring file downloads to only come from reputable and confirmed providers. Be sceptical, particularly when you come across unusual files, and make sure the sender is legitimate before downloading any attachments.
• Literacy among Government Employees: Acknowledge that government employees are prime targets as they have possession of private data. Enable people by providing them with extensive cybersecurity training and awareness that will increase their cognition and fortitude.

Conclusion

Indian Air Force cyber surveillance attack highlights how sophisticated online dangers have become in the digital era. Threat actors' deliberate and focused approach is demonstrated by the deceptive usage of a ZIP archive that is camouflaged and paired with a sophisticated instance of the Go Stealer virus. An additional level of complication is introduced by integrating Slack for covert communication. Increased awareness, strict installation guidelines, and thorough cybersecurity education for government employees are necessary to reduce these threats. In the digital age, protecting national security necessitates ongoing adaptation as well as safeguards toward ever-more potent and cunning cyber threats.

References

• ‍https://www.overtoperator.com/p/indianairforcemalwaretargetpotential
• ‍https://cyberunfolded.in/blog/indian-air-force-targeted-in-sophisticated-cyber-attack-with-su-30-procurement-zip-file#go-stealer-a-closer-look-at-its-malicious-history
• ‍https://thecyberexpress.com/cyberattack-on-the-indian-air-force/https://therecord.media/indian-air-force-infostealing-malware

‍

Introduction

‍

The way we interact, go about our daily lives and manage our financial resources has completely changed in this digital age. Tasks that were earlier done manually (and were extremely time-consuming) now happen in just minutes and seconds. As this convenience expands, so do the risks that come with it. The proliferation of digital technology has opened up a wide arena where we, as users, are getting exposed to a complex environment of emerging cyber threats at every step. This has become especially true for our senior citizens, who face heightened vulnerabilities owing to their age and situational factors. Therefore, getting an understanding of these risks and knowing how to respond to them is no longer optional.

‍

Cybercrime against senior citizens is rising every year. The elderly today are using and depending on smartphones, net banking, UPI (Unified Payments Interface) and social media more than ever. Scammers are preying on this circumstance and perpetrating well-planned cyber attacks on the senior population. A 2024 report from the United States Federal Trade Commission (FTC) that analysed cybercrime data for the year 2023 found that older adults lost more money per incident as opposed to the younger population. 

‍

This blog aims at providing practical and easy-to-follow cyber safety tips for senior citizens and a clear action plan on how to respond if they ever fall victim to a scam.

‍

Safe and Smart Browsing for the Elderly: Essential Cybersecurity Tips

‍

1. Device safety: Cybersecurity can be ensured with one simple rule, which is securing your device first. This is the first line of defence against cybercrime and can go a long way in preventing online attacks and scams. This device security can be established by using screen locks such as setting up a PIN, lock patterns, fingerprints, or even applying the face lock feature on smartphones and tablets. 

‍

The next step is to install a reputable antivirus on your device (such as laptops and desktops) and keep updating it from time to time. Enabling additional security features in your devices, such as ‘automatic updates’, further ensures that the phone’s Operating System (OS) and the Applications (apps) remain up to date. This guarantees that the device’s OS and the apps are fully upgraded to catch and fix any new security threats. Users should also beware of any unauthorised software. Suspicious links or messages that offer free software or updates should be avoided at all costs. 

‍

The Government of India’s 2024 cyber safety booklet also stresses the importance of keeping devices and apps equipped with the latest security patches to prevent exploitation of any known vulnerabilities. 

‍

2. Robust Passwords and 2FA: Weak passwords are one of the easiest entry points for cybercriminals. This is why it is crucial to have strong and robust passwords to keep accounts and devices absolutely secure. It is also important to make sure to avoid using very basic PINs, such as date of birth or predictable ascending digits such as ‘12345’. Also, similar passwords should not be used across various bank, email or social media accounts. While creating a strong password, ideally, one should use a combination of upper case and lower case letters along with mixed digits and special characters. If need be, one can jot down these complex passwords in a separate physical diary to keep a record and refer to it in case of forgetfulness. 

‍

Enabling two-factor authentication adds an extra layer of protection. Whenever and wherever possible, users should enable OTP (one-time password) based verification or app-based authentication codes. In case someone does end up stealing the user’s password, they would still need the second factor to log in.

‍

The Government of India supported the Information Security Education and Awareness (ISEA) initiative, which also provides guidelines that recommend the use of passwords and secure authentication as key cyber safety practices for senior citizens.

‍

3. Handle messages with caution: Most cybercrime instances against senior citizens are initiated with a phone call, an SMS or a WhatsApp message. Personal details such as OTPs, CVV (3-digit number on the back of a debit/credit card), ATM or UPI PIN, full debit/credit card number, net banking ID and password, etc., should never be shared over a call or a chat. Also, people need to be aware of the fact that genuine officials will never make any demands for such details over calls or messages. ISEA has specifically warned about frauds like phishing, where fraudsters call or message their victims pretending to be from banks, courier companies, telecom operators or from the government to trick seniors into revealing their personal details.

‍

A caller might say ‘Your KYC can get blocked, give OTP now’ or ‘Your card will get deactivated, click this link’. Hang up immediately! Do not click any links, do not share any number and do not install any app that they suggest (eg. remote access apps).

‍

4. Banking without worries: Online banking is truly a boon, especially for senior citizens. It eliminates the need to visit the bank in person for every small requirement. But this comfort and ease can serve us well only if we use it with a certain sense of vigilance and responsibility. 

‍

Users are advised to use only official banking apps that are downloaded from Google Play Store or the Apple App Store. It is also prudent to activate SMS or email alerts for all online transactions so that the user receives timely notifications of any withdrawal or transfer. Users should also avoid using public Wi-Fi connections for banking or UPI payments. It is better  to use your own mobile data or a home Wi-Fi with a strong password. This safeguards your financial transactions. India has a system in place called the Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS) that quickly responds to online financial fraud, especially with regards to UPI and net banking frauds.

‍

5. Think before you share: Beyond online banking and other essential activities on the web, lies the world of social media which has seamlessly woven itself into our daily routines. Therefore, gaining awareness about the safe usage of social media is extremely important. For starters, users should keep the privacy settings of their social media accounts as ‘Private’. They should also be mindful of accepting friend requests from strangers or unknown profiles, even if they claim that they know the user. Users must also avoid ‘oversharing’ on public platforms and social media accounts. It is always best to refrain from posting about personal details on social media such as finances, travel schedules or addresses. If a user receives urgent messages from a close friend or a relative asking for money, then it is better to first call them up directly to verify that the request is genuine. 

‍

The older generation should also be wary of fraudsters who, under false identities, build emotional relationships online and then start demanding money, gifts or even private photos from their victims. 

‍

6. Stay a step ahead: Lastly, senior users can stay a step ahead in this game by familiarising themselves with the typical scams that are targeted towards their age group. This know-how will prepare them to identify scam patterns and early warning signs. Discussing experiences or sharing knowledge with family members or peers can also help seniors bridge the gap between awareness and action.

Fallen for a scam? Don’t panic! Here’s what seniors should do next: An action plan for recovery and protection

‍

We are all human at the end of the day. Anyone can fall for a scam, even the most careful people. The important thing is how to ‘respond’ after getting scammed. As per the 2023 Internet Crime Complaint Center (IC3) Elder Fraud Report, prompt reporting after a scam can improve the chances of either freezing or retrieving the stolen money. If you have fallen for a scam, here is what you should do:

‍

1. Keep calm and disconnect: Though it may feel challenging, but the first instinct that victims should display is to keep their calm and hang up the phone. The victim should then block the number and refrain from responding to any further emails or messages. Any remote access app, screen sharing app or a support tool that were installed at the request of the caller, should be instantly uninstalled.

‍

2. Alert your bank right away: Time is of the essence when it comes to online financial frauds. If a user has been scammed and he is aware of it, then he should immediately call the official customer care number of his bank. It is to be noted here that this number should be verified from the bank’s website or from the user’s credit/debit card. Once the user is connected to the bank’s support staff, he should inform them clearly that he has been a victim of an online fraud. The support staff may guide the user regarding the options that he can undertake. These can be: blocking the cards, freezing the account or an attempt from the bank’s interface to try and stop or recall the recent transaction. 

‍

The Reserve Bank of India (RBI) has laid down certain guidelines on unauthorised electronic banking transactions that encourage quick reporting and provide a steady framework for customer liability. Also, if in case a victim feels that the bank’s response has been unsatisfactory, the complaints can be further escalated to the RBI Ombudsman.

‍

3. Reset online credentials: Once the victim has spoken to the bank and taken all necessary steps in that regard, the next step is to reset the passwords. Passwords for netbanking, UPI apps, email accounts, social media, shopping platforms, etc., should all be changed. The victim can also turn on two factor authentication for all important accounts. Incase some critical information like PAN (Permanent Account Number) or Aadhar or SSN (Social Security Number ) has been shared, the victim should be on the lookout for any identity theft in the form of unknown loans, new cards or credit enquiries. 

‍

4. Notify official cybercrime portals or authorities: The next step is to inform the relevant cybercrime authorities in your region. In India there is a government backed National Cyber Crime Helpline which is a part of the Financial Cyber Fraud Reporting and Management System. The aim of the helpline is to prevent further losses in digital payment frauds. Victims can also file a complaint on the National Cyber Crime Reporting portal. Other than these options, the victim can visit the nearest police station along with copies of their online complaint, bank statements, transaction receipts and ID proofs. 

‍

In the US, such complaints can be lodged with the IC3 which runs a specialised elder fraud program. The IC3 also publishes the annual Elder Fraud Report and lays down latest guidelines and trends regarding cybercrime.

‍

5. Preserve proofs of the scam: The IC3’s 2023 report notes that detailed and prompt reporting by the victim enables law enforcement and financial institutions to deploy ‘Financial Fraud Kill Chain’ procedures that help in tracing or freezing stolen funds. This is why it is very important to preserve the evidence of a cyber scam. Proper documentation can help banks and law enforcement agencies to properly investigate a case. If possible, the victim should save all messages, WhatsApp chats, emails, screenshots and voice recordings. Establishing a clear timeline of the events also helps. Minute details such as: when the first call was received, what was said and when the money exited the victim’s account, significantly help in piecing together the full picture. Victims should also keep a record of all bank statements and transaction alert messages related to the fraudulent activity. 

‍

6. Helping seniors heal: Apart from monetary damage, the emotional impact of a scam should also be acknowledged. Getting scammed can be deeply humiliating for senior citizens, especially at their age where everyday life may already feel quite overwhelming. Also, when it comes to their lifelong savings, the ramifications of becoming a victim of an online financial scam can be quite distressing for seniors. The US Department of Justice’s elder fraud content emphasises on the fact that senior victims need ample emotional support and should not be blamed or shamed for their predicament.

‍

Families and caregivers can guide the elderly victims step by step through the recovery process which includes taking the necessary technical steps, filling out forms and following up with banks or authorities. For large value frauds, repeated targeting or cases that involve identity theft, getting a legal consult for the victim is highly advisable. This kind of support and reassurance can help seniors reduce their anxiety and regain their inner strength.

‍

Secure today, safe tomorrow

‍

The rate of cybercrime against senior citizens isn’t showing any signs of slowing down. Scammers are refining their techniques every day. Therefore, the best long standing defence against cybercrime is to make cyber safety a regular habit. This can be achieved with the support of families, caregivers and communities. Beyond the practical steps, spreading awareness and maintaining an open dialogue is equally important. Senior citizens should feel comfortable asking questions, sharing concerns and continue learning from experiences, be it theirs or of others. Reinforcement of safe online practices should become ingrained at the core of every society. When cybersecurity practices merge with everyday life, seniors gain both protection and confidence. Simple and steady digital safety practices that come with guidance and reassurance empower the seniors to enjoy the benefits of technology without fear.

Simply put, the habits that are adopted today will lay the foundation for a secure and safer digital tomorrow.

‍

References  

• https://bankingjournal.aba.com/2024/11/ftc-older-adults-lost-up-to-61-5b-to-fraud-in-2023/
• https://www.cert-in.org.in/PDF/CSH_Booklet.pdf
• https://infosecawareness.in/concept/cyber-security-tips-for-senior-citizens
• https://cybercrime.gov.in/UploadMedia/instructions_citizenreportingcyberfrauds.pdf
• https://www.ic3.gov/annualreport/reports/2023_ic3elderfraudreport.pdf
• https://www.arklegal.in/post/how-to-report-cyber-crime-in-india
• https://www.pib.gov.in/Pressreleaseshare.aspx?PRID=1814120
• https://cybercrime.gov.in/Webform/crmcondi.aspx
• https://www.justice.gov/archives/stopfraud-archive/elder-fraud-and-financial-exploitation
• https://www.ftc.gov/system/files/ftc_gov/pdf/federal-trade-commission-protecting-older-adults-report_102024.pdf
• https://www.unionbankofindia.bank.in/pdf/cyber-security-customer-awareness-guide-vol-v.pdf
• https://cdnbbsr.s3waas.gov.in/s371e09b16e21f7b6919bbfc43f6a5b2f0/uploads/2024/11/20241111752149945.pdf
• https://www.dsci.in/files/content/documents/2024/CSAM24-Infographic_Cyber-Safety-Essentials-for-Senior-Citizens-v1.pdf

‍

Introduction

Indian Cybercrime Coordination Centre (I4C) was established by the Ministry of Home Affairs  (MHA) to provide a framework and eco-system for law enforcement agencies (LEAs) to deal with cybercrime in a coordinated and comprehensive manner. The Indian Ministry of Home Affairs approved a scheme for the establishment of the Indian Cyber Crime Coordination Centre (I4C) in October2018, which was inaugurated by Home Minister Amit Shah in January 2020. I4C is envisaged to act as the nodal point to curb Cybercrime in the country. Recently, on 13th March2024, the Centre designated the Indian Cyber Crime Coordination Centre (I4C) as an agency of the Ministry of Home Affairs (MHA) to perform the functions under the Information Technology Act, 2000, to inform about unlawful cyber activities.

The gazetted notification dated 13th March 2024 read as follows:

“In exercise of the powers conferred by clause (b) of sub-section (3) of section 79 of the Information Technology Act 2000, Central Government being the appropriate government hereby designate the Indian Cybercrime Coordination Centre (I4C), to be the agency of the Ministry of Home Affairs to perform the functions under clause (b) of sub-section (3) of section79 of Information Technology Act, 2000 and to notify the instances of information, data or communication link residing in or connected to a computer resource controlled by the intermediary being used to commit the unlawful act.”

Impact

Now, the Indian Cyber Crime Coordination Centre (I4C) is empowered to issue direct takedown orders under 79(b)(3) of the IT Act, 2000. Any information, data or communication link residing in or connected to a computer resource controlled by any intermediary being used to commit unlawful acts can be notified by the I4C to the intermediary. If an intermediary fails to expeditiously remove or disable access to a material after being notified, it will no longer be eligible for protection under Section 79 of the IT Act, 2000.

Safe Harbour Provision

Section79 of the IT Act also serves as a safe harbour provision for the Intermediaries. The safe harbour provision under Section 79 of the IT Act states that "an intermediary shall not be liable for any third-party information, data, or communication link made available or hosted by him". However, it is notable that this legal immunity cannot be granted if the intermediary "fails to expeditiously" take down a post or remove a particular content after the government or its agencies flag that the information is being used to commit something unlawful. Furthermore, Intermediaries are also obliged to perform due diligence on their platforms and comply with the rules & regulations and maintain and promote a safe digital environment on the respective platforms.

Under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, The government has also mandated that a ‘significant social media intermediary’ must appoint a Chief Compliance Officer (CCO), Resident Grievance Officer (RGO), and Nodal Contact Person and publish periodic compliance report every month mentioning the details of complaints received and action taken thereon.

I4C's Role in Safeguarding Cyberspace

The Indian Cyber Crime Coordination Centre (I4C) is actively working towards initiatives to combat the emerging threats in cyberspace. I4C is one of the crucial extensions of the Ministry of Home Affairs, Government of India, working extensively to combat cyber crimes and ensure the overall safety of netizens. The ‘National Cyber Crime Reporting Portal’ equipped with a 24x7 helpline number 1930,  is one of the key component of the I4C.

Components Of The I4C

1. National Cyber Crime Threat Analytics Unit
2. National Cyber Crime Reporting Portal
3. National Cyber Crime Training Centre
4. Cyber Crime Ecosystem Management Unit
5. National Cyber Crime Research and Innovation Centre
6. National Cyber Crime Forensic Laboratory Ecosystem
7. Platform for Joint Cyber Crime Investigation Team.

‍

Conclusion

I4C, through its initiatives and collaborative efforts, plays a pivotal role in safeguarding cyberspace and ensuring the safety of netizens. I4C reinforces India's commitment to combatting cybercrime and promoting a secure digital environment. The recent development by designating the I4C as an agency to notify the instances of unlawful activities in cyberspace serves as a significant step to counter cybercrime and promote an ethical and safe digital environment for netizens.

References

• https://www.deccanherald.com/india/centre-designates-i4c-as-agency-of-mha-to-notify-unlawful-activities-in-cyber-world-2936976
• https://www.business-standard.com/india-news/home-ministry-authorises-i4c-to-issue-takedown-notices-under-it-act-124031500844_1.html
• https://www.hindustantimes.com/india-news/it-ministry-empowers-i4c-to-notify-instances-of-cybercrime-101710443217873.html
• https://i4c.mha.gov.in/about.aspx#:~:text=Objectives%20of%20I4C,identifying%20Cybercrime%20trends%20and%20patterns

‍