#FactCheck- AI-Generated Deepfake Falsely Attributes Film Remark to Army Chief Upendra Dwivedi

Introduction

So it's that time of year when you feel bright and excited to start the year with new resolutions; your goals could be anything from going to the gym to learning new skills and being productive this year, but with cybercrime on the rise, you must also be smart and take your New Year Cyber Resolutions seriously. Yes, you heard it right: it's a new year, a new you, but the same hackers with advanced dangers. It's time to make a cyber resolution this year to be secure, smart, and follow the best cyber safety tips for 2K25 and beyond.

Best Cyber Security Tips For You 

So while taking your cyber resolutions this 2k25, remember that hackers have resolutions too; so you have to make yours better! CyberPeace has curated a list of great tips and cyber hygiene practices you must practice in 2025:

• Be Aware Of Your Digital Rights: Netizens should be aware of their rights in the digital space. It's important to know where to report issues, how to raise concerns with platforms, and what rights are available to you under applicable IT and Data Protection laws. And as we often say, sharing is caring, so make sure to discuss and share your knowledge of digital rights with your family, peers, and circle. Not only will this help raise awareness, but you’ll also learn from their experiences, collectively empowering yourselves. After all, a well-informed online community is a happy one.
• Awareness Is Your First Line Of Defence: Awareness serves as the first line of defence, especially in light of the lessons learned from 2024, where new forms of cybercrimes have emerged with serious consequences. Scams like digital arrests, romance frauds, lottery scams, and investment scams have become more prevalent. As we move into 2025, remember that sophisticated cyber scams require equally advanced strategies to stay protected. As cybercrimes evolve and become more complex, it's crucial to stay updated with specific strategies and hygiene tips to defend yourself. Build your first line of defence by being aware of these growing scams, and say goodbye to the manipulative tactics used by cyber crooks.
• Customise Social Media Media Profile And Privacy Settings: With the rising misuse of advanced technologies such as deepfake, it’s crucial to share access to your profile only with people you trust and know. Customize your social media profile settings based on your convenience, such as who can add you, who can see your uploaded pictures and stories, and who can comment on your posts. Tailor these settings to suit your needs and preferences, ensuring a safer digital environment for yourself.
• Be Cautious: Choose wisely, just because an online deal seems exciting doesn’t mean it’s legitimate. A single click could have devastating consequences. Not every link leads to a secure website; it could be a malware or phishing attempt. Be cautious and follow basic cyber hygiene tips, such as only visiting websites with a padlock symbol, a secure connection, and the 'HTTPS' status in the URL. 
• Don’t Let Fake News Fake You Out: Online misinformation and disinformation have sparked serious concern due to their widespread proliferation. That’s why it’s crucial to 'Spot The Lies Before They Spot You.' Exercise due care and caution when consuming, sharing, or forwarding any online information. Always verify it from trusted sources, recognize the red flags of misleading claims, and contribute to creating a truthful online information landscape.
• Turn the Tables on Cybercriminals: It is crucial to know the proper reporting channels for cybercrimes, including specific reporting methods based on the type of issue. For example, ‘unsolicited commercial communications’ can be reported on the Chakshu portal by the government. Unauthorized electronic transactions can be reported to the RBI toll-free number at 14440, while women can report incidents to the National Commission for Women. If you encounter issues on a platform, you can reach out to the platform's grievance officer. All types of cybercrimes can be reported through the National Cyber Crime Reporting Portal (cybercrime.gov.in) and the helpline at 1930. It’s essential to be aware of the right authorities and reporting mechanisms, so if something goes wrong in your digital experience, you can take action, turn the tables on cybercrooks, and stay informed about official grievances and reporting channels.
• Log Out, Chill Out: The increased use of technology can have far-reaching consequences that are often overlooked, such as procrastination, stress, anxiety, and eye strain (also known as digital eye strain or computer vision syndrome). Sometimes, it’s essential to switch off the digital curtains. This is where a ‘Digital Detox’ comes in, offering a chance to recharge and reset. We’re all aware of how our devices and phones influence our daily lives, shaping our behaviours, decisions, and lifestyles from morning until night, even impacting our sleep. Taking time to unplug can provide a much-needed psychological and physical boost. Practicing a digital detox at regular suitable intervals, such as twice a month, can help restore balance, reduce stress, and improve overall well-being.

Final Words & the Idea of ‘Tech for Good’

Remember that we are in the technological era, and these technologies are created for our ease and convenience. There are certain challenges that bad actors pose, but to counter this,  the change starts from you. Remember that technology, while having its risks, also brings tremendous benefits to society. We encourage you to take a step and encourage the responsible and ethical use of the technology. The vision for ‘Tech for Good’ will have to be expanded to a larger picture. Do not engage in a behaviour that you would not ordinarily do in an offline environment, the online environment is also the same and has far-reaching effects. Use technology for good, and follow and encourage ethical and responsible behaviour in online communities. The emphasis should be on using technology in a safer environment for everyone and combatting dishonest practices. 

The effective strategies for preventing cybercrime and dishonest practices requires cooperation , efforts by citizens, government agencies, and technology businesses. We intend to employ technology's good aspects to build a digital environment that values security, honesty, and moral behaviour while promoting innovation and connectedness. In 2025, together we can make a cyber safe resilient society.

‍

Introduction

The digital realm is evolving at a rapid pace, revolutionising cyberspace at a breakneck speed. However, this dynamic growth has left several operational and regulatory lacunae in the fabric of cyberspace, which are exploited by cybercriminals for their ulterior motives. One of the threats that emerged rapidly in 2024 is proxyjacking, in which vulnerable systems are exploited by cyber criminals to sell their bandwidth to third-party proxy servers. This cyber threat poses a significant threat to organisations and individual servers. 

Proxyjacking is a kind of cyber attack that leverages legit bandwidth sharing services such as Peer2Profit and HoneyGain. These are legitimate platforms but proxyjacking occurs when such services are exploited without user consent. These services provide the opportunity to monetize their surplus internet bandwidth by sharing with other users. The model itself is harmless but provides an avenue for numerous cyber hostilities.  The participants install net-sharing software and add the participating system to the proxy network, enabling users to route their traffic through the system. This setup intends to enhance privacy and provide access to geo-locked content. 

The Modus Operandi

These systems are hijacked by cybercriminals, who sell the bandwidth of infected devices. This is achieved by establishing Secure Shell (SSH) connections to vulnerable servers. While hackers rarely use honeypots to render elaborate scams, the technical possibility of them doing so cannot be discounted. Cowrie Honeypots, for instance, are engineered to emulate UNIX systems. Attackers can use similar tactics to gain unauthorized access to poorly secured systems. Once inside the system, attackers utilise legit tools such as public docker images to take over proxy monetization services. These tools are undetectable to anti-malware software due to being genuine software in and of themselves. Endpoint detection and response (EDR) tools also struggle with the same threats.

The Major Challenges 

Limitation Of Current Safeguards – current malware detection software is unable to distinguish between malicious and genuine use of bandwidth services, as the nature of the attack is not inherently malicious. 

Bigger Threat Than Crypto-Jacking – Proxyjacking poses a bigger threat than cryptojacking, where systems are compromised to mine crypto-currency. Proxyjacking uses minimal system resources rendering it more challenging to identify. As such, proxyjacking offers perpetrators a higher degree of stealth because it is a resource-light technique, whereas cryptojacking can leave CPU and GPU usage footprints.

Role of Technology in the Fight Against Proxyjacking

Advanced Safety Measures- Implementing advanced safety measures is crucial in combating proxyjacking. Network monitoring tools can help detect unusual traffic patterns indicative of proxyjacking. Key-based authentication for SSH can significantly reduce the risk of unauthorized access, ensuring that only trusted devices can establish connections. Intrusion Detection Systems and Intrusion Prevention Systems can go a long way towards monitoring unusual outbound traffic.

Robust Verification Processes- sharing services must adopt robust verification processes to ensure that only legitimate users are sharing bandwidth. This could include stricter identity verification methods and continuous monitoring of user activities to identify and block suspicious behaviour. 

Policy Recommendations

Verification for Bandwidth Sharing Services – Mandatory verification standards should be enforced for bandwidth-sharing services, including stringent Know Your Customer (KYC) protocols to verify the identity of users. A strong regulatory body would ensure proper compliance with verification standards and impose penalties. The transparency reports must document the user base, verification processes and incidents. 

Robust SSH Security Protocols – Key-based authentication for SSH across organisations should be mandated, to neutralize the risk of brute force attacks. Mandatory security audits of SSH configuration within organisations to ensure best practices are complied with and vulnerabilities are identified will help. Detailed logging of SSH attempts will streamline the process of identification and investigation of suspicious behaviour. 

Effective Anomaly Detection System – Design a standard anomaly detection system to monitor networks. The industry-wide detection system should focus on detecting inconsistencies in traffic patterns indicating proxy-jacking. Establishing mandatory protocols for incident reporting to centralised authority should be implemented. The system should incorporate machine learning in order to stay abreast with evolving attack methodologies.

Framework for Incident Response – A national framework should include guidelines for investigation, response and remediation to be followed by organisations. A centralized database can be used for logging and tracking all proxy hacking incidents, allowing for information sharing on a real-time basis. This mechanism will aid in identifying emerging trends and common attack vectors. 

Whistleblower Incentives – Enacting whistleblower protection laws will ensure the proper safety of individuals reporting proxyjacking activities. Monetary rewards provide extra incentives and motivate individuals to join whistleblowing programs. To provide further protection to whistleblowers, secure communication channels can be established which will ensure full anonymity to individuals. 

Conclusion

Proxyjacking represents an insidious and complicated threat in cyberspace. By exploiting legitimate bandwidth-sharing services, cybercriminals can profit while remaining entirely anonymous. Addressing this issue requires a multifaceted approach, including advanced anomaly detection systems, effective verification systems, and comprehensive incident response frameworks. These measures of strong cyber awareness among netizens will ensure a healthy and robust cyberspace. 

References 

• https://gridinsoft.com/blogs/what-is-proxyjacking/
• https://www.darkreading.com/cyber-risk/ssh-servers-hit-in-proxyjacking-cyberattacks
• https://therecord.media/hackers-use-log4j-in-proxyjacking-scheme

‍

The 2020s mark the emergence of deepfakes in general media discourse. The rise in deepfake technology is defined by a very simple yet concerning fact: it is now possible to create perfect imitations of anyone using AI tools that can create audio in any person's voice and generate realistic images and videos of almost anyone doing pretty much anything. The proliferation of deepfake content in the media poses great challenges to the functioning of democracies. especially as such materials can deprive the public of the accurate information it needs to make informed decisions in elections. Deepfakes are created using AI, which combines different technologies to produce synthetic content.

Understanding Deepfakes 

Deepfakes are synthetically generated content created using artificial intelligence (AI). This technology works on an advanced algorithm that creates hyper-realistic videos by using a person’s face, voice or likeness utilising techniques such as machine learning. The utilisation and progression of deepfake technology holds vast potential, both benign and malicious. 

An example is when the NGO Malaria No More which had used deepfake technology in 2019 to sync David Beckham’s lip movements with different voices in nine languages, amplified its anti-malaria message.

Deepfakes have a dark side too. They have been used to spread false information, manipulate public opinion, and damage reputations. They can harm mental health and have significant social impacts. The ease of creating deepfakes makes it difficult to verify media authenticity, eroding trust in journalism and creating confusion about what is true and what is not. Their potential to cause harm has made it necessary to consider legal and regulatory approaches.

India’s Legal Landscape Surrounding Deepfakes

India presently lacks a specific law dealing with deepfakes, but the existing legal provisions offer some safeguards against mischief caused. 

• Deepfakes created with the intent of spreading misinformation or damaging someone’s reputation can be prosecuted under the Bharatiya Nyaya Sanhita of 2023. It deals with the consequences of such acts under Section 356, governing defamation law.
• The Information Technology Act of 2000, the primary law that regulates Indian cyberspace. Any unauthorised disclosure of personal information which is used to create deepfakes for harassment or voyeurism is a violation of the act.
• The unauthorised use of a person's likeness in a deepfake can become a violation of their intellectual property rights and lead to copyright infringement.
• India’s privacy law, the Digital Personal Data Protection Act, regulates and limits the misuse of personal data. It has the potential to address deepfakes by ensuring that individuals’ likenesses are not used without their consent in digital contexts.

India, at present, needs legislation that can specifically address the challenges deepfakes pose. The proposed legislation, aptly titled, ‘the Digital India Act’ aims to tackle various digital issues, including the misuse of deepfake technology and the spread of misinformation. Additionally, states like Maharashtra have proposed laws targeting deepfakes used for defamation or fraud, highlighting growing concerns about their impact on the digital landscape.

Policy Approaches to Regulation of Deepfakes

• Criminalising and penalising the making, creation and distribution of harmful deepfakes as illegal will act as a deterrent.
• There should be a process that mandates the disclosures for synthetic media. This would be to inform viewers that the content has been created using AI. 
• Encouraging tech companies to implement stricter policies on deepfake content moderation can enhance accountability and reduce harmful misinformation.
• The public’s understanding of deepfakes should be promoted. Especially, via awareness campaigns that will empower citizens to critically evaluate digital content and make informed decisions.

Deepfake, Global Overview

There has been an increase in the momentum to regulate deepfakes globally. In October 2023, US President Biden signed an executive order on AI risks instructing the US Commerce Department to form labelling standards for AI-generated content. California and Texas have passed laws against the dangerous distribution of deepfake images that affect electoral contexts and Virginia has targeted a law on the non-consensual distribution of deepfake pornography. 

China promulgated regulations requiring explicit marking of doctored content. The European Union has tightened its Code of Practice on Disinformation by requiring social media to flag deepfakes, otherwise they risk facing hefty fines and proposed transparency mandates under the EU AI Act. These measures highlight a global recognition of the risks that deepfakes pose and the need for a robust regulatory framework.

Conclusion 

With deepfakes being a significant source of risk to trust and democratic processes, a multi-pronged approach to regulation is in order. From enshrining measures against deepfake technology in specific laws and penalising the same, mandating transparency and enabling public awareness, the legislators have a challenge ahead of them. National and international efforts have highlighted the urgent need for a comprehensive framework to enable measures to curb the misuse and also promote responsible innovation. Cooperation during these trying times will be important to shield truth and integrity in the digital age. 

References

• https://digitalcommons.usf.edu/cgi/viewcontent.cgi?article=2245&context=jss
• https://www.thehindu.com/news/national/regulating-deepfakes-generative-ai-in-india-explained/article67591640.ece
• https://www.brennancenter.org/our-work/research-reports/regulating-ai-deepfakes-and-synthetic-media-political-arena
• https://www.responsible.ai/a-look-at-global-deepfake-regulation-approaches/
• https://thesecretariat.in/article/wake-up-call-for-law-making-on-deepfakes-and-misinformation 

‍