#FactCheck -Viral Video of General Manoj Pande Misleading, Audio Found to Be AI-Generated

Introduction

Digital Arrests are a form of scam that involves the digital restraint of individuals. These restraints can vary from restricting access to the account(s), and digital platforms, to implementing measures to prevent further digital activities or being restrained on video calling or being monitored through video calling. Typically, these scams target vulnerable individuals who are unfamiliar with digital fraud tactics, making them more susceptible to manipulation. These scams often target the victims on allegations of drug trafficking, money laundering, falsified documents, etc. These are serious crimes and these scammers scare the victim into thinking that either their identities were used to commit these crimes or they have committed these crimes. Recently there has been an uptick in the digital fraud scams in India highlighting the growing concerns.

The Legality of Digital Arrests in India

There is no legal provision for law enforcement to conduct ‘arrests’ via video calls or online monitoring. If you receive such calls, it is a clear scam. In fact, recently enacted new criminal laws do not provide for any provision for law enforcement agencies conducting a digital arrest.  The law only provides for service of the summons and the proceedings in an electronic mode. 

The Bhartiya Nagrik Suraksha Sanhita (BNSS), 2023 provides for the summons to be served electronically under section 63. The section defines the form of summons. It states that every summons served electronically shall be encrypted and bear the image of the seal of the Court or digital signature. Further, according to section 532 of the BNSS, the trial and proceedings may be held in electronic mode, by use of electronic communication or by the use of audio-video electronic means. 

Modus Operandi

Under digital arrest scams, the scammer makes a connection via video calls (WhatsApp calls, skype, etc) with the victim over their alleged involvement in crimes (financial, drug trafficking, etc) in bogus charges. The victims are intimidated that the arrest will take place soon and till the time the arresting officers do not reach the victim they are to remain on the call and be under digital surveillance and not contact anyone during the ongoing investigation. 

During this period, the scammers start collecting information from the victim to confirm their identity and create an atmosphere in which multiple senior officials are on the victim’s case and they are investigating the case thoroughly. By this time, the victim, scared out of their wits, sits through this arrest and it is then that the scammers posing as law enforcement officials make comments that they can avoid arrest by paying a certain amount of the fines to the accounts that they specify.  This monitoring/ surveillance continues till the time the victim makes the transfers to the accounts provided by the scammers. These are the common manipulation tactics used by scammers in digital arrest fraud.

Recent Cyber Arrest Cases

• Recently a 35-year-old NBCC official was duped of Rs 55 lakh in a 'digital arrest' scam. Posing as customs officials, fraudsters claimed her details were linked to intercepted illegal items and a pending arrest. They kept her on video calls, convincing her to transfer Rs 55 lakh to avoid money laundering charges. After the transfer, the scammers vanished. A police investigation traced the funds to a fake company, leading to the arrest of suspects.
• Another recent case involved a neurologist who was duped Rs 2.81 crores in a ‘digital arrest’ scam. Fraudsters claimed her phone number and Aadhaar was linked to accounts transferring funds to an Individual. Under pressure, she was convinced to undergo “verification” and made multiple transactions over two days. The scammers threatened legal consequences for money laundering if she didn’t comply. Now a police investigation is ongoing, and her immense financial loss highlights the severity of this cybercrime.
• One another case took place where the victim was duped of Rs 7.67 crores in a prolonged ‘digital arrest’ scam over three months. Fraudsters posing as TRAI officials claimed complaints against her phone number and threatened to suspend it, alleging illegal use of another number linked to her Aadhaar. Pressured and manipulated through video calls, the victim was coerced into transferring large sums, even taking an Rs 80 lakh loan. The case is under investigation as authorities pursue the cybercriminals behind the massive fraud.

Best Practices

• Do not panic when you get any calls where sudden unexpected news is shared with you. Scammers thrive on the panic that they create.
• Do not share personal details such as Aadhaar number, PAN number etc with unknown or suspect entities. Be cautious of your personal and financial information such as credit card numbers, OTPs, or any other passwords with anyone.
• If individuals contact, claiming to be government officials, always verify their identities by contacting the entity through the proper channels. 
• Report and block any fraudulent communications that are received and mark them as Spam. This would further inform other users if they see the caller ID being marked as fraud or spam.
• If you have been defrauded then report about the same to the authorities so that action can be taken and authorities can arrest the fraudsters. 
• Do not transfer any money as part of ‘fines’ or ‘dues’ to the accounts that these calls or messages link to. 
• In case of any threat, issue or discrepancy, file a complaint at cybercrime.gov.in or helpline number 1930. You can also seek assistance from the CyberPeace helpline at +91 9570000066.

References: 

• https://www.cyberpeace.org/resources/blogs/digital-arrest-fraud 
• https://www.business-standard.com/india-news/what-is-digital-house-arrest-find-out-how-to-avoid-this-new-scam-124052400799_1.html
• https://www.the420.in/ias-ips-officers-major-generals-doctors-and-professors-fall-victim-to-digital-arrest-losing-crores-stay-alert-read-5-real-cases-inside/
• https://indianexpress.com/article/cities/delhi/senior-nbcc-official-duped-in-case-of-digital-arrest-3-arrested-delhi-police-9588418/#:~:text=Of%20the%20duped%20amount%2C%20Rs,a%20Delhi%20police%20officer%20said (case study 1)
• https://timesofindia.indiatimes.com/city/lucknow/lucknow-sgpgims-professor-duped-of-rs-2-81-crore-in-digital-arrest-scam/articleshow/112521530.cms (case study 2)
• https://timesofindia.indiatimes.com/city/jaipur/bits-prof-duped-of-7-67cr-cops-want-cbi-probe-in-case/articleshow/109514200.cms (case study 3)

‍

Introduction

A zero-click cyber attack solely relies on software and hardware flaws, bypassing any human factor to infect a device and take control over its data. It is almost impossible to discover the attack and know that the device is hacked unless someone on your side is closely monitoring your network traffic data.

At Kaspersky, security analysts used their SIEM solution KUMA to monitor their corporate WiFi network traffic and discovered this mysterious attack. They took necessary actions to investigate it and even went a step further to dive right into the action and uncover the entire attack chain.

A few months ago, Kaspersky shared their findings about this attack on iOS devices. They shared how these zero-click vulnerabilities were being exploited by the attackers and called this attack ‘Operation Triangulation’.

A zero-click exploit in the network

Kaspersky detected a zero-click attack on the iPhones of their colleagues while monitoring their corporate WiFi network traffic. They managed to get detailed information on all the stages of the attack by simply identifying a pattern in the domain names flowing through their network. Although the attackers were quite experienced, their mistakes helped Kaspersky detect critical vulnerabilities in all iOS devices.

The name-pattern

These previously unsuspected domains had a similar name-style which consisted of two names and ended with ‘.com’, such as ‘backuprabbit.com’ and ‘cloudsponcer.com’. They were used in pairs, one for an exportation process and the other served as a command and control server. These domains showed high outbound traffic, they were registered with NameCheap and protected with Cloudflare.

The network pattern

Each time a connection to these suspicious domains was made, it was preceded by an iMessage connection which indicated these domains are being accessed by iOS devices. It was observed that the devices connected to these domains, downloaded attachments, performed a few requests to a first level domain which was an exploitation framework server, then made regular connections with the second level domain which was a command and control server controlled by the attackers.

Getting more information

To get more information about the attack all the infected devices were collected and backed up after carefully informing the device owners. Although the attackers had managed to clean their artefacts, the backed up data was used to perform digital forensic procedures and find traces of the attacks. This helped Kaspersky to figure out how the infection might be taking place.

The attacker’s mistakes

The attackers deleted all the attachment files and exploits but did not delete the modified SMS attachment folder. That folder had no files left inside it. The attackers removed evidence from other databases as well, like the ‘SMS.db’ database, however another database called ‘datausage.sqlite’ was not sanitised.

The ‘datausage.sqlite’ database is the most important database when it comes to iOS forensics as its contents can be used to track applications and network usage. Upon examination of this database, a process logged as ‘BackupAgent’ was found to be making network connections at the same time the device was making connections to the suspicious domains.

The indicator of compromise

‘BackupAgent’ stood out in this scenario because although it is a legitimate binary, it has been deprecated since iOS4 and it should not have been making any network connections. This identified the ‘BackupAgent’ process as the first solid indicator of compromise in Operation Triangulation. The indicator is termed as- ‘Data usage by process BackupAgent’, and was used to determine if any specific device was infected.

Taking it a step ahead

The team at Kaspersky successfully identified the indicator of compromise and determined which devices were infected, but as the attackers were experienced enough to delete their payloads, they decided to set a trap and perform a man-in-the-middle attack. When they did, the attackers were unable to detect it.

The man-in the-middle attack

Kaspersky prepared a server with ‘WireGuard’ and ‘mitmproxy’. They installed root certificates on devices that could be used as targets for the attackers and routed all the network traffic to that server. They also developed a ‘Telegram’ bot to notify them about new infections as they decrypted the network traffic.

Setting up a bot proved to be an effective way of real time monitoring while modifying all the network packets on-the-fly with ‘mitmproxy’, this gave them unlimited power! Their trap was successful in capturing a payload sent by the attackers and it was analysed in detail.

The name was in the payload

The payload was an HTML page with obfuscator javascript which performed various code checks and canvas footprinting. It rendered a yellow triangle and calculated its hash value. This is why the operation was named Operation Triangulation.

The team at Kaspersky started cracking various layers of asymmetric cryptography with regular expressions. They patched the stages one-by-one on the fly to move the logic from each stage to ‘mitmproxy’ and finally implemented a 400 line ‘mitmproxy’ add-on. This add-on decrypted all the validators, exploits, spyware and additional modules.

The mystery 

It is remarkable how Kaspersky detected the attack and identified multiple vulnerabilities, set up a trap to capture a payload and decrypted it completely. They shared all their findings with the device manufacturer and Apple responded by sending out a security patch update addressing four zero-day vulnerabilities. 

A zero-click vulnerability

Traditionally any spyware relies on the user to to click on a compromised link or file to initiate the infection. However a zero-click vulnerability is a specific flaw in the device software or hardware that the attacker can use to infect the device without the need for a click or tap from the user.

The vulnerabilities identified

1. Tricky Font Flaw (CVE-2023-41990): A clandestine method involving the manipulation of font rendering on iPhones, akin to a secret code deciphered by the attackers.Apple swiftly addressed this vulnerability in versions iOS 15.7.8 and iOS 16.3.

2. Kernel Trick (CVE-2023-32434): Exploiting a hidden language understood only by the iPhone's core, the attackers successfully compromised the kernel's integrity.Apple responded with fixes implemented in iOS 15.7.7, iOS 15.8, and iOS 16.5.1.

3. Web Sneakiness (CVE-2023-32435): Leveraging a clever ploy in the interpretation of web content by iPhones, the attackers manipulated the device's behaviour.Apple addressed this vulnerability in iOS 15.7.7 and iOS 16.5.1.

4. Kernel Key (CVE-2023-38606): The pinnacle of the operation, the attackers discovered a covert method to tamper with the iPhone's core, the kernel.Apple responded with a fix introduced in iOS 16.6, thwarting the intrusion into the most secure facets of the iPhone

Still, how these attackers were able to find this critical vulnerability in a device which stands out for it’s security features is still unknown.

CyberPeace Advisory

Zero-click attacks are a real threat, but you can defend yourself. Being aware of the risks and taking proactive steps can significantly reduce vulnerability. Regularly installing the latest updates for your operating system, apps, and firmware helps patch vulnerabilities before attackers can exploit them.

• Keep your software updated as they contain crucial security patches that plug vulnerabilities before attackers can exploit them.
• Use security software to actively scan for suspicious activity and malicious code, acting as a first line of defence against zero-click intrusions.
• Be cautious with unsolicited messages if the offer seems too good to be true or the link appears suspicious as it can contain malware that can infect your device.
• Disable automatic previews as it can potentially trigger malicious code hidden within the content.
• Be mindful of what you install and avoid unverified apps and pirated software, as they can be Trojan horses laden with malware.
• Stay informed about the latest threats and updates by following reliable news sources and security blogs to stay ahead of the curve, recognize potential zero-click scams and adjust your behaviour accordingly.

Check out our (advisory report)[add report link] to get in depth information.

Conclusion

Operation Triangulation stands as a testament to the continuous cat-and-mouse game between cybercriminals and tech giants. While the covert spy mission showcased the vulnerabilities present in earlier iPhone versions, Apple's prompt response underscores the commitment to user security. As the digital landscape evolves, vigilance, timely updates, and collaborative efforts remain essential in safeguarding against unforeseen cyber threats.

References:

1. Operation Triangulation: iOS devices targeted with previously unknown malware | Securelist, 1 June, 2023
2. Operation Triangulation: The last (hardware) mystery | Securelist, 27 December, 2023.
3. 37C3 - Operation Triangulation: What You Get When Attack iPhones of Researchers (youtube.com), 29 December,2023

Introduction

‍

We were all stunned and taken aback when multiple photos of streets in the U.S. surfaced with heavily drugged individuals loosely sitting on the streets, victims of a systematically led drug operation that has recently become a target of the Trump-led “tariff” war, which he terms as a war on drug cartels. The drug is a synthetic opioid, fentanyl, which is highly powerful and addictive. The menace of this drug is found in a country that has Wall Street and the largest and most powerful economy globally. The serious implications of drug abuse are not about a certain economy; instead, it has huge costs to society in general. The estimated cost of substance misuse to society is more than $820 billion each year and is expected to continue rising. 

On June 26, the International Day against Drug Abuse and Illicit Trafficking is observed globally. However, this war is waged daily for millions of people, not on streets or borders, but in bloodstreams, behind locked doors, and inside broken homes. Drug abuse is no longer a health crisis; it is a developmental crisis. The United Nations Office on Drugs and Crime has launched a campaign against this organised crime that says, “Break the Cycle’ attributing to the fact that de-addiction is hard for individuals. 

The Evolving Drug Crisis: From Alleyways to Algorithms

‍

The menace of Drug abuse and illicit trafficking has also taken strides in advancement, and what was once considered a street-side vice has made its way online in a faceless, encrypted, and algorithmically optimised sense. The online drug cartels operate in the shadows and often hide in plain sight, taking advantage of the privacy designed to benefit individuals. With the help of darknet markets, cryptocurrency, and anonymised logistics, the drug trade has transformed into a transnational, tech-enabled industry on a global scale. In an operation led by the U.S. Department of Justice’s Joint Criminal Opiod and Darknet Enforcement (JCODE) and related to Operation RapTor, an LA apartment was only to find an organised business centre that operated as a hub of one of the most prolific methamphetamine and cocaine distributors in the market. Aaron Pinder, Unit Chief of the FBI Hi-Tech Organised Crime Unit, said in his interview, “The darknet vendors that we investigate, they truly operate on a global scale.” On January 11, 2025, during the Regional Conference on “Drug Trafficking and National Security,” it was acknowledged how cryptocurrency, the dark web, online marketplaces, and drones have made drug trafficking a faceless crime. Reportedly, there has been a seven-fold increase in the drugs seized from 2004-14 to 2014-24. 

‍

India’s Response: Bridging Borders, Policing Bytes

‍

India has been historically vulnerable due to its geostrategic placement between the Golden Crescent (Afghanistan-Iran-Pakistan) and Golden Triangle (Myanmar-Laos-Thailand), and confronts a fresh danger from “click-to-consume’ narcotics. Although India has always adopted a highly sensitised approach, it holds an optimistic future outlook for the youth. Last year, to commemorate the occasion of International Day against Drug Abuse and Illicit Trafficking, the Department of Social Justice & Empowerment organised a programme to engage individuals for the cause. The Indian authorities are often seen coming down heavily on the drug peddlers and cartels, and to aid the cause, the Home Minister Amit Shah inaugurated the new office complex of the NCB’s Bhopal zonal unit and extension of the MANAS-2 helpline to all 36 states and UTs. The primary objectives of this step are to evaluate the effectiveness of the Narcotics Coordination Mechanism (NCORD), assess the progress of states in fighting drug trafficking, and share real-time information from the National Narcotics Helpline ‘MANAS’ portal with the Anti-Narcotics Task Force (ANTF) of states and UTs. 

‍

The United Nation’s War on Narcotics: From Treaties to Technology

‍

The United Nations Office on Drugs and Crime (UNODC) is leading the international response. It offers vital data, early warning systems, and technical support to the states fighting the drug problem. The UNODC incorporates cooperation in cross-border intelligence, overseeing the darknet activities, encouraging the treatment and harm reduction, and using anti-money laundering mechanisms to stop financial flows. India has always pledged its support to the UN led activities, and as per reports dated 26th March, 2025, India chaired the prestigious UN-backed Commission on Narcotic Drugs (CND) meeting held in vienna, wherein India highlighted the importance of opioids for medical purposes as well as the nation’s notable advancements in the field. 

‍

Resolution on June 26: From Commemoration to Commitment

‍

Let June 26 be more than a date on the calendar- let it echo as a call to action, a day when awareness transforms into action, and resolve becomes resistance. On this day, CyberPeace resolves the following:

‍

• To treat addicts as victims rather than criminals and to pitch for reforms to provide access to reasonably priced, stigma-free rehabilitation.
• To integrate anti-drug awareness into digital literacy initiatives and school curricula in order to teach frequently and early.
• To demand responsibility and accountability from online marketplaces and delivery services that unwittingly aid traffickers
• To tackle the demand side through employment, mental health services, and social protection, particularly for at-risk youth.

‍

References

• https://www.gatewayfoundation.org/blog/cost-of-drug-addiction/#:~:text=The%20estimated%20cost%20for%20substance,Alcohol%3A%20%24249%20billion 
• https://www.unodc.org/unodc/en/drugs/index-new.html 
• https://www.fbi.gov/news/stories/global-operation-targets-darknet-drug-trafficking 
• https://www.thehindu.com/news/national/dark-web-crypto-drones-emerge-as-challenges-in-fight-against-drug-trafficking-amit-shah/article69088383.ece 
• https://www.pib.gov.in/PressReleaseIframePage.aspx?PRID=2028704 
• https://www.newindianexpress.com/nation/2025/Mar/26/in-a-first-india-chairs-un-forum-on-narcotics-pledges-to-improve-access-to-pain-relief-and-palliative-care 

‍