#FactCheck: AI Generated audio of CDS admitting that Pakistan Army is superior than Indian Army.

About Customs Scam:

The Customs Scam is a type of fraud where the scammers pretend to be from the renowned courier office company (DTDC, etc.), or customs department or other government entities. They try to deceive the targets to transfer the money to resolve the fake customs related concerns.  The Research Wing at CyberPeace along with the Research Wing of Autobot Infosec Private Ltd. delved into this case through Open Source Intelligence methods and undercover interactions with the scammers and concluded with some credible information.

Case Study:

The victim receives a phone call posing as a renowned courier office (DTDC, etc.) employee (in some case custom’s officer) that a parcel in the name of the victim has been taken into custody because of inappropriate content. The scammer provides the victim an employee ID, FIR number to prove the authenticity of the case and also they show empathy towards the victim. The scammer pretends to help the victim to connect with a police officer for further action. This so-called police officer shows transparency in his work. He asks him to join a skype video call and he even provides time to install the skype app. He instructs the victim to connect with the skype id provided by the fake police officer where the scammer created a fake police station environment. He also claims that he contacted the headquarters and the victim’s phone number is associated with many illegal activities to create panic to the victim.  Then the scammers also ask the victim to give their personal details such as home address, office address, aadhar card number, PAN card number and screenshot of their bank accounts along with their available account balance for the sake of so-called investigation. Sometimes scammers also demand a high amount of money to resolve the issue and create fake urgency to trap the victim in making the payment. He sternly warns the victim not to contact any other police officials or professionals, making it clear that doing so would only lead to more trouble.

Analysis & Findings: 

After receiving these kinds of complaints from multiple sources, the analysis was done on the collection of phone numbers from where the calls originated. These phone numbers were analysed for alias name, location, Telecom operator,  etc.  Further, we have verified the number to check whether the number is linked with any social media account on reputed platforms like Google, Facebook, Whatsapp, Twitter, Instagram, Linkedin, and other classified platforms such as Locanto.

• Phone Number Analysis: Each phone number looks authentic, cleverly concealing the fraud. Sometimes scammers use virtual/temporary phone numbers for these kinds of scams. In this case the victim was from Delhi, so the scammer posed themselves from Delhi Police station, while the phone numbers belong to a different place.

• Undercover Interactions:  The interactions with the suspects reveals their chilling way of modus operandi. These scammers are masters of psychological manipulation. They threaten the victims and act as if they are genuine LEA officers. 
• Exploitation Tactics: They target unsuspecting individuals and create fear and fake urgency among the targets to extract sensitive information such as Aadhaar, PAN card and bank account details.

• Fraud Execution: The scammers demand for the payment to resolve this issue and they make use of the stolen personally identifiable information. Once the victims transfer the money, the fraudsters cut off all the communication.
• Outcome for Victims:  The scammers act so genuine and they frame the incidents so realistic, victims don't realise that they are trapped in this scam. They suffer severe financial loss and psychological trauma.

Recommendations:

• Verify Identities: It is important to verify the identity of any individual, especially if they demand personal information or payment. Contact the official agency directly using verified contact details to confirm the authenticity of the communication.
• Education on Personal Information: Provide education to people to protect their personal identity numbers like Aadhaar and PAN card number. Always emphasise the possible dangers connected to sharing such data in the course of phone conversations.
• Report Suspicious Activity: Prompt reporting of suspicious phone calls or messages to relevant authorities and consumer protection agencies helps in tracking down scammers and prevents people from falling. Report to https://cybercrime.gov.in or reach out to helpline@cyberpeace.net for further assistance. 
• Enhanced Cybersecurity Measures: Implement robust cybersecurity measures to detect and mitigate phishing attempts and fraudulent activities. This includes monitoring and blocking suspicious phone numbers and IP addresses associated with scams.

Conclusion:

In the Customs Scam fraud, the scammers pretend to be a custom or any government official and sometimes threaten the targets to get the details such as Aadhaar, PAN card details, screenshot of their bank accounts along with their available balance in their account. The phone numbers used for these kinds of scams were analysed for any suspicious activity. It is found that all the phone numbers look authentic concealing the fraudentent activities. The interactions made with them reveals that they create fearness and urgency between the individuals. They act as if they are genuine officer’s and ask for money to resolve this issue. It is important to stay vigilant and not to share any personal or financial information. When facing these kinds of scams, report and spread awareness among individuals.

‍

Introduction

The rise of misinformation, disinformation, and synthetic media content on the internet and social media platforms has raised serious concerns, emphasizing the need for responsible use of social media to maintain information accuracy and combat misinformation incidents. With online misinformation rampant all over the world, the World Economic Forum's 2024 Global Risk Report, notably ranks India amongst the highest in terms of risk of mis/disinformation. 

The widespread online misinformation on social media platforms necessitates a joint effort between tech/social media platforms and the government to counter such incidents. The Indian government is actively seeking to collaborate with tech/social media platforms to foster a safe and trustworthy digital environment and to also ensure compliance with intermediary rules and regulations. The Ministry of Information and Broadcasting has used ‘extraordinary powers’ to block certain YouTube channels, X (Twitter) & Facebook accounts, allegedly used to spread harmful misinformation. The government has issued advisories regulating deepfake and misinformation, and social media platforms initiated efforts to implement algorithmic and technical improvements to counter misinformation and secure the information landscape.

Efforts by the Government and Social Media Platforms to Combat Misinformation

1. Advisory regulating AI, deepfake and misinformation

The Ministry of Electronics and Information Technology (MeitY) issued a modified advisory on 15th March 2024, in suppression of the advisory issued on 1st March 2024. The latest advisory specifies that the platforms should inform all users about the consequences of dealing with unlawful information on platforms, including disabling access, removing non-compliant information, suspension or termination of access or usage rights of the user to their user account and imposing punishment under applicable law. The advisory necessitates identifying synthetically created content across various formats, and instructs platforms to employ labels, unique identifiers, or metadata to ensure transparency. 

2. Rules related to content regulation

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (Updated as on 6.4.2023) have been enacted under the IT Act, 2000. These rules assign specific obligations on intermediaries as to what kind of information is to be hosted, displayed, uploaded, published, transmitted, stored or shared. The rules also specify provisions to establish a grievance redressal mechanism by platforms and remove unlawful content within stipulated time frames.

3. Counteracting misinformation during Indian elections 2024

To counter misinformation during the Indian elections the government and social media platforms made their best efforts to ensure the electoral integrity was saved from any threat of mis/disinformation. The Election Commission of India (ECI) further launched the 'Myth vs Reality Register' to combat misinformation and to ensure the integrity of the electoral process during the general elections in 2024. The ECI collaborated with Google to empower the citizenry by making it easy to find critical voting information on Google Search and YouTube. In this way, Google has supported the 2024 Indian General Election by providing high-quality information to voters and helping people navigate AI-generated content. Google connected voters to helpful information through product features that show data from trusted institutions across its portfolio. YouTube showcased election information panels, featuring content from authoritative sources.

4. YouTube and X (Twitter) new ‘Notes Feature’

• Notes Feature on YouTube: YouTube is testing an experimental feature that allows users to add notes to provide relevant, timely, and easy-to-understand context for videos. This initiative builds on previous products that display helpful information alongside videos, such as information panels and disclosure requirements when content is altered or synthetic. YouTube clarified that the pilot will be available on mobiles in the U.S. and in the English language, to start with. During this test phase, viewers, participants, and creators are invited to give feedback on the quality of the notes.
• Community Notes feature on X: Community Notes on X aims to enhance the understanding of potentially misleading posts by allowing users to add context to them. Contributors can leave notes on any post, and if enough people rate the note as helpful, it will be publicly displayed. The algorithm is open source and publicly available on GitHub, allowing anyone to audit, analyze, or suggest improvements. However, Community Notes do not represent X's viewpoint and cannot be edited or modified by their teams. A post with a Community Note will not be labelled, removed, or addressed by X unless it violates the X Rules, Terms of Service, or Privacy Policy. Failure to abide by these rules can result in removal from accessing Community Notes and/or other remediations. Users can report notes that do not comply with the rules by selecting the menu on a note and selecting ‘Report’ or using the provided form.

CyberPeace Policy Recommendations

Countering widespread online misinformation on social media platforms requires a multipronged approach that involves joint efforts from different stakeholders. Platforms should invest in state-of-the-art algorithms and technology to detect and flag suspected misleading information. They should also establish trustworthy fact-checking protocols and collaborate with expert fact-checking groups. Campaigns, seminars, and other educational materials must be encouraged by the government to increase public awareness and digital literacy about the mis/disinformation risks and impacts. Netizens should be empowered with the necessary skills and ability to discern fact and misleading information to successfully browse true information in the digital information age. The joint efforts by Government authorities, tech companies, and expert cyber security organisations are vital in promoting a secure and honest online information landscape and countering the spread of mis/disinformation. Platforms must encourage netizens/users to foster appropriate online conduct while using platforms and abiding by the terms & conditions and community guidelines of the platforms. Encouraging a culture of truth and integrity on the internet, honouring differing points of view, and confirming facts all help to create a more reliable and information-resilient environment. 

References:

1. https://www.meity.gov.in/writereaddata/files/Advisory%2015March%202024.pdf
2. https://blog.google/intl/en-in/company-news/outreach-initiatives/supporting-the-2024-indian-general-election/
3. https://blog.youtube/news-and-events/new-ways-to-offer-viewers-more-context/
4. https://help.x.com/en/using-x/community-notes

‍

Introduction

The most significant change seen in the Indian cyber laws this year was the passing of the Digital Personal Data Protection Act, 2023, in the parliament. DPDP Act is the first concrete form of legislation focusing on the protection of Digital Personal Data of Indian netizens in all aspects; the act is analogous to what GDPR is for Europe. The act lays down heavy compliance mandates for the intermediaries and data fiduciaries, this has made it difficult for the tech companies a lot of policy, legal and technical changes have to be made in order to implement the act to its complete efficiency. Recently, the big techs have addressed a letter to the Minister and Minister of State of Meity to extend the implementation timeline of the act. In other news, the union cabinet has given the green light for the much-awaited MoC with Japan focused on establishing a long-term Semiconductor Supply Chain Partnership. 

Letter to Meity

The lobby of the big techs represented by a Trade Body named the Big Tech Asia Internet Coalition (AIC) this week wrote to the Ministry of Electronics and Information Technology (Meity), addressing it to the Minister Ashwini Vaishnav and Minister of State (MoS) Rajeev Chandershekhra recommending a 12-18 month extension on the implementation of the Digital Personal Data Protection Act. This request comes at a time when the government has been voicing its urgency to implement the act in order to safeguard Indian data at the earliest. The trade body represented big names, including Meta, Google, Microsoft, Apple and many more. These big techs essentially comprise the segment recognised under the DPDP as the Significant Data Fiduciaries due to the sheer volume of data processed, hosted, stored, etc. In the protective sense, the act has been designed to focus on preventing the exploitation of personal data of Indian netizens by the big techs, hence, they form an integral part of the Indian Data Ecosystem.  The following reasons/complications concerning the implementation of the act were highlighted in the letter:

• Unrealistic Timelines: The AIC expressed that the current timeline for the implementation of the act seems unrealistic for the big techs to establish technological, policy and legal mechanisms to be in compliance with section 5 of the act, which talks about the Obligations of a Data Fiduciary and the particular notice to be shared with the data principles in accordance with the act. 
• Technical Requirements: Members of AIC expressed that the duration for the implementation of the act is much less in comparison to the time required by the tech companies to set up/deploy relevant technical critical infrastructure, SoPs and capacity building for the same. This will cause a major hindrance in establishing the efficiency of the act.
• Data Rights:  Right to Erasure, Correction, Deletion, Nominate, etc., are guaranteed under the DPDP, but the big techs are not sure about the efficient implementation of these rights and hence will need fundamental changes in the technology architecture of their platform, thus expressing concern of the early implementation of the act. 
• Equivalency to GDPR: The DPDP is taken to be congruent to the European GDPR, but the DPDP focuses on a few more aspects, such as cross-border data flow and compliance mandates for the right to erasure, hence a lot of GDPR-compliant big techs also need to establish more robust mechanisms to maintain compliance to Indian DPDP.     

Indo-Japan MoC

A Memorandum of Cooperation (MoC) on the Japan-India Semiconductor Supply Chain Partnership was signed in July 2023 between the Ministry of Electronics and Information Technology (MeitY) of India and the Ministry of Economy, Trade and Industry (METI) of Japan. This information was shared with the Union Cabinet, which is led by Prime Minister Narendra Modi. The Ministry of Commerce (MoC) aims to expand collaboration between Japan and India in order to improve the semiconductor supply chain. This is because semiconductors are critical to the development of industries and digital technologies. The Parties agree that the MoC will take effect on the date of signature and be in effect for five years. Bilateral cooperation on business-to-business and G2G levels on ways to develop a robust semiconductor supply chain and make use of complementary skills. The cooperation is aimed at harnessing indigenous talent and creating opportunities for higher employment avenues. 

MeitY's purpose also includes promoting international cooperation within bilateral and regional frameworks in the frontier and emerging fields of information technology. MeitY has engaged in Memorandums of Understanding (MoUs), Memorandums of Covenants (MoCs), and Agreements with counterpart organisations/agencies of other nations with the aim of fostering bilateral collaboration and information sharing. Additionally, MeitY aims to establish supply chain resilience, which would enable India to become a reliable partner. An additional step towards mutually advantageous semiconductor-related commercial prospects and collaborations between India & Japan is the strengthening of mutual collaboration between Japanese and Indian enterprises through this Memorandum of Understanding. The “India-Japan Digital Partnership” (IJDP), which was introduced during PM Modi's October 2018 visit to Japan, was created in light of the two countries' complementary and synergistic efforts. Its goal is to advance both current areas of cooperation and new initiatives within the scope of S&T/ICT cooperation, with a particular emphasis on “Digital ICT Technologies."

Conclusion 

As we move ahead into the digital age, it is pertinent to be aware and educated about the latest technological advancements, new forms of cybercrimes and threats and legal aspects of digital rights and responsibilities, whether it is the recommendation to extend the implementation of DPDP or the Indo-Japan MoC, both of these instances impact the Indian netizen and his/her interests. Hence, the indigenous netizen needs to develop a keen interest in the protection of the Indian cyber-ecosystem to create a safer future. In our war against technology, our best weapon is technology and awareness, thus implementing the same in our daily digital lifestyles and routines is a must.  

References

• https://www.eetindia.co.in/cabinet-approves-moc-on-japan-india-semiconductor-supply-chain-partnership/
• https://www.moneycontrol.com/news/business/startup/trade-body-representing-big-tech-urges-govt-to-extend-dpdp-act-implementation-by-1-5-years-11605431.html
• https://www.google.com/url?rct=j&sa=t&url=https://www.eetindia.co.in/cabinet-approves-moc-on-japan-india-semiconductor-supply-chain-partnership/&ct=ga&cd=CAEYACoTOTI3Mzg4NzEyODgwMjI2ODk0MDIaOTBiYzUxNmI5YTRjYTE1NTpjb206ZW46VVM&usg=AOvVaw2lEO7-cIBZ_ox1xV39LGLs

‍

‍