India is no stranger to cybersecurity threats and attacks. The steady growth of the Indian tech sector has led to the massive growth of digital data inventory. This data accumulation has, in turn, spurred frequent cyberattacks across the country.
Companies across this sector have been launching new updates, innovating new technologies and propagating new changes in the year 2019.
In this article, we bring you a list of the key updates
1.Linking Aadhar Card with Social Media Profile
In July of 2018, Anthony Clement Rubin filed a PIL in Madras High Court in an attempt to solicit Aadhar Card linkage with social media platforms. The intent behind the PIL (Public Interest Litigation) was to demand conversion of encrypted data into simpler language, promoting traceability of malicious actors who are involved in/benefit from spreading incomplete, falsified information online. Linking Aadhar Card would greatly aid in tracking the offenders.
Facebook-owned Whatsapp would be the most to lose on this one. This messaging platform has resisted prior attempts by governmental agencies throughout the world who wanted access into Whatsapp’s databases to monitor the cyber-space for offences or wanted this feature (encrypted messaging) to be removed entirely.
India is home to 400 million Whatsapp users, therefore, accountability should mean security – not entirely true. It can lead to a compromise in the security of all Indian users as their personal/private information will be made public; foreign governments and institutions gain easy, unrestricted access.
Facebook filed for a transfer to the Supreme Court whose verdict rescued them. The Supreme Court said that linking social media accounts with Aadhar Card would be a breach of privacy policies, Facebook readily agrees.
Madras High Court, which supported the PIL, said: “The linking of social media profiles of the users with the Aadhaar was needed to check fake news, defamatory articles, pornographic materials, anti-national and terror contents in the online media.”
2. Proxy Wars.
India has been shaping public opinion abroad through the use of proxy websites. They usually push forwards the narratives of the Indian Government. These websites, according to EU Disinfo Lab (Brussel-based NGO), are in operation in over 65 countries and under fake news titles or titles of old newspapers or publications which have long been out of commission. The content on these websites usually focuses on the minorities in Pakistan or on the Kashmir issue or on other issues along the same lines, mostly harming Pakistan unjustly. For instance, the ‘About Us’ (pertaining to the information about the website and their team members, etc.) section of Manchester Times is a replica of a Wikipedia entry for a newspaper with the same name (Manchester Times) which closed its door in 1922. Disinfo Lab’s findings established a connection between these fraudulent websites to Indian stakeholders, companies, networks, etc. mainly linked with Srivastava Group. The Indian Institute for Non-Allied Studies (IINS) and the New Delhi Times share the same IP address and can be linked back to the Srivastava Group. This ambiguous connection (should) peak curiosity, when visits for 27 officials from the EU is organised by the IINS after the incidents that took place in Kashmir. Indian agencies are engaged in lobbying efforts throughout Europe, influencing leaders and public opinions alike. A clear connection between these websites and the Indian government has not been established
3. Free movie downloaders, streamers, Star Wars fans beware!
According to Kaspersky, 30 websites and social media handles, claiming to be the official movie accounts of the latest Star Wars movie, are in fact mediums/vehicle for cybercriminals to infect systems with malware. People fall victim to ‘clickbait’ and in the process unknowingly download spyware that extracts user information. It comes highly recommended not opening accounts or entering personal details (credit/credit card details, name, address, phone number, etc.) on these websites because that is how the cyber-criminals steal data. Be wary of any and all websites that offer free downloads as they play host to these parasites. Efforts are made to empower the ‘Rebel Faction’ and send disruptive waves across the Star Wars community, which is huge and consists of people from all age groups.
4. Fears over Facial Recognition in China
According to a Chinese report and reported by Abacus, found that almost 80% of the population fears facial data leaks, 65% are fearful of ‘Deepfake’ and many more are afraid of cyber theft and fraud. Digital data is left unprotected or loosely guarded as the country (China) faces data theft quiet often. A local media reported the sale of 5,000 images of people for as low as $2 per image. Still, 44% or less feel the need for technological intervention but at the same time, 88% prefer to have more control over their facial data.
China is digitising rapidly, payment companies prefer people using the facial recognition feature while making any sorts of payments like paying for subway tickets, groceries, etc. Chinese dating companies also encourage the use of facial recognition to avoid relaying misinformation. Some bathroom stalls even have facial recognition systems implemented, to monitor/prevent people from using excessive toilet paper.
The government and other agencies have access to this data and there have been reported cases of misuse. Invasion of privacy is rampant except in one area – voting, as the country is yet to implement biometrics for the election/voting is state-controlled.
5. India and Japan to work together on Space and CyberSecurity programmes.
Prime Minister, after the success of Mission Shakti, where a DRDO missile launched off the coast of Odisha successfully hit a Low Earth Orbit (LEO) satellite, announced that India could now take down satellites in space. The US, China and Russia are the only other countries apart from India that is ASAT (Anti-Satellite Weapons tests) proficient. Though India possesses ASAT capabilities, Japan has a well-established and extensive space programme. External Affairs Minister S Jaisahankar and Taro Kono (minister from Japan of similar designation) met during the G20 (outside the meetings) to discuss further on Space and CyberSecurity collaboration. Japan’s primary objective is to keep pace with developments in China for which it has offered to enter into a joint venture with India on connectivity projects, infrastructural developmental projects in the North East and other projects in countries like Bhutan, Myanmar, Kenya and Bangladesh. The two ministers entered into further talks regarding cybersecurity and other related issues. The two countries together hope to work towards building better Indo-pacific relations and fostering peace in Asian countries.
6.Juice Jacking
An alternate meaning of the word ‘Juice’ is used to refer to anyone who has power, influence, authority or sexual desirability. ‘Juice’ in this context means electric power. People who use charging ports or USB inlets at the airport or other public area are at risk of having their data stolen. The ports are infected with malware which allows hackers to infiltrate devices without anyone knowing and are able to extract personal/sensitive data including passwords and bank details; the hackers can also bar the person, to whom the device belongs to, from accessing it. It was observed that people disregard safety when their devices are about to run out of the said ‘juice’, plugging devices to any charging port available. Hackers lie in anticipation of such people, hackers replace the harmless charging ports with their personal malware-infested gadgets. “What they do is a very simple trick” and “They essentially disable the data pin on the USB charger”, said Prof Sekar of Carnegie Mellon University. Be mindful that this type of hacking is fairly complicated and very difficult to execute. People are advised to carry their own power bank, carry ac chargers and use ac power outlets.
7.High Profile Acquisitions
There were several big-money moves made in the CyberSecurity sphere in 2019. Insight Partners, an equity company, purchased a controlling stake in an internet technology company which specialises in simpler data generation to aid a thorough understanding of external cyber threats. Few customers of Recorded Future are The Gap, Verison, Morgon Stanley, etc.
Sophos, British hardware and software company, announced that Thoma Bravo, another equity firm, offered $3.9 billion to purchase the company. Thoma Bravo is of the opinion that Sophos is – “a global leader in next-generation cybersecurity solutions spanning endpoint, next-generation firewall, cloud security, server security, managed threat response, and more.” TechCrunch journalist, Zack Whittaker reported the presence of a vulnerability in Sophos’ system allowing hackers to enter its “internal networks without needing a password.” Sophos is spread across 150 countries with over 100 million users and 400,000 customers.
Palo Alto, the world foremost authority in CyberSecurity, announced the purchase of Demisto, in cash and equity, for $560 million. Demisto is another leading CyberSecurity company which specialise in Security Orchestration, Automation and Response (SOAR). CEO of Palo Alto Networks, Nikesh Arora said – “With the combination of Demisto and our existing threat prevention and response capabilities, we will be well-positioned to unlock the biggest challenges facing teams in security operations centres today,” and “…the integration of Demisto into Cortex will bring stronger automation and artificial intelligence capabilities to our platform, delivering greater protection across all environments.”FireEye, which discovered data theft of 68 million patients and doctor from an India-based company, paid $250 million to acquire Verodin. FireEye hopes that this acquisition will better the overall efficiency and security services that the company provides by adapting to the changes in the IT landscape and fixing the vulnerabilities within the system.
