MP John Brittas of the CPI(M), wrote to the Parliamentary Standing Committee on Communications and Information Technology chairperson Prataprao Jadhav, urging him to call an urgent meeting of the committee to investigate the threat notification messages…reports Asian Lite News
Central online safety agency CERT-In (Indian Computer Emergency Response Team) will probe the opposition’s claim of iPhone “hacking” attempts, IT Ministry sources have said.
CERT-In is the national agency responsible for responding to cybersecurity threats like hacking and phishing.
Several opposition leaders, including Mahua Moitra, Priyanka Chaturvedi, Raghav Chadha, Shashi Tharoor, Pawan Khera, and Sitaram Yechury, claimed on Tuesday that they had received Apple alerts warning them of state-sponsored attackers trying to hack their iPhones. Apple, in response to the claims, said it “does not attribute the notifications to any specific state-sponsored attacker” while adding that “it is possible that some Apple threat notifications may be false alarms”.
Opposition MPs and leaders, including Trinamool MP Mahua Moitra, demanded that the government answer questions about the alert issue, and called for a meeting of the parliamentary standing committee for IT to investigate.
MP John Brittas of the CPI(M), wrote to the Parliamentary Standing Committee on Communications and Information Technology chairperson Prataprao Jadhav, urging him to call an urgent meeting of the committee to investigate the threat notification messages.
BJP MP on the parliamentary IT committee, Nishikant Dubey, said the committee cannot take up the matter. According to Mr Dubey, under Lok Sabha rules, the central government has jurisdiction over the investigation into Apple’s warning to its subscribers, while the state police can examine their iPhones to further verify the allegations.
The government rejected the opposition leaders’ allegations of spying. IT Minister Ashwini Vaishnaw said Apple had issued similar alerts in 150 countries, that they were based on incomplete and often inaccurate data, and that some could be “false alarms”.
The stolen data includes information about the WHO, the Union Ministry of Information and Broadcasting, Google CEO Sundar Pichai and American singer Charlie Puth, among others…reports Asian Lite News
A hacker has claimed to have stolen the data of nearly 400 million Twitter users and put it up for sale on the dark web.
According to Israeli cyber intelligence firm, Hudson Rock, the database contains devastating amounts of information, including e-mails and phone numbers of high-profile users.
Hudson Rock has shared pictures of the post on Twitter in which the hacker has shared information about the data leak.
The stolen data includes information about the WHO, the Union Ministry of Information and Broadcasting, Google CEO Sundar Pichai and American singer Charlie Puth, among others.
“I am selling data of +400 million unique Twitter users that was scrapped via a vulnerability, this data is completely private,” the hacker wrote in his post. The hacker, who claims to have stolen the data, has offered a deal to Twitter, according to the report.
“Twitter or Elon Musk, if you are reading this post, you are already at risk of GDPR fines for the data leak of over 54 million users. Now fines for data leak of 400 million users,” said the hacker.
“Your best option to avoid paying $2.76 million in CDPR breach fines like Facebook did (due to 533 million users being scraped) is to buy this data exclusively,” it added.
He said that he is ready to deal with any middleman. Moreover, he mentioned that “I will delete this thread and will not sell this info again”.
In an advert on a criminal forum, later removed, the user said the data was stolen from Shanghai National Police
Chinese President Xi Jinping has urged public bodies to “defend information security” after a hacker offered to sell stolen data of one billion Chinese citizens.
In an advert on a criminal forum, later removed, the user said the data was stolen from Shanghai National Police, the BBC reported.
The hacker claims the information includes names, addresses, National ID numbers and mobile phone numbers.
Cyber-security experts have verified that at least some of a small sample of the data offered is real.
The 23 terabytes of data is thought to be the largest ever sale of data on record and was being offered for $200,000 until the post was removed on Friday.
No Chinese officials have responded to the news and President Xi did not make direct reference to the data sale.
But, according to the South China Morning Post, the President has asked public bodies in China to “defend information security… to protect personal information, privacy and confidential corporate information” to ensure people feel secure when submitting data for public services.
On Friday, the moderators of the website where the sale was listed, by a user called ChinaDan, posted a notice which read: “Dear Chinese users, welcome to our forum. You most likely came here because of the Shanghai police database leak. The data is no longer being sold, and posts related to this topic have been deleted.”
Our threat intelligence detected 1 billion resident records for sell in the dark web, including name, address, national id, mobile, police and medical records from one asian country. Likely due to a bug in an Elastic Search deployment by a gov agency. This has impact on …
The website administrators then added that they have many other similar and high quality Chinese databases for sale, adding: “We are not in China and we are not Chinese, so we do not have to obey Chinese laws,” the BBC reported.
According to DarkTracer, which monitors cyber criminal activity, another hacker, perhaps inspired by the publicity surrounding ChinaDan’s offer, posted an advert on Tuesday for 90 million Chinese citizen records, which the hacker claims to have stolen from Henan National Police (HNGA).
None of that data has been verified.
“It remains unclear exactly why the data has been withdrawn,” the BBC quoted Toby Lewis, global head of threat analysis at Darktrace, as saying.
“The original offer of sale suggests that the hacker was looking to sell the data to several buyers without exclusivity, rather than just one.
“So one theory is that for a high enough price exclusivity could have been bought, and that kind of purchase could possibly have been made by the Chinese state itself,” he added.
The Pak-based hackers operated fake app stores and also compromised legitimate websites to host malicious phishing pages to manipulate people…reports Asian Lite News
Hackers from the Pakistan have been using Facebook to trap former Afghan users by creating fake profiles. Facebook on Tuesday said it has removed a group of hackers from Pakistan that created fictitious profiles – typically of young women – as romantic lures to build trust with potential targets in Afghanistan and trick them into clicking on phishing links or downloading malicious chat apps.
The group, known as SideCopy, targeted people who were connected to the previous Afghan government, military, and law enforcement agencies in Kabul.
“We disabled their accounts, blocked their domains from being posted on our platform, shared information with our industry peers, security researchers and law enforcement agencies, and alerted the people who we believe were targeted by these hackers,” Facebook (now Meta) said in a statement.
The Pak-based hackers operated fake app stores and also compromised legitimate websites to host malicious phishing pages to manipulate people into giving up their Facebook credentials.
SideCopy attempted to trick people into installing trojanised chat apps (containing malware that misled people about its true intent), including messengers posing as Viber and Signal, or custom-made Android apps that contained malware to compromise devices.
Among them were apps named HappyChat, HangOn, ChatOut, TrendBanter, SmartSnap, and TeleChat — some of which were in fact functioning chat applications, said Facebook.
It became clear during the Covid months that cases of hacking of phones, credit-debit cards and other vital data for committing financial frauds were booming and targeting even ordinary people…writes D.C. PATHAK
An important lesson drawn by India from the ongoing pandemic is that strict crime control and maintenance of law and order are needed to protect the nation from many of the newly emerging threats to internal stability and security. At least five such points of concern can be identified and they all can be said to be creating vulnerabilities that facilitated the work of enemy agents and adversarial forces.
Dangers of digital fraud
First, digital frauds that entrapped innocent citizens and could possibly be used for the nefarious plans of the enemy in some cases, have multiplied in this period and deprived a very large number of ordinary people doing digital banking — believing it to be safe and convenient — of their meagre resources. Secondly, anti-social elements among the youth who have become active across the country for the twin reasons of economic downturn and a reduced police presence, are providing fodder to the agencies of our adversaries for ‘talent spotting’ and diversion towards anti-national pursuits. This is a matter of particular concern in the area of internal security.
Foreign hand
Third, foreign based lobbies have tried to merge into the opposition voices on such current issues as breakdown of medical care system, shortages of vaccines and other medical supplies as also the alleged neglect of the poor during the pandemic, to build a narrative against the government of the day. This has since developed into a political war ‘by proxy’. Further, a distinct trend is the rise of agitational politics that aimed at projecting the Modi government as a violator of freedom to protest and human rights and as an ‘intolerant’ regime that could not bear with criticism — it did not matter to the critics that this charge was not well-founded and that the narrative went beyond the normal political critique to create an environ of instability about the country’s governance itself.
Domestic strife
And finally, a highly uneven situation of law and order prevailed in the country primarily because of the subservience of the administrative machinery concerned to the political pressures of the state rulers, leading to a serious erosion of what was the sovereign duty of the police in a democratic state to serve the law abiding and deter the potential offenders. The entire gamut of these dangers needs to be examined quickly for remedial measures. The Centre has to find a way of providing a strong democratic governance to the people of this large nation within the federal structure of the country — but without letting centrifugal tendencies come in the way.
It became clear during the Covid months that cases of hacking of phones, credit-debit cards and other vital data for committing financial frauds were booming and targeting even ordinary people with limited resources who relied on online transactions because of the pandemic restrictions. The situation calls for a national drive to identify and neutralise illicit SIM cards which are being used by criminals as weapons. The menace has become large and draws a parallel with the situation in some freedom loving developed countries where control on sale of automatic firearms was now being actively considered.
The issue of SIM cards freely may be an indicator of socio-economic progress but in the Indian context it is greatly helping criminals and anti-national elements too — because of which there is a spurt in digital crimes against the common man. Telecom companies would better verify the identity of the purchaser beyond Aadhaar card by recording his or her double thumb impression so that in the event of a fraudulent transaction, reported through an unknown number, the owner of that SIM can be reached by the cyber police investigating the matter.
Gangs of criminals have acquired thousands of SIM cards to operate through the length and breadth of the country. This can overwhelm our legal machinery unless a deep biometric identity of SIM customer was made mandatory. The Centre must also respond quickly to evaluate the working of cyber police stations and pool the feedback given by them to make the system more effective. These police stations must be already having seamless communication with their counterparts across the country and the legal action initiated by them to locate a suspect number should not be allowed to be hampered by the issue of state jurisdiction that restrictively defines law and order responsibility in this country.
Demographic divide
India for a variety of reasons is becoming overladen by youth who did not add to ‘demographic dividend’ — being neither educated nor skilled — and who were becoming prone to ‘coming on the road’ specially because of the destruction of jobs that had occurred at the lower lines of the economic pyramid on account of the pandemic. This has happened across urban and rural India and accounts at least partly for the ongoing rise in local crimes like snatching, ATM robbery, sexual assaults on minors of the vicinity, thefts and public brawls. Indian law emphasised on the need for the police station to keep in touch with the ‘localities’ and have a fairly good idea of the ‘idlers and loiterers’ who inflicted themselves on public spaces at odd hours and indulged in lawlessness on the slightest pretext. In suitable cases they could be put on a bond for good behaviour.
It is not easy to exercise this type of control on the crime situation but India has to quickly move towards an effective local presence of the police and a closer monitoring of the villages and urban neighbourhoods to provide confidence and safety to the law-abiding citizens. The strategic approach to the problem of course would be to provide the youth with skill training free of cost and create avenues of employment for them for sustenance. This is a huge challenge for the Centre-state combine — it has been made more daunting because of the pandemic. The Modi government at the Centre has adopted a perceptive policy of economic revival by giving the call — ‘vocal for local’ — that suits India’s genius and helps to build the base of our economic pyramid.
Deep divisions
The return of BJP regime at the Centre with a much larger majority in 2019 and the splintering of other parties led to the trend of opposition taking to campaigning against the government outside of the Parliament and that too not on policies so much as on the persona of the Prime Minister and his allegedly ‘authoritarian’ style of governance. Lobbies at home and abroad including left liberals, human rights activists and advocates of ‘secularism’ focusing on minority-majority divisions, have got into the domestic politics and started promoting street agitations and disruptive narratives as an expression of ‘freedom’. The response of the Modi regime has to be a calibrated one — putting the facts of policy execution before the people and not letting anybody cross the line of violation of public order, incitement to public violence and erosion of the public sentiment on national integrity.
India likely to unveil new cybersecurity strategy this year
There is little doubt that the people of India give credit to Prime Minister Modi for being upfront and bold about taking decisions to deal with the pandemic — a disaster that had come unannounced. He was himself leading the effort to contain the breakdown of health infrastructure and organise vaccine production. It is necessary that the administration at the centre and in the states came on the same page in interpreting what was part of democratic rights and what amounted to taking to the ‘politics of the street’. We are passing through times when the leadership of the civil administration and the police ought to realise the importance of their crucial apolitical role in sustaining democracy and safeguarding internal stability and security without coming in the way of the sovereign right of the elected political executive to frame policies and adopt legislative measures. Hopefully, India’s judiciary can maintain the constitutional balance of power amongst the known ‘pillars of democracy’.
The multiplicity of political parties, all wanting to mop up followers wherever they came from, does complicate the problem of governance but there is no getting away from the fact that states cannot be allowed to weaken the law-and-order situation in the country which can, among other things, spoil the prospects of investment and economic growth. The centre has to find within the federal system a method of monitoring the performance of the state administration and police on the maintenance of law and order — tracking the performance of IAS and IPS officers on this front can be a good initial move. These All India Civil Services were created to take care of the law-abiding people and in particular improve the working of police stations which are the first place of call for a distressed citizen.
Modern India cannot be run with a flawed administrative and police set-up. Corruption at the lower echelons only puts ordinary citizens in difficulty about running their life peacefully. Effective governance cannot be there unless the administrative and police machinery at the local level is freed of corruption — this unfortunately is not happening because of the lack of attention of the state governments towards the all-important issue of law and order. This is all the more a reason why the centre must acquire a firmer grip on the working of the IAS and IPS officers who are a major instrument of the nation for providing clean and firm governance in the country as a whole. Internal security is linked with that at the strategic level.
(The writer is a former Director of Intelligence Bureau)
