NATIONAL

Government of India established three Grievances Appellate Committees based on IT Rules 2021.

On 28 January 2023, the Central Government set up three Grievances Appellate Committees (GACs) on the basis of Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021. Each Committee will have three members in it. During the extensive public consultations on the IT Rules, the Minister of State (MoS) for Electronics & Information Technology (E&IT) and Skill Development & Entrepreneurship— Rajeev Chandrasekhar had highlighted Government’s stand on— safety and trust of every Digital Nagrik, and robust grievance redressal system to ensure accountability of all Internet platforms offering a service or product, and that all grievances must be 100% addressed.

The Grievance Appellate Committee (GAC) is a key piece of overall policy and legal framework to ensure that Internet in Bharat is open, safe & trusted and accountable. The need for GAC was created due to large numbers of grievances being left unaddressed or unsatisfactorily addressed by Internet Intermediaries. GAC is expected to create a culture of responsiveness amongst all Internet platforms and intermediaries towards their consumers. The GAC will be a platform that will operate only virtual/online— wherein the entire appeal process, from filing of appeal to the decision thereof, shall be conducted digitally.^[1]

Ministry of Information and Broadcasting banned six YouTube channels for fake news

Ministry of Information and Broadcasting (I&B)’s PIB Fact Check Unit (FCU) cracked down six YouTube channels which were disseminating false information/news in Bharat. To counter the false information circulated by these channels, the FCU released six separate Twitter threads with more than 100 fact-checks. The six YouTube channels, which were discovered to be part of a coordinated disinformation network, had close to 20 lakh subscribers, and more than 51 crore people have watched the videos on these channels.

The banned YouTube channels— i) Nation TV, ii) Samvaad TV, iii) Sarokar Bharat, iv) Nation 24, v) Swarnim Bharat, and vi) Samvaad Samachar, spread news about elections in Bharat, and were part of fake news economy which thrives on monetisation of fake news. These channels used fake, and sensational thumbnail images of television news anchors of renowned TV channels to mislead viewers to believe that news was authentic and drive traffic to their respective channels to monetise the videos posted by them.^[2]

SAMEER and Siemens Healthineers signed MoU on Bharat MRI Technology

On 27 January 2023, Bharat’s premier Research and Development (R&D) institute of Ministry of Electronics and Information Technology (MeitY)— SAMEER (Society for Applied Microwave Electronics Engineering & Research) signed a Memorandum of Understanding (MoU) with Siemens Healthineers in Bangalore, which will contribute towards the development of new, improved, and innovative technologies for advancing healthcare and diagnostic access in Bharat. SAMEER specialises in Radio Frequency (RF) Microwaves Radar and communication system, E3 testing and Medical Electronics a strategic partnership.

Emphasising on the “Digital India Programme”, the Minister of State for Electronics & Information Technology and Skill Development & Entrepreneurship— Rajeev Chandrasekhar said that “the MoU is a significant step in the direction of Digital India Programme. We [Bharat] are also supportive of R&D model based on co-development between global companies and Bharat’s vast network of academic institutions.” At present, SAMEER is developing IMRI (Indigenous Magnetic Resonance Imaging) technology under the Sushrut MRI (Indian MRI) system, said Shri Rajesh Harsh, who is coordinating the research in MRI and Industry ecosystem.^[3]

CERT-In issued advisory on multiple vulnerabilities in Schneider Electric products

On 16 January 2023, the Indian Computer Emergency Response Team (CERT-In) issued an advisory— CIAD-2023-0002, pertains to the multiple vulnerabilities in Schneider Electric products. According to the advisory, the Schneider Electric products reported multiple vulnerabilities which could allow an attacker to execute arbitrary code, disclose sensitive information, bypass security restrictions or cause denial of service condition on the target system. Schneider Electric’s affected products included— EcoStruxure Machine Expert, EcoStruxure Geo SCADA Expert and Operation, EcoStruxure Power SCADA, EcoStruxure Power Operation, EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon.^[4]

MeitY requested comments from stakeholders and the general public on proposed changes to the IT Rules

On 19 January 2023, the Ministry of Electronics and Information Technology (MeitY) invited suggestions and comments from stakeholders and the general public on the proposed amendment to rule 3(1)(b)(v) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“IT Rules”) with respect to obligations of social media and other intermediaries regarding sharing. This was done in order to fulfil the commitment to ensure an open, safe, trusted, and accountable Internet for citizens.
“The draft amendments to IT Rules are in pursuance of our commitment to an Open, Safe & Trusted and Accountable Internet. We have circulated amendments for consultation with stakeholders. As is the practice meticulously followed by Govt. these amendments will also be put through open consultations – to reflect, discuss and deliberate on these amendments or any other such effective means through which we can prevent misinformation/patently wrong information circulated on the Internet by State/Non-State actors,” said the Minister of State (MoS) for Electronics and Information Technology— Rajeev Chandrasekhar.^[5]

CERT-In issued advisory on multiple vulnerabilities in Microsoft products.

On 11 January 2023, the Indian Computer Emergency Response Team (CERT-In) issued an advisory— CIAD-2023-0001, regarding multiple vulnerabilities in Microsoft products, including Windows, Office, SharePoint, and Azure. These vulnerabilities could allow an attacker to gain elevated privileges, obtain confidential/sensitive information, and conduct remote code execution attacks, conduct spoofing attacks, or cause denial of service conditions.^[6]

CERT-In also suggested to apply appropriate security updates as provided at: https://msrc.microsoft.com/update-guide/releaseNote/2023-Jan

INTERNATIONAL

EU and US to sign first-of-its-kind AI agreement

The European Union (EU) and the United States (US) announced an agreement on January 27, 2023, to accelerate and improve the use of Artificial Intelligence (AI) to improve agriculture, healthcare, emergency response, climate forecasting, and the electric grid. According to a senior US administration official (on the basis of anonymity), earlier agreements on the same issue had been limited to specific areas such as enhancing privacy. AI modelling/Machine Learning (ML) algorithms which use data to make logical decisions could be used to improve the speed and efficiency of government operations and services. As per the agreement, all of the data would be harnessed into a common AI model that would produce better results for managers, grid operators and others depending on AI during emergency scenarios.^[7]

Pakistan investigated if nationwide blackout was due to cyber-attack

Pakistani authorities conducted investigation on a possible cyber-attack causing a nationwide power blackout. On 24 January 2023, Pakistan’s Energy Minister— Khurram Dastgir informed that “there was a remote chance of the incident caused by hackers. The power across nation was fully restored within 24 hours. Also, a committee investigating what had caused the outage had been established by Pakistan’s Prime Minister Shehbaz Sharif.” Power outages have become a common occurrence in South-Asia in recent years.

“When the systems were turned on at 7:30am (PST) one by one, frequency variation was reported in the southern part of the country between Jamshoro and Dadu. There was a fluctuation in voltage and power generating units were shut down one by one due to cascading impact,” said Minister Dastgir.^[8]

US Senator wants to ban TikTok nationwide

On 24 January 2023, Josh Hawley, a US Republican Senator, said that he would introduce a Bill to ban TikTok in the United States. TikTok a sister company of ByteDance already facing a ban that would stop federal employees from using or downloading TikTok on government-owned devices. However, Senator Hawley did not mention when the Bill would be introduced. “TikTok is China’s backdoor into Americans’ lives. It threatens our children’s privacy as well as their mental health. Now I will introduce legislation to ban it nationwide,” posted Senator Hawley on his Twitter account.^[9]

“China can spy on us via smart bulbs and fridges”: report by OODA

According to a report prepared by former diplomat Charles Parton at the Washington-based consultancy firm OODA (Observe, Orientate, Decide, Act), China has the potential to spy on millions of people in the United Kingdom via microchips in cars, household appliances, and light-bulbs. According to the report, small modules, such as cellular IoTs (Internet of Things) gather data and transmit it via 5G networks, giving Chinese authorities intelligence and the ability to track people and businesses. Three Chinese companies, Quectel, Fibocom, and China Mobile, control 54% of the global smart device market. The UK government stated in 2020 that it would remove Huawei technology from Britain’s mobile infrastructure by 2027 due to spying concerns.^[10]

Endnotes :

^[1] “Three Grievance Appellate Committees (GACs) notified on the recently amended IT rule”, Press Information Bureau-Ministry of Electronics and IT, 28 January 2023. Accessed on 08 February 2023, available from: https://pib.gov.in/Pres sReleseDetail.aspx?PRID=1894258
^[2] “Ministry of I&B cracks down on fake news peddling YouTube channels”, Press Information Bureau- Ministry of Information & Broadcasting, 12 January 2023, accessed on 12 January 2023, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1890650
^[3] “MeitY’s R&D Institute SAMEER signs MoU with Siemens Healthineers on India MRI technology – a milestone in creating a Deeptech health care R&D and Supply Chain ecosystem”, 27 January 2023, accessed on 02 February 2023, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1894162
^[4] “CERT-In Advisory CIAD-2023-0002”, CERT-In, 16 January 2023, accessed on 18 January 2023, available from: https://www.cert-in.org.in/
^[5] “MeitY invites comments from stakeholders and general public on amendment proposed to ‘IT Rules’”, Press Information Bureau-Ministry of Electronics and IT, 19 January 2023, accessed on 21 January 2023, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1892241
^[6] “CERT-In Advisory CIAD-2023-0001”, CERT-In, 11 January 2023, accessed on 13 January 2023, available from: https://www.cert-in.org.in
^[7] Reuters. “US and EU to launch first-of-its-kind artificial intelligence agreement”, ET Telecom, 28 January 2023, accessed on 03 February 2023, available from: https://telecom.economictimes.indiatimes.com/news/us-and-eu-to-launch-first-of-its-kind-artificial-intelligence-agreement/97394092
^[8]Martin, Alexander. “Pakistani authorities investigating if cyberattack caused nationwide blackout”, The Record, 24 January 2023, 03 February 2023, available from: https://therecord.media/pakistani-authorities-investigating-if-cyberattack-caused-nationwide-blackout/; Hussain, Abid. “Pakistan hit by nationwide power outage after grid failure”, al Jazeera, 24 January 2023, accessed on 04 February 2023, available from: https://www.aljazeera.com/news/2023/1/23/pakistan-hit-by-nationwide-power-outage-after-grid
^[9]Reuters. “US Senator Josh Hawley wants to ban TikTok nationwide”, Reuters, 25 January 2023, accessed on 04 February 2023, available from: https://www.reuters.com/world/us/us-senator-josh-hawley-wants-ban-tiktok-nationwide-2023-01-24
^[10]Busby, Dolly. “The new cold war? China could be spying on us through domestic appliances such as the fridge, report warns”, The Daily Mail, 23 January 2023, accessed on 04 February 2023, available from: https://www.dailymail.co.uk/news/article-11668331/China-spying-domestic-appliances-fridge-report-warns.html

NATIONAL

Minister for Electronics and IT launched ‘Stay Safe Online’ campaign & ‘G20 Digital Innovation Alliance’ as part of Bharat’s G20 Presidency.

On 28 December 2022, the Minister for Electronics and Information Technology, Communications and Railways— Ashwini Vaishnaw launched the ‘Stay Safe Online’ campaign and the ‘G20 Digital Innovation Alliance’ (G20-DIA). Ministry of Electronics and Information Technology (MeitY) is the nodal ministry for the G20 Digital Economy Working Group (DEWG) and has represented Bharat in numerous working groups and ministerial sessions during previous presidencies. In Bharat’s tenure of G20 Presidency, MeitY will focus on three areas— i) Digital Public Infrastructure (DPI), ii) Cyber Security, and iii) Digital Skill Development (DSD).

Addressing the event, the Minister said, “Bharat [India] believes in the philosophy of inclusion. Bharat’s population scale and open source ‘public digital platforms’ such as UPI and Aadhaar have delivered economic and social inclusion and spurred innovation. The two campaigns launched today have the humanitarian way of thinking.”

The objective of the ‘Stay Safe Online’ campaign is to raise awareness among Internet users about how to stay safe while surfing the web. This campaign will make citizens of all ages, particularly children, students, women, senior citizens, the disabled, teachers, faculty, Central/State Government officials, and others, aware of the cyber risk and how to deal with it. To reach a wider audience, the campaign will be carried out in Hindi, English, and local languages. ^[1]

MoS for Electronics and IT held public consultation with over 200 stakeholders on the DPDP Bill 2022

On 23 December 2022, the Minister of State for Electronics and Information Technology and Skill Development & Entrepreneurship— Rajeev Chandrasekhar met over 200 stakeholders to discuss and deliberate on the Digital Personal Data Protection (DPDP) Bill 2022. Public consultations were open until 02 January 2023. The attendees included representatives from industry, think-tanks, law firms, consumer and citizen rights group. “Bill will act as a kinetic enabler for personal data protection while catalysing data led innovation and start-up ecosystem. Post the bill, the intermediaries will have to go for deep behavioural changes, and it will no longer be business as usual for them,” said MoS Chandrasekhar.

The stakeholders made numerous suggestions regarding various clauses of the Bill, such as the penalty regime for data fiduciaries, obtaining parental consent for children, cross-border data flows, and consent managers and how the government intends to regulate them, among many others. The Minister also clarified the deemed consent clause for government data access. ^[2]

“Bharat (India) will chart its own course on the future of Internet”: MoS Chandrasekhar

Speaking at a session at the India Global Forum held in Dubai, UAE, on 14 December 2022, the Minister of State for Electronics and Information Technology and Skill Development & Entrepreneurship— Rajeev Chandrasekhar said over 820 million Internet users deserve to have their own way to decide what kind of internet they want. “European GDPR (General Data Protection Regulation) is considered a gold standard for privacy and data protection. But we [Bharat] would like to disagree. With more than 820 million internet users, we have the largest presence on global internet and deserve an opportunity to shape our own destiny. We will chart our own course and build a framework suitable for us,” said MoS Chandrasekhar.

On Digital Personal Data Protection (DPDP) Bill 2022, the Minister said that “protecting the digital rights of our citizens is an obligation of the Government. But we do not see this as a binary at the expense of slowing down the ecosystem for innovation that exists in India (Bharat) and in partnerships with other countries. The Government would not strongly regulate the Internet but is committed to the principles of open, safe, trusted and accountable internet.” ^[3]

CERT-In issued advisory on multiple vulnerabilities in Apple iOS and iPdOS

On 15 December 2022, the Indian Computer Emergency Response Team (CERT-In) issued an advisory on multiple vulnerabilities reported in Apple iOS and iPadOS which could allow remote attacker(s) to gain access to sensitive information, execute arbitrary code, spoof the UI, gain elevated privileges, bypass security restrictions or cause denial of service conditions on the targeted system. The vulnerabilities exists in the Accounts, Apple Mobile File Integrity, Core Services, GPU Services, among other components of Apple iOS and iPadOS.

Successful exploitation of these vulnerabilities could allow the attacker(s) gain access to sensitive information, execute arbitrary code, spoof the UI, and bypass security restrictions on the targeted system. ^[4]
As solutions, the advisory suggests users to apply appropriate software updates as mentioned in Apple’s security updates at: Click here to read…

Tata Group to invest USD 90 billion over 5 years into chip manufacturing in Bharat

In an interview with Nikkei Asia on 08 December 2022, the Tata Sons chairman— Natarajan Chandrasekaran informed the Tata Group plans to begin production of Semiconductors in Bharat in next few years, in order to make the country an essential part of global chip supply chains. Tata Group already have announced a semiconductor design and development partnership with Renesas Electronics, Japan, in June 2022.

According to the India Electronics and Semiconductor Association, the semiconductor market will more than double to USD 64 billion between 2021 and 2026. The ongoing ‘disengagement’ between the United States and China in chip-related technology is causing major chipmakers to seek more diverse supply-chain locations. The Government of India and Tata Group are both looking to capitalise on this shift in order to position Bharat as a new semiconductor hub. The chairman also announced a USD 90 billion investment over the next five years as part of that effort. Aside from semiconductors, the company is in the process of launching new businesses such as electric vehicle (EV) and EV battery production, renewable energy production, and the development of ‘super apps’ that allow users to purchase goods and services ranging from groceries to financial products. ^[5]

Since 2018, stolen data of 6,00,000 Indians sold on Bot markets, claimed study by Nord VPN

According to the study conducted by one of the world’s largest VPN service providers— NordVPN, since 2018, around five million people worldwide, including 6,00,000 Indians, had their data stolen and sold on the Bot market. Bot markets are used by hackers to sell stolen data from victims’ devices with bot malware. The stolen data included user logins, cookies, digital fingerprints, screenshots and other information, with the average price for the digital identity of a person at ₹490 Indian rupees (USD 6.03/USD 1=₹81.14).

As reported by The Times of India, a week after the ransomware attack on AIIMS in November 2022, the Indian Council of Medical Research (ICMR) faced around 6,000 hacking attempts within 24 hours. ^[6]
Bharat’s cybersecurity rules have tightened in 2022, with the Indian Computer Emergency Response Team (CERT-In) requiring tech companies to report data breaches within six hours of noticing such incidents and to maintain IT and communications logs for six months. ^[7]

INTERNATIONAL

Hackers claimed to stole data from multiple electric utilities in a ransomware attack in the US

An unidentified group of hackers claimed to stole data belonging to multiple electric utilities of US government contractor, in a ransomware attack held in October 2022. In a memo distributed to power company executives in December 2022 by the North American Grid Regulator’s Cyber-Threat Sharing Centre, it is stated that while private investigators searched the Dark Web for stolen data, US Federal officials kept an eye on the incident for any potential wider effects on the US power sector.

An engineering firm— Sargent & Lundy, with offices in Chicago, was the target of the ransomware attack. The company has designed over 900 power plants and thousands of kilometres of power lines, and holds sensitive project data. According to the memo shared by the Electricity Information Sharing and Analysis Centre, there is no indication that the “model files” and “transmission data” that Sargent & Lundy used for utility projects, which were stolen, are available on the Dark Web. ^[8]

LockBit ransomware gang claimed cyber-attack on Port of Lisbon Administration

On 25 December 2022, LockBit ransomware gang carried out a cyber-attack on Port of Lisbon Administration (APL) and claimed to steal financial reports, audits, budgets, cargo information, ship logs, customer PII (personal identifiable information), and more. According to the statement released by APL, “cyber-attack did not impact the port’s operations. All safety protocols and response measures provided for this type of occurrence were quickly activated, the situation being monitored by the National Cybersecurity Center and the Judicial Police.”

The ransomware gang demanded the ransom of USD 15,00,000 and also gave the possibility to delay the publication of the data by 24 hours by paying USD 1,000. The LockBit gang is currently at the third version of their encryptor that powers the notorious RaaS (Ransomware as a Service) project, and one of the most prolific gangs of 2022. ^[9]

International Police shut down 48 DDoS-for-hire services, arrested 07 alleged administrators

The Europol, on 15 December 2022, announced that the International Police shut down around 48 popular websites, mainly Distributed Denial-of-Service (DDoS), that allowed paying users to launch DDoS attacks, and arrested seven alleged administrators of these websites. According to the US Department of Justice (DOJ), the accused disguised their sites as services that could be used for network testing but actually sought money for conducting DDoS operations against educational institutions, government agencies, gaming platforms, and millions of individuals worldwide. DDoS function by flooding websites with spam traffic, rendering them inaccessible.

The Operation— “Power Off” operation was carried out by law enforcement authorities in the US, the UK, Germany, Poland, and the Netherlands. According to the DOJ, the takedown occurred less than two weeks before the Christmas holiday, which normally results in a large rise in DDoS attacks across the gaming sector. ^[10]

US extended ban on military and surveillance tech sales to China

On 15 December 2022, the US administration extended a ban on commercial exports of advanced US technology that it said “aids Beijing’s military and hypersonic programs and enables Human Rights violations. The decisions come a month after US President Biden and Chinese President Xi Jinping met in Bali to try to put a “floor” under the relationship’s downward spiral. The Chinese government has accused the US administration of abusing export regulations in order to wantonly hinder and handicap Chinese firms and keep its sci-fi hegemony.

The Entity List includes 36 Chinese firms that are effectively prohibited from getting US technology. All but one, a Chinese subsidiary based in Japan, are based in China. Significantly, 21 of the newly listed corporations are also subject to a new regulation— Foreign Direct Product Rule (FDPR), which prohibits foreign companies from selling to Chinese entities anything manufactured with American technology or equipment. ^[11]

US National Cyber Director visited Japan to bolster digital cooperation

In December 2022, the United States’ National Cyber Director— Chris Inglis visited Japan to advise government officials posted there on strengthening cyber security defences. The visit was an effort to improve cyber security cooperation with a key alley (Japan) in Asia amid a strained relationship between the US and China. According to Mark Montgomery, former executive director of the Cyberspace Solarium Commission (CSC) and current director of the Centre on Cyber and Technology Innovation (CTI) at the Foundation for Defense of Democracies (FDD), the Biden administration wants to encourage all friendly nations to speed up their investments in cybersecurity. “Boosting cybersecurity collaboration with Japan is crucial for the US amid increasing cyber threats from China, North Korea, and Russia,” said Atlantic Council Cyber Statecraft Initiative Program Assistant Jen Roberts. ^[12]

Endnotes :

^[1] “Shri Ashwini Vaishnaw launches ‘Stay Safe Online’ Campaign and ‘G20 Digital Innovation Alliance’ as part of India’s G20 Presidency”, Press Information Bureau- Ministry of Electronics and IT, 28 December 2022, accessed on 02 January 2023, available from: https://pib.gov.in/PressReleasePage.aspx?PRID=1887114
^{[2][3][4][5][6][7][8][9][10][11][12]}

NATIONAL

Tata Power’s IT infrastructure suffered a cyber-attack; critical systems were not disrupted

On 14 October 2022, Tata Power announced that their IT infrastructure dealt with a cyber-attack and some systems were impacted. The cyber-attack targeted its IT infrastructure, but the critical systems have not been disrupted. “The Company has taken steps to retrieve and restore the systems. All critical operational systems are functioning; however, as a measure of abundant precaution, restricted access and preventive checks have been put in place for employee and customer-facing portals and touchpoints,” said Tata Power’s spokesperson.

India’s Power Minister R K Singh informed the Press in April 2022 that Chinese hackers had twice failed to target electricity distribution centres near Ladakh. A Chinese state-sponsored hacking group targeted at least seven Indian State Load Despatch Centres (SLDCs) responsible for real-time grid control and electricity dispatch near the disputed India-China border in Ladakh.^[1]

CERT-In and Power-CSIRT jointly organised a cyber security exercise— “PowerEX-2022”.

On 12 October 2022, the Indian Computer Emergency Response Team (CERT-In) and Power-CSIRT (Computer Security Incident Response Teams in the Power sector) jointly organised a cyber security exercise— PowerEX-2022 and invited 193 Power sector utilities. The objective of the exercise was to “Recognise, Analyse and Respond to cyber incidents in IT and OT (Operational Technology) Systems”.

CERT-In hosted PowerEX-2022 on its exercise simulation platform with the theme “Defending Cyber-Induced Disruption in IT & OT Infrastructure.” The cyber security exercise involved over 350 officials from various Power sectors.^[2]

CBI-led ‘Operation Chakra’ dismantled cybercrime networks operating in India.

In a joint operation— ‘Operation Chakra’ launched in collaboration with State police, Interpol, and various agencies of other nations, the Central Bureau of Investigation (CBI) dismantled cyber-crime networks operating in India and arrested 16 cyber-criminals. Acting upon the inputs shared by the Interpol, the US’ Federal Bureau of Investigation (FBI), Canada’s Royal Canadian Mounted Police (RCMP), and Australian Federal Police (AFP), the CBI, in coordination with State police, carried out search operations at 115 locations across India.

Out of 115 locations, the CBI carried out searches at 87 locations, including 16 States, whereas 28 locations were searched by various State police, including 02 locations by Assam police, 04 locations by Andaman & Nicobar Police, 03 locations by Chandigarh police, 05 places by Delhi police, 12 locations by Karnataka police, and 02 locations by Punjab police. “The operation intends to dismantle the infrastructure of these international cyber-crime gangs in India and bring these perpetrators to justice. India’s fight against transnational organised cyber-crime has thus achieved a major milestone,” read the statement released by the CBI.

During the searches, the CBI unearthed 02 Call Centres in Pune & Ahmedabad and recovered cash worth ₹ 1.8 crores (approx.) and 1.5 kg gold (approx.).^[3]

For a free, open, trustworthy, and accountable internet, the Government of India (GoI) announced amendments to the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021.

While addressing the media members on 28 October 2022, the Minister of State for Electronics & Information Technology— Rajeev Chandrasekhar, said that protecting the Constitutional rights of Indian citizens is a must and that Indian Prime Minister Narendra Modi is a trustee of the rights of citizens and Digital Nagriks. The minister addressed the media members about the amendments to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021.

The Ministry of Electronics and Information Technology (MeitY) notified these amendments aimed at protecting the rights of Digital Nagriks as part of a significant push toward an Open, Safe, Trusted, and Accountable Internet. It also strengthens due diligence requirements while holding accountable social media and other intermediaries. They were notified in light of complaints about the intermediaries’ actions or inactions on user complaints about objectionable content or the suspension of their accounts. Intermediaries will now be expected to ensure that no content is uploaded that intentionally communicates misinformation or information that is patently false or untrue, entrusting intermediaries with significant responsibility. The rules also make it clear that the intermediary must respect the rights guaranteed to Indian citizens under Articles 14, 19, and 21 of the Indian Constitution. ^[4]

The amended rules are hosted on the Ministry’s website and are available at: Click here to read…

UNCTC adopted the Delhi Declaration on Countering the Use of New and Emerging Technologies for Terrorist Purposes.

On 29 October 2022, the Delhi Declaration on the use of the Internet and other technologies for terrorist objectives was unanimously endorsed by the UN Counter-Terrorism Committee (UNCTC). According to the proclamation, one of the biggest challenges to global peace and security is terrorism, in all of its expressions and forms. As one of the essential takeaways, India now intends to carry out the recommendations based on the three Counter-Terrorism Committee (CTC) special meeting themes. These include:

• Threats and opportunities related to new payment technologies and fundraising methods,
• Countering terrorist exploitation of ICT and emerging technologies, and
• Threats posed by terrorist misuse of Unmanned Aerial Systems (UAS).

As a result of terror infiltration on its soil from neighbouring Pakistan, India reaffirmed its commitment to combat terrorism in collaboration with key global players at the summit. Terrorists have stepped up their use of the internet and other IC technologies, including social media platforms. India also recognised the risks and difficulties of financial technology developments, like crowdfunding platforms, being misused to fund terrorism.^[5]

INTERNATIONAL

Cyber-attack on Chile’s astronomical observatory raised concerns about the security of space tech.

On 29 October 2022, the Atacama Large Millimetre Array (ALMA), a Chilean astronomical observatory, was the victim of a cyber-attack and had to halt operations. The attack had affected the observatory’s computer systems and targeted its public website. The attack did not affect ALMA’s scientific data or antennas, but it prevented space observations and limited access to its email servers. Around 66 Radio Telescopes (RTs) make up the ALMA observatory, which is estimated to be worth USD 1.4 billion. These RTs can record high-definition (HD) photos of the extremely faint radio waves generated by far-off celestial objects that are 13 billion light years away.

“Beating one of the world’s most powerful observatories offline demonstrates that cyber-attackers are dogged in their pursuit to disrupt, run reconnaissance efforts, or lift valuable data or IP addresses,” said Josh Lospinoso, the CEO of a cyber security firm— Shift5. Space is another frontier for cyber-attacks, with hackers targeting the space industry for geopolitical and militaristic reasons.^[6]

A cyber-attack disrupted Bulgarian government websites over ‘betrayal to Russia’.

According to Bulgaria’s Prosecutor-General Ivan Geshev, on 15 October 2022, pro-Russian hackers carried out a ‘large-scale’ DDoS (Distributed Denial-of-Service) attack on Bulgarian government websites. The websites of the Presidential Administration, the Defense Ministry, the Interior Ministry, the Justice Ministry, and the Constitutional Court were all taken down by the DDoS attack.

Killnet, a pro-Russian hacking group, claimed responsibility for the attack and wrote on its official group on the Telegram app that “the government of Bulgaria is sentenced to network collapse and shame. It was a punishment for betrayal to Russia and the supply of weapons to Ukraine.” Since the beginning of the Russia-Ukraine conflict, the Killnet group has been active. Numerous government networks in Europe, including those in Romania, Italy, Lithuania, Norway, Poland, Finland, and Latvia, were among the dozens of targets the group previously targeted. Although the DDoS attack on the Bulgarian websites had no lasting effects and no private information was exposed, it still sparked a significant response from Bulgarian government officials. The Prosecutor-General Geshev described it as “a severe issue” and “an attack on the state of Bulgaria.”^[7]

Chinese cyber-espionage group “WIP19” targeted telecoms and IT service providers in West Asia and Asia.

According to the reports of a cyber security firm— SentinelOne, a new Chinese cyber-espionage group identified as WIP19 has been targeting telecoms and IT service providers based in West Asia and Asia by using stolen certificates to sign several malicious components. To date, the APT (Advanced Persistent Threat) group WIP19 uses malware families such as ScreenCap, SQLMaggie, and a credential dumper. “The stolen certificate was used to sign all of the threat actor’s credential harvesting tools, including a password dumper that relied on open-source code to load an SSP to LSASS and dump the process.

WIP19 was also observed loading a keylogger and a screen recorder using DLL search order hijacking. The keylogger primarily targets the victim’s browser to collect credentials and other sensitive data,” read the statement released by SentinelOne. The backdoor was masked as a legitimate DLL registered to the MSSQL Server in SQLMaggie attacks to provide the attackers with control over the server machine and to perform network reconnaissance.^[8]

Turkey’s new law against disinformation raised deep concerns over free speech.

On 13 October 2022, the Turkish parliament adopted a new law proposed by President Tayyip Erdogan, which would jail journalists and social media users for up to three years for spreading ‘disinformation’. In parliament, President Erdogan’s AK Party (AKP) and its allies MHP voted to approve the bill, whereas MPs in opposition and media rights activists opposed it.

Article 29 of the law state that “those who spread false information online about Turkey’s security to create fear and disturb public order will face a prison sentence of one to three years.”^[9] However, the law did not define the nature of false or misleading information.

Turkey ‘secretly’ assisted Pakistan in establishing a cyber army against India and the US.

According to Nordic Monitor’s findings, Pakistan established a cyber army with the assistance of Turkey in order to influence public opinion and the views of Muslims living in South/South-East Asia, attack India and the United States (US), and undermine criticism levelled against Pakistan establishment. Further, the findings revealed that the proposal to form such an army was raised during private talks between visiting Turkish Interior Minister Suleyman Soylu and his Pakistani counterpart— former Minister of State for Interior— Shehryar Khan Afridi, on 17 December 2018. On the same day, Minister of State for Interior— Afridi met former Pakistan Prime Minister (PM) Imran Khan, who later green-lighted the project.

According to sources acquainted with the project, the covert activity was disguised under the bilateral agreement on cooperation against cyber-crime, whereas in reality, it was against perceived influence operations pursued by India, the US, and other foreign countries. Responding to Pakistan’s request to set up the cyber army, Turkey sent five police chiefs from various departments in the Security General Directorate (Emniyet). The five-member team spent months in Pakistan getting the project off the ground and eventually finishing it. The cooperation has since continued under successive governments, with Turkey training approximately 6,000 Pakistani police officers for this and other related projects.^[10]

Japan and Australia strengthen their security pact in response to China’s threat.

On 22October 2022, Japan and Australia signed a new bilateral agreement covering military, intelligence, and cyber security cooperation. The agreement also referred to cooperation in resisting economic coercion and disinformation, which China is widely accused of. The bilateral agreement is the first of its kind where Japan signed with any country other than the United States (US). The agreement covers military interoperability, intelligence, cyber security, operations in space, law-enforcement, logistics and protecting telecommunications. “This new declaration…will chart the direction of our security and defence cooperation in the next 10 years,” said Japanese Prime Minister Fumio Kishida.^[11]

Endnotes :

^[1] Greig, Jonathan. “Indian energy company Tata Power announces cyberattack affecting IT infrastructure”, The Record, 14 October 2022, accessed on 02 November 2022, available from: https://therecord.media/indian-energy-company-tata-power-announces-cyberattack-affecting-it-infrastructure/
^[2] “CERT-In and Power-CSIRTs jointly conduct Cyber Security Exercise ‘PowerEX-2022”, Press Information Bureau- Ministry of Electronics & IT, 13 October 2022, accessed on 01 November 2022, available from: https://pib.gov.in/Pressreleaseshare.aspx?PRID=1867348
^[3] “Press Release”, Central Bureau of Investigation, 04 October 2022, accessed on 02 November 2022, available from: https://cbi.gov.in/press-detail/NTI3Ng==
^[4] “Press Release”, Ministry of Electronics and IT, 29 October 2022, accessed on 01 November 2022, available from: https://www.pib.gov.in/PressReleasePage.aspx?PRID=1871840
^[5] “Press Release”, Ministry of External Affairs, 29 October 2022, accessed on 01 November 2022, available from: https://mea.gov.in/bilateral-documents.htm?dtl/35840/Delhi_Declaration_on_countering_the_use_of_new_and_emerging_technologies_for_terrorist_purposes ; Majeed, Zaini. “UN Counter-Terrorism Committee Adopts Delhi Declaration; Key Takeaways Here”, Republic World, 29 October 2022, accessed on 01 November 2022, available from: https://www.republicworld.com/world-news/rest-of-the-world-news/united-nations-counter-terrorism-committee-adopts-delhi-declaration-articleshow.html
^[6] Antoniuk, Daryna. “cyberattack on observatory in Chile raises concerns about security of space tech”, The Record, 07 November 2022, accessed on 10 November 2022, available from: https://therecord.media/cyberattack-on-observatory-in-chile-raises-concerns-about-security-of-space-tech/?utm_source=substack&utm_medium=email ; “Chilean astronomical observatory hit by cyberattack”, SC Media, 08 November 2022, accessed on 10 November 2022, available from: https://www.scmagazine.com/brief/breach/chilean-astronomical-observatory-hit-by-cyberattack
^[7] Antoniuk, Daryna. “cyberattack disrupts Bulgarian government websites over ‘betrayel to Russia’”, The Record, 18 October 2022, accessed on 02 November 2022, available from: https://therecord.media/cyberattack-disrupts-bulgarian-government-websites-over-betrayal-to-russia/
^[8] Arghire, Ionut. “New Chinese cyberespionage group WIP19 targets telecos, IT service providers”, SecurityWeek, 13 October 2022, accessed on 09 November 2022, available from: https://www.securityweek.com/new-chinese-cyberespionage-group-wip19-targets-telcos-it-service-providers
^[9] “Turkey’s parliament adopts media law jailing those spreading ‘disinformation’”, Reuters, 14 October 2022, accessed on 08 November 2022, available from: https://www.reuters.com/world/middle-east/law-that-would-jail-those-spreading-disinformation-progresses-turkey-2022-10-13/
^[10] Bozkurt, Abdullah. “Turkey helped Pakistan set up a secret cyber army for influence operation against US, India”, Nordic Monitor, 24 October 2022, accessed on 31 October 2022, available from: https://nordicmonitor.com/2022/10/turkey-helped-pakistan-set-up-a-secret-cyber-army-for-influence-operation-against-us-india/
^[11] “Japan, Australia upgrade security pact against China threat”, CNBC, 23 October 2022, accessed on 16 November 2022, available from: https://www.cnbc.com/2022/10/23/japan-australia-upgrade-security-pact-against-china-threat.html