* Reference links mentioned on last page of report

Indian Cyber Crime Coordination Centre (I4C)

Daily Digest

National
S. No. News Source
1. Amit Shah: Making efforts to create awareness
Hindustan Times
about cyber crime
2. TRAI Cracks Down On Pesky Telemarketing
Calls, Messages; Holds Review Meet With Outlook India
Telecom Companies
3. Lucknow police crack two cases, ₹1 lakh
Hindustan Times
recovered
4. Tamil Nadu Education department seeks action on New Indian
student data sale Express
5. ‘Collaboration needed across globe to stay
Times of India
cyber-safe’
6. Defence Ministry writes to Delhi Police after
unknown scamsters create fake Territorial Indian Express
Army website
7. Easy address change process in Aadhaar major
Mid-day
cause of cyber fraud
8. Eight lakh rupees disappeared from the
NTV Telugu
account of a woman who ordered towels online
9. Lawyer loses Rs 87,000 to online fraud in
Tribune India
Chandigarh
10. Retired major loses Rs 34,000 in cyber fraud in
Times of India
Delhi

* Reference links mentioned on last page of report

International
S. No. News Source
1 North Korean hackers are likely laundering
stolen crypto through cloud mining services, Business Insider
cybersecurity group says
2 Thousands Access Fake DDoS-for-Hire
Security Week
Websites Set Up by UK Police

* Reference links mentioned on last page of report

Amit Shah: Making efforts to create awareness about
cyber crime
He said Prime Minister Narendra
Modi led government has created a
robust system to handle these
cybercrimes where people can lodge
online complaints that lead to
registration of FIRs and prompt
action.
The ministry of home affairs is
making “comprehensive and
integrated efforts” to create awareness
about cyber security and cybercrime,
said Union home minister Amit Shah
on Tuesday while reviewing the cyber
security infrastructure of the country
and functioning of the Indian Cyber
Crime Coordination Centre (I4C) — a
national level nodal centre dealing
with the cybercrimes.
The I4C has identified over three
dozen towns and villages in nine
states including Delhi, Andhra
Pradesh, Gujarat and Assam, which
have become cybercrime hot spots
and are being closely monitored,
people familiar with the development
said. Discussing the reports in Delhi,
Shah said: “The ministry of home
affairs (MHA) is making
comprehensive, integrated and all out
efforts to create awareness among
masses about various aspects of
cyber security and cybercrime.”
He said Prime Minister Narendra
Modi led government has created a
robust system to handle these
cybercrimes where people can lodge
online complaints that lead to
registration of FIRs and prompt
action. “The Modi government
adopted a strategy to promote
‘coordination- exchange -sharing’ in
information and data as soon as it
took over,” he said.
* Reference links mentioned on last page of report
These include, Shah said, real time
reporting of cybercrimes, forensic
laboratory network, capacity building,
research and development, ensuring
cyber hygiene of cyber space and
special focus and efforts were
undertaken on topics such as cyber
awareness.
Additional preventive measures have
been put in place by the government
as a number of hostile countries have
been trying for long to cripple India’s
financial system and national security
grid, said officials in the know of the
matter, on anonymity. Incidents have
come to notice where VVIPs have
been targeted by hackers and a few
state government websites have been
used by online fraudsters to dupe
people, said the officials.
The home minister said that over 20
lakh cybercrime complaints have
been registered on the National
Cybercrime Reporting Portal so far on
the basis of which 40,000 FIRs have
been registered.
In addition to that, more than 13
crore hits were registered on this
portal since its launch in January
2020, Shah told reporters after the
review meeting.
Talking about mobile apps being used
by online fraudsters, Shah said about
500 mobile apps have been identified
and banned by the law enforcement
agencies.
Shah said in view of the increasing
cyber financial frauds, the ‘1930’
helpline number has been launched
and this platform covers over 250
banks and financial intermediaries.
“The quick reporting system and
action of the task force has resulted
in recovery of over ₹ 235 crore
embezzled by cyber criminals from
over 1.33 lakh people so far,” he said.
The home minister said a national
database of sexual offenders has been
set up and through this searchable
registry, law enforcement agencies
can look for offenders involved in
sexual offences like rape, molestation,
stalking, child abuse etc.
“This includes the names, addresses,
photographs and fingerprint details of
the offenders. It helps in identification
and verification of sexual offenders to
prevent further crimes,” he said.
Shah said 99.9% of police stations
(total of 16,597 police stations) in the
country are registering 100% FIRs
directly on Crime and Criminal
Tracking Network and Systems
(CCTNS) and the national database so
far contains 28.98 crore police
records.
“On CCTNS, more than 12.82 crore
service requests have been received
from citizens, out of which 12.35
crore requests have been disposed of
by the state police, he said.
The I4C, which was launched by
Shah on January 10, 2020, to deal
with cyber crime in a coordinated and
comprehensive manner, has seven
platforms for different purposes.
* Reference links mentioned on last page of report
TRAI Cracks Down On Pesky Telemarketing Calls,
Messages; Holds Review Meet With Telecom Companies
TRAI on Monday asked telecom
companies to take immediate action
to curb pesky calls and messages by
getting banks and FIs to clean up
unused templates, as the regulator
initiated a slew of steps to crackdown
on the issue of unsolicited
commercial communications (UCC)
that, at times, leads to instances of
frauds and scams.
Telecom Regulatory Authority of
Indian (TRAI) held a review meeting
with telecom operators like Bharti
Airtel, Jio, and Vodafone Idea (VIL) on
issue of UCC detect system. During
the meeting, Vodafone Idea made a
presentation on a AI/ML (Artificial
Intelligence/Machine Learning)
system that can analyse and detect
Lucknow police crack two cases, ₹1 lakh recovered
“On March 16, Babita Agarwal, a
resident of Lucknow, filed a police
complaint alleging that she was
defrauded of ₹60,854 while updating
her KYC. The perpetrators texted the
victim to update her KYC in her bank
account otherwise, her account would
be closed. The text message also
included a phone number, which she
dialled, and the men on the other
end, posing as bank employees,
asked the woman to download
AnyDesk application to help her, and
thus, defrauded her of the money.
After realising that she had been
duped, she immediately lodged a
patterns when it comes to fraudulent
messages being sent from mobile
numbers by scammers.
TRAI said permission will now be
given to VIL for a pilot, and based on
its success TRAI will come out with
principles/regulations for such
solutions in the industry. The
deadline for review of implementation
of UCC detect system using AI/ML is
May 1. "Today we have made it very
clear that telcos have to come out
with an integrated system of stopping
frauds (calls and messages). They are
doing work...but more needs to be
done," TRAI chairman P D Vaghela
told reporters after the meeting with
telecom operators on Monday.
police complaint with the cyber cell,”
said the police in its release.
“The money was immediately frozen
by contacting the bank. On Monday,
the amount which was deducted, was
received by the victim with the help of
the cybercrime team,” said Satish
Sahu, in-charge, cybercrime cell,
Lucknow.
In another case, a city resident, Sishir
Rastogi, was duped of ₹70,900 on
March 13 after he downloaded a
quick support application and
allowed access to his mobile device.
“The money was debited immediately
* Reference links mentioned on last page of report
after,” said the victim in his police
complaint. “The man received a text
message with a mobile number to pay
the electricity bill or face a power cut.
The man dialled the number and
followed the steps directed by the
perpetrator posing to be a power
department official,” read the police
release. “However, on Monday, the
victim received the total money in his
bank account,” said police.
In this week, a 70-year-old man,
Krishna Kumar Verma, a resident of
Indira Nagar, was allegedly duped of
₹7.8 lakh by a cyber fraud gang
posing as an Indonesian woman, in
the name of sharing profits with her
in helping withdraw ₹152 crore left as
inheritance.
The perpetrator introduced herself as
Thuma Rini Vidodo in the email and
told Verma to help her in return for
TN Education department seeks action on student data
sale
The Tamil Nadu school education
department submitted a cyber crime
complaint with the Chennai City
Police Commissioner Shankar Jiwal
on Sunday seeking action against a
staff who allegedly sold data of
thousands of school students to
higher educational institutions.
In his complaint, the District
Education Officer (DEO), R allegedly selling student details
Punniyakotti, said the school
education department saw news
sharing the profit. He was told by the
miscreant to contact an alleged
advocate named Harlem Napitul and
another local man Akash Mitra.
Falling in the trap, the victim
transferred about ₹7.8 lakh to Akash
Mitra’s account which was withdrawn
soon after the transfer.
When asked about the rise of
cybercrime in the city, Subhash
Chander, ADG, Cyber Crime, said
that all these cases are happening
due to the lack of awareness of
victims. “Regular awareness drives
are being held by the cyber cell but
people continue to fall into traps.
When asked whether there is an
involvement of the banks as well, he
said, “People seek helpline numbers
of banks online which, many times,
are fake numbers uploaded by
fraudsters, and people call on them
thinking it’s legitimate and thus get
trapped.”
reports and has reasons to believe
that an individual in the department
has been selling data of students of
both government and private schools,
including their personal details such
as names and contact numbers, to
third parties.
As per the media reports, a few
education department officials were
compiled on a CD to colleges and
education consultancies. The reports
* Reference links mentioned on last page of report
alleged that using the Education
Information Management System
(EMIS) portal, education officers in
the headquarters and other districts
have also been selling the data.
Punniyakotti said “This individual is
reportedly sharing the contact details
‘Collaboration needed across globe to stay cyber-safe’
Cyber crime can only be tackled
successfully if the administration, the
industry and the academia get
together to brainstorm ways to track
the money trail, believe police officers
and cyber experts.
Addressing a session on UK-India
Cyber Security Cooperation in India
on Monday, DC (Cyber) Atul
Vishwanathan said Kolkata Police
was looking for international
cooperation where the crimes
“transcend boundaries”. Citing the
example of fake call centres, Atul
highlighted how lack of expertise in
tracking flow of proceeds, general lack
of awareness and an insufficient legal
system was allowing the accused to
get bail.
“We look to work together with the
Bengal government and Kolkata
Easy address change process in Aadhaar major cause of
cyber fraud
Police officers engaged in probing
cyber-related offences believe that the
simple process of upgrading the
addresses of individuals in the
of students from 20 districts. We
strongly condemn this act of illegal
sale of personal data, which not only
violates the privacy of students but
also puts their safety and security at
risk.”
Police. Two senior officers from the
city have travelled to London so that
we could collaborate. Only through
international cooperation can we
make ourselves cyber safe,” said Peter
Cook, the acting deputy high
commissioner (east and northeast
India).
Babul Supriyo, the minister for IT
and electronics, who delivered the
keynote address, stated that “what is
very dangerous is that intelligent
minds were getting in to crime”. The
minister stated that the government
was going big on their awareness
drive programmes with 18 lakh
downloads of their comic strips and a
reach of 6 crore through FM and
social media.
Aadhaar data has emerged as one of
the biggest causes of cyber fraud. An
Aadhaar card holder can get his or
her address changed with the Unique
* Reference links mentioned on last page of report
Identification Authority of India
(UIDAI), which issues Aadhaar cards,
in multiple ways. One of those is to
download an address-change
certificate from the UIDAI's website
and upload it after getting it signed by
any of the various public authorities,
such as an MP, an MLA, a municipal
councillor, a gazetted officer of Group
"A" and Group "B" and MBBS doctors,
among others. In several solved
cybercrime cases, the investigators
have found that fraudsters used fake
rubber stamps and forged signatures
of pubic authorities to upgrade their
personal details in the Aadhaar
database. In some cases, even public
authorities put their stamps and
signature carelessly, without verifying
the credentials of individuals.
"In a cyber fraud case, we found that
an MLA had signed the certificate for
a change in the address of the
accused, on the basis of which he got
his address changed in the Aadhaar
database. On further investigation,
we found that the MLA had
authorised his office boy to put
stamps and his signature on such
certificates," an investigator said. In
March 2022, a probe team from the
Cyber Police Station of Central
district of the Delhi Police, led by
Inspector Khemendra Pal Singh,
cracked a case in which six people,
including two Nigerian citizens, used
to dupe young women by posing as
non-resident Indian (NRI) grooms.
During the investigation, the team
found that the accused had got their
addresses changed in the Aadhaar
database with the help of a doctor
who had signed on their certificates
for upgrading the addresses by
charging merely Rs 500.
"Cybercriminals change their
addresses, in some cases multiple
times, in their Aadhaar database and
get multiple accounts opened with
different banks to transfer money
from the victims' accounts," Prashant
Gautam, Deputy Commissioner,
Intelligence Fusion and Strategic
Operations (IFSO), Delhi Police, said.
"Since police do not have access to
the Aadhaar data, we need to
approach the Delhi High Court in
each case to find out the original
details of the accused, which causes a
delay and makes our job challenging,"
the officer added. Investigators say
there seems to be no way of cross-
verifying the changed credentials of
individuals uploaded on the UIDAI
website.
They feel the need to have some
mechanism in place where the
process of upgrading the address can
be made more secure and forged
stamps and signatures of public
authorities can be avoided. Gautam
said besides address change, which is
a bigger cause of concern, cyber
cheats are using other innovative
ways to manipulate their personal
details. In a recent case, the IFSO
arrested a mastermind and two
accused who used to obtain loans
from banks by exploiting the
vulnerability of the Aadhaar system.
"During interrogation, the accused
claimed that they manipulated the
* Reference links mentioned on last page of report
system of updating details in Aadhaar
by replacing the fingerprints of the
left hand with the fingerprints of the
right hand and by putting coloured
contact lenses in the eyes to dupe the
biometric process of recognising the
retina," Gautam said. A section of
cyber experts feels that at present,
cyber crime is a very miniscule part of
the use of technology in the financial
Defence Ministry writes to Delhi Police after unknown
scamsters create fake Territorial Army website
As per the allegations, the accused
created a fake website by the name --
rectt-territorialarmy.co.in, which is
very similar to the original website -
jointerritorialarmy.gov.in.
(Representational image)
The Union Ministry of Defence has
written to the Delhi Police
commissioner and the Special Cell
after unknown people created a fake
website of the Territorial Army (TA) of
India. Officials from the military wing
alleged that the scamsters created a
fake website and publicised a fake
recruitment drive to cheat young
aspirants and earn quick money.
As per the allegations, the accused
created a fake website by the name —
rectt-territorialarmy.co.in, which is
very similar to the original website –
jointerritorialarmy.gov.in.
The fake website shows an ongoing
recruitment drive for the TA, an
auxiliary group consisting of part-
time volunteers who provide support
world and making the address-
change process cumbersome will
cause more hardship to people as
compared to its benefits. "Despite
that, it is crucial for policymakers to
plug in the shortcomings, without
making the process complicated," a
cyber expert, who did not wish to be
quoted, said.
and services to the Indian Army. It
has fake forms and QR codes for
payment which are being used to con
people, according to the allegations.
“It is very important to take necessary
action against the concerned domain
as this has various repercussions as
mentioned…maligning the image of
Territorial Army and the Indian Army,
leading to financial losses to the
young aspirants of the nation,
prevent/avoid inconvenience to the
aspirants, increasing workload of
Territorial Army as this led to
answering various queries being
raised on a different platform” read
the complaint copy.
The complaint was received at the
Commissioner’s office and directed to
the cyber unit of Special Cell. The
complainant mentioned details of the
fake website, which was active. On
Friday, the cyber unit lodged a First
Information Report (FIR) under Indian
Penal Code (IPC) sections of forgery,
* Reference links mentioned on last page of report
cheating and the Information
Technology Act.
An investigating officer said, “A probe
has been initiated in the matter after
receiving the complaint from senior
officers and the Army. The
Eight lakh rupees disappeared from the account of a
woman who ordered towels online
Incidents of online fraud are on the
rise. Eight lakh rupees disappeared
from the account of a woman who
ordered towels online. Cybercriminals
are always looking for new ways to
cheat people and steal money. There
are many cases of UPI to SMS fraud.
Recently, the case of an old woman
who was cheated while ordering
towels online came to light. The
woman was cheated of Rs.8.3 lakhs.
This online fraud has shocked people.
A 70-year-old woman from Miraroad,
Mumbai ordered six towels online for
Rs 1,160 on an e-commerce site. But
while paying money online, instead of
Rs.1169, Rs.19,005 was deducted
Lawyer loses Rs 87,000 to online fraud in Chandigarh
A lawyer fell prey to online fraud and
allegedly lost Rs 87,000. The UT
police have registered an FIR almost
three months after the incident.
Complainant Ajay Jagga, a resident of
Sector 21, reported that he had called
investigation is being headed by an
inspector-level officer. We are
approaching Google and other
companies to alert them not to run
the website in their search, and
blocking the website. The accused
have not been identified yet.”
from her account. The woman called
the bank's helpline number to find
out the matter. But the bank was not
contacted. Soon she got a call from an
unknown number. He claimed to be
doing it from the bank.
They will help her with online
transaction problem. The man
instructed her to download the app
for a refund. The woman followed all
the instructions given by the man for
help. but already Rs.1 lakh was
debited from her account. Seeing this,
the woman reached the police station.
But meanwhile, another Rs.8.3 lakh
was drawn from her account. Police
have registered a case and are
investigating.
at German Embassy in New Delhi to
seek information about the person
who is heading their legal cell.
“I called the embassy on December 29
to take particulars about a person to
whom I wanted to send New Year
greetings,” Jagga said.
* Reference links mentioned on last page of report
He said there was some issue
following which calls got disconnected
several times. The person at the other
end claimed that he would call me
back.
“Soon, I got a call from a mobile
number and the suspect, who posed
as an official at the embassy, claimed
that I will have to pay Rs 2 as fee to
avail of information. The suspect sent
me a link,” Jagga said.
Retired major loses Rs 34,000 in cyber fraud in Delhi
A 75-year-old retired major was
duped by a fraud who posed as
customer care executive and allegedly
stole Rs 34,000 from his account.
Vinod Kumar, who lives with his
family in Mayur Vihar, wanted to find
out what had happened to a debit
card that was coming from a bank.
Kumar was searching for a customer
care number of the courier company
that would deliver the card. When he
called a number, he was called back
by a man who claimed to be a
customer care representative of the
courier firm. He sent Kumar a link
and asked him to fill up details and
send some money.
Soon after sending the amount,
Kumar lost Rs 34,000 from his
Jagga said it was a VFS global
payment form, which he filled. “I
received OTPs that were required
while filling the form after which a
sum of Rs 87,000 was debited from
my bank account in three
transactions,” he said.
The police were informed about the
incident, following which an
investigation was initiated. A case has
been registered at the Cyber Crime
police station.
account. Kumar filed a complaint
with the cybercrime portal.
The incident took place on March 24.
Kumar's daughter said that when the
man called back, Kumar asked him
for the status of his debit card
delivery. The man said Kumar had
given an incomplete address.
After this, he sent a link and asked
Kumar to fill in details and send Rs 5.
Soon after sending that amount,
Kumar lost Rs 19,000. The daughter
said that Kumar made a "phone call
to the bank and later went there to
block his card," but by then Rs
34,000 had been withdrawn.
* Reference links mentioned on last page of report
 International

North Korean hackers are likely laundering stolen

crypto through cloud mining services, cybersecurity
group says

APT43, a North Korean hacking as these may affect North Korea's

group, is likely using cloud services to nuclear ambitions," the Mandiant
launder stolen cryptocurrency, report said.
according to a new report from
The group acquires crypto via
Mandiant, a cybersecurity firm owned
targeted phishing attacks, like posing
by Google.
as a website or company, to persuade
The group is a "moderately- people to share personal information
sophisticated cyber operator" that that can then be exploited.
supports the interests of the North
The news comes as other researchers
Korean regime, the researchers noted,
have found a similar uptick in North
and they use hacking and cybercrime
Korean hacking activity this year.
to fund their activities.
Kaspersky said in January that the
Cloud mining services own Lazarus Group — which was
infrastructure underpinning the responsible for the $625 million Axie
technology that secures Infinity hack last April — was
cryptocurrency. APT43, Mandiant mimicking venture capital firms and
found, uses stolen crypto to pay for banks in an effort to swindle crypto.
these services, which it then uses to
"Over the last year or so, we've moved
accrue crypto that isn't associated
from a post 9/11 world into a new
with crime.
digital battlefield," Ari Redbord, head
"[T]he ultimate aim of campaigns is of legal and government affairs at
most likely centered around enabling TRM Labs, told Insider previously.
North Korea's weapons program, "Nation-state actors know to go after
including: collecting information crypto businesses to fund real
about international negotiations, weapon proliferation, it's not just
sanctions policy, and other country's some hackers trying to fund a
foreign relations and domestic politics lifestyle."

* Reference links mentioned on last page of report

Thousands Access Fake DDoS-for-Hire Websites Set Up
by UK Police
The UK’s National Crime Agency
(NCA) has been running several fake
DDoS-for-hire websites in an effort to
infiltrate the cybercrime marketplace
and collect information on individuals
engaging in these types of activities.
The law enforcement agency has set
up an unspecified number of websites
that claim to allow users to launch
distributed denial-of-service (DDoS)
attacks against a specified target.
These types of services, also known
as ‘booter’ or ‘stresser’ services, have
posed a significant problem to many
organizations around the world, as
they allow individuals with limited
skills and financial resources to
launch highly disruptive attacks.
The fake DDoS-for-hire websites run
by the NCA were set up as part of an
international law enforcement
operation named ‘Power Off’. Last
year, the same operation resulted in
the seizure of 46 internet domains
associated with booter services.
The NCA recently decided to replace
the homepage of one of its fake
websites with a page informing
visitors that their information has
been collected and that they should
expect to be contacted by law
enforcement.
“All of the NCA-run sites, which have
so far been accessed by around
several thousand people, have been
created to look like they offer the tools
and services that enable cyber
criminals to execute these attacks,”
the agency said. “However, after users
register, rather than being given
access to cyber crime tools, their data
is collated by investigators.”
The identified users of the fake DDoS-
for-hire websites who are located in
the UK will be contacted by the NCA
or police and warned about the
consequences of their actions.
Information about users in other
countries will be passed on to their
respective law enforcement agencies.
Given that minimal technical skills
are required to launch DDoS attacks
through booter services, it’s likely
that many of the users of these
websites don’t have the knowledge to
hide their true identity from a well-
resourced law enforcement agency.
* Reference links mentioned on last page of report
News / Feeds References

National

1. https://www.hindustantimes.com/cities/delhi-news/shah-making-efforts-to-
create-awareness-about-cyber-crime-101680027887718.html
2. https://www.outlookindia.com/business/trai-cracks-down-on-pesky-
telemarketing-calls-messages-holds-review-meet-with-telecom-companies-news-
273924
3. https://www.hindustantimes.com/cities/lucknow-news/cybercrime-lko-police-
crack-two-cases-rs-1-lakh-recovered-101680017446620.html
4. https://www.newindianexpress.com/states/tamil-nadu/2023/mar/28/cyber-
crime-tn-education-department-seeks-action-on-student-data-sale-2560174.html
5. https://timesofindia.indiatimes.com/city/kolkata/collaboration-needed-across-
globe-to-stay-cyber-safe/articleshow/99048338.cms
6. https://indianexpress.com/article/cities/delhi/defence-ministry-delhi-police-
scamsters-fake-website-army-8522951/
7. https://www.mid-day.com/news/india-news/article/easy-address-change-
process-in-aadhaar-major-cause-of-cyber-fraud-police-23277709
8. https://ntvtelugu.com/news/fraud-of-8-lakh-rupees-with-woman-while-ordering-
towel-online-340546.html
9. https://www.tribuneindia.com/news/chandigarh/lawyer-loses-rs-87-000-to-
online-fraud-in-chandigarh-491840
10. https://m.timesofindia.com/city/delhi/retired-major-loses-rs-34000-in-cyber-
fraud-in-delhi/amp_articleshow/99046658.cms

International
1. https://markets.businessinsider.com/news/currencies/north-korean-hackers-
crypto-laundering-crime-markets-cloud-mining-google-2023-3
2. https://www.securityweek.com/thousands-access-fake-ddos-for-hire-websites-set-
up-by-uk-police/

Disclaimer: This report is provided "as is" for informational purposes only. The I4C (MHA) does not provide any warranties
of any kind regarding any information/source contained herein. The I4C (MHA) does not endorse any commercial product
or service referenced in this report or otherwise.

* Reference links mentioned on last page of report

* Reference links mentioned on last page of report