Advocate (Dr.) Prashant Mali's Blog

What does the Pegasus spyware do? Don’t Overthink  Did you imagine some super spy software which tracks you even when your mobiles internet or data connection is off. According to the software’s description on the NSO Group’s website, the Pegasus spyware is capable of complete data extraction from the victim’s phone. What makes this software worse is that it can be used for remote and stealth monitoring, without the victim even realising that they are being watched. The NSO Group’s website notes that the spyware can extract data remotely via untraceable commands. The Pegasus spyware could essentially make it unnecessary to have physical access to a device to spy on victims. For instance, iPhones, which are usually touted for being secure, reportedly have a  gaping security issue  in iMessage that allows remote access and duplication of data. But if you are common man please don’t overthink all the above to operational day in day out requires cash to be burnt and if you are common man l

How to Pay Ransom during a Ransomeware cyber attack in India ? The demand for ransom is illegal under the IPC, but not the payment . If business exigencies require, ransom may have to be paid under duress. even Section 37 of the income tax Act in India will not come in the way of the claim for deduction of ransom money.  Commissioner of Income Tax Vs M/s Khemchand Motilal Jain (Madhya Pradesh High Court (2011)) There are also companies that swoop in at the last minute to handle the logistics. companies like CyberSecOp,  DigitalMint, are a full-service, final-mile crypto broker. They are at the end of the process They hired specialists, after the forensic consultants, the company, and stakeholders have all made the determination victims have exhausted all their options and that paying the ransom from an economics perspective is the best way to move forward. That’s when they come to companies like  CyberSecOp,  digitalmint in order to help them acquire crypto at any time of day or night

What's the legal status of cryptocurrency or Digital currency in India? As of July 2021, Cryptocurrencies are not illegal in India. So if you want to buy, let's say Bitcoins, you can do so and start trading in it. However, India does not have a regulatory framework to govern cryptocurrencies as of now. The government had constituted an Inter-Ministerial Committee (IMC) on November 2, 2017, to study virtual currencies. The Group's report, along with a Draft Bill, flagged the positive aspect of distributed-ledger technology and suggested various applications, especially in financial services, for its use in India, including banks and other financial firms.  However, the Centre had flagged reservations around its misuse and wanted to put a blanket ban in India. Latest reports say cryptocurrency may not face a complete ban in India. The Centre may soon set up a panel to regulate them. The decision was taken after several cryptocurrency exchanges urged the Centre to regulate vir

बॅंकेतून ऑनलाइन पैसे गेलयास १५५२६० हा हेल्पलाइन क्रमांक करा डायल तंत्रज्ञान जेवढे प्रगत होत जाते तेवढेच त्याच्यामागे धोकेही चालत येतात. ऑनलाइन चोरी हा त्यातलाच एक प्रकार! विशेष म्हणजे शिक्षित, अनुभवी असलेले व्यक्ती याला बळी (Online fraud) पडतात. तुमचे क्रेडिट कार्ड अपडेट करायचे आहे, तुमच्या पिन नंबरची मुदत संपली, तुमच्या खात्यात अमुक रक्कम जमा करायची आहे, अशा एक ना अनेक क्लूप्त्या वापरत सायबर गुन्हेगार नागरिकांना फसवत असतात. अशा सायबर गुन्हेगारांवर आळा घालण्यासाठी केंद्र सरकारने आता पाऊल उचलले आहे. केंद्रीय गृहमंत्रालय आणि दिल्ली पोलिसांच्या सायबर सेलने अशी यंत्रणा विकसित केली की ज्या माध्यमातून लोकांना दिलासा मिळणार आहे. केंद्रीय गृहमंत्रालयाने १५५२६० हा क्रमांक हेल्पलाइन म्हणून जारी केला आहे. ज्यांचे पैसे खात्यातून उडाले असतील त्यांनी त्वरित या क्रमांकावर कॉल करावा. कारण, सायबर गुन्ह्यांमध्ये वेळेला फार महत्त्व असते. जेवढ्या लवकर हेल्पलाइनवर कॉल कराल तेवढे गुन्हेगार शोधून काढण्यास आणि रक्कम परत मिळण्यास मदत होते. इंटरनेटला कुठलीही भौगोलिक मर्यादा नसल्याने अगदी विदेशात बसलेला हॅकरही त

  पोलिस : इलेक्ट्रॉनिक उपकरणांच्या शोध आणि जप्तीसाठीची मार्गदर्शक तत्त्वे       कर्नाटक उच्च न्यायालय निकाला प्रमाणे -  अ‍ॅड. (डॉ.) प्रशांत माळी, सायबर तज्ज्ञ वकील  महाराष्ट्र सायबरच्या पोलीस अधिकारींच्या माज्या व्याख्यान कार्यक्रमा निमित्त, माझा हा ब्लॉग प्रदर्शित करत आहे. Virendra Khanna Vs State of Karnataka and Ors (2021) वीरेंद्र खन्ना विरुद्ध स्टेट ऑफ कर्नाटक आणि इतर (२०२१) निकालामध्ये स्मार्टफोन, इलेक्ट्रॉनिक उपकरणे किंवा ईमेल खाती यासंबंधात तपासणी दरम्यान जमलेल्या पुराव्यांना जतन करण्यासाठी शोध घेण्याच्या पद्धती संबंधित अनुसरण करण्याचे निर्देश उच्च न्यायालयाने अधोरेखित केले आहेत. कोर्ट एका खटल्याची सुनावणी करीत होते, जेथे आरोपीच्या मोबाईल फोन च्या शोध आणि जप्ती संदर्भात चौकशीचा सहभाग होता, या संदर्भात हा निकाल हायलाइट्स केला गेला कि, ज्या तपासामध्ये इलेक्ट्रॉनिक उपकरणांचा तपासणी दरम्यान समावेश असतो त्या संदर्भात कोणताही विशिष्ट असा कायदा नाही. हा निकाल असा निष्कर्ष काढतो कि, इलेक्ट्रॉनिक उपकरणांच्या शोध आणि जप्ती संदर्भात पोलिस विभागाने तपशीलवार मार्गदर्शक तत्त्वे बनवावीत. अश्य

Guidelines for search & seizure of Electronic Devices by Police: Karnataka HC Case Law Releasing this Blog on the event on my session for Maharashtra Cyber (MahCyber) police officers : In the case   Virendra Khanna vs. State of Karnataka and others   (2021) , the high court underlined guidelines to be followed by investigating officers regarding the manner of carrying a search and/or for the preservation of evidence gathered during an investigation that concerns smartphones, electronic equipment, or email accounts. The court was hearing a case where the investigation involved the search and seizure of an accused mobile phone. In this context, the judgment highlights that there is no specific law regarding the procedure to be followed during an investigation that involves electronic devices. The judgment concludes that detailed guidelines must be prepared by the police department in relation to the search and seizure of electronic devices. Meanwhile, until such instructions are form

APT Groups of India involved in Cyber Warfare An advanced persistent threat (APT) is a stealthy threat actor, typically a nation-state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.  Such threat actors' motivations are typically political or economic. Following are some of the Indian APT Groups : SideWinder:  The highly active cyber-espionage entity known as  SideWinder  has been plaguing governments and enterprises since 2012. SideWinder’s most of the activity is heavily focused on South Asia and East Asia, with the group likely supporting Indian political interests. Dropping Elephant : This is allegedly an Indian state-sponsored group  Dropping Elephant  has been known to target the Chinese government via spear-phishing and watering hole attacks. Viceroy Tiger : This AP