EP -116 | ⚠️‼️JAGRATHA సోదరా…!!! | ‘CYBER FORENSIC EXPERT’ ON RAW TALKS | Ft. Krishna Sastry | Telugu Podcast

00:00 Three years back, a wife and husband worked in two private companies. Very handsome salary. They were paid 2.5 lakhs a month. One day, they committed suicide. Six months before the incident, the wife received an unknown telephone number with audio. The audio was a beep. Five days after that... I was scared when I started, I hope you'll accept me now. Defense lawyers always ask if you're an SR. The way those questions are set, you'll be in trouble even if you say yes. Even if you say no. Don't think that Sastry has stopped beating your wife. You want only SR, no? If I say yes, it means I've been beating you up till now and you've stopped.

00:38 If I say no, I'll continue it. I can't forget it. Do you have any findings? I did some research. I caught some people in an income tax raid. There are 18 photos of the same heroine in a computer. The same photograph. I mean, I can catch 18 different photographs of the same heroine. Ice 1 JPG, Ice 2 JPG, Ice 3 JPG. If you open that photograph through a specialized software, every photograph will be in the background. You mean, in the photograph? Yes, in the photograph. So, I understood that there is a lot of depth in a case. In August 11, 2018, ATM withdrawals were made in 24 countries. Some 950 million US dollars. That is considered the biggest cyber hack in the banking industry. Why did it happen? If there are 20 lakhs in an ATM machine, 20 lakhs will be deposited in a money bank.

01:33 I don't know. There is a girl in North Africa who holds a pizza. I remember her very well. You can go to a market place and buy drugs. I'll go to AK-47. I'll go to MGR Investigation. Can I access North Africa? We access it from the dark web. In an organization, 8 terabytes of data is encrypted. We have no option. Transfer the money. Saturday or Sunday, he has no response. He is afraid that we will lose our money. Monday evening, he came live. Sorry, we will not send it on Sunday. iPhone is the most secure phone. Why do you use Android?

02:57 cybercrime or technology-driven cyberattacks, if we talk about this, first, basically, let's talk about cybercrime and attacks. Please tell us about the evolution you've seen. It would be good if you tell us about some cases. So, it will be easier for the viewers to connect. Definitely, Mr. Vamshi. But, there are some cases still in the court. So, I can't tell you the case peer. But, it's compulsory to have a modest operandi. It's important to learn lessons from that. So, when we talk about technology evolution and cybercrime suicide, I will tell you about my experience. As you said, I have been in this industry for almost 34 years. 34 to 35 years. Plus, I have worked for more than 1500 cases from the government, state government, central government, investigating agencies, different agencies. I was born in the 1960s. So, I used to think that I was very lucky. Why did I think I was lucky?

03:53 I saw all the generations. I saw the agricultural revolution in the 1960s. Industrial revolutions came in the 70s. You must have heard about it. So, computers came slowly in the 80s. 80s is called the computer revolution. Internet revolution happened in the 90s. Mobile revolution happened in 2000. The revolution that is happening now from 2010 onwards is called the IoT revolution. IoT means Internet of Things. But in common parlance, anywhere connection, anytime connection, anything you can get connected. That is called IoT. Because 15 years ago, I couldn't connect my car to the internet. My TV also didn't have any internet connection. Today, even your refrigerator can be connected to the internet.

04:46 The car is connected to the internet. That's why IoT revolution is transforming us completely. So, we are lucky. So, that's the point of view. We know that technology is making our life so much easier. So, we thought that we would get a lot of benefits. Correct. So, for every technology, you have a double-edged sword. There are ten on both sides. It is useful for good and bad. I wonder, when I read about these cases in the papers, you would have seen it today as well, that an ex-IPS officer's wife lost 2.5 crores. It was a big shock. If you look at the global statistics of cyber attacks and cyber crimes,

05:28 In the report given by the World Economic Forum in 2025, the global cost of cybercrime is some 5.5 trillion US dollars. Wow! In the new report in 2026 February, it may reach up to 10 trillion US dollars. That means, the third largest economy in the world after America and China is nothing but cybercrime. Wow! This is a statistic. In the same World Economic Forum, what is the global risk? We have always thought of environmental risk. But now, cyber risk has become a major issue. According to them, they have brought cyber risk from the number three position to the first position. This is not just an India problem. Every country is facing a problem with respect to cyber. That is one point. There is a report that a cyber crime is happening every second. Right?

05:28 In the report given by the World Economic Forum in 2025, the global cost of cybercrime is some 5.5 trillion US dollars. Wow! In the new report in 2026 February, it may reach up to 10 trillion US dollars. That means, the third largest economy in the world after America and China is nothing but cybercrime. Wow! This is a statistic. In the same World Economic Forum, what is the global risk? We have always thought of environmental risk. But now, cyber risk has become a major issue. According to them, they have brought cyber risk from the number three position to the first position. This is not just an India problem. Every country is facing a problem with respect to cyber. That is one point. There is a report that a cyber crime is happening every second. Right?

06:25 But I want to add another point here. It's reported. We don't know if it's unreported yet. According to my estimation, if you look at the statistics released by the Government of India, you can see that the government statistics say that money is being lost from 24 to 30,000 crores in cybercrime. So, how many victims have lost their money? I lost money in a digital arrest at the police station. Or, if someone calls me and says, I have apk file, and I lost money because of that. How many people report this? That's the question mark. Because, you must have seen many victims today. These market scams are happening. Especially, you will get a link online.

07:08 If you click on that link and invest, you will get 1 rupee, tomorrow evening you will get 2 rupees. You have seen what is called greed. That greed is being exploited in India. Because we have a materialistic view. Everyone has a viewpoint on where to invest money and it will double in 2 days. That's why in the middle of this, you have seen these market scams in our parliament sessions. Infosys chairman Narayan Murthy's wife, she told me and raised it. My videos are circulating with my voice, asking me to invest in some companies. People are investing thinking that I am the one talking. Secondly, you have Honorable Finance Minister Nirmala Sitharaman's video circulating in the market. We are starting a new company, this is a good scheme, you should start it immediately. Or, Elon Musk.

08:01 Infosys chairman and a new company. In different markets, you can find links to social media like Facebook. In those links, you can find videos of social engineering 2.0. You can hear deepfake, audio and video. It is very difficult to differentiate. Because, unless you use very good tools, it is very difficult to tell if it is deepfake or not. So, what they are doing through this is, people are investing and making a lot of money. If we make money in one way in India, it will have a different impact on organizations. Just like there is a cybercrime every second,

08:01 Infosys chairman and a new company. In different markets, you can find links to social media like Facebook. In those links, you can find videos of social engineering 2.0. You can hear deepfake, audio and video. It is very difficult to differentiate. Because, unless you use very good tools, it is very difficult to tell if it is deepfake or not. So, what they are doing through this is, people are investing and making a lot of money. If we make money in one way in India, it will have a different impact on organizations. Just like there is a cybercrime every second,

08:43 Every 4 to 5 minutes, a ransomware attack is happening. Okay. That means, if employees in the computer or some mail comes and clicks, their data will be encrypted. Once it is encrypted, a message will come on the computer. We, the hackers, have encrypted your data. If you do not pay us so many bitcoins immediately, we will delete all your data. That means, we have to buy the decryption key once the data is encrypted. So, the second statistic is that every 4 to 6 minutes, there is a ransomware attack. That is, organizations take backup. If the data is not encrypted, if you do not have backup, you have to pay bitcoins to run your company. You have to buy it. The third point is, you are playing in so many anti-viruses, anti-ransomware, right?

09:35 If we can't stop this ransomware, 9.5 lakh viruses are coming every day. But no one knows how 2% of these 9.5 lakhs will behave. So, current anti-virus or anti-malware cannot be stopped. To find out, you can go to Lehman's parlance. Every 100 years, a COVID type virus comes. You don't have a vaccine. Vaccine is an antivirus. Just like the COVID virus, it is a computer virus. To get a vaccine, the COVID virus has to have an impact on someone. The virus sample has to be captured. The genome sequence has to be developed biologically and the vaccine develops. Similarly, 2% of the 9.5 lakhs, calculate the figure. So many people become victims, but the virus doesn't work for them.

10:31 If their computer is infected, we can take the virus sample from there and identify the characteristics of how it behaves. Then we should have the capability to build this antivirus. So, you can see how much cyber crime is increasing every day. This is a global problem. So, not just India, but every country is facing this problem. An 80-year-old man has been waiting for 30 days for his pension. If a pension deposit is 30,000 and a click away, he loses 40,000, the pain he gets is unbearable. This is the current situation. So, when there are no regulatory systems or ethical values, cybercrime is a common thing. That's the main process here. If you talk about evolution, in the last 34 years, I've been talking about it for 5 generations.

11:27 The first generation of cybercrimes were, initially, computers, printers and scanners. The maximum we saw was, someone using a computer to commit a crime. Think of it as fraud. The person with the intention is ultimately a fraud. What does that mean? Someone taking a mark sheet, scanning it, or using some Photoshop or page maker software, and changing it. Taking his name and putting it on his name, taking his photo and taking his photo, printing it beautifully, giving a hologram to it, scanning it. That is, certificate duplicating. In the first generation cyber crimes, certificates, mark sheets, fake currencies, they used computers as a tool to commit the crime. That is the first point. Ultimate intention is fraud. To make money or cheating whatever.

12:27 That's the first generation. Even today, the first generation can happen. This is what you have already reported in terrorist cases, where a Minister of Home Affairs sticker was placed on a car and it was taken to Parliament. Yes, in that case... In fact, I heard that you were the first person to produce a laptop in that case. Yes, the laptop case was in Delhi. Until then, laptops were not produced, right? Before that, electronic evidence in terrorist attacks was of crucial importance. But, as I said, a computer can be used to investigate any crime, be it a terrorist attack or a normal one. Computer they use as a tool to commit the crime. That's the point. Second generation cybercrime is when we have internet, software in the office, you must have heard about e-governance. When the portal service comes slowly, online transactions are done. When it comes to the second generation, because the public doesn't have that much knowledge, they don't know if the website they visit is fake or original.

12:27 That's the first generation. Even today, the first generation can happen. This is what you have already reported in terrorist cases, where a Minister of Home Affairs sticker was placed on a car and it was taken to Parliament. Yes, in that case... In fact, I heard that you were the first person to produce a laptop in that case. Yes, the laptop case was in Delhi. Until then, laptops were not produced, right? Before that, electronic evidence in terrorist attacks was of crucial importance. But, as I said, a computer can be used to investigate any crime, be it a terrorist attack or a normal one. Computer they use as a tool to commit the crime. That's the point. Second generation cybercrime is when we have internet, software in the office, you must have heard about e-governance. When the portal service comes slowly, online transactions are done. When it comes to the second generation, because the public doesn't have that much knowledge, they don't know if the website they visit is fake or original.

13:27 At that time, you opened a website for the public domain in UP, and put an advertisement that there are vacancies for post sub-inspector police. You took an online application, conducted a written test exam, conducted an interview, and then the medical examination was also conducted in Delhi, before joining the Canada government. After that, they rolled out the offer letter. Okay. All the candidates who took the offer letter went to the training academy in Delhi, near Gajabad. They said, they don't know when this recruitment happened.

14:15 Their fraudsters, their mindset is very popular. You know that they are in every investigation. So, online recruitment scams and frauds happened in the second generation. You might have seen in the public domain, the Delhi Electricity Board scam. If I have a house accommodation, I get a 1000 rupee bill every month. If it is Bansri's hotel or office, I get 20,000 rupees. But what they did by manipulating the software was, they made it so that my bill came to you and your bill came to me. Then, in the cooperative banks, if there is 1000 rupees in my account, if you pay that to the computer data entry, it will be 10,000 rupees. From that, you transfer it to another account and make money. Because at that time, there were no core bankings. There was no connectivity to the central agencies. More or less, it was a simple computation. For adoption.

15:16 This is a fraud in the second generation. For example, after the examinations, there are vacancies. I'll give you an example. There was a state secondary board in a state. It was a class 10 board. It was like the SSLC board. All the students wrote papers. They were subject to papers. State name is not mentioned here. Yes, the name is not mentioned. After the evaluation of the examination, all the papers go to the board headquarters. What they do is, a person, there is software in the computer, student, name, roll number, their father's name, he will enter how many marks he got in this subject. As soon as he enters, you get a mark sheet. That is, whether he passed in the first division, passed in the second division, passed in the third division, how we get the mark sheet, that's how it comes. That is, state,

15:16 This is a fraud in the second generation. For example, after the examinations, there are vacancies. I'll give you an example. There was a state secondary board in a state. It was a class 10 board. It was like the SSLC board. All the students wrote papers. They were subject to papers. State name is not mentioned here. Yes, the name is not mentioned. After the evaluation of the examination, all the papers go to the board headquarters. What they do is, a person, there is software in the computer, student, name, roll number, their father's name, he will enter how many marks he got in this subject. As soon as he enters, you get a mark sheet. That is, whether he passed in the first division, passed in the second division, passed in the third division, how we get the mark sheet, that's how it comes. That is, state,

16:08 Department of Computation was established. Good. We want to have a computerized system. That's why the government has introduced this governance. So, in 2006-2007, they used software for two academic years. New software, basically. After two years of results, a surprising news came out. What was that? Until 2005, The state board topper was the students from government schools. Those two years, private schools joined. It's possible. But what was a surprising incident was that in those two years, no government student scored 100 marks in any subject.

16:57 So, you can come up to this point? Yes, you can come up to this point. You can be a proper private or a government. But, it is doubtful that you can't get 100 out of 100. So, teachers had a doubt. I have so many good students. If I don't get first, at least I can get 100 out of 100 in one subject. We don't know if there are other reasons. But this case was ultimately handed over to the Canada government for investigation. When we did the investigation, they sent us a computer with a C-shared file. But we didn't find anything other than the computer mark sheets. Right. After we heard the entire case history, we asked the investigating office what a case is. They told us.

17:38 I don't have any connection with hard drives. I took the software developed by the software and installed it in the computer and entered the marks. I told them to bring that software. Your team? Yes, my team. We brought that software and installed it in the computer. We did it randomly. We gave the student a hall ticket number and entered some marks. When we did it randomly, some people got more marks than we gave. Some people got less marks. We had a doubt. So you were checking? Yes, I was checking. We asked the software code why this happened and how it was happening. What we observed when we looked at the code was...

18:20 they might have paid some money so that this software will favor the private schools. I'll tell you a very simple logic. Every government student starts with roll number 3. This is a 6 digit roll number. Private students start with roll number 4. You might have seen in the exam, they give it digitally, they give it to the private, they give it to the centre. Because there are hearing numbers. Randomly distribute it and avoid it. That's why many people implement it. So, the software we observe is that for roll number starts with 3, that is, for government students. What they wrote in the code is that

19:03 If more than 66 marks are equal to 100, that is, greater than 66, less than or equal to 100. They have written deduct 8 marks. That means, if any student gets 100 marks, Government student automatically gets 8 marks less in that subject. That means, let's say we give 100 marks to Pumsi, I entered. I am entering 100, but I see 92 marks in the output mark sheet. Okay? The same private students, their roll number starts with 4. What they did was, they added 8 marks for greater than 68, less than or equal to 92. We call this software manipulation and also data dealing. Overall case investigation, the forensics and electronic evidence is corroborative evidence. Based on this, the investigation and other evidence is also included.

19:03 If more than 66 marks are equal to 100, that is, greater than 66, less than or equal to 100. They have written deduct 8 marks. That means, if any student gets 100 marks, Government student automatically gets 8 marks less in that subject. That means, let's say we give 100 marks to Pumsi, I entered. I am entering 100, but I see 92 marks in the output mark sheet. Okay? The same private students, their roll number starts with 4. What they did was, they added 8 marks for greater than 68, less than or equal to 92. We call this software manipulation and also data dealing. Overall case investigation, the forensics and electronic evidence is corroborative evidence. Based on this, the investigation and other evidence is also included.

20:01 Finally, the court has to submit it. This cannot be the final? Yes, final. This is an evidence report. If the money is transferred to their bank account, the police will gather the remaining evidence. So, if the case is wronged and submitted to the court, the court will judge the company accordingly. When it comes to the third point, outsiders have to come in. Outsiders are the viruses. You get a warning every day not to download APK files. They say it's a disease. I got one recently. They say it's a disease. They give you the files. Your computer or mobile phone gets infected. They know what you are doing. I'll tell you a case like this.

20:49 Three years back, I worked in a private company with my wife and husband. Very handsome salary. We used to get around 2.5 lakhs a month. One day, both of us committed suicide. The police committed suicide due to financial problems. Because they had taken a loan from different people. But when they are working in a very good company, drawing a very handsome salary, why should they commit suicide? That too, in the last 5-6 months, maximum bank withdrawals have been observed. Okay. Actually, that is further investigation. First, the people who are financially stable, took loans and lost money here and there. This is actually what happened in the Covid era. I think you are right.

20:49 Three years back, I worked in a private company with my wife and husband. Very handsome salary. We used to get around 2.5 lakhs a month. One day, both of us committed suicide. The police committed suicide due to financial problems. Because they had taken a loan from different people. But when they are working in a very good company, drawing a very handsome salary, why should they commit suicide? That too, in the last 5-6 months, maximum bank withdrawals have been observed. Okay. Actually, that is further investigation. First, the people who are financially stable, took loans and lost money here and there. This is actually what happened in the Covid era. I think you are right.

21:39 What happened to them is, generally in corporate, their personal emails are not accessed in the office system. Sorry, company. So they have a computer in their house. Those computers are in the bedroom. One day, six months before this incident, a WhatsApp message came from an unknown telephone number to his wife, and there was audio below. What is that audio? It is the audio of the wife and husband talking. Her wife asked her husband, why are you recording without my knowledge? Why are you sending me from an unknown number? Okay. Five days after that, the same opposite happened. Another unknown telephone number came from her husband's mobile phone, and an audio message came. That too, their communication. So, marriage is about trust. So, both of them started suspecting each other.

22:39 Within 5 days, they received a phone call from their mobile phone saying that they have a bedroom video. After that, he said, I am recording your video and audio. If you don't pay me this amount, I will leak it out. If you get an APK file and lose 30,000 or 40,000, it's the same. But here, your life is lost. That's why I'm telling you. They paid them 30,000,000 or 40,000,000. The last person gave a deadline. He paid 1.7 crores by then. If you don't pay me by tomorrow evening, I'll send your bedroom video to all your friends in your mailbox. He already sent it. Then a friend of theirs called them.

22:39 Within 5 days, they received a phone call from their mobile phone saying that they have a bedroom video. After that, he said, I am recording your video and audio. If you don't pay me this amount, I will leak it out. If you get an APK file and lose 30,000 or 40,000, it's the same. But here, your life is lost. That's why I'm telling you. They paid them 30,000,000 or 40,000,000. The last person gave a deadline. He paid 1.7 crores by then. If you don't pay me by tomorrow evening, I'll send your bedroom video to all your friends in your mailbox. He already sent it. Then a friend of theirs called them.

23:26 They don't even know why they are sending their bedroom video to us. Actually, four months ago, they got an email on Gmail, their personal email id. We call it webmail. It has an attachment. When they clicked that attachment, the script had already run, the hacker went to command and control, and from there, he started his rat. This RAT does four things. The RAT that is available now, remote access, does four things. The first thing is, whatever computer you type, it records it and sends it to the user. That is, it is called command and control. Okay? It sends the phone. That is, when you log in, the user gives the password and it goes to the user. That's point number one.

24:16 The second most important point is, whether you have observed the bank wall that tells you that there are rats or not, when you are entering the password, don't use your keyboard. Go for virtual keyboard. Because this keystroke, it is also called a keystroke logger in the normal public. What is this keystroke logger? Keystroke logger. It locks all the keystrokes you are typing. You come to the office, you run the computer and enter your username and password. If there is a keystore logger inside, it will capture your username and password and give it to him. I don't understand why he gives it virtually, why he gives it without a keyboard. That's why many people say, don't use computers in public places. You are voting for virtual. Let's say your pin number is 22222. Let's say something like that. You click on the mouse on 2. Similarly, you click on the second letter.

25:09 Every mouse click you take a screenshot. That means the hacker gets four photographs. In the first photograph, the cursor, you know the pointer, right? The cursor is on two, in the second one there are four, according to that he will know your pin number. That's why this virtual keyboard is also of no use today. Okay? There is no problem there. I came to you at lunch time. Suppose this is already installed in your computer. I come to you at lunch time and we talk about politics. Something crazy. What we talk about is automatically recorded audio and sent to them. Fourth is that it automatically turns on your camera, takes a video of what is in focus and sends it there. This incident happened in the computer of my wife's husband.

25:09 Every mouse click you take a screenshot. That means the hacker gets four photographs. In the first photograph, the cursor, you know the pointer, right? The cursor is on two, in the second one there are four, according to that he will know your pin number. That's why this virtual keyboard is also of no use today. Okay? There is no problem there. I came to you at lunch time. Suppose this is already installed in your computer. I come to you at lunch time and we talk about politics. Something crazy. What we talk about is automatically recorded audio and sent to them. Fourth is that it automatically turns on your camera, takes a video of what is in focus and sends it there. This incident happened in the computer of my wife's husband.

26:04 You might have heard of this. It starts with a P, Pegasus. You can do that. But there is a new variety in this. I sent you an email and you clicked on it. But now, you can enter your mobile without even clicking. Okay. Type in zero click. Zero click Pegasus or zero click rat, you will know. Basically, we call it a rat in the security community. It has become very famous out there. You don't have to click anything. It is automatically on your mobile. This is the third generation that is coming recently. What happens with this? You normally call, you don't click anything. But this rat is on your mobile.

26:51 The voice you are making, the websites you visit, the messages you type, the video you take with your video camera, and the voice you record and send, all these activities will happen here. Can we use phones and laptops? I mean, it depends on your risk. I'll tell you the situation. If you are not a high-sensitive person, a normal human being, why would you rat out your mobile? Because it doesn't matter. You will only rat out when you have 1000 crores. That's the situation. So, it depends on your risk. We have to think of a way to keep it away. Another problem is that, even today, we have QR codes. Yes. There is no QR code. From the wedding invitation to the venue, we scan the QR code. If we go to a hotel, if they ask for a menu, we scan the QR code. So, what fraudsters have started is, they are sending fake QR codes. Okay. If you scan the QR code, you will get Malibu on your mobile or computer.

27:53 We call this Stigo Embedded Malware. There is a technique called Stignography. Stignography means the art of hiding one file behind another file. For example, you have to send an audio to your computer. There is a video behind the audio, terrorist communication. There is also a photograph. There is a message behind the photograph. Even if someone intercepts our communication, it will be under the photograph. I'll give you a live example. I did my own investigation. Someone was caught in an income tax raid. There were 15 photos of the same popular heroine in a computer. Just one photo. I have that case. Okay. You wrote an article on it. Yes, I did. Can I say her name? No need for that. She was a very popular heroine. I'll tell you her name as a modest operant.

28:48 No matter how much of a heroine I am, I will keep 15 different photographs. ABC, JPG 1, ABC, JPG 2, same photograph of heroine. Same. I found it in a folder in the computer. Keep 15 different photographs. No problem. No doubt about it? I have kept 15 photographs. Okay? Ice 1 Jpg, Ice 2 Jpg, Ice 3 Jpg. When we did the investigation and saw the photograph, we also saw the size of the photograph. When you create a file in your computer, it has properties. It has the size, date and date of creation. There are 15 different dates of modification and creation. The sizes are also different.

29:38 We had a doubt. If we change the format of a photograph to JPEG, you will automatically get a variation in size. But when all the files are JPG, how do we get variations? We did an investigation. We analyzed it. In every photograph, there is a bank account number. Where to deposit money. Will it be in the photograph? Yes, it will be in the photograph. If you click normally, no one will know. If you open the photograph through a specialized software, you will see this inside the photograph. After reading it, you have to reply. If you type in, yes deposited money, another reply will come. Save it in another type. Size is going to be different. You understand the point, right?

30:26 So, there are new technologies, but the size is the same. That's also a doubt. This is called steganography. Art of hiding one file behind another file. For example, in a pornographic case, I think I raided and searched for the computer. When I wanted to watch pornographic videos, I had all those. But I couldn't find any pornographic clip or videos. All are under MP3s, under songs. Because if you use it in a song, you can put it under a clip. If you click outside, you can see only what? Audio. Some good songs like Shankarabaran will be there outside. But inside, video. This is called Steganography.

31:06 This is called Stego Embedded Malware. This malware is stored in a QR code through a steganographic technique. So, whenever you scan the QR code, the malware will be transferred to your mobile phone or desktop. Then it works under the radar. You don't have to worry about it. You can capture it. The second thing is, and this is why we say that to compensate for the first thing, never scan QR codes you are receiving from unknown sources. We think, he will put it somewhere, I will scan it, it is important to us, right? That is very, very dangerous. The second thing is, I went to a hotel,

31:50 I asked for a menu card. He said, scan the menu card on the table. You will know what items are available. I scanned it. The problem I had with scanning was that the existing QR code scanner would not work. It would say, go to Google Play Store and download. My family was there. We were ready to eat. I wanted to know the prices and what food items were available. I would go there by default and download and see. It wouldn't work. But that is an APK file. If you don't come, we will call you later. So, automatically you will start getting money. When you come out after eating, you will start getting money. That's why they are waiting for you. So, that's why we say that whenever you scan your QR code, your existing QR code scanner will not work. Go to Google Play Store and download. You have to be very careful. Because fraudsters go to important locations, hotels and such,

32:54 Same, same model They put the name of the hotel on the table, and change the QR code and fake it. It works internally with people. How would they know? Before opening the shop at 8 in the morning, there will be a line. They will put the 10 people on 10 tables and fake it. They take the workers' pop and put it on the table. It is difficult to say if they have a role or not. Even if they put it, they won't change it. The same attacks are happening. If you have critical infrastructure, whether it is bank ATMs or airports, we call these fourth generations. Where do you get critical infrastructure? Which are important for the national security and safety. We call that critical information infrastructure. Because, if you hack a private website, you will file a case and you will have no chance of getting out.

32:54 Same, same model They put the name of the hotel on the table, and change the QR code and fake it. It works internally with people. How would they know? Before opening the shop at 8 in the morning, there will be a line. They will put the 10 people on 10 tables and fake it. They take the workers' pop and put it on the table. It is difficult to say if they have a role or not. Even if they put it, they won't change it. The same attacks are happening. If you have critical infrastructure, whether it is bank ATMs or airports, we call these fourth generations. Where do you get critical infrastructure? Which are important for the national security and safety. We call that critical information infrastructure. Because, if you hack a private website, you will file a case and you will have no chance of getting out.

33:53 The Government of India has a section called Section 70 in Indian Information Technology. It declares that some computer systems which are very important for national security and safety are protected systems. If you attack or identify them, it is a non-bailable offense and it can be considered as cyber terrorism. Many people try to scan and penetrate government websites without knowing. Especially young people. You have to be very careful. Because if you get attacked once, it will turn into cyber terrorism. No one can save you. To be frank. Okay? So, the fourth generation is important because, in the future, whatever war happens, first, cyber war will happen. After the cyber war,

34:49 The power grid can collapse completely. So the country can become dark. Then, we can use GPS jamming techniques to prevent aircraft movement. There is a chance that GPS spoofing technique will take our aircraft in the wrong direction. I have written an article recently, if you have read it or not. You might have heard about an incident at Delhi airport. Some aircrafts faced problems landing in the evening. It came in the public domain. In this way, attacks on critical infrastructure, for example, on SCADA systems, nuclear reactors, and all these things, are categorized as category 4 or generation 4 attacks. So in the future, before any traditional war breaks out, a missile hits you, the communication system and the financial system will be destroyed. Then it will be easier for you to fight the war.

36:24 Same. Who will look after your login and Gmail? That's enough. Now, there are problems with medical devices. There are many medical devices. In medical industries, they are using the internet a lot. Not only in cars. In these devices, there is a very popular company. Even if you go to Google, they have made a device. If you put it on your body, It releases sugar content to the diabetic patient in your body and then releases the drug. What do we do now? I remember, no name, right? No name. We take a tablet in the morning and in the afternoon and at night. If the sugar level is high, we know how many points to inject. So, when you put that device on your body, you control it through the app

37:09 When you take a drug in your body automatically, it will release the drug to your body automatically. You don't have to take care of anything. You don't have to take care of your physical body. It will take care of everything. So, it's like insulin pumps. You hack that insulin pump. Hackers can be able to push more insulin into the body. So, for example, you are in the telemedicine world. The patient is in one place, the robot is operating from another place, and the doctor is in another country. If there is an interception or compromise, or if there is a wrong message, there is a chance of failure of the operation. That's it? That's it. So technology is useful, but if we don't take it as security,

37:09 When you take a drug in your body automatically, it will release the drug to your body automatically. You don't have to take care of anything. You don't have to take care of your physical body. It will take care of everything. So, it's like insulin pumps. You hack that insulin pump. Hackers can be able to push more insulin into the body. So, for example, you are in the telemedicine world. The patient is in one place, the robot is operating from another place, and the doctor is in another country. If there is an interception or compromise, or if there is a wrong message, there is a chance of failure of the operation. That's it? That's it. So technology is useful, but if we don't take it as security,

37:53 If we don't implement the security properly, there are chances of these problems. If you leave insulin too much, the patient will die. So, you can search for insulin pump hackable in Google. You will find all these. This was reported in 2016. After that, there were many attacks. In some countries, hackers were involved in MRI systems. One person was chained to another MRI. The change was done automatically by the second doctor, EMR. There are reported cases in Google, and foreign countries. So what I'm saying is, this fifth generation, where you're getting the complete attacks, is happening on IoT devices. I'll tell you about the washing machine case too. A washing machine was advertised. A fully automated washing machine. You purchase it from October 1st to October 30th.

38:53 3 years guarantee. Whatever happens, I will replace it within 3 years. Whether it is an agreement, warranty, guarantee or anything else. It is more automatic than what we have now. For example, I come to your office at 11 am, I leave my house at 10 am. Water comes from our apartment at 11 o'clock. Correct. So, if I switch it on and set the time to day 2, it will automatically clean itself by the time I reach day 2. Human interference will not be there. So, fully automated. Correct. When we do a purchase, what do we do? Shopkeeper is going to enter the date of purchase. Correct.

39:34 And he will set the time. From there, the clock works. I purchased on 1st of October. Vamshi purchased on 2nd of October. Similarly, 50,000 washing machines were sold. Correctly, within 3 years and 12 days, my washing machine broke down. Okay. The next day, yours broke down. We also bought on 1st and 2nd of October. Correctly, the next day, mine broke down and yours broke down. Because of clarity. Then I went to the washing machine company. What did they say first? It is out of guarantee period. It's been three years. Second, cost of repairing is more than cost of purchasing a new one. That's why the technology is changing. Spare parts are not available. There will be an internal pressure, right? Let's throw the old machine at home and buy a new one.

40:28 New ones came, and the latest one came from the neighbour's house. Do you also feel the pressure? But what some people did was, there were a lot of reports. Similar. Like how people are getting fat in social media, Twitter, etc. If there are a lot of reports, one person was filed in a consumer court. On that brand? If you observe everyone, it was found that he was ruined within 3 years and 12 days. Correctly. In that consumer case, the case was handed over to the police. 4-5 machines were given randomly. The chip in those washing machines was taken out and the code was read. This is called software forensics. Okay. Okay. Is this the case you are dealing with? No. When we did software forensics, what we observed was that from the date of entry in his program,

41:22 He wrote it in 1996. He wrote that it should not function on that day. We call it a logic bomb. Logic bomb is a program which will get executed after a particular parameter was met. Parameter means a date. You know the market politics in this. If you know how cyber cam is going, you will get an idea. In India, the main problem is once in a lifetime article. It's different for each generation. Once in a lifetime article in our generation means, you don't think about a new TV while your old one is working. You don't think about a new TV while your refrigerator is working. Because there is no necessity to think about it. If it's your generation, you will be changing it every 1 or 2 years. If I work on the same TV for 15 years, the company won't do marketing. Sales will go down.

42:20 There is saturation at a certain stage. If you write the same code, I gave you a 3 year guarantee, I wrote the program for 4 years, it suddenly stopped working. What do we think? Sir, it worked very well until yesterday, it seems to have been damaged by electricity fluctuations, we try to blame them, but you don't know that the code is internal. We call this as embedded crimes. If there are preprogrammable chips in anything, You don't know what code is written in the chip of the program. Right. Then there is a chance for fraud to happen. That's why many companies do marketing. They bring the latest phone. This phone will last for 10 years. In the market, the sales of my new phone will increase. So, don't work on it after 3 years. Or develop another application to work on it after 3 years. Tell them that it is not possible to upgrade.

43:21 What would you do? Boss, my phone is working. Everything is fine. I want to use the latest application. It's outdated. I need to buy a new one. For example, WhatsApp. I've been using a mobile phone for 6 years. Latest WhatsApp is not getting installed. So what do I do? I get a necessity to buy a new one. Because of this market dynamics and business dynamics, we are unable to tell which type is turning from which. This is called embedded crimes. We call it embedded forensics, which is taking out the chip in it and doing analysis. That's why in many organizations, globally, we should show interest in in-house development. Right?

43:21 What would you do? Boss, my phone is working. Everything is fine. I want to use the latest application. It's outdated. I need to buy a new one. For example, WhatsApp. I've been using a mobile phone for 6 years. Latest WhatsApp is not getting installed. So what do I do? I get a necessity to buy a new one. Because of this market dynamics and business dynamics, we are unable to tell which type is turning from which. This is called embedded crimes. We call it embedded forensics, which is taking out the chip in it and doing analysis. That's why in many organizations, globally, we should show interest in in-house development. Right?

44:03 Right. The Honorable Prime Minister also said in the Make in India concept, that to reduce cyber security risks, Make in India should be important. Because we don't know what's going on in the background. When you import something from a foreign country, we have to take the complete code that is written in it. From the company, we can take the code agreement and see how the code works, what are the side effects, if there is a logic bomb in it, or if there is a backdoor, is it talking to us, is it going to us? There is a necessity to look at all these points. This is very important from national security to individual privacy. So, it would be very good if we develop our own third-party tools and third-party products without increasing them so much.

44:52 That is what the Government of India is thinking about in Vexith Bharat. Let us grow, let us build our world production. That is a very important point. Sir, you have delivered a case on Cosmos Bank. The way you explain, I didn't understand the depth of it. You keep explaining, and then you say, if you buy this, you can take it home in such detail. I had a doubt. Can we talk about that? Yes, definitely. I can't give you complete case details, but I can tell you about the modus operandi in the public domain. As I said earlier, I'll tell you which lessons are important. Very true. First, this bank is an urban cooperative bank based in Pune. That's point number one.

44:52 That is what the Government of India is thinking about in Vexith Bharat. Let us grow, let us build our world production. That is a very important point. Sir, you have delivered a case on Cosmos Bank. The way you explain, I didn't understand the depth of it. You keep explaining, and then you say, if you buy this, you can take it home in such detail. I had a doubt. Can we talk about that? Yes, definitely. I can't give you complete case details, but I can tell you about the modus operandi in the public domain. As I said earlier, I'll tell you which lessons are important. Very true. First, this bank is an urban cooperative bank based in Pune. That's point number one.

45:31 Then, on August 11, 2018, ATM transactions were made from 25 countries. Okay, sir. That was done without the bank's knowledge. So, approximately 82 crores worth of ATM transactions were made. Okay. Out of that, 82 crores, 79 crores were taken from foreign countries. The rest were taken from India ATM. On August 13, the same day, in the same bank, where the cyber attack happened, there were 4 SIFT transactions.

46:13 went from India to foreign countries and from there, the attack reached 12 crores. We don't know how much the bank recovered later in the public domain. But you will know this if you look at the bank's FIR copies. So, a total of 94 crores worth cyber attack happened. Let's see how ATM networks work. When you look at the ATM card number, there are 16 digits in it. The first six digits of those 16 digits are called the bank identification number. Let's take an ATM card, let's take an ex-bank. Let's see what happens when I say the name of this bank. When you take an ex-bank ATM card and put it in the ATM machine of the ex-bank, the ATM machine goes to the bank switch. What happens at the bank switch is that it verifies whether it is my ATM card or not.

47:12 When it becomes my bank card, it will verify three things. First, it will verify if your PIN number is correct. Second, it will check if you have sufficient money in the core banking. Third, it will check if you exceed the daily limit of Rs. 40,000 or Rs. 50,000. Accordingly, you will get an approval message. You will get the money from the ATM. In this case, I have put the ATM card of X bank in the ATM machine of X bank. If I put the ATM card of X bank in the Y bank, the bank will go to the switch from the Y ATM. It will identify that this is not my bank card. Clear? Then what it does is, it sends an NPCA. You know what an NPCA is, right? National Payment Corporation of India.

48:08 They will see the first 6 digits, which bank it is, and send it to that bank switch. So, from there, NPS goes to X bank. After verifying those 3, X bank will approve it. Until the bank NPSs the message, the money will come out of this ATM. X bank customer took from Y bank, right? So, how much money should they pay? To this bank. The company that maintains the list is maintained by NPCI. Which bank should pay how much to which bank? Then, every bank is guaranteed by NPCI. So, NPCI deposits this amount of money in every bank. They act like a centralized agency. I am guaranteed.

48:59 So, in August 11, 2018, in these 3 hours, 79 crores, that is, in foreign countries and 2.5 crores in India, in total, ATM withdrawals were made up to Rs.82 crores. That means, in these 3 hours, volume transactions increased. How did we know that? Around 2.30, the bank received an information from Visa. Visa is like the NPCA, where you have rupee cards. If you take this card and put it in a foreign country, the Visa will go to the foreign country first. Visa identifies and gives you a bank with 6 digits. Once the bank approves, the ATMs from the bank will come. So, the NPCA plays a role here and Visa plays a role there.

49:52 Around 2.5, Visa sent a message to this bank. Many transactions are declining. What they mean is, they are putting a card in foreign countries, that card is going to Visa, Visa is forwarding it to the bank. Here you get a decline transaction. Right? That informs them. It could be a wrong PIN number or something else, but it's a decline transaction. The bank is looking at it as an investigation. Again, the same information came in 2 hours. A large number of transactions are happening. Because, as I told you earlier, they are monitoring the velocity of the transactions. Why are they suddenly increasing?

50:38 Ultimately, this is what is happening. At night, ATMs are shut down by 7pm. So, first, transactions are declining. Then, declines are approved. Then, they are approved. Money is not being paid. It is being paid. Automatically, new money is coming in. But, the transaction is happening in the bank is unknown. It is unknown. Okay. Okay. This is the point there. So around 7.30, they decided to disconnect everything. No matter where you put the card, you will not get any approval or decline. So first decline, then decline approval, then approval time. This is how they observed the pattern. Actually, in this case, as I said earlier, the attack happens in three phases. They compromise the network. Then they set up the byte and then it happens.

50:38 Ultimately, this is what is happening. At night, ATMs are shut down by 7pm. So, first, transactions are declining. Then, declines are approved. Then, they are approved. Money is not being paid. It is being paid. Automatically, new money is coming in. But, the transaction is happening in the bank is unknown. It is unknown. Okay. Okay. This is the point there. So around 7.30, they decided to disconnect everything. No matter where you put the card, you will not get any approval or decline. So first decline, then decline approval, then approval time. This is how they observed the pattern. Actually, in this case, as I said earlier, the attack happens in three phases. They compromise the network. Then they set up the byte and then it happens.

51:33 Even though this August 11th happened, attackers are still using their network. So, hackers, as usual, send you a phishing mail, install a RAT on your computer and compromise the network. They have destroyed all the passwords. I told you that your credit card and debit card are 16 digit numbers, right? All this is developed through a free software called Loan Solver. LUHN. Free software. Free software. You can search for Luhn Salgardha on Google. For example, there is a 16 digit card number. You type 15 and type missing coin and you will get the number. You will get the credit card number. You block the last two and type 14 and enter. Probable cards will come. You may have one card in that.

52:25 So, you can get it from anyone. You can get it from anyone. You can get it from Loan Salgar. It's free software. All the banks do it. Suppose I joined a customer in an ex-bank. I want an ATM card from the bank. What the bank does is, they send this card printing to them. I said the first 6 digits is a BIN number, right? What they do is, they give these 100 customers cards through this BIN number. The company will print the card to Manipal and Gurgaon in India. They will enter the BIN number and in the Loans algorithm, they will get the remaining set of numbers. So, one card will be given to the first customer and the other to the second customer. These are not sequence numbers, but random numbers developed through software. It is all free software. Yes, yes. It is an algorithm. Nothing wrong with that. Open source.

53:23 But the bin number is not a secret. If you go to Google today, you will find bin numbers of Punjab National Bank. What are those 6 digits? So what these hackers did was, they typed the bin number of the bank and generated a set of card numbers. The card numbers generated by that generation are sold in the dark web. I will tell you what dark web is later. Someone has sold it in the dark web. These are the card numbers. After getting those card numbers, the original hacker will sell it. There will be an in-charge like our Asia in-charge, European in-charge and African in-charge. Let's assume that the Asian in-charge is also there. What he does is, he sells the Indian in-charge and the Philippine in-charge.

54:10 India in charge will buy them and convert them to physical cards. If you look at the card, you have a magnetic strip on the back, right? Yes. To write on that card, you call it skimming. A device called skimmer. If you type in Google, credit card skimmer, debit card skimmers, whenever you swipe a card, there is a track 1 track 2 on that magnetic strip. You write that track 1 track 2 data there. If I have Vamshi's card, I can use skimmer read and write.

54:46 If you swipe, the card data will be stored in it. For example, I work in a petrol bank. Customers came and gave me a card. What I do is, I swipe every card on the portable skimmers in my pocket. It can store up to 200 cards. I come home at night, connect the device to my computer, and get plastic cards and magnetic strips for 2 to 5 rupees. You can put the first card and write the first card data on it. You can put the second card and write the second card. This is the skimming technique. Instrument is called skimmer. That's why Reserve Bank of India removed the magnetic chip cards and asked us to bring the EMV chip based cards. You might have seen it. But still, in many ATM machines, we have magnetic chips. There are no chip readers. That's the point. But, there is always a step for the hacker.

54:46 If you swipe, the card data will be stored in it. For example, I work in a petrol bank. Customers came and gave me a card. What I do is, I swipe every card on the portable skimmers in my pocket. It can store up to 200 cards. I come home at night, connect the device to my computer, and get plastic cards and magnetic strips for 2 to 5 rupees. You can put the first card and write the first card data on it. You can put the second card and write the second card. This is the skimming technique. Instrument is called skimmer. That's why Reserve Bank of India removed the magnetic chip cards and asked us to bring the EMV chip based cards. You might have seen it. But still, in many ATM machines, we have magnetic chips. There are no chip readers. That's the point. But, there is always a step for the hacker.

55:40 I told you about skimmer, right? To read magnetic cards. That technique is called skimming. In the market, there is a shimmer already. SHIMMER. It reads chips. Oh my God! So, when you put a card in a point of sale machine, it puts a small chip, which is fake. So, automatically, what the shimmer does is, it duplicates your EMV chip card. It didn't come in the ATM, but it came to him. If you type in Google, in some countries, they have banned chip cards because they are getting duplicated. So if you type in Google, shimmer and shimming technique, EMV, chip card, duplicator, the difference is, shimmers are slightly costly, skimmers are cheaper. That's the difference.

56:27 Plus, to duplicate a magnetic chip card, each card costs 2 rupees. If you put a chip, it will cost 175 to 200 rupees. That's a bit more expensive. But for fraudsters, if you spend 200 rupees and arrange 40,000 rupees, that's not a big issue. That's the point. So, whenever you put a machine in an ATM card, the data goes to the bank switch. But what happened here is that the hackers have already compromised the bank. They are sitting on the server. So they are physically in their control. Whenever you put a card in an ATM machine, when you go from the ATM machine to the bank switch server, I told you once before,

57:14 When you type in a computer, the data doesn't go directly to the hard drive. First, it goes to the computer's memory. Okay. It goes from the RAM to the hard drive and gets encrypted there. How is your data in RAM? It is in plain unencrypted format. Okay? So, I sent you a RAT. That RAT will take the RAM data from your mobile phone or your computer. Ram, remember, malware. To put it simply, memory resident malware. And they are also called ram scrappers. They take the scrapkeen and take the password out. So, they accept it in their memory.

58:05 They put the message under approval. Without the bank's knowledge? Without the bank's knowledge. The message is not reaching the ATM server. Point number one. The bank is not aware of the transaction. I put a card in a foreign country. Visa went from there. Visa went to the bank. Visa knows the transaction is happening. Now, when the switch is down and the memory is down, if it is approved there itself, the bank doesn't know that the transaction is happening. That's why the bank doesn't know that so many transactions are happening. Because the approval has happened at the memory level. That's point number one. The second most important thing is, if you observe the pattern, the first time the fraudsters were caught, it went to Visa and from there to the bank.

58:54 The software didn't work properly. You have to press a number to get the pin number right. If the software doesn't work, the cards are not active cards. The pin number is not correct automatically, so all transactions are declined. That's why the first time I observed, the transaction declined. The next time, some transactions were approved and some declined. Because Once, they gave different slots to these card numbers. This card number will work from 1.30 to 2.30. These card numbers will work from 2.30 to 4.00. These card numbers. Because when he runs the program in the memory, if your card number is in his data bank, it will be approved. If not, it will go normally. At that time, you can go and do the transaction. If it is approved here, it will go to the other bank. It will go to the original bank.

59:50 So genuine transactions have improved. So fraudulent transactions, in his software, he will approve the card number, Vamshi's card number. The bank doesn't know anything. What happened is, this happened in many banks than us. This ATM attacks happened in different global banks. So what he did was, he put a set of card numbers in slot 130 to 230. At that time, if you buy a card number, it will be charged 1000 rupees in Dark Web. Vamshi sir will tell you to go to any ATM and withdraw the money. You went and placed the card. But there was a decline transaction. Because the software that we had to run didn't work properly. So, in the first set of, everyone declined.

1:00:36 But in the second set, he put another set of card numbers, and it worked perfectly. In the second set, I always say that it is a decline. Why is it a decline? Because the first slot players are still trying. Theirs is declining, but the second one is improving perfectly. Finally, they decided to buy the card for Rs. 1000 and left. The next slot was given to them. It worked perfectly. They got everything approved. That was the transaction. In all these, the hacker software gave the slot to the card number.

1:01:17 They run the malware program there. So, when you get an ATM machine, it is captured in the memory and approved by the ATM. It doesn't verify anything in the switch. It doesn't care if your pin number is correct. It doesn't matter if you have money in your account or not. Thirdly, it doesn't matter if you pass the day limit or not. This is basically what happened in many countries. This is specifically in the Pattukar case. So, it was withdrawal in foreign countries. The first thing that Visa informed was why the transaction was declining. They sent it. It was improving a lot. They looked at the velocity management. We thought it would be normal for foreign countries to increase the daily rate of our bank.

1:02:08 But in the last hour, 2000 transactions were done. That is different from the contest. He had a doubt about that too. So, in that contest, he was caught. No one could stop this attack. Because these attacks are based on system understanding. Then, approval in the memory. Then, there are a lot of controls. That's another thing. But, this attack, no matter which bank it happened in, at that time, because there were no such controls at that time, it could not be stopped. This is one type of attack for this company. Whenever you have cyber attacks in the financial industry, it happens during continuous holidays. You must have heard of Bangladesh hack. That is considered as the biggest cyber hack in the banking industry. If you say cyber heist, it is Bangladesh hack. Similarly, there was a transaction on SIFT. Some 950 million US dollars. They did 35 SIFT transactions.

1:02:08 But in the last hour, 2000 transactions were done. That is different from the contest. He had a doubt about that too. So, in that contest, he was caught. No one could stop this attack. Because these attacks are based on system understanding. Then, approval in the memory. Then, there are a lot of controls. That's another thing. But, this attack, no matter which bank it happened in, at that time, because there were no such controls at that time, it could not be stopped. This is one type of attack for this company. Whenever you have cyber attacks in the financial industry, it happens during continuous holidays. You must have heard of Bangladesh hack. That is considered as the biggest cyber hack in the banking industry. If you say cyber heist, it is Bangladesh hack. Similarly, there was a transaction on SIFT. Some 950 million US dollars. They did 35 SIFT transactions.

1:03:00 They could identify the 4. Because they had entered the wrong account. They had entered a spelling mistake. The person who transferred the money had a doubt. He had entered the right 3, beneficiary. The 4th person had written an extra L. He was a Sri Lanka NGO. They had a doubt why he had written an extra L. They called the original bank and got confirmation from the original bank. By then, 90 million has gone. 90 million is a big amount to be frank. So, what they do is, they set parameters for the velocity of the transactions. Every bank has fraud risk management solutions. So, if cyber hackers have a vulnerability in your system, they note it down and check when it comes on Friday evening.

1:03:54 Otherwise, it happens every three days. For example, the Bangladesh attack happened between 8th and 12th February. Why did it happen? In the Bangladesh attack, money was transferred to the Philippines and Macau. That too went to the cash now. When this money went into the cash now account, it was New Year's Day of China in February. You must have seen that. China and the US go to jail. Our Sankranti, Telangana, Andhra go to jail. They go to jail. It will be completely off. They take care of the time period correctly.

1:04:32 They transfer money before the holidays and reconciliations open again. This is a trend that is being observed. That's why the regulator is telling you to check it in real time. At the same time, another thing happened in the banks. ATM jockpotting happened. What happens in ATM jockpotting is, there is a software called Green Dispenser Malware. It was sold for $300 at that time. When he sells, he gives two exe files, executable files, which you have to purchase. The hacker gives a six-digit PIN number. One executable file is the application, the daemon's purpose. You have to put it in the pen drive.

1:04:32 They transfer money before the holidays and reconciliations open again. This is a trend that is being observed. That's why the regulator is telling you to check it in real time. At the same time, another thing happened in the banks. ATM jockpotting happened. What happens in ATM jockpotting is, there is a software called Green Dispenser Malware. It was sold for $300 at that time. When he sells, he gives two exe files, executable files, which you have to purchase. The hacker gives a six-digit PIN number. One executable file is the application, the daemon's purpose. You have to put it in the pen drive.

1:05:14 You have to install the second executable application on your mobile. You have to take the pen drive, mobile phone, and the 6 digit number you have stored in your memory, and take these 3 to the ATM. You have to take one more thing with you, that is, a gunny bag. Okay? If you go to the ATM center, you have to connect the pen drive. Then automatically the ATM machine will turn off and on. Then the 6 digit pin number that the hacker gave you, it will ask you to enter it. After entering that, you will get a QR code. You have installed the second application that the hacker gave you, right? If you scan with that, you will get a four-digit number. If you enter that, if you put the gunny bag there, there will be a cash dispenser, right? You will get all the notes from there. That means, if there are 20 lakhs in the ATM machine, 20 lakhs will come to the gunny bag.

1:06:04 This is called ATM jackpotting. We observed a few more things after that. Cash spitting machines. Cash spitting. Spitting means spitting out. What it does is, the hacker will already compromise your network. You identify the hacker in the dark web. What the hacker will tell you is, Banjara Hills Road No. 2 ABC Bank, go to the ATM and ask them to stand for 3 hours. You have to go inside and stand. What do you have to do? You have to hold a bag and notes keep coming out of it. This is called ATM cash spitting. That is, the hacker already compromised in the bank network and from this ATM ID in the ATM software, he sends the dispense cash as a command. So, it comes out from there. This is called Taiwanese attack. What happened is, some Russian hackers, they are already sitting in what? Russia.

1:06:04 This is called ATM jackpotting. We observed a few more things after that. Cash spitting machines. Cash spitting. Spitting means spitting out. What it does is, the hacker will already compromise your network. You identify the hacker in the dark web. What the hacker will tell you is, Banjara Hills Road No. 2 ABC Bank, go to the ATM and ask them to stand for 3 hours. You have to go inside and stand. What do you have to do? You have to hold a bag and notes keep coming out of it. This is called ATM cash spitting. That is, the hacker already compromised in the bank network and from this ATM ID in the ATM software, he sends the dispense cash as a command. So, it comes out from there. This is called Taiwanese attack. What happened is, some Russian hackers, they are already sitting in what? Russia.

1:07:00 So, their Russian hackers and a few gangs, they came to Taiwan. They went to different ATMs. According to their instructions, they would have put a message saying, we have reached. They would say, we have reached ATMs. From there, cash is dispensed. Collecting that, converting it into dollars, and now, taking dollars and leaving. But nowadays, you don't have to take dollars, you can put it in cryptocurrency accounts and transfer it. And in your investigation, One is searching for it, but another one is found. Have you ever seen a case where another one is lost because of that? Yes, I have. You must have heard of a very popular case. In Kolkata, a very popular undergarment shop owner, a lady, works in a multimedia arena company. She married an employee, a Muslim boy. After that,

1:07:00 So, their Russian hackers and a few gangs, they came to Taiwan. They went to different ATMs. According to their instructions, they would have put a message saying, we have reached. They would say, we have reached ATMs. From there, cash is dispensed. Collecting that, converting it into dollars, and now, taking dollars and leaving. But nowadays, you don't have to take dollars, you can put it in cryptocurrency accounts and transfer it. And in your investigation, One is searching for it, but another one is found. Have you ever seen a case where another one is lost because of that? Yes, I have. You must have heard of a very popular case. In Kolkata, a very popular undergarment shop owner, a lady, works in a multimedia arena company. She married an employee, a Muslim boy. After that,

1:07:55 A few days later, he died in a railway track accident. He died after his family agreed to it? Yes, after the marriage. After the marriage, the family from the very beginning, they are not very keen about the marriage. We don't know that. We don't know the media reports. We don't know if they are keen or not. Then, they went to the police station. You know the public domain. They went to the police station. and the girl went to her parents' house. A few days later, her dead body was found on the railway track. When we asked if it was suicide or murder, we did an analysis on his mobile phones and laptops. At such times, even if some files are deleted, some files are found in a system where some files are connected to an external drive and then transferred and printed out. In such cases, suicide or murder

1:08:45 You told me once that if you open the box, you can see what's in it. Right, right. Automatically. We give this data. After giving it, they do an analysis and ask if we can take this as well. Can we get further leads on this? They send that as well. So, they send it and get the data written accordingly. In that way, only the investigating officer will know how much is sufficient for the case. You don't have to be a law specialist. I am a subject matter expert. In the Indian Evidence Act, there is section 45. All the experts are defined in that. Expert is nothing but any person having specialized knowledge in a field of science or art etc. who should stand to the scrutiny of the court.

1:09:31 To ask for a defence law, you need to be an expert. You need to have that capability. It's not like you have a computer science degree. In some cases, you can even take witnesses from normal court. That's not complete. So, you go to the court as an expert witness and say, my experience is first as a chief. They ask you who you are, how you solved this case. Then the defense will cross-examine you. They must have gone to the court hundreds of times. Many times. I went to the court more than 300 times. It happens that even if I did it for 2,003 or 2,004 times, I get it in the middle. That's why I'm asking. You have to store it. You have to keep it. The complete candidate is like, we take the case file and write a complete note sheet. Because it is very difficult to come after 20,000.

1:10:15 So, we have to go there and do it. But the problem we are facing in the courts today is, a device that was seized 20 years ago, if they show us the data in the court, it won't detect if we connect our systems. Because it has a very low life. Those are magnetic storage particles. It could be demagnetized. Basically, in forensics, repeatability and reproducibility. The meaning is, the same findings should come out of my report and anyone else's report. That's point number one. Repeatable. Right. It's not correct to say that I got one expert and you got another one. Point number one. Any two well-educated or well-trained experts should come to the same conclusion. That's point number one.

1:11:05 And repeatability. If it is reproducible, even if I do it in 2001 and in 2025, the same result should come. The hard drive that we examined in 2001, I cannot open it in 2025 and do it. Because the data is lost in it. There will be magnetic storage, and the magnetic particles will be demagnetized. That is a problem we are facing. The second point where you have an issue is, We will give you a paper, a cheque. The police have issued it today. Keep it in the cupboard for 3 months. Send it to the laboratory after 1 year. There will be no evidence. It will be under the cheque. Electronic evidence is time sensitive.

1:11:05 And repeatability. If it is reproducible, even if I do it in 2001 and in 2025, the same result should come. The hard drive that we examined in 2001, I cannot open it in 2025 and do it. Because the data is lost in it. There will be magnetic storage, and the magnetic particles will be demagnetized. That is a problem we are facing. The second point where you have an issue is, We will give you a paper, a cheque. The police have issued it today. Keep it in the cupboard for 3 months. Send it to the laboratory after 1 year. There will be no evidence. It will be under the cheque. Electronic evidence is time sensitive.

1:11:51 You will face the problem there. I will give you an example. In one case, I think it was 2006, I am not sure. Have you seen a casual digital diary? Yes. Small digital diaries. There are some telephone numbers in it. In that, you can see your birth date and other details. Yes, I remember. When the batteries are running out, there are two small batteries inside. When the batteries are running out, what happens is, batteries are discharged and replaced. There are two batteries. The first battery is removed and a new one is inserted. The second battery is removed and a second one is inserted. The second one is not done at the same time. If the second one is done at the same time, the entire data is lost. Is it clear? Normally, in one state, it was done by a person named Naxalite. They did it. They kept it for 6 to 7 months. Then they slowly sent it.

1:12:45 If you do that, both the batteries will be completely discharged. The entire data will be gone. That's why I said, this electronic evidence is time sensitive. It is highly fragile. It can be easily manipulated and tampered. You will be surprised if I tell you a US case. In a US, a crime happened in a place called X. A forensic investigator went there. He switched the laptop. He brought it to a forensic laboratory in a place called Y and did an analysis. He gave a report after knowing the story. So when I went to the court, they asked me the first question. Where did you go? I went to X place. How did you get it? Third, in which airlines did you ask? The way they ask defense is in different ways. The art, to be frank. That's where they were paid also. So when I asked that, he gave all the answers. He asked a question at the end. Have we analyzed all the data available at X evidence at the scene of crime?

1:12:45 If you do that, both the batteries will be completely discharged. The entire data will be gone. That's why I said, this electronic evidence is time sensitive. It is highly fragile. It can be easily manipulated and tampered. You will be surprised if I tell you a US case. In a US, a crime happened in a place called X. A forensic investigator went there. He switched the laptop. He brought it to a forensic laboratory in a place called Y and did an analysis. He gave a report after knowing the story. So when I went to the court, they asked me the first question. Where did you go? I went to X place. How did you get it? Third, in which airlines did you ask? The way they ask defense is in different ways. The art, to be frank. That's where they were paid also. So when I asked that, he gave all the answers. He asked a question at the end. Have we analyzed all the data available at X evidence at the scene of crime?

1:13:50 In the hard drive, in the laboratory at Y. That's it, right? Did you analyze all the data there? There was no evidence tampering, right? Nothing, sir. I perfectly brought it from there and analyzed it here. Next question asked, where did you put it? I put it in my laptop bag. Did it go from the X-ray machine? There is an X-ray machine in the airport. Answer is what? S. Next question. External electromagnetic field. Will it impact this magnetic field or not? Answer is what? S. If you give S, the case is lost. What does it mean if you give S? You did not do the entire data, so it is lost.

1:14:35 That's why electronic evidence is very fragile. It has to be collected very carefully and analyzed very carefully. That's why in forensic laboratories, these devices are placed in zero external fields and analyzed. For example, if you have a mobile seat, if you bring it to the forensic laboratory and turn it on, it will be linked to you from the cell tower. If you get a new SMS, you delete the old SMS and write it there. Let's say there are 15 SMS boxes. For example, you think that 15 are being stored. You took out the third one, and the third box is empty. Now, if a new SMS has come, and it has gone into the third box, it means that it has been overwritten on the old one. So, I have to take out the old SMS. It has been overwritten, right? That's why I said that they put those mobile phones in a Faraday bag.

1:15:26 It doesn't attract any external field. Oh! Okay? It looks like a transparent cover. Yes, it does. Okay. Similarly, forensic laboratories have jammers. When you switch on the mobile phone, the jammers don't emit any external signals. So, there won't be any issue of replaceability. So, that's how it's secured. That's when the court questions come. Because in court, it's important to know whether you've done the analysis in the scene of crime perfectly or not, and whether you've maintained the chain of custody perfectly. Only then the case will stand. I heard that even the police don't switch on the system quickly.

1:15:26 It doesn't attract any external field. Oh! Okay? It looks like a transparent cover. Yes, it does. Okay. Similarly, forensic laboratories have jammers. When you switch on the mobile phone, the jammers don't emit any external signals. So, there won't be any issue of replaceability. So, that's how it's secured. That's when the court questions come. Because in court, it's important to know whether you've done the analysis in the scene of crime perfectly or not, and whether you've maintained the chain of custody perfectly. Only then the case will stand. I heard that even the police don't switch on the system quickly.

1:16:04 The reason why you don't do it is because the date and time stamps of the files are not changed. You went to the scene of crime at 12 o'clock today. You took out a laptop. I think I turned it on once before you sent it to the forensic laboratory. The data access in the system will change tomorrow. As I said, every file has created and modified access. If you click on the file, the modified access will be changed. When the system is booted, you can see the date and time. Any date, hours, minutes, seconds, later to the date of seizure, really that case will not stand in the court.

1:16:47 To be frank, benefit of doubt is always given to accusatory. Because doubt is automatically natural justice. So, they will automatically give you benefit of doubt. In that case, honorable courts will not take the case without evidence. If you don't take it, your case will become weak. So, how to do electronic evidence in a scene of crime, how to maintain the chain of custody, how to do analysis, is a completely different problem. It's not like normal cases. You can't send a check after 3 months, or after 1 year, to the forensic laboratory, and put it in a cover and leave it there.

1:17:27 That's the difference. You are an expert in this, right? When you go to court, you are fighting with an expert in law. Right? In arguments. Correct. Do they generally understand or do they show in movies, how they are lawyers? Is it like that? Or is there a nomination? See, they're all very learned practitioners. They're very learned practitioners. They also know about how these are all working. See, generally, defense lawyers are very good. In the questions they ask, they give you a lot of questions. The defense lawyers always ask yes or no to a lot of questions. You don't have to answer voluntarily. Then you get the permission from the honorable court, I want to say something voluntarily. Then the honorable judge agrees and you can answer voluntarily. The way those questions are, you will be in trouble even if you say yes or no. For example,

1:18:23 Sastry has stopped beating your wife, defense lawyer. You want only SR, no? If I say yes, it means I beat you till yesterday and now I have stopped. If I say no, it means I am continuing. For example, I will tell you one thing. In one case, it is a pornographic case. You will get the name of the case, but it is a Karnataka case. When the police went... What is a pornography case? A pornography case is when a guy placed a camera in a ceiling fan. He took a video of the camera and started threatening the girl. So, this is a case. So, the girl complained about him. Based on that, he went to his house and stole his laptop.

1:18:23 Sastry has stopped beating your wife, defense lawyer. You want only SR, no? If I say yes, it means I beat you till yesterday and now I have stopped. If I say no, it means I am continuing. For example, I will tell you one thing. In one case, it is a pornographic case. You will get the name of the case, but it is a Karnataka case. When the police went... What is a pornography case? A pornography case is when a guy placed a camera in a ceiling fan. He took a video of the camera and started threatening the girl. So, this is a case. So, the girl complained about him. Based on that, he went to his house and stole his laptop.

1:19:15 What was written in Caesar's memo was that when I went to his house, the computer was in on condition. For example, on May 22, the police went at 9 am. On May 22, when I went to his house, the computer was in on condition. We closed it, sealed it in front of the witnesses and sent it to the forensic laboratory. Caesar's memo was clearly written by Pancharam. I wrote in the report that the computer was last shut down on May 21st. You said the computer was in on condition when you left, right? Yes. Okay. You understood the difference, right? The argument there is that you said the last shutdown was on May 21st.

1:20:00 You said the system clock is up to date and correct. But on 22nd, when they left, you said it was in ON condition. What is this parity? This report is not correct. Automatically, the defense will take that one. Okay? The difference here is that whenever you shut down the computer, there is a file called registry in the system. That is going to record the actual process shutdown. You go down and type shutdown, right? That's the actual shutdown. If you close it like this, like a laptop, if you close it like this, that is not remembered. That is also a shutdown. You use it as if you shut down the system. But this is not a proper shutdown of your operating system. These two are different. When it is said in court,

1:20:47 Court's argument is that shutdown is only shutdown for them. In this case, he shut down the day before. He shut down on the 21st. Then he turned it on again in the evening. The next morning, when the police came, it was in on condition. Police closed the law. That is shutdown. They wrote in their seizure memo, when we went there at 9.30 AM, accused system is in on condition, we shut down the system. Shutdown is an English word. But in computer specialised knowledge, shutdown is a different meaning. Closing the laptop is different. Correct. You must have seen operating system, restart to shutdown. When you shut it down properly, it is stored in the system registry.

1:20:47 Court's argument is that shutdown is only shutdown for them. In this case, he shut down the day before. He shut down on the 21st. Then he turned it on again in the evening. The next morning, when the police came, it was in on condition. Police closed the law. That is shutdown. They wrote in their seizure memo, when we went there at 9.30 AM, accused system is in on condition, we shut down the system. Shutdown is an English word. But in computer specialised knowledge, shutdown is a different meaning. Closing the laptop is different. Correct. You must have seen operating system, restart to shutdown. When you shut it down properly, it is stored in the system registry.

1:21:29 We encounter different situations in court. We give them and we give voluntary interpretations. That's why we don't say yes or no. For forensic experts, honorable courts are often enough. Because when subject matter experts come, they have to be given voluntary explanations. Otherwise, what happens? Laptop can be changed. Dates can be changed, pendals can be... If you read all the answers, you will find all of them wrong. Then you will realize that there is no importance to the evidence. That's why in electronic investigations, the system should not be switched on after the crime scene. We duplicate the exact hard drive and do the analysis.

1:22:15 We will do duplicate analysis and give the findings. But we should not do it originally. If we do it originally, the date and time files will change. But there is a problem with duplicating. Now you have a cheque. You copied it in Xerox. You will do Xerox analysis. Courts will not take it. Because... Xerox can be manipulated. Xerox can be manipulated. If you have 2000, you can do 200 with a white sticker. That's why you have the best evidence rule. Best evidence rules say that originals are better than duplicates. That's why originals are important. But what we do in cybercrime is, we do it on duplicates and not on originals. So how do you say that duplicates and originals are the same? That's called authenticity.

1:22:15 We will do duplicate analysis and give the findings. But we should not do it originally. If we do it originally, the date and time files will change. But there is a problem with duplicating. Now you have a cheque. You copied it in Xerox. You will do Xerox analysis. Courts will not take it. Because... Xerox can be manipulated. Xerox can be manipulated. If you have 2000, you can do 200 with a white sticker. That's why you have the best evidence rule. Best evidence rules say that originals are better than duplicates. That's why originals are important. But what we do in cybercrime is, we do it on duplicates and not on originals. So how do you say that duplicates and originals are the same? That's called authenticity.

1:23:01 We use a computer hard drive and copy a forensic image and replicate it. The image will have a 32-digit number, which is called the hash value. Every hard drive is having a unique value, depending upon the content. We call this a digital fingerprint. The concept of fingerprinting two people is the same. Here also, we are more or less following the same concept. But here, we face a problem.

1:23:42 You must have read that no two people have the same fingerprint. Similarly, if you image this hard drive in a computer, it is a hash value. If I image the X hard drive as X dash, and Y as Y dash, X dash and Y dash are not the same. They are different hard drives. You must have heard in court that no two people have the same fingerprint. Suppose you are an expert. You come to court and I am a defense lawyer. Vamshi said, no two people have the same fingerprint. I asked him how many people he examined and came to the conclusion. He said, I saw 10 crore people, but none of them had it. Then another expert came, Murali. He said he made me 50 crores.

1:24:34 50 crores for both the deities. But the world population is 850 crores, right? In 850 crores, can two people have one or not? SR Noam asked me to say this. How do you say this? You understood, right? So, it can be if it exists or not. It's statistical. That's why I'm actually we should not treat it as a main evidence. We should treat it as a corroborative. I think it is corroborated because of many reasons. That's why I said, fingerprints and DNA are also important. Many people say it is a fact. Now there is this hash value. Hash value is developed through an algorithm. We call it MD5. MD5 is Message Digest. We said that both have a hash value. Yes. Recently it was proven.

1:24:34 50 crores for both the deities. But the world population is 850 crores, right? In 850 crores, can two people have one or not? SR Noam asked me to say this. How do you say this? You understood, right? So, it can be if it exists or not. It's statistical. That's why I'm actually we should not treat it as a main evidence. We should treat it as a corroborative. I think it is corroborated because of many reasons. That's why I said, fingerprints and DNA are also important. Many people say it is a fact. Now there is this hash value. Hash value is developed through an algorithm. We call it MD5. MD5 is Message Digest. We said that both have a hash value. Yes. Recently it was proven.

1:25:24 Two different hard drives can have the same hash value. It is called MD5 hash collision. That's why no one accepts MD5 now. Another software is 128 bit, 256 bit. If it is 128, chances for two failures will not have the same. So 2 power 128. Probability. But still there is a possibility. You got the point? So, there is a chance of a collision with 120, so they went for a bigger number, 256. But still, there is a probability. In many countries, fingerprints or DNAs, if you give such a statement, it will work out. That is the importance of electronic evidence.

1:26:11 You said that defence lawyers understand. But there are some issues. He is a legal specialist. He is not a computer specialist. But no doubt, they are all picking up very fast. I wish that the more defence lawyers poke us, the more our knowledge will increase. That's why I encourage a lot. That's why I'm writing a book on how to cross-examine a cyber security and forensic expert. So, I take 30-40 case studies and without mentioning the details, I write about how to cross examine and how to handle any case. That sounds very interesting. And the firm that you are working for, the organization that you are working for, they deal with all the international clients, right? When we came here, there were cyber attacks. They are the crime police. And crime is more or less a reaction. Someone loses money, they file a case, and investigate.

1:26:11 You said that defence lawyers understand. But there are some issues. He is a legal specialist. He is not a computer specialist. But no doubt, they are all picking up very fast. I wish that the more defence lawyers poke us, the more our knowledge will increase. That's why I encourage a lot. That's why I'm writing a book on how to cross-examine a cyber security and forensic expert. So, I take 30-40 case studies and without mentioning the details, I write about how to cross examine and how to handle any case. That sounds very interesting. And the firm that you are working for, the organization that you are working for, they deal with all the international clients, right? When we came here, there were cyber attacks. They are the crime police. And crime is more or less a reaction. Someone loses money, they file a case, and investigate.

1:27:09 Different agencies will do different tasks. Law and order policing is more like a reactive category. So, the world is also going from reactive to proactive to predictive. Proactive means, first, who can do the task that is asked for. Predictive means, does he do it? That's why you've seen a lot of social media vetting happening. Suppose you want to come to our country from your country. He is harmful to our country. He makes it predictable. So, you mean, when you get a visa? You can get a visa or anything, as long as you are in the country. I mean, you don't know whether you will go or not in the next five years. For example, let me tell you. You have a friend. You are a good orthodox person. Religious person. You regularly visit all the temples on your social media. Similarly, if you have a friend, he is interested in crime stories.

1:28:06 In those crime stories, he would put up different cases of accidents. In social media? Yes, in social media. Or he could put up very controversial postings. He would go normally, cool. So, the situation is like this. When you both go, your social media, we call it Open Source Intelligence, OSINT. Oh. Based on that, you capture everything in different social media. What type of thinking this person has, what type of harm he can do, So, we reject or approve them. I have told this to all youngsters. Don't do it as you wish. Because you don't know where you will be working for the next 5 years.

1:28:47 For example, recently we are observing cyber secret. In 1920s, they started hacking fashion. In social media, they say that I hacked this and that. Tomorrow morning, when they go from this country to another, they make it as social media and say that he is a very complicated fellow. When he attacks, they get rejected. Open source intelligence is also studying the psychology of the individual. I recently asked a company a request. They are recruiting MD and CEO, top host. Ultimately, they identified two persons. Both are equally meeting.

1:29:27 Who is the suitable candidate among those two? That was the question mark. We took all their social media, from Twitter accounts to Insta. Because all the rounds are cleared and the qualifications are equal. Corrected. We took those two and asked them which type of member they are. Postal taxes to know it about people still in cameo. Now you type of rumor statement catalan transfer is to know that buddy temperament of the person psychology the person I didn't pay JC. He's giving a very very balanced way of

1:30:04 Not inclined to anything. So based on that, he is a right candidate. That's why open source intelligence has become very important. These days, 96% of the crime investigations are done through open source. That is, ex-Facebook. He is not a friend. He has no friends. What you have in total is, those who have written it manually till now. Okay, I called Vamshi, Vamshi ex-called. I took your call data record, their call data and linked everything. Now automated softwares have come. Is this legal, sir? This is legal. Law enforcement agencies are using it throughout the world. Okay. Once the crime has happened, they use it. That's where I started to react.

1:30:46 If you take your call data record and see who you called, and if he takes his call data record, the chain will keep growing. If you do it in a proactive way, if you find a controversial person in your link, you are also going to face the problem. So, as you like, in social media, content posted, and you don't accept friends requests as you wish. Because you don't know. You are a genuine person in that chain. But if you have a link with X or Y, and if Y is a red flag, you will also be under suspicion. You will fall into the chain. That's why you don't accept it as you wish on social media. It's very important. You can only accept it when you are identified clearly. Because you will face the trouble.

1:31:35 If it is rejected again, it will never come again. Even if you go to another country, there will be a period. Anytime your visa has been rejected by any country, even if you change your tick, nothing will come. You mentioned the situation earlier, sir. There is a company called Chemdean, the CEO. That's like a background verification, right? That's more or less background. That's exactly. The word here is background verification. We see someone's background. Yes. Yes. When you come here, you see his background in social media. In the virtual world. This is a physical world background check. This is a virtual background check. That's the difference. Sir, in your 35 years of journey, you must have a lot of network. You must have friends in this industry. And in any profession, you gossip when you have friends.

1:31:35 If it is rejected again, it will never come again. Even if you go to another country, there will be a period. Anytime your visa has been rejected by any country, even if you change your tick, nothing will come. You mentioned the situation earlier, sir. There is a company called Chemdean, the CEO. That's like a background verification, right? That's more or less background. That's exactly. The word here is background verification. We see someone's background. Yes. Yes. When you come here, you see his background in social media. In the virtual world. This is a physical world background check. This is a virtual background check. That's the difference. Sir, in your 35 years of journey, you must have a lot of network. You must have friends in this industry. And in any profession, you gossip when you have friends.

1:32:23 So you guys might be hearing this and that. We played during the big shows. So, how did this leader become like this? Or did you know about this or that? Do you talk about it, sir? Do you talk about it in the news? Sir, we... No matter how expert we are, we are human beings. We talk about it. But, it's less than talking about a normal situation. Because we have seen a lot. Public opinion and... Actually, there is a difference outside. So, we don't talk so loosely. But, at the end of the day, we are also human beings. So, we talk about it. And, can you imagine, sir? Keeping the integrity of the nation in mind, you don't reveal certain things, but you do it in a way that is not seen by the CM or PM. It's not like that. I told you that in our cases, we know the whole story. We may know a portion of it.

1:33:11 In case of voice recordings, there are voice recordings, video authentication, audio authentication, right? In forensics, we can get more information. We can get more information, to be frank. Okay? Then, after 10 years, it can be released in movies. That's another thing. Voice conversations are another thing. It's like that recently. Yes, in the public domain. But at that time, it won't come out like that. At that time, automatically, compared to others, there is a chance to get more information. There is. I'm a little curious about one thing. When you look at all the cases and evidence, do you have any shocking or unforgettable finding? We can't say for sure, but it happens in case to case. In many cases, there might be an outsider, and we get shocked after doing the analysis. Do you remember anything? I'll tell you. Let's expect it.

1:33:11 In case of voice recordings, there are voice recordings, video authentication, audio authentication, right? In forensics, we can get more information. We can get more information, to be frank. Okay? Then, after 10 years, it can be released in movies. That's another thing. Voice conversations are another thing. It's like that recently. Yes, in the public domain. But at that time, it won't come out like that. At that time, automatically, compared to others, there is a chance to get more information. There is. I'm a little curious about one thing. When you look at all the cases and evidence, do you have any shocking or unforgettable finding? We can't say for sure, but it happens in case to case. In many cases, there might be an outsider, and we get shocked after doing the analysis. Do you remember anything? I'll tell you. Let's expect it.

1:34:07 Let's say you go to an income tax rate. When you go to the rate, we search for Excel files. That is, Excel sheets with the word documents of the bank account. Once we do the analysis, we cannot find an Excel sheet anywhere in the computer. Similarly, when we go to a pornography, we see videos like MP4 videos. We cannot find it anywhere. What he did was, he changed that extension, the Excel file, to .ex. He took it and stored it in Windows program files. Nobody tests it there. They just leave it as a software file. They use different techniques. When they use different techniques, it is automatic. They also do tax evasion. There is a computer in the office.

1:34:55 He brings it daily and pen drives it. He does it there. In the evening, he takes the pen drive and there is the original data, number 2 data. In this system, number 1 data. What he does in the evening is, every day in the evening, he loads 5 to 6 high density movies. He loads and deletes it. Because, as I said earlier, if you load a picture, it is high density. Suppose, 3 x 3 is 3 GB. 3 x 15 is 15 GB. 15 GB data is overwritten. So, what the company does is, there is no employee duty. In the evening, at 6 o'clock, you have to put 10 movies in this computer system, transfer them, go out and eat.

1:35:40 11th is the minimum. Delete that 10th. If not, connect it again and work. Storage space is normal. So, we observed this with some companies. A low salary accountant, who has been working in the same company for 15 years. Why is he working for this company, for such a low salary? Let's say, he carries a bag daily. He would carry a bag and go. Once he bagged it, he found two extra disks in it. He used to take these disks daily, connect them, work with them, and put the disks back in it. The thumb rule is, if a low salary employee has been working in the same company for 15 years, the salary showing is low, but getting what high, he knows the trade secrets. Similarly, field officers and investigation officers do all the analysis.

1:36:36 So, when we ask them, they tell us what they think is better. We share our ideas and experience. So, we regularly give the matter to the police and learn techniques from them. We discuss it with all the stakeholders. Sir, this topic should have started with the concept of dark web. Multiple times, we have come across this topic. Each and everyone knows about the dark web. I remember when I was talking about this topic, I saw it the day before or the day before. If there is something like this in the dark web, there will be a girl holding a pizza. The girl is not a pizza, but a girl. I remember that very well. I was sitting and watching if there is something like this in the dark web. But later I realized that if there is something like this in the dark web, content of this range, or scams, or hackers, I don't know if there is such a prevalence.

1:37:26 So, once again, about Dark Web. Another thing, I've come to know recently is that you're talking about HR, quality assurance, I've heard all of these. So, if you can talk about that. Right, Ani. You've been to Google recently and typed my name. You'll get some hits. Actually, what happens is, your search engines, the ones you use on Google, 4% of the internet We call it indexing. When there is content inside the book, how do you get it from the index to your pages? In the same way, indexing happens for web pages. Suppose I hit Bamsi's curry party, I got hit by 40,000 hits. So, I am getting content from these index pages. These are search engines.

1:38:15 That is, we extract your content from the pages indexed by the search engines. You will also know that you have similarly tested it. So, in these 40,000 hits and 80,000 hits, actually 4% of the overall internet is internet. We call it the surface web. That is, 96% of the internet content, you won't find it in Google or any other search engine. So, only 4% comes. So, this 4% which is publicly available is called surface web. Is it clear? The remaining 96% is below the surface web. Even this 96% is not normally accessible from the web portal. So, the one below the surface web is called deep web.

1:39:08 Dark web is the one below the deep web. So, 96% of the total is dark and deep web. Dark is approximately 1%. So, 97% is 1%. 95% is 1%. So, 4, 95, 1. Okay? Got clarity? In the dark web, there are some marketplaces. You can buy drugs there. You can buy AK-47. But payment is in the form of virtual currencies. So, you have to pay in virtual currencies. If you pay, it will get delivered automatically. Remaining through sources.

1:39:08 Dark web is the one below the deep web. So, 96% of the total is dark and deep web. Dark is approximately 1%. So, 97% is 1%. 95% is 1%. So, 4, 95, 1. Okay? Got clarity? In the dark web, there are some marketplaces. You can buy drugs there. You can buy AK-47. But payment is in the form of virtual currencies. So, you have to pay in virtual currencies. If you pay, it will get delivered automatically. Remaining through sources.

1:39:50 What are these virtual currencies? It can be Bitcoin, Ethereum, different coins. You can have more than 4500 coins. But there is no source for it, right? You know the transaction, but you don't know the destination of the original owner. That's why they do it in that. Correct. Crypto exchanges are governed by the government's rule. It should follow KYC names. There are some that are live. What you do in live is, for example, there are live sections and when you join in water, the live section is different from the pornographic websites, the content is very bad. When the content is bad, you automatically pay and watch live, in the situation, cryptocurrency, as it is available.

1:40:39 There are some worst parts. Red rooms are very dangerous. In red rooms, people who are participating, you are only a viewer, even a normal viewer can see the drugs. And those who do it, they do it with drugs. Because you cannot see in red rooms. Red Noon shows how to kill someone in a live scenario, how to cut the body parts in a live scenario. Also, the drawback of water is that it has a lot of chell pornography. This is the drawback. That's why, whenever you see a person from the surface web,

1:41:23 The problem of going from dark to deep becomes more complicated. That is the biggest problem we are facing today. So who is accessing? If you want to access directly, you can't do it by going to Google. You have to install a Tor browser in your system. That is called Onion Routing. What happens when you install the Tor browser is, it goes from one node to another and finally lands there. When you land, you will never maintain source to destination IPs in the tower. They will change. When they change, you will not know which IP address you are accessing. That is why no one can say who is the seller and who is the buyer. So that is a big drawback as far as what darknet is concerned.

1:42:07 So, for all illegal activities, darknet has become a big problem. And supporting it, virtual currencies have become another problem. That is, he can access with money and transfer money. This is a big problem. There are many attempts to control these red rooms, but not successful. When you have more drug addictions, automatically the people who are accessing that is also increasing to a great extent. And the people who scammed us, or all of them? They also scam. Now, the sale of drugs is not like before. So, they are doing in a very different courier. Before, there were courier passes manually. Now, it is not like that. These have changed completely. Now, I will tell you about Antiques. Antiques selling is happening via dark webs. So, dark web and deep web is creating a very big problem for the law enforcement agencies.

1:42:07 So, for all illegal activities, darknet has become a big problem. And supporting it, virtual currencies have become another problem. That is, he can access with money and transfer money. This is a big problem. There are many attempts to control these red rooms, but not successful. When you have more drug addictions, automatically the people who are accessing that is also increasing to a great extent. And the people who scammed us, or all of them? They also scam. Now, the sale of drugs is not like before. So, they are doing in a very different courier. Before, there were courier passes manually. Now, it is not like that. These have changed completely. Now, I will tell you about Antiques. Antiques selling is happening via dark webs. So, dark web and deep web is creating a very big problem for the law enforcement agencies.

1:43:03 Because of that, tracking and tracing is not at all possible. So, if you take a case like this and land it there, you can't do anything? You can't do anything. In cryptocurrency, the wallets are not being tracked. Because, you must have heard about chain analysis. I transferred money to your account, and then to another account. We can track the chain from this account to another account. What they do in between is, there is a unique wallet ID in cryptocurrency. We can trace the wallet. They use mixers and tumblers. What happens with mixers and tumblers is, I shake your currency note, another person's currency note, all the currency notes. Your currency note is number 1. How does the note have a number? Suppose you think 2nd is 2, 3rd is 3. When you shake it and give it, the number of people you want to send it to goes to 2.

1:43:52 He gets 3 to send. That means, he mixes currency notes. We don't know who is getting what. In the same simple concept, you have to think here. I said this from the perspective of layman's. They capture everything, change the valets in the mixed tumblers, break it and send it. When you break it and send it, you have to backtrack. Suppose you are the sender, I am the receiver. If you catch me, I will backtrack and come. We stop when the mixed tumblers come. We don't know who is beyond that. Mixed tumblers are creating a big problem. So, we are using chain analysis to track virtual currencies. If it goes to one stage, there will be further progress. Now, you have bitcoin and the price is increasing. The total number of bitcoins is constant.

1:44:37 There are a total of 21 million bitcoins. 16,000 of them. It's mining slowly. As mining is happening, it's increasing. Because total bitcoins are constant, when demand increases, the price also increases. Whenever the bitcoin price increases, that means demand has increased. If demand increases, it means a ransomware attack has occurred. Now, cybersecurity personnel regularly see bitcoin exchanges. Because if the bitcoin price suddenly increases, if demand increases, it means a ransomware attack has occurred. We have to be cautious and look at the data carefully. Security persons are working in that direction. Then, we are discussing another new thing. They know how to manipulate foreign currency. For example, if the price increases, if the dollar increases, the demand increases. That's all you commonly do. What they are doing now is, hacking groups are formed from groups. Now, Bitcoin is very costly. Let's say this. Similarly, another coin is Ethereum coin.

1:45:36 Bitcoin is worth 1 crore per day. Ethereum is worth 10,000. Let's say. What they do is, they purchase Ethereum coins from the market. It's cheaper, right? Yes. They do that. Now they attack and ask for Ethereum coins. So, Ethereum coins are in demand. It's increasing. So, their price increases. So, should we increase the Euro, the Pound, or the Dollar? How do we create artificial scarcity and demand it? How does the price increase? In the same manner, they are manipulating virtual currencies. So what they do is, they take virtual currency at a lower price. They encrypt your data. They tell me to pay in this. You have to buy it, right? That's it. Everyone has it.

1:46:29 He will keep everything with him and fix the price. That's it. You can purchase without any alternative. How oil politics is going on, how currencies are being manipulated, virtual currencies are also being manipulated in the market. Such activities are happening in the dark web. There is a discussion between one hacking group and another hacking group. The discussion is about who should be attacked and who should be priced. For example, malware. I told you about ATM cash quitting attacks. There are attacks called ATM jockpotting. I told you about a malware in ATM jockpotting. Those malwares are sold in dark web. They don't sell drugs.

1:46:29 He will keep everything with him and fix the price. That's it. You can purchase without any alternative. How oil politics is going on, how currencies are being manipulated, virtual currencies are also being manipulated in the market. Such activities are happening in the dark web. There is a discussion between one hacking group and another hacking group. The discussion is about who should be attacked and who should be priced. For example, malware. I told you about ATM cash quitting attacks. There are attacks called ATM jockpotting. I told you about a malware in ATM jockpotting. Those malwares are sold in dark web. They don't sell drugs.

1:47:10 They sell viruses, ransomware samples. For example, I attacked someone and I went to the computer system. To encrypt data, I need ransomware. I don't have the capability to develop ransomware. Hacker Dark Populace sells it. I mean, sample this ransomware. In payment, he links the proceeds. What you do by linking is, he has to get 50% of what he gets. Because if you buy a sample for $10 and apply it to 100 people, you will get crores. So, he doesn't do that. He has the keys to every encrypted file. He keeps the key with him.

1:47:50 After the encryption, if the victim contacts you, you contact him and give him 30% and you give him 70%. That's why he came here. Ransomware as a service. Ransomware as a partnership. I'll tell you what partnership is. The way we have stock exchanges, there are already stock exchanges in dark web. I'll tell you about a ransomware group called CLOP. Very popular. C-L-O-P. Another ransomware group is XYZ. When there is a ransomware, he will write on the notice board, XYZ, that he is my victim. If ABC company has more victims and XYZ has more victims, so automatically he will ask you to invest in them. The share price will increase and so will his price.

1:47:50 After the encryption, if the victim contacts you, you contact him and give him 30% and you give him 70%. That's why he came here. Ransomware as a service. Ransomware as a partnership. I'll tell you what partnership is. The way we have stock exchanges, there are already stock exchanges in dark web. I'll tell you about a ransomware group called CLOP. Very popular. C-L-O-P. Another ransomware group is XYZ. When there is a ransomware, he will write on the notice board, XYZ, that he is my victim. If ABC company has more victims and XYZ has more victims, so automatically he will ask you to invest in them. The share price will increase and so will his price.

1:48:41 The same is happening in the stock market. There are such ransomware exchanges available on the dark web. So, each ransomware group puts a number of victims. They also put a list. They list the share prices and tell you how to purchase it. Not in rupees, but in virtual currencies. You buy 10 shares in bitcoins. Your money will increase. So, ransomware has developed as a partnership model. The big thing is that the dark web has become a big hub for all illegal activities. We all think that the dark web is not for selling drugs and pornography. But it is for selling malware, for the active use of ransomware groups, currencies, manipulations, all these discussions take place. In the past, you would have seen in the papers, that companies would identify a bug in a company's website,

1:49:36 If you inform that company, they will send you a T-shirt worth 10,000 rupees. We call it a bug bounty program. Bug bounties means, identify the bug, we'll give a bounty. He is not informing companies these days. He goes to Dark Web and says, this company has a bug, he will give you 1 lakh dollars. Many people buy it. One person buys it and he will ransom it. Another person can take the data from it. Different persons, different objectives, different people buy it. That's why recently, an indoor girl, in a very popular website world, identified a bug. The guy who sold it, paid 66 lakhs to her for this bug bounty. Wow. Many people asked, why did you give such a big bug bounty? If I didn't give that much,

1:50:26 If I sell her to Darkweb, she can make a crore. She did it. If she uses it to attack me, my company's credibility will be lost. So, it's completely different. It's changing under the game. There are no ethical values or moral values. So, crime has become a service. Crime has become a partnership model. Crime has become a foreign exchange. Supply chain management is beautifully set up. Where to end? Because banks are facing a problem, customers are facing a problem, nations are facing another problem. So cybercrime is a global problem that we are facing.

1:50:26 If I sell her to Darkweb, she can make a crore. She did it. If she uses it to attack me, my company's credibility will be lost. So, it's completely different. It's changing under the game. There are no ethical values or moral values. So, crime has become a service. Crime has become a partnership model. Crime has become a foreign exchange. Supply chain management is beautifully set up. Where to end? Because banks are facing a problem, customers are facing a problem, nations are facing another problem. So cybercrime is a global problem that we are facing.

1:51:04 In your investigation and all, do you have to access the dark web? We do access the dark web. But it is also very risky. Let's say this is a hacker's ex-company. He will put a ransom in it. He will put a ransom and give a valid address. Please contact him. They click on the valid and go to a place. What they do there is, you might have a doubt whether he has caught my data or not. He has caught your data, so we will display it there. He will sample it. If you sample it, it is a problem. If you see it, it is a problem. If you don't see it, it is a problem. If you see it, it is a problem. Now, if he has ransomed your system and caught the data,

1:51:45 You know it for yourself, right? I have seen it once in the afternoon, once every 4 hours, once every 5 hours, and once every half an hour. What happens to him when a lot of people see him is that he is following me badly, and he needs data, so he increases the price. Do you understand? So, what I advise you to do is not to visit it. If you visit it too often, it will exploit your needs. What a few people do cleverly is, suppose he encrypts me in 10 servers, data is important in the first server. And a little bit of data is important in the second server. What they do is, after you pay,

1:52:31 He doesn't know how to respond. He won't answer when your bitcoins are gone. If he gives you a decryption key, it might not work. You know that we haven't seen him physically. It's pure gambling. You have to trust him and do it. He is God himself. Correct. So, in such a situation, the problem we face is, how to handle him is a very tough task. Okay? I'll tell you a case recently. All the data in an organization is encrypted. 8 terabytes of data is encrypted. We have no other option but to answer this. We contacted the hackers and they said, no backup. So we have to pay the hacker money and get the data. So we thought we should get the Bitcoins ready. So the viewpoint is, if we pay on Friday evening, he will give us the keys.

1:52:31 He doesn't know how to respond. He won't answer when your bitcoins are gone. If he gives you a decryption key, it might not work. You know that we haven't seen him physically. It's pure gambling. You have to trust him and do it. He is God himself. Correct. So, in such a situation, the problem we face is, how to handle him is a very tough task. Okay? I'll tell you a case recently. All the data in an organization is encrypted. 8 terabytes of data is encrypted. We have no other option but to answer this. We contacted the hackers and they said, no backup. So we have to pay the hacker money and get the data. So we thought we should get the Bitcoins ready. So the viewpoint is, if we pay on Friday evening, he will give us the keys.

1:53:22 The next day, they will decrypt everything on Saturday and Sunday. Then, our business will start from Monday. Our view is that, we will shut down on Saturday and Sunday and start our business from Monday. Customers will bring pressure. Then, we transfer the money. On Saturday and Sunday, they don't respond. They are afraid that they will lose all their money. Sunday evening. It was Monday morning. He came live on Monday evening. He was doing the charting. The chart is happening on the site he gave. He saw everything we charted 100 times. He came on Monday evening and said, sorry, we will not work on Saturday, Sunday. I felt like even hackers don't work on Saturday, Sunday. I knew it for the first time.

1:54:10 We worked on Saturday and Sunday, and he said he would work on Monday. He gave us the keys on Monday evening and it worked out well. We observed another thing. We investigate cyber attacks. What was their tool kit? There was a robbery. The police came. Rajasthan gang, Gujarat gang, you can see. Because they broke the door with any weapon. Right, right. We can identify them with that. We call it TTPs. Tactics, Tools, Procedures. Like you saw, Chinese group involved in hacking, North Korean group. This is based on this. So when we identify them with TTPs, what we observe is, many times, some European hacker, or South East Asia or other country,

1:54:10 We worked on Saturday and Sunday, and he said he would work on Monday. He gave us the keys on Monday evening and it worked out well. We observed another thing. We investigate cyber attacks. What was their tool kit? There was a robbery. The police came. Rajasthan gang, Gujarat gang, you can see. Because they broke the door with any weapon. Right, right. We can identify them with that. We call it TTPs. Tactics, Tools, Procedures. Like you saw, Chinese group involved in hacking, North Korean group. This is based on this. So when we identify them with TTPs, what we observe is, many times, some European hacker, or South East Asia or other country,

1:54:58 Some of the European hackers are very good. You pay money, the key they give you will work 100%. Some of the cases are in some other countries. Even if they pay, the money won't come. They will get the money and the keys will work. That's why we have a point here. Whether a hacker has ethics or not, that's a point. Ethical hacking is a different world. So, some countries' hackers are very good at ethics. They respond perfectly, give perfect decryption keys, and are very professional. Apologies, I would not reach you on Saturdays and Sundays. Oh, you don't work? Beautiful. Just say thanks and you have received. I'm providing the keys. He said. The keys worked perfectly. It changes depending on the situation. You might have to do it once. But you have to be very tactful.

1:55:52 It is very, very important. How to do it and what is needed. If they have a dire necessity, they will increase the price compulsorily. There is no doubt in that. If we pay this much for the first server and if we buy the second one, they will increase the price for the second one. So, how to attack him tactfully, how to trigger him. Sometimes, when an attack happens, what our people do is, now even hackers are some fraud type. What they do to defame him is, there are telegram channels. In that channel, he says, so and so bank data is available with me.

1:56:32 We have to be patient. We have to see if it's done or not. But if we go back to the statement, and post it on Twitter, and say, whatever hacker is telling is not correct, and if we give it, it will look like he provoked us. It will look like he attacked us. That's why we call it incident response. How should we respond when an incident happens? In that incident response, what we say is, don't provoke the hacker. That's very, very important. Because if you provoke him unnecessarily, there will be a lot of implications. So, it is very, very important to know how it happened, did he come into our system, did he take any data, what vulnerability did he exploit, identify and close the system.

1:57:16 That's where we interact in the dark web. It's compulsory. Is there any ethical hacking or proper hacking situation? You can hack something with your team. It's not like that. We do it legally. Now, you have an apartment. In this apartment, there are 8 CCTV cameras. All those cameras come to our watchman's room. Watchman watches on TV with MD cameras. Have you seen it? Yes. We call the watchman the security operations center. We call the watchman a shock analyst. These CCD footages are all locks. So, if all the locks come into the room, they will watch from there. This is a very layman's simple point of view.

1:58:06 One day, I was the president of my apartment. I was implementing security. I asked if the security guard was really watching me or was he sleeping at night? You don't know, right? CCTV cameras were properly focused. I gave him Rs. 1000 and asked him to come inside my apartment. Did he detect it or not? If he was sleeping, what was the problem? He is clearly watching TV, but he is not able to see. Because the camera is not focused. Then it is not a good issue. So, we need to detect where the problem is, whether it is in people or technology. That's why banks hire ethical hackers and get permission. You hack the person you hired. No one knows. The security guard doesn't know that I hired someone.

1:59:03 When he attacks us, we have to observe if he is detecting or not. Whether the controls and technology I implemented work perfectly or not, banks are also red teaming exercise. And at the same time, they are mandated to do VAPT and ethical hacking. For example, if my security guard identifies me, he will try to stop me. What it does is, We have a CISO, Chief Information Security Officer. He will hire us. The security people don't know that we are hired. When they attack, they try to stop them. So, the attacker is called a red tamer.

1:59:46 They say, if you try to stop it, you are a blue teamer. So, this is called red teaming and blue teaming exercises. So, all banks are mandated. Banks, insurance, listed companies, SEBI, IRDA, RBI have also mandated our banks. Because, before it really happens, you have to be proactive. Don't wait until it happens. After it happens, you can lose crores. You can't tell. If the ransomware is lost, the entire bank can go down. So, you have to test the security you have taken proactively from time to time. Since 2018, no cyber attack has happened in the Indian bank system. Has your channel ever tried to scam you? Yes, there are. Now, the scammer doesn't know who I am. You must have heard of ex-DGPFS state currency. He doesn't know anything.

2:00:39 He doesn't know if he is a cyber security person or not. He will send it. If he has a weakness, he will click it. That's why he is called a hit and trail. Is it because of greed and panic? I told you in India, total money is going in two portions. A little money because of you revealing the OTP. If you give the OTP to the person, and if he links it and loses it, that's your karma. You're losing what you have. The second is our greed. I said that, in the recent times, in these marketing scams, who is losing money? IT people, software people, educated people are losing. Then there will be someone in the villages,

2:01:20 If he wants to invest in marketing, he doesn't even know how to use a DMAT account or share market. Half-witted IT people don't have this problem. So, you see, 3 crores, 4 crores, 2 crores lost, IT is the big problem. Because they have money. The concept of how to double this money in 2 days is greed. So, their target, how carefully they do it, they do it time to time. You are thinking, It depends on the season. For example, we recently saw that the D.I. has increased 3% for the Central Government employees, including pensioners. So, the Cabinet had a meeting and announced it at 7 o'clock. The other day, many Central Government employees were told, Dear pensioner, D.I. has been increased. Please click here and update.

2:01:20 If he wants to invest in marketing, he doesn't even know how to use a DMAT account or share market. Half-witted IT people don't have this problem. So, you see, 3 crores, 4 crores, 2 crores lost, IT is the big problem. Because they have money. The concept of how to double this money in 2 days is greed. So, their target, how carefully they do it, they do it time to time. You are thinking, It depends on the season. For example, we recently saw that the D.I. has increased 3% for the Central Government employees, including pensioners. So, the Cabinet had a meeting and announced it at 7 o'clock. The other day, many Central Government employees were told, Dear pensioner, D.I. has been increased. Please click here and update.

2:02:17 Okay? So fast? Government of India moved from 4G to 5G. Announced it. Next day morning, many people, dear customer, they say, service provider name, air tell, they do something like that. Recently we upgraded from 4G to 5G. Please click and download here, your SIM card will get updated. This is December, right? The marriage season starts in January, right? Now they will do wedding cards. They give online QR code wedding card. Click here. We saw that many people got circulars on 1st January. APK files. I did it through a software to give a New Year greeting to Vamsi separately. Dear Vamsi, Happy New Year. I crafted a special remember greeting card for you. Click here.

2:03:07 You saw that special thing, right? Like the name, D.R. Vamsi, and flowers, it's like my family name. That's a special word, crafted. When you click on it, it becomes an APK file. That's gone. What they do is, they do it every season. That's a special LXTD bill. If you click on it, you get a phone number, and he asks you to enter an APK. If that happens, the government will be very careful. They will be calm. And again, after 8 months, it will be back to the same mode. It depends on the season. I remember, when we were playing, we were in a farmhouse with our friends. It's been a year since we played Ludo. We were discussing whether to play on two phones. Someone was using social media and a video of Ludo came up. An ad video.

2:04:01 We clicked on it and downloaded the app. After clicking on it, it took us to another website. Generally, it should be in the App Store or Play Store. We had a discussion on that day. We didn't think much about it. We didn't think it was a scam. The problem is, the difficulty lies in the name itself. There are 4 or 5 with the same name. Okay? Secondly, let's say the original government is 40 MB. This fake one is small, right? There are 2 MB and 5 MB. When we first saw it, we thought why consume it, it's a small one, right? If you think it's a waste of space, you won't do it. Why consume it unnecessarily? The first point is not only space, the second point is that it takes time to download. We click on the first one. They write the number of reviews. What will be your market scam?

2:04:01 We clicked on it and downloaded the app. After clicking on it, it took us to another website. Generally, it should be in the App Store or Play Store. We had a discussion on that day. We didn't think much about it. We didn't think it was a scam. The problem is, the difficulty lies in the name itself. There are 4 or 5 with the same name. Okay? Secondly, let's say the original government is 40 MB. This fake one is small, right? There are 2 MB and 5 MB. When we first saw it, we thought why consume it, it's a small one, right? If you think it's a waste of space, you won't do it. Why consume it unnecessarily? The first point is not only space, the second point is that it takes time to download. We click on the first one. They write the number of reviews. What will be your market scam?

2:04:46 I asked everyone, what did you do? They sent me a link. He sent me a telegram. There were already 600 people in that telegram. Many people wrote very beautifully. Thank you very much. My 200 rupees and 400 rupees are gone. They are the ones who are there. I started believing in all this. I started investing. They say it's gone like this. What they do is, you are the toll-free number fraud. Suppose I booked an airline, I wanted to cancel the ticket. I don't know where to cancel. I searched in Google and typed in so-and-so airlines toll-free number. The first hit is a fake. Because if Google accesses fraudsters, it will go up in the rankings.

2:05:28 So, he automatically calls you and asks you to tell him what ticket you want to cancel. He is on a train. When he is on the train, he raises his hand and asks you to tell him which card number you used. He will enter it. He will ask you to tell him you got an OTP. You tell him the OTP. But he will not tell you. So far, we don't have this problem of calls. Why? Callsters and fraudsters were mostly in Northern Belt. I understand their language. If a Malayali calls, he won't be able to speak Malayalam. So what they did was, they recruited some people from there. You know or not, there is a cybercrime gang in Bihar. They recruited some Southern people from there. They didn't know what they were doing after they were recruited. They thought it was a call center.

2:05:28 So, he automatically calls you and asks you to tell him what ticket you want to cancel. He is on a train. When he is on the train, he raises his hand and asks you to tell him which card number you used. He will enter it. He will ask you to tell him you got an OTP. You tell him the OTP. But he will not tell you. So far, we don't have this problem of calls. Why? Callsters and fraudsters were mostly in Northern Belt. I understand their language. If a Malayali calls, he won't be able to speak Malayalam. So what they did was, they recruited some people from there. You know or not, there is a cybercrime gang in Bihar. They recruited some Southern people from there. They didn't know what they were doing after they were recruited. They thought it was a call center.

2:06:16 After a few days, when we realized that they were committing fraud, we decided to run away. But instead of running away, they killed two people. I have read about it. It is like human trafficking. Cyber slavery. Yes, it is slavery. Actually, there is a problem with Telugu people. If you go abroad, they say this. He works in Australia. He gets a ticket to Bangkok. He takes him to Bangkok. He will take his passport and take him from Burma to Laos via land route. They will call from there. These are called digital slaves. Many digital slaves, our Telugu people, have already been recruited in the recruitment agency, job recruitment, consulting, and it has become like this. This is a continuous problem. There is no doubt about it. The system I told you is a completely different system. Tell me a little bit.

2:06:16 After a few days, when we realized that they were committing fraud, we decided to run away. But instead of running away, they killed two people. I have read about it. It is like human trafficking. Cyber slavery. Yes, it is slavery. Actually, there is a problem with Telugu people. If you go abroad, they say this. He works in Australia. He gets a ticket to Bangkok. He takes him to Bangkok. He will take his passport and take him from Burma to Laos via land route. They will call from there. These are called digital slaves. Many digital slaves, our Telugu people, have already been recruited in the recruitment agency, job recruitment, consulting, and it has become like this. This is a continuous problem. There is no doubt about it. The system I told you is a completely different system. Tell me a little bit.

2:07:09 There may be youngsters, educated people, their parents, elders. Digital arrests are one of the major impacting situations in cyber camps. 10-15 seconds panic, to watch that video and get scared. Or to call and say, your son is talking, look at him. What should we do in such cases and at that time? Sir, one thing is, the police, our Telangana police, different police say, there is no concept of digital arrest. They said that. The message is still going on and happening. I feel that even after so many messages from the government and newspapers, people are still victimized. The reason is multiple. To be frank, we have created a fear factor since childhood. If I didn't eat when I was a kid, my mother would have told me to go to the police. I mean, the police is a fear factor. That's one point.

2:08:10 Secondly, if I get arrested at this age, what will my neighbors and opponents say? For example, you must have heard of a popular sex torture case in India. I get a video call. Unfortunately, many people think that we are some kind of D.P. A beautiful girl comes from an unknown telephone number and talks to me. Video call. I will switch it on. We don't see anything there. On the other side, we say hello, hello. That's it. That's why we ask who is talking. In a minute, it gets cut. We take a photo in the video, and put it in the face of a pornographic software, and send a video to us. Morphed format. You are involved in this pornography, in this sexual act, and send it onward. When he sends this, what he does, you and me,

2:09:06 If I don't get this money, I'll circulate everything. Sometimes it happens like this, right? They provoke and show some nudity. And then they reveal it to us. What happens when it happens, what happens to you? By default, what happens if the person we know finds out? What happens if the person next to you finds out? He'll send it to you, right? He'll send it to you, right? With that fear, you'll listen to what he says. There are people who have lost their retirement savings, if you say. If you type in Google, there are retired employees, many businessmen. They know how to do it. They are special. You should think about how much they research. They are not young. They are in their 40s to 60s.

2:09:49 They can easily provoke them, capture them, and do that. That's the problem. They won't hit them blindly. I'm telling you, right? Look at this. You go to a company website. There's someone's name, photo, white hair, and you say, oh, he's a 55-year-old fellow. Company MD. That means they have money. Target him. That way, they'll target you specifically. It's not blind. You are thinking it's not blind. It's becoming an industry. It's a way of earning. Call centers. There are big call centers, sir. Organized. If someone gives you an advertisement that you won't get a rupee or two in two days, no one will give. No one will give. For how long you have to wait for your OTP, CV, APK? That's 50%. Then the remaining 50%?

2:09:49 They can easily provoke them, capture them, and do that. That's the problem. They won't hit them blindly. I'm telling you, right? Look at this. You go to a company website. There's someone's name, photo, white hair, and you say, oh, he's a 55-year-old fellow. Company MD. That means they have money. Target him. That way, they'll target you specifically. It's not blind. You are thinking it's not blind. It's becoming an industry. It's a way of earning. Call centers. There are big call centers, sir. Organized. If someone gives you an advertisement that you won't get a rupee or two in two days, no one will give. No one will give. For how long you have to wait for your OTP, CV, APK? That's 50%. Then the remaining 50%?

2:10:41 Ex-DGP's, Padma Bhushans, Padma Shrees, scientists, you must have heard of them, Secretary of Government of India, Science and Tech. You must have heard of the case of Digital Rust. Digital Rust happened for a month. In the middle of that, taking the permission of the fraudsters, I had to go to a conference, and I told no one that I will join again as soon as I come back. I was taking permission from the hacker, from the fraudster, and attended the conference. Daily in and out newspapers, you should at least read the newspapers. When the government says in the media, after it is over, come to me and tell me that I lost 2 crores or 3 crores, what will the government do? How much responsibility will they take? We are doing a little for that, a little of our lack of knowledge, these two portions are 50-50 percent contribution.

2:11:37 Many people, when they choose a career path, may not know about this field. Even those who know may have a doubt, about the future. Because, today and tomorrow, there are people who don't have jobs, don't know if they will get a job, don't match their skill set, and so on. In case, if you need to advise about this field, or something around this field also, it's fine. How is the future of this? Sir, cyber security is an universal problem in Pandavapuram. There is a very large gap between the requirements and the people in the market. Compulsory. But the problem with this is that no one can join without any experience. That's why, sir, I didn't get cyber security in my campus placement. I got it in the beginning. You have to learn it. After two years of experience, he is not listening to me. He will be surprised to hear this.

2:12:28 They are not listening. They got competitive offers. If you go to LinkedIn, you will see that companies are going to stop for 2 years. Until now, companies have been doing this for 10 to 15 years. The demand is like that. Cyber security is growing because when digitization is happening, I will tell you about e-commerce. I will tell you about commerce. First, I told you about the barter system. Then E-commerce came. It was buyer to buyer, buyer to consumer, consumer to consumer. That was E-commerce. Then M-commerce came. Mobile commerce. There were wallets, right? Now, D-commerce is coming. D-commerce means device commerce. If it happens perfectly, by 2020 MD time, I will get an electricity bill by the month. I will switch it on and go to the government website and pay the electricity bill.

2:13:22 For 20-28, my refrigerator will pay the same electricity bill. My TV will do the TV. That's called device commerce. De-commerce. If you google it, Australia has a water treatment plant. It treats sewage water and circulates it. Hackers compromised that and changed it. So the content of remember bleaching powder added has become more. So, what I am saying is... It will become a poison. When you get automated systems, in mechanical systems, power grid collapses. You have seen that power grid collapses. You need to have electrical knowledge. How do sensors work? How does coding work? Only cyber will not work. That is why computer science is not possible. So, computer science plus electronics, electronics... Everyone should learn that. He should learn this. That's why I have told you many times so far.

2:13:22 For 20-28, my refrigerator will pay the same electricity bill. My TV will do the TV. That's called device commerce. De-commerce. If you google it, Australia has a water treatment plant. It treats sewage water and circulates it. Hackers compromised that and changed it. So the content of remember bleaching powder added has become more. So, what I am saying is... It will become a poison. When you get automated systems, in mechanical systems, power grid collapses. You have seen that power grid collapses. You need to have electrical knowledge. How do sensors work? How does coding work? Only cyber will not work. That is why computer science is not possible. So, computer science plus electronics, electronics... Everyone should learn that. He should learn this. That's why I have told you many times so far.

2:14:15 If you have a computer science background, not just cybersecurity, every branch has a good scope in cybersecurity. The second point is, even world's top hackers, many have asked, what should I do? Should I do a 3-year course or 5-year course? I have repeatedly told this point. How to make robbery? If you do a 4-year course, you can't become a big robber or thief just because you got a degree. It should come with intuition. I have seen very good hackers in the world. They may fail in 8th, 10th, or B.Com. You have to learn this for passion.

2:14:53 If I learn this under my degree and get a job with it, I don't need to come to CyberSecurity. I'll tell you that point very clearly. How is the earnings now? The earnings are also very good. If you have a 4-year VIPT, 5-year VIPT, you'll get at least 20-22 lakhs. His background may be in third college. Now, category 1, category 2, it has nothing to do with that. That's what I'm saying. It's difficult to get that break. If the break comes and you go into that field, the break will show you proven capability. This is automatically an evergreen field. Every day you are supposed to read. If you say you will do it hard, it is a perfect market. I have seen some people with 10 years of experience, earning 50-60 lakhs. I feel while you are saying, this is one of the few fields where AI will take over completely. Not a market for you.

2:15:45 A is for cyber attacks. I told you about fraud GPT, right? There is also WOMGPT. What did he do until now? He attacked from here and made it vulnerable. But it has been automated. WORMGPT. WOMGPT means malware codes. So, number of cyber attacks are increasing due to A. That's why we say, here is the point. A is for cyber security. How to use cyber security? Using AI. AI with cyber security. How can you integrate AI into cyber security? These two are positive. You are using AI for security. The third problem is the use of AI by the hackers. Negative.

2:16:35 And cyber security for AA. That means, any platform should have cyber security. That's why in this 4, 2 are positive and 2 are negative. You will be surprised to know that the number of cyber attacks has increased because of AA. Wow! I have a website for this, actually. You can check it out. Sorry. I told you about WOMGPT and FraudGPT. These are the people in the dark web. Wow! They will sell if they are not there. There is a public website, sir. This person does not exist. I get a new picture when I reload the website. I will tell you why. It's not existing. I will tell you why we are using different things. I have put it in a presentation. I have taken something and put your photo. Now data privacy acts have come. I did not put your permission photo. That's why they are using this.

2:16:35 And cyber security for AA. That means, any platform should have cyber security. That's why in this 4, 2 are positive and 2 are negative. You will be surprised to know that the number of cyber attacks has increased because of AA. Wow! I have a website for this, actually. You can check it out. Sorry. I told you about WOMGPT and FraudGPT. These are the people in the dark web. Wow! They will sell if they are not there. There is a public website, sir. This person does not exist. I get a new picture when I reload the website. I will tell you why. It's not existing. I will tell you why we are using different things. I have put it in a presentation. I have taken something and put your photo. Now data privacy acts have come. I did not put your permission photo. That's why they are using this.

2:17:27 This person does not exist. You can put age or gender. I will tell you the reason for this. I will tell you who is responsible for this. You would have seen 10 years ago, they identified as D-fake. You would have seen, it was not exactly, but they would have said it is fake. Today, we are not able to say that. It is a perfect lip sync. Perfect speech. So, it is humanly impossible to identify that. You can do it with a machine, but not normally. The reason for this is that these software algorithms have been developed so beautifully. When the algorithms are developed, they have to be tested in a database. There should be a database. When the output comes out of the database, we have to test it.

2:18:26 If there is more data, can't we fine refine this algorithm? Of course. But where is all this data? In our 140 crore population, we are a big sample database for everyone in this country. I'll tell you the reason. Do you remember 6 years ago when you went to Facebook? Once you do you want to know how you appeared at the age of 35, 45, 55, 65? You would upload a face. I get good photos for 75, wrinkles and all. You go home and see how I look for 75. You would have told me. We even put it in the stlaps. For which character you will fit into Bahubali, you would have seen different things like this when your mom uploaded it. The algorithm you uploaded was used by them to refine that data. We did it without our knowledge. Okay? Because when you give the data,

2:19:25 We tick them off. We want to use your data for this purpose. We don't care about it. We want to see how we look. That's it. You have a voice now. I was born in the 1960s. So, I go to Google Maps and type. What do I type? Barkatpura Chaman. It shows the route. The new generation doesn't even have that much time. They press the camera, and a speaker comes on top of it. It's called Barkatpura Chaman. Your voice is recorded there. With that record, they create a database. Do you understand the point? The more database there is, the more refining it is. The algorithm gives beautiful results. It's okay if you use it for a good purpose. If you use it for a bad purpose, it's a problem.

2:20:14 The problem is, the recent deepfake 2.0, the recent social engineering 2.0. There's a UK company. They have their office in what? Hong Kong. In the UK office, there are MD, CEO and finance head, CFO. In the Hong Kong office, the finance department employees work. It's different, it's a multinational organization. One day, the finance department in Hong Kong, We got a mail from CFO mail ID. Okay. You transfer 25 million to him, for some project, like purchasing a new product or something. He sent us a mail asking us to transfer 25 million so fast. I asked him if he sent it. He said yes, he did. He said he will arrange a Zoom call at 5 PM. We got the Zoom call at 5 PM.

2:21:15 The head office, CFOs and MDs joined us. Hong Kongers joined us. Video call. We had a complete discussion on that call. When we connect on the phone, I ask him, how is the temperature in the UK? Is it very rainy or cold? All that is happening. After 40 minutes of the call, he said, okay, transfer the money. Then the video call was over. He transferred the money. What we found out later was that, in this Zoom call, except for this Hong Kong employee, the other three were deepfake. So, when you are talking to the original person, you don't know if he is the one or not. If he answers, it will give you the real-time temperature outside the UK. Wow! You can google it. Hong Kong company, 25 million, deepfake. You will get the whole scene.

2:22:14 So, the situation is like this. When companies recruited me, I used to say, turn on the video. Now they have stopped it. Come physically. So, if someone calls you, it is very difficult to say whether he is original or not. That's the new thing now. Have you seen the sex torture cases? Someone is calling you. I'm talking to the Delhi police station. Someone says, your son has been raped and is behind bars. My father is beating me up. I'm in the hospital. Send me immediately. What do we say? Call your son. They will make calls and you will hear their voices. We can't believe that. That's why we need this fear factor.

2:22:14 So, the situation is like this. When companies recruited me, I used to say, turn on the video. Now they have stopped it. Come physically. So, if someone calls you, it is very difficult to say whether he is original or not. That's the new thing now. Have you seen the sex torture cases? Someone is calling you. I'm talking to the Delhi police station. Someone says, your son has been raped and is behind bars. My father is beating me up. I'm in the hospital. Send me immediately. What do we say? Call your son. They will make calls and you will hear their voices. We can't believe that. That's why we need this fear factor.

2:23:01 What will the neighbors think? What will the opponents think? What will I get insulted? Tomorrow it will be in the media. This is the police doing something to me and putting me in jail for digital harassment. This is not the fear factor of the past. That's why parents also don't say that if the kids don't eat, I'll give something to the police. Because the police are not like that. They are friendly. You have seen friendly policing. So automatically they are there to help us. That's the point. You should not lose that fear factor. If I say a funny side, don't take it wrong. If experienced team members like you support, will they be caught for committing crimes? Not like that. It's their own activity. They will be caught automatically. It's a hit and run. I have always said, if a successful police investigation has happened, it's a weakness on the other part.

2:23:01 What will the neighbors think? What will the opponents think? What will I get insulted? Tomorrow it will be in the media. This is the police doing something to me and putting me in jail for digital harassment. This is not the fear factor of the past. That's why parents also don't say that if the kids don't eat, I'll give something to the police. Because the police are not like that. They are friendly. You have seen friendly policing. So automatically they are there to help us. That's the point. You should not lose that fear factor. If I say a funny side, don't take it wrong. If experienced team members like you support, will they be caught for committing crimes? Not like that. It's their own activity. They will be caught automatically. It's a hit and run. I have always said, if a successful police investigation has happened, it's a weakness on the other part.

2:23:53 And you also say, a good police is always a person who can think like a criminal. 100%. But he has to find evidence, right? Right. Now, instead of finding evidence, in many attack investigations, when the hacker leaves, he will erase the log files in the system. That's called anti-forensics. He will find out where he came from, which machine he went to, how it was, murder him, and erase the scene of crime. He will do that. We call it anti-forensics. The hacker comes in with malware and after the data has been exfiltrated, he erases it from the computer. So we don't do investigations at such times. The traces of evidence he leaves, that's when we have success. But if we know that all the 100% criminals are investigated by the police,

2:24:45 You are watching these days, right? A lot of evidence is not found in the crime scene. How does this crime scene happen? By watching videos, they cut the body into pieces and put it in the corner of a police station. You have seen in many cases. They are learning all this. We should also grow accordingly. It's a cat and a mouse game. The second thing is, who should play the game properly. Our success, the success of our investigation is always based on the traces of the person. we are going to lose the battle. Many people say that Apple and iPhone are the most secure phones. But why do you use Android? I will mention two points here. I won't say which is the security. Because ultimately, I am developing malware as a hacker. I am developing it to maximize the victimization.

2:24:45 You are watching these days, right? A lot of evidence is not found in the crime scene. How does this crime scene happen? By watching videos, they cut the body into pieces and put it in the corner of a police station. You have seen in many cases. They are learning all this. We should also grow accordingly. It's a cat and a mouse game. The second thing is, who should play the game properly. Our success, the success of our investigation is always based on the traces of the person. we are going to lose the battle. Many people say that Apple and iPhone are the most secure phones. But why do you use Android? I will mention two points here. I won't say which is the security. Because ultimately, I am developing malware as a hacker. I am developing it to maximize the victimization.

2:25:40 Now, imagine 90% X operating system mobile phones. Imagine 10% Y. The malware I develop is targeted towards X. That's it, right? Yes. If in 2090, Y is 90% and X is 10%, then the malware will automatically target Y, but not X. I think that's what's happening now. I don't talk about that. But it's common to everyone. Now, if you take a bomb He is a terrorist. He was shot dead in a playground. Where there are more central people, what is their purpose? More people should die in an explosion. That's their target. Correct. I have never seen a terrorist who takes a bomb and places it in an isolated place in the middle of the sea. That's it. What is the ultimate logic? Maximum impact should be created. Maximum vibration. Government should identify me. What do they do in the type? They concentrate on the operating system where more people become victims. So, according to your concept, this is safe and this is not safe.

2:26:44 Maybe my generation to next generation will use the same statement in opposite. If they use the opposite, this operating system is more safe, and this operating system is less. This cycle will automatically go from here. So, I looked at both sides. Sir, when you are telling logic, it seems like you have said it, but it seems like you haven't said it. And throughout the conversation, I didn't expect you to sit for so many hours. In this conversation, you gave multiple advices, gave multiple logic points. Even if you didn't give advices, it would have reached the audience. And in your journey, if you think of 1500 cases, you must have heard thousands of cases. You might have been stuck with one issue or another, or some might not have been able to tell, and some might have been unable to tell.

2:27:29 After seeing their behaviour, when checking the evidence of many people, we can understand their personal thought process, their terroristic mindset. They might have seen different thought processes. We can understand their psychology to an extent. In that sense, I can give a small advice to those who watch this video not to go down the wrong path. Sir, I will say one thing. The regulatory system should be strong. Even at home? It should be strong from family values, cultural values, ethical values. I'll tell you one thing. If you see a constable on the road, you should tell him to go left or right. Do you remember? Yes sir. We use the signal lights on the road to show the constable. Red, yellow, green. But you might have seen a uniqueness in India.

2:28:21 We don't use signal lights to remove the carnage. But in India, there are two. You observed it. I thought you were going to say that. Did you see? So, why did that system come? It was purposely defeated. Instead of maintaining those signal lights, take that money and give it to someone else for food and recruit someone else. Because... It doesn't matter to us. We don't care. We look at it this way, and cross it even if it's red. Now, we have to imbibe that culture. Red signals mean, you have to follow the rules, whether the road is empty or not. If you follow that, it will work. We have to play our role as a citizen.