Category: Feature

Rahat Jain Managing Director at IDIS India In recent years, the terms ‘intelligent’ and ‘artificial intelligence (AI)’ have been applied to many different types of security systems, but with little apparent agreement when it comes to a precise definition of what AI is. This is despite the fact that 71% of security professionals report that AI video analytics already provides value to their operations or that they expect it to in the future, according to the IFSEC Global Video Surveillance Report 2020, which analyzed feedback from over 700 security respondents globally. So, it’s important to understand that not all solutions labelled as ‘intelligent’ or ‘powered by AI’ are designed to the same standard or deliver equal value. Many of the early iterations of video analytics rely on Binary Large Object (BLOB) technology. This is found on most modern IP cameras, which is why they are commonly referred to as ‘blob type’ analytics. These are formulated to detect an event such as a virtual line cross; they detect and track objects as ‘motion blobs’ and distinguish them from smaller binary objects. For many applications these are still useful. But video analytics capability has moved considerably beyond this. Today security departments can take advantage of deep learning that leverages neural networks made up of multiple layers of algorithms and advanced processing. This is now driving what is widely accepted to mean true intelligent video analytics. Deep learning engines are ‘trained’ using vast datasets of images and video footage of people, objects and vehicles. They can ‘look for’ size, shape, speed and directional information, and they continue to learn while in use. To an extent, deep learning replicates the way neurons work in the brain – it can analyze and prioritize input from video data to decide which inputs are of value, and it will notify security operatives accordingly. Deep learning’s real value comes from being able to detect suspicious activity or unusual events and eliminate those smaller binary objects that are just ‘noise’ and apply rules that meet with specific applications and operational requirements. In addition, deep learning should enable users to use metadata to search multiple camera streams to find the most accurate matches for persons or vehicles of interest within minutes. But again, some caution is needed. Deep learning video offerings can still disappoint, generally as a result of having been launched too early, before engines were fully trained and able to recognize objects reliably and accurately. Systems integrators need to exercise caution regarding claims and jargon. They need to understand which offerings and which functions will genuinely add value for their customers, and help them to increase productivity, provide useful business intelligence, and ensure they deliver RoI, long term. Overcoming the Common Challenges Caused by False Alarms The 2020 IFSEC Global Video Surveillance report cited reducing false alarms as the #1 reason for adopting AI – and for good reason. Traditional blob type analytics cameras are prone to being triggered by environmental factors such as heavy rain, snow or moving foliage, and struggle to distinguish a human presence, which may present a threat from harmless animal activity. For users, this can result in time being wasted investigating the cause of alarms, and the larger the site, or more overstretched the system operator, the worse that problem can be. ALARM OVERLOAD Alarm overload is a common problem. Operators can quickly become desensitized by false alarms and can start missing genuine threats, or even be tempted to shut off the system. Alarm receiving centers and virtual guarding firms typically increase charges for more frequent call outs and they may even withdraw monitoring services from problematic sites until cameras are re-configured or replaced. This can result in organizations needing to draft in additional security officers, to maintain protection, or risk leaving gaps in security. Over time, many organizations find it unfeasible to maintain systems that are prone to false alarms. The solution? By moving to deep learning-based analytics, customers can attain improved situational awareness, with highly accurate AI-assisted notifications for intrusion, object, loitering, and unusual event detection. Security operators will be better able to manage everyday events, and respond to more serious threats and emergencies. In short, safety and security are enhanced by better detection and verification. ELIMINATING OPERATOR FATIGUE AND INCREASING EFFICIENCY Unlike human brains deep learning engines don’t get tired. They can constantly monitor multiple camera streams in search of suspicious behavior, maintaining performance levels even in the busiest scenes such as retail malls, logistics centers, higher education settings and outdoor spaces. Relying on human operators to monitor multiple cameras means hiring enough staff to cope and allowing for regular breaks to ensure they stay alert. Using AI-assisted notifications free-up operators from having to constantly monitor multiple camera streams and video walls. Instead, they can respond quickly and flexibly, and not just from the control room. They can configure alarms to be received to client software, and on mobile devices such as smartphones and tablets, giving the ability to verify and respond to events on the move. Improving the ability of security managers to oversee security operations away from the control room – by giving them more accurate information along with powerful VMS functionality and tools – lets them better manage incidents on the ground and direct their teams. The latest generation of AI-assisted tools can transform the work of security teams. Today’s truly smart video technology can allow security provision to be better focused, with officers being re-deployed to more important tasks that add greater value to their roles, for example giving them time to engage with the people they are helping to safeguard rather than remaining unseen in the control room. And strategically, heads of security can interpret and use accurate real-time and historical data to drive more informed decision-making, to better mitigate risk across their enterprise. Speeding Up Investigations with The Power of Metadata Deep learning and intelligent video analytics capture metadata even when analytics rules are not applied, meaning that users can benefit from advanced…

  For video security cameras and systems, capturing images simulates our sense of sight, extending the power of people’s ‘eyes.’ But what if they could use other kinds of senses like ‘hearing’, ‘smelling’, ‘heat sensing,’ or even detections that are beyond visual range – to identify and respond to security incidents? From single to multiple sensors, video security systems evolve with each new trend to fulfill a new potential, and there are already many beneficial advancements being developed across the industry today – and expanding perceptions is one. There’s no doubt multiple-perception capabilities will make video security systems more powerful – sensing the outside environment, identifying events, and providing more detailed information. This will also create more possibilities for video security systems to be used in ever wider scenarios and applications. Cameras integrated with radar Cameras integrated with centimeter and millimeter wave radars are becoming a popular approach in object detection. Radar has shown great advantages in object detection and movement tracking, which can offer accurate and reliable detection over long distances, unaffected by any kind of weather. Equipped with a deep integration of radar and video, a multi-dimensional camera extends perception in perimeter protection to find objects earlier, track movement, and provide visual images to verify detected objects. Such integration overcomes the technological bottleneck of traditional one-dimensional video perception. It has been applied in traffic safety management to improve detection of potential obstacles or traffic incidents at great distance, out of visual range and in low-visibility conditions. The integration is also ideal for monitoring large, exposed spaces with harsh weather such as sea ports, airports and large open industrial areas. Video cameras equipped with sonar arrays Automobile horn noise bothers residents who live near major roadways, but in many cities it has been difficult for traffic control departments to reduce it. A video camera equipped with sonar arrays capable of collecting both sound and image data can be used for automobile horn detection. The camera integrated with sonar sensors can precisely detect and locate the source of a vehicle’s horn while identifying the vehicle and generating photos and videos of the event as evidence. Local law enforcement can respond as necessary, helping to reduce noise pollution on roadways and in communities with rules against the unnecessary use of horns. Multispectral imagery Multispectral imagery is another promising approach for cameras to perceive information from non-visible light spectra. Popular thermographic cameras use infrared radiation to perceive temperature of objects, and the detection of other non-visible light spectra is currently being explored in the security industry. For instance, electric arc is a key phenomenon to indicate that power grids are aging, and the electrical discharge emits non-visible ultraviolet (UV) lights. Here innovative UV detection can boost the perception capabilities of cameras to capture invisible electric arc phenomena, and finds a critical application in safety-checks at aging power grids in the electricity industry. Alarm systems with wide range of detectors Along with video security devices, other conventional security systems have incorporated multiple perception sensors, too. For example, alarm systems that employ a wide range of detectors and peripherals have borrowed the practice. Today’s wireless alarm systems normally include a compact panel hub and a wide range of detectors and peripherals, covering intrusion detection, video verification, smoke and flood detection etc. With these detectors and peripherals, alarm systems can collect data and multi-dimensional information to fully protect homes, commercial buildings, factories, and more. And there is more to come Increasingly powerful edge computing and intelligent algorithms are becoming available to the security industry, and we are constantly seeing more integrated security devices and systems with multiple sensors. Therefore, we believe that in the near future, additional ‘senses’ – like smoke detection, humidity and temperature measurement, and even gas pressure detection – can be widely embedded in video cameras and systems to precisely monitor and report events or incidents. The multi-dimensional perception trend will very likely and very powerfully shape security systems in the near future and endow them with more capabilities to create safety for users.  

Pranali Chaudhari Sr. Data Scientist at Dimensionless Technologies Pandemic brought the travel industry to a standstill last year but with vaccinations being administered around the globe, things are starting to look up and the normalcy would return sooner than later. Public transport systems, monuments and places of mass gathering are always under serious threat from radical organisations. There have been multiple security incidents due to the failure of personnel at security checkpoints – 9/11, London Bombing or Mumbai blasts are prime examples of this. Millions of people pass through security checkpoints daily across airports, metro stations, railway stations, prisons, government buildings, stadiums etc. With the pandemic receding and travel picking up the queues have started to get longer at these checkpoints now The current baggage screening process uses X-ray scanning technology which has not had any upgrades in the past many years. Any security lapse has always been attributed to human screeners, policies and processes focused on better training methods for improving their performance. One such example could be reducing the duration for which a screener looks for threats in the x-ray scan to 20 minutes. But the incidents continue to happen, at least 3 firearms are missed by TSA (transportation security agency). Manual detection of banned items in x-ray images is an intricate task and is highly prone to human error due to fatigue. Baggage handling and security are major operational challenges, and sometimes contribute to flight delays as well. To mitigate these challenges, a high-performance intelligent baggage scanner system is needed. Dimensionless Technologies, an AI company founded by IIT alumnus has developed BaggageAI, using artificial intelligence and data processing technology, to completely overhaul this manual process and automatically detect and locate threat items in x-ray scan images. It is a sophisticated high-performance artificial intelligence (AI) based system for automatic object detection of banned items in baggage through x-ray images. It looks at each image like a human eye, outlines banned objects and sends alerts to the screen. Existing scanners work on manual detection, but this solution automates the process of finding and locating prohibited items in the x-ray image of the scanned baggage. BaggageAI has been developed for the most frequent common items, which are contraband like guns, knives, sharp objects, power bank, battery, coconut, lighter, e-cigarette etc. Solution readily deployable for The solution has been selected by the Airport Authority of India for pilot and deployment to improve efficiency of security personnel. The pilot run of the solution was successfully conducted at Pune International airport last year and is being put into other airports like Ahmedabad International airport and Delhi International airport. Metro Corporations like DMRC and Mumbai metro are also trying out the solution and the pilot run is scheduled at a couple of metro stations in March. BaggageAI is a very fast solution that can process up to 3 images per second or up to 180 bags/ minute. This will greatly reduce the time taken at security checkpoints and make it highly convenient to the passengers. It helps detect threats with high accuracy and efficiency, and reduces false alarms, saving invaluable time. High throughput helps airports handle more passengers and flights per day, resulting in higher revenues and profits. This boosts passenger security significantly by removing human errors in the baggage screening process. It can be effectively deployed at places with high passenger traffic such as airports, metros, malls and railway stations where there is a security risk. Another amazing benefit of the solution lies in the fact that it can get integrated to any existing x-ray baggage scanner system. This greatly enhances the possibility of upgrading all existing machines and improving the security checkpoints to the next level. “Human screeners are expected to be correct 100% of the time – which is an impossible task. That’s why we have brought machines into play to ensure the stress on screeners reduces significantly and the process is automated. It will go a long way in enhancing security and customer experience across the globe. With central monitoring of the baggages through a combination of human and AI can significantly reduce operational cost across various application areas,” explained Kushagra and Himanshu, the founders of the organisation.  

Abhishek Chhabra Market Development Manager, Thomas Bell-Wright International Consultants, Dubai When people in India started writing the building codes around 6th century AD (Vastu Shastras) the options on methodologies of construction and materials were very limited and the behavior of people was fairly predictable. Not anymore! Nowadays the complexity and variables affecting construction have been changing very quickly, and unfortunately, the laws and rules (building codes) which define minimum requirements take several years to change. This lag is a systemic challenge and is world-wide. But certain key guides that have been published by International Organization for Standardization (ISO) continue to help define quality and safety across all industries while the laws catch-up – whether it is electrical safety, industrial products, food, pharma or inspections inside factories, construction sites or hospitals. These guides provide the much-needed unbiased language to help procure and deliver products and services in a fast-changing world. Let us understand how to use these to ensure fire safety too. Any procurement needs an unbiased system that brings about the basic assurance needed for any transaction – ‘getting what you want.’ With so many fire accidents happening in India (and the world), everyone wants these fires not to threaten life, and avoid property damage. This note suggests simple ways to implement actionable steps that can be added to technical specifications and commercial clauses across contracts to ensure fire safety, thus safeguarding investments and ensuring minimum damage to life and property in case of a fire incident. Who are the stakeholders? For the construction industry, the image #01 defines some key stakeholders who need to enter into commercial contracts (to get what they want) with each other. The key language used to define expectations is often a specification document. Now defining fire safety and its implementation often slips out due to lack of awareness to ask ‘exactly’ what is needed.       These stakeholders get involved directly or indirectly in design, build and maintain. Image #02 defines some key steps that ensure the learnings from past mistakes (captured in building codes and other guidance documents) are avoided. The tricky part is implementing these concepts with the limitations of time, money, availability of correct products or materials, and lack of training, awareness and comprehension of implementation. A better understanding and usage of the referred ISO guides makes it easy to design, build and maintain. A common thread across these steps is procurement of materials and repeatability of installation. Getting commercial and technical language to align across the contracts of stakeholders makes it easy to assure the delivery of what is designed.     Simplifying procurement: Materials & installation for fire safety Before we read on, we should know the real difference between voluntary and mandatory. Making anything mandatory requires a law to be enacted – this requires a consensus. Such laws require technical documents (like building codes) to be referred to as well. And these technical documents also require a consensus. Here lies the risk due to the lag which is well known. A lot of construction gets finished while/ before these two consensuses are arrived at. Hence large hotels chains, hospitals, commercial and retail establishments and insurers and reinsurers never rely on just the minimum mandatory requirements in any given geography. They understand that the rate at which building materials and construction methodologies are evolving; reliance on the minimum mandatory is a high risk, and it will lead to a loss of reputation, money and of course life and property. So, it is common practice to use more evolved and adopted building codes and even more. Hence the technical specifications need to be current and updated, and these are implemented using advanced conformity assessment mechanisms for increased assurance. Conformity assessment is all the activities completed to determine if a product or service meets specific requirements. Let us read how conformity assessment mechanisms are jointly defined by the experts from 165 countries (including India). These experts form and define the International Organization for Standardization (ISO), and define these conformity assessment mechanisms. May of these standards have been helping government bodies as well as large investors and specification writers on ways to assess and define ‘getting what you want.’ See image #03 which gives an overview of the terms and definitions used by ISO’s Committee on Conformity Assessment (CASCO). Below are the three standards whose references should be utilized effectively for procurement. These three are also used to describe a case study in this article.     ISO/ IEC 17025: General requirements for the competence of testing and calibration laboratories. ISO/ IEC 17065: Conformity assessment requirements for bodies certifying products, processes and services. ISO/ IEC 17020: Conformity assessment requirements for the operation of various types of bodies performing inspection. Understanding simple steps with a case study A 300 room 5-star luxury hotel in Dubai would cost around AED 300-400 Million (INR 600-800 Crore) to be built. The MEP works which is about 35% of this cost (INR 250 Crore) has a key element to create compartmentalization for ensuring fire safety. Compartmentalisation or to create a compartment of the area where fire gets initiated helps ensure that a fire that is contained for 2 or 3 hours at a given location giving enough time for evacuation and rescue. This is created using fire doors, partition walls, as well as thorough penetrations and other mechanisms which help seal the openings for pipes and utilities. If the specifications or implementation for this fire safety plan is weak or done incorrectly, the property may have a big fire and would be closed for about a year at the least. So, when re-negotiating with suppliers and contractors to save money here, it should well be kept in mind that what an impact such a savings could lead to – the impact of a small fire versus a huge fire! Without factoring cost of land, the earnings of such a property (after removing operators’ expenses, the earnings before interest, taxes, and amortization) are estimated to be…

Organizations worldwide are witnessing the power of cutting-edge video to drive a return to business as (almost) usual. But while the technology itself is vital, it’s only one part of the process. In this article, we explore the health, safety and welfare policy that businesses should operate alongside their technology investment. Today’s intelligent AI-powered cameras provide vital screening services to organizations striving to get people back to business. These cameras can measure someone’s skin temperature and check if they’re wearing a mask or not; they can carefully monitor crowd density, flagging when there are too many people in a certain location; and they can accurately measure the distance between people, helping to uphold local social distancing regulations. But for this technology to deliver its full potential, businesses should also consider key HR and legal matters that may affect all those coming into view of the cameras. These considerations can be woven into a custom health, safety and welfare policy, which is understood and adhered to by all. Make sure your staff are on hand and informed First of all, you need to ensure there are staff available to support the screening process at your premises, and that they know exactly what they’re expected to do. Consider temperature screening, for instance. Who is going to be present to monitor temperature readings? And if someone does have a high temperature, what happens next? Moreover, what will you do if someone objects to having their temperature screened? Such things need careful consideration. Equally, when it comes to mask detection, will you have members of staff on hand to guide people towards your mask detection cameras? And if the camera finds no mask, will you provide one? For flow control, it’s vital to consider how many people you can safely accommodate on your premises at any one time. You also need to have a policy for what happens if people still proceed to enter a location that has reached full safe capacity. And if the system sounds an alert to one or more individuals, asking them to maintain social distancing, one key question is – how will you go on to enforce this? Consider employee consent and privacy I t’s also vital that staff fully understand that they are being screened, and that they agree to it before you do it. You should clearly inform employees of the video technology, the nature and extent of the monitoring, and its purpose, clarifying what has changed from your normal policies. It’s recommended to get official written employee consent for being screened. If you decide to use facial recognition for employee access control, this technology will reveal ‘personal data,’ which is defined as ‘processing personal data,’ and privacy regulations apply (such as GDPR in the EU). Consent for processing facial images is essential, so you must obtain it from each employee, who should be clearly advised that this data will be used only for future access control/ time attendance. Employees should also be given the option to withdraw their consent in the future if they change their mind. The data of a human subject’s body temperature generated during automated temperature measurement is not defined as a ‘personal data’ under certain data protection laws. However, it cannot be ruled out that data protection law does apply in the case that it’s possible (even subsequently) to identify the people passing the cameras. Tailor your policy to your business Of course, every business is different. So when devising your own health and safety procedures, it’s vital you tailor each element to your business, your environment and your policies. What’s more, it’s important to check changing guidance and requirements for your geography regularly. You may want to consider getting legal advice, so that you get this part of the process absolutely right. At Hikvision, we have endeavored to optimize our products and help our customers reduce the compliance risks regarding data protection law. What’s more, we recognize that technology is only one part of the back-tobusiness story. That’s why we’ve produced a back-to-business eBook that overviews our camera portfolio, explains how to install them for the best results, and outlines the health and safety considerations for using them.  

Sandesh Kaup Country Manager, Milestone System, India & SAARC The retail industry in India is one of the fastest-growing in the world. According to the Indian Brand Equity Foundation (IBEF), it is also the fifth largest and preferred retail destination globally. With the number of large format stores from major retailers on the rise comes the question of security. Traditionally, each brick-and-mortar store would have a local security center or room in the store where one or two security personnel will sit. At a broader level for a retail chain, this model has many drawbacks such as having to manage feeds from multiple locations, maintain the hardware at each store, and add to this the complexity of securing stores for servicing growing online business. The answer to these challenges lies in shifting multiple, local security monitoring systems to an integrated, cloudbased video management system (VMS). A cloud-based, open VMS allows retailers to centrally monitor the store security, thereby standardizing security systems and protocols across their stores and providing a uniform customer experience. Here are some key factors that retail organizations need to consider while adopting a cloud-based VMS solution. Reduce infrastructure operational expense A major driver for retailers to opt for a cloud-based VMS is to eliminate the cost of maintaining physical infrastructure at each location. On-premise hardware can be costly to maintain, update and replace. By taking it to the cloud, retailers can eliminate upfront costs associated with purchasing and installing physical infrastructure in all stores. This would be profitable in the long term too. As on-premise infrastructure can chalk up additional operational costs for server maintenance and software upgrades, a cloud-based VMS does away with the need for maintaining and updating on-premise infrastructure and software. Save physical space by reducing video hardware Depending on the store size, on-premise video hardware can take up a considerable amount of space inside the store. As retailers are always in need of more space, it can otherwise be used for product display or storage. Every square foot of space in a storage area comes at a cost to the retailer. Hence the objective of retailers is to generate revenue from every bit of this space. Moving physical infrastructure to the cloud will help retailers optimize that extra space to enhance profitability. Reduce inventory Some retailers also keep servers on inventory to ensure they always have backup equipment available in case of malfunction. However, this requires retailers to store multiple, sometimes hundreds of servers in their warehouses. The cost of purchasing and storing backup servers can be significant. By deploying a true cloud-based VMS, retailers eliminate inventory costs since the video is sent directly to the cloud. Bring in agility It is always advisable to have more agile systems in place, in case retailers need to move their set up to a new space or renovate the existing one. A cloud-based server brings in more agility, in addition to reducing costs. Without hardware and inventory requirements, a cloud-based VMS makes it easy to deploy security at a new location. A centralized security control to free up IT resources When you take away hardware, including the additional requirement of hardware maintenance and software update, it frees up IT manpower and reduces manpower cost. This job now goes to the VMS vendor while retailers can fully focus on running the business. Retailers should go for a solution that serves them in the long run. With COVID-19 bringing in new challenges, store owners must prepare to implement and manage social-distancing norms such as allowing a safe number of visitors inside the store at a time and providing proper space movement. The sudden sweep of COVID-19 took most retailers by surprise, exposing massive weaknesses in their infrastructure and abilities to quickly adapt and scale to demands. As the pandemic has affected in-store footfall, cost-saving on infrastructure, clearing up more space for free movement of shoppers, having a centralized security control can help retailers focus on profit maximization. As per a Retail Holiday Reality Report 2020 by Google Cloud, 53% of retail executives in India feel that their company is accelerating cloud adoption to ensure business continuity in response to COVID-19. Further, retail businesses in India have taken steps to prepare for any unexpected changes and 73 per cent of the surveyed have increased the use of technology for logistics planning as well. Gartner in a recent virtual symposium, also stated that the onset of the COVID-19 pandemic was the starting point of the Cloud 2.0 era. As digitalization efforts further evolve in the country, we can expect that cloud will become a must have technology for Indian enterprises.    

Overview On December 2, the International Criminal Police Organization (INTERPOL) issued a global alert to law enforcement across its 194 member countries warning them to prepare for organized crime network targeting of COVID-19 vaccines, physically and in cyberspace. Distributed as an ‘Orange Notice,’ the alert identifies new criminal activity related to falsifying, stealing, and illegally advertising COVID-19 and seasonal flu vaccines, including embedding malware via online websites. The new alert is just the latest pandemic-triggered criminal behavior, following counterfeit tests, fake cures, and misleading websites among other illicit activities by individuals and organized criminal groups alike. As international travel gradually resumes and testing for the virus becomes more important, parallel production and distribution of unauthorized and falsified testing kits are likely to result. OSAC members should take special care when going online to search for medical equipment or medicines for their organizations and personnel. Additional Context to the INTERPOL Warning As a number of COVID-19 vaccines gain approval and become available globally, there is a general short- and medium-term risk to the safety of the supply chain, with a likely proliferation of websites advertising, selling and administering fake vaccines or purporting to do so. The pandemic has already triggered unprecedented opportunistic and predatory criminal behavior by individuals and organized criminal groups; the same threat actors are likely to target vaccines. The public has been and will continue to be a primary target via fake websites and false cures, but vaccine manufacturers and their global supply chains are also likely targets, offering a potentially lucrative opportunity for criminal enterprises producing and distributing counterfeit and untrustworthy test kits. Cyberspace is Key for Criminal Groups and Other Nefarious Actors COVID-19 has significantly broadened the cyber threat landscape, allowing nefarious actors to prey on pandemic-related fears. Not only are criminals using online platforms to sell illicit (or nonexistent) medical supplies, but they are also using them to inject malware and steal personal information. An INTERPOL cybercrime unit analysis of 3,000 websites associated with online pharmacies suspected of selling illicit medicines and medical devices found that more than half (approximately 1,700) contained cyber threats. Cybercriminals are employing a variety of means, from voice and SMS phishing to fake advertisements on social media sites to lure victims into providing personal information or clicking on unsafe links. Similar to the wave of COVID-19 testing scams that emerged earlier in the pandemic, COVID-19 vaccines have been a key focus of recent scam campaigns. On December 21, the Federal Bureau of Investigation (FBI), Department of Health and Human Services Office of Inspector General (HHS-OIG), and Centers for Medicare & Medicaid Services (CMS) issued a warning to the public regarding fraud schemes related to COVID-19 vaccines. Specific fraud schemes mentioned include: Advertisements or offers for early access to a vaccine upon payment of a fee; Requests asking victims to pay out of pocket to obtain the vaccine or to put their name on a COVID-19 vaccine waiting list; Offers to undergo additional medical testing or procedures when obtaining a vaccine; Marketers offering to sell and/ or ship doses of a vaccine, domestically or internationally, in exchange for payment of a deposit or fee; Unsolicited emails, telephone calls, or personal contact from someone claiming to be from a medical office, insurance company, or COVID-19 vaccine center requesting personal and/ or medical information to determine recipient eligibility to participate in clinical vaccine trials or obtain the vaccine; Unverifiable claims of FDA approval for a vaccine; Advertisements for vaccines through social media platforms, email, telephone calls, or online – from unsolicited/ unknown sources; and Individuals contacting victims in person, by phone, or by email to tell them that the government or government officials require them to receive a COVID-19 vaccine. The Better Business Bureau (BBB) and Federal Trade Commission (FTC) have also provided information to the public regarding expected scams related to COVID-19 vaccines, many of which could make individuals and organizations vulnerable to cyber threats. The U.S. Department of Justice also announced on December 18 that it had seized two internet domains that impersonated the biotechnology firms Moderna and Regeneron, both of which are involved with developing treatments for the coronavirus. Criminals had been using the sites as ‘watering holes,’ to collect visitors’ personal data as part of a scam. According to the FTC, Americans have reported over $211 million in losses from coronavirus-related fraud. “On December 2, the International Criminal Police Organization (INTERPOL) issued a global alert to law enforcement across its 194 member countries warning them to prepare for organized crime network targeting of COVID-19 vaccines, physically and in cyberspace“ Region-Specific Criminal Concerns Organized criminality is certainly a worldwide phenomenon, as is the push for COVID vaccination. However, certain regions of the world may be affected more (or sooner) than others when it comes to the intertwining of the two. Below, OSAC identifies trends in Europe, Latin America, and Africa worthy of private-sector attention. But, evidenced by instances such as the Japanese Yakuza crime syndicates attempting to gain public favor by providing PPE, opening soup kitchens, and offering to sanitize the Diamond Princess cruise ship early in the pandemic, Asia is certainly not a stranger to this type of development. Europe The European Union’s current schedule has the distribution of an initial 200 million doses of the Pfizer developed COVID-19 vaccine completed by September, with additional shipments arriving thereafter. Authorities expect the primary risk in Europe to be organized criminal scams attempting to sell dangerous counterfeit vaccines or to hijack shipments of genuine shots. Counterfeit and substandard medical equipment and COVID tests are already rampant. Similar schemes with vaccines are most likely representing a significant public health threat if they are ineffective at best or toxic at worst. Fake vaccines may even have a wider-reaching impact if new outbreaks emerge in communities assuming themselves to have received proper vaccinations. According to Europol, criminals have placed advertisements on dark web marketplaces “using the brands of genuine pharmaceutical companies that are already in the final stages of testing.” Law enforcement agencies…

Iqbal Singh Technology Expert & Senior Corporate Executive in a European MNC E: iqchucks@gmail.com The recent SolarWinds Cyber hacking is deemed by many cyber security experts to be the biggest security breach ever in the history of cyber hacking. The attack was audacious, sophisticated, meticulous, stealthily executed, and the range of targets is said to be staggering – Fortune 500 companies, US Federal and State Departments including Defense, State, Treasury, US Cyber Command and the National Nuclear Security Administration (NNSA). The attack has shaken up the establishments and the corporate world across the globe. Such was the importance attached to the matter that US President Joe Biden allocated US$ 9 billion to improve cyber security infrastructure on Day 1 of taking office. The full impact of the attack and the causes are still being ascertained as I write this. Being an extremely complex attack while a lot is spoken, written and talked about it, most people are not very clear about as to what exactly happened, and how and what preventive measures should one take in the future. In this article I shall attempt to demystify the attack in as simple a manner as possible bereft of technical jargon, and in an easy to understand manner even for a non-technical layman. I must also insert here a disclaimer that the article is based on the current understanding of the issue as per the info available in the public domain, things can change as more unknown details unravel. SolarWinds SolarWinds is a company that makes IT monitoring and management software solutions. It counts 425 of the Fortune 500 companies and several key US Federal and State agencies amongst its customers. It has over 33000 customers globally. One of their products Orion had been infected and the same software was installed by around 18,000 of its customers. I feel that for giving the readers an idea of the attack it would be best to begin with how the attack came to light. While the readers may not understand all the jargon I request them to hold on for a few moments as I would explain them later in the article. The chronology of events as they were revealed to the world 08-Dec-2020 FireEye suffers attack: Hackers broke into FireEye’s network and stole the company’s red team penetration testing tools (Red team is the offensive side of the security. Red teams think like the attacker, they imitate real-world attacks and mimic adversary techniques and methods, uncover vulnerabilities in an organization’s infrastructure, launch exploits, and report on their findings). From that point of view the theft of these tools is pretty significant and serious. In simple terms the tools fell into the hands of the bad guys – the very guys against whom it was meant to protect. 11-Dec-2020 FireEye discovers SolarWinds was attacked: FireEye discovered that SolarWinds Orion updates had been corrupted and weaponized by hackers. 12-Dec-2020 FireEye alerts SolarWinds CEO: Orion contained a vulnerability as the result of a cyberattack. Emergency NSC White House meeting: The National Security Council holds a meeting at the White House on Saturday to discuss a breach of multiple government agencies and businesses. 13-Dec-2020 CISA emergency directive: The Cybersecurity and Infrastructure Security Agency (CISA) issued emergency directive 21-01, ordering federal agencies to power down SolarWinds Orion because of a substantial security threat. SolarWinds security advisory: SolarWinds issued a security advisory outlining the Orion platform hack and associated defensive measures. FireEye disclosure: FireEye said an attacker had leveraged the SolarWinds supply chain to compromise multiple global victims. Microsoft guidance: Microsoft offered guidance regarding the attacks. Media coverage: Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments. 14-Dec-2020 SolarWinds disclosed breach in an SEC filing. SolarWinds stock falls: Shares fell down by about $20. 15-Dec-2020 SolarWinds released software fix. Investigation request: A bipartisan group of six senators wanted the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) to submit a report to Congress about the impact of the SolarWinds cyber attack on agencies. 17-Dec-2020 US CERT alert issued. IT Service providers targeted: Microsoft discovered more than 40 of its customers were targeted. Five IT solutions providers and consulting firms – Deloitte, Digital Sense, ITPS, Netdecisions and Stratus Networks – were breached. U.S. Nuclear agency targeted: Hackers accessed systems at the National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile. Microsoft: Impacted by malware. United States cybersecurity policy: President-elect Joe Biden vowed to elevate cybersecurity as an ‘imperative’ when he took office and said he would not ‘stand idly by’ in the face of cyber attack   What is different this time? Cyber attacks are not new. Usually there’s a vulnerability that allows threat actors to get into the network. What’s unique about this case is that the initial vulnerability was in the vendor software, so it’s often now being referred to as a supply chain hack because the vulnerability was embedded as code. Other differences are: SolarWinds’ security products impacted. 18 known products and 18,000 customers were delivered with the malicious code. Federal agencies. The exposure to federal agencies was a matter of grave concern. While targeting government agencies, they focused to access their emails. FireEye red team tools. Sophisticated tools from FireEye got into the nefarious actors’ hands. Post breach into the target network. The attackers settled in, sat there for a while, scanned the network, moved laterally in that environment and hunted for privileged access. Orion software build and code signing infrastructure was compromised. The source code of the affected library was directly modified to include malicious back-door code, which was compiled, signed and delivered through the existing software patch release management system. Attackers were very patient. They waited for a prolonged duration to extract the data and then cover their tracks. SolarWinds operation is an intelligence gathering effort,’ rather than an operation looking to destroy or cause mayhem among US IT infrastructure. SolarWinds customers. Look like the who’s who of the…

It’s fair to say that 2020 has been an exciting year for crypto. From Bitcoin’s peak in December 20 at £14,450 to new contenders such as Ethereum, Ripple and Bitcoin Cash entering the running, Cryptocurrencies have been the darling of investors and speculators everywhere. One of our Berlin-based meetups was focused on Blockchain recently and you can watch the replay of the livestream at (https://www.youtube.com/watch?v=Pt1ihk_7J6c&feature=youtu.be). But it may not be all sunshine and rainbows ahead. Navigating the cryptocurrency realm requires skill and an understanding of the subtleties of the market as it also comes with significant risk. From government regulations to security, within this article, we’ll look at some of the big problems facing cryptocurrencies. Let’s begin… Government regulation is inevitable Government reactions to cryptocurrencies have ranged from aggressive to indifference, with investors and speculators cautiously monitoring international developments. Just recently, the Head of the International Monetary Fund, Christine Lagarde, stated that regulatory action from the international community on cryptocurrencies is ‘inevitable.’ Christine also said, “We are actively engaging in anti-money laundering and countering the financing of terrorism; and that reinforces our determination to work on those two directions.” According to a report by CoinDesk, in late January 2021, world leaders gathered for the Davos World Economic Forum, with several sharing the same sentiment, including the French President, UK Prime Minister, and the secretary of the U.S. Treasury Department. South Korea is reported to have recently banned the trade of bitcoin and other digital currencies anonymously but says it does not intend to ban cryptocurrency exchanges. The next subject is often overlooked… There’s an issue of inheritance The unregulated nature of bitcoin means that without the keys needed to view a relative’s digital wallet, there’s no way of accessing their funds if they are to pass away. For example, five years ago, Matthew Moody died during an observational flight, and at the time he had been mining bitcoin. His father, Michael Moody, has spent the last three years trying to find out how many bitcoins his son has and how to find them. However, without knowing every single address, he is unable to locate every piece of currency. Moody has since called for better education about how to ensure investments are secured properly for those individuals mining bitcoin. I’m sure you’d already know the next one… There’s a security risk Bitcoin exchanges are digital and therefore vulnerable to hackers, operational glitches and malware. By targeting and hacking a cryptocurrency exchange, hackers can gain access to thousands of accounts and digital wallets where the cryptocurrencies are stored. One infamous example was the COX hacking incident in 2014, which saw the Japanese exchange closing down after millions of dollars in bitcoin were stolen. And the one everyone is talking about… There’s a market risk As with any investment, the value of cryptocurrencies can fluctuate, this should be no surprise. Within their short time, they’ve seen fierce swings in value and an extreme sensitivity to headlines, due to the high number of informal and amateur investors. If there’s continued resistance to the adoption of bitcoin and other cryptocurrencies, they may lose value. “Bitcoin exchanges are digital and therefore vulnerable to hackers, operational glitches and malware. By targeting and hacking a cryptocurrency exchange, hackers can gain access to thousands of accounts and digital wallets where the cryptocurrencies are stored. One infamous example was the COX hacking incident in 2014, which saw the Japanese exchange closing down after millions of dollars in bitcoin were stolen“ Experts, investors and budding traders will continue to speculate as to the future of cryptocurrencies. All we can know for sure is that it’s going to be an interesting journey. BLOCKCHAIN  Blockchain is often touted as a world-changing technology and in many ways, it is. However, it isn’t necessarily the cure-all panacea for the world’s problems that many evangelists would have you believe. Here’s a breakdown of some of the issues with blockchain that anyone thinking of using it should understand. Starting with perhaps is the biggest… 1. Blockchain has an environmental cost At least, the way it is being used today, it does. Blockchain relies on encryption to provide its security as well as establish consensus over a distributed network. This essentially means that, in order to ‘prove’ that a user has permission to write to the chain, complex algorithms must be run, which in turn require large amounts of computing power. Of course, this comes at a cost. Taking the most widely known and used blockchain as an example – Bitcoin – last year it was claimed that the computing power required to keep the network running consumes as much energy as was used by 159 of the world’s nations. Yes, Bitcoin’s blockchain is a hugely valuable network – with a current market capacity at the time of writing of over $170 billion – and so sophisticated and computationally intense security is essential. Smaller scale blockchains – such as those that an organisation may deploy internally to securely monitor and record business activity – would consume a fraction of that. Nevertheless, it’s an important consideration, and the environmental implications as well as the energy costs can’t be ignored. 2. Lack of regulation creates a risky environment Again, this is largely a problem with Bitcoin or other value-based blockchain networks. But the fact is, as many investing in Bitcoin or other cryptocurrencies for the first time in the last few months have found to their cost, it’s a very volatile environment. Due to the lack of regulatory oversight, scams and market manipulation are commonplace. Among the high profile cases is Oncecoin – recently revealed as a ponzi scheme which is believed to have robbed millions from investors who believed they were getting it early on what would become the ‘next Bitcoin.’ As with many areas of tech in recent years, legislators have largely failed to keep pace with innovators (or scammers), leading to rich pickings for those seeking to exploit ‘FOMO’ – the ‘fear of missing out.’ Even…

  The COVID pandemic has caught everyone unaware. While we’ve all been busy adjusting to the new normal, cybercriminals have been making merry. They are taking advantage of the disrupted environment to carry out cyber attacks. This is evident as a recent study shows that the number of data breaches in 2020 has almost doubled with 3,950 confirmed breaches against 2,103 recorded breaches in 2019, with the year far from the end. About 80 per cent of the data breaches have occurred due to simple brute force attacks, which should raise serious concerns regarding data security. These cyber-attacks are also not limited to technologically weak enterprises but rather impacted big names that have strong data security measures in place. Here’s a look at six such enterprises that faced major data breaches during the COVID pandemic. Whitehat Jr. Whitehat Jr. recently reported a data breach exposing data of 2.8 lakh students and teachers due to multiple vulnerabilities in their infrastructure in November 2020. The exposed data contained student names, age, gender, profile photos, user IDs, parents name, and progress reports of minor students forming a major part of the exposed data. Salary details of WhiteHat Jr employees, as well as its internal documents and dozens of recorded videos of online classes being conducted by the platform, were also exposed, according to the researcher. Big Basket BigBasket, the popular Indian online grocery vendor was reported to have faced a data breach that affected the data of over  2 crore customers. As a result of this data breach, personal information such as email IDs, full names, IP addresses has been compromised and is reported to be put up for sale on the dark web. The data lost in the BigBasket breach, which was mostly that related to customers’ personal details, more than being critical to business operations warrant an extra degree of security. That’s because losing this data can not only be disastrous from a public relations perspective but can also land companies in legal trouble which can last for years and cost crores of rupees in damages. Twitter The Twitter data breach occurred on the 15th of July 2020. Cybercriminals hacked verified accounts of influential and well-known personalities on Twitter. How influential and well-known, you ask? Well, the hacked accounts included the names of Elon Musk, Barack Obama, and Bill Gates, to name a few. The criminals behind the hack then proceeded to post fake tweets from the compromised accounts. The tweets promised USD 2,000 for every USD 1,000 sent to a Bitcoin address. The hackers had a big payday as they managed to make over a hundred thousand dollars in Bitcoin transactions. Marriott International The Marriott data breach happened on March 31, 2020. The data breach exposed data of more than 5.2 million guests who used the hotel’s loyalty application. The attack was carried out by using the login credentials of two Marriott employees. These employees had access to the customer data regarding the hotel chain’s loyalty program. Hackers accessed names, birthdays, travel and loyalty program information data in the data security breach. This is the second such attack faced by the hotel chain. The company reported a data breach in 2018, which compromised the data of around 500 million guests. Zoom Zoom, a video conferencing app, gained massive popularity during the pandemic. It simplified business meetings by allowing 100 participants for video conferencing at a time when enterprises over the world faced difficulties communicating with their workforce. This rising popularity made it the subject of a major data breach shortly. In the first week of April 2020, Zoom faced a major cyberattack. Around 500,000 Zoom account passwords were stolen and were available for sale on the dark web. Besides, the victims’ personal meeting URLs and HostKeys were available too. Clearview AI Clearview AI, a major firm dealing with facial recognition technology, became a victim of a data breach on February 26. The perpetrator of the attack gained unauthorized access to the Clearview AI’s entire client list. The data breach also left exposed around 3,000,000,000 photos scraped by the firm from social media sites such as Facebook, Instagram, and YouTube. Moreover, the number of user accounts opened by clients and the number of searches they had conducted were also compromised. The firm’s clientele includes major law enforcement agencies in the US, including the FBI and the Department of Homeland Security, and other corporate firms. The firm is already mired in controversy regarding its use of facial recognition technology for matching social media images against suspected criminals’ photos provided by the police department. The data breach further adds fuel to the fire. While most of the data security breaches were due to external cyber attacks, there were some instances where data breach was internal and unintentional. The main reason for these data breaches were poor data security standards that left the data exposed to unauthorized individuals. Let’s have a look at some of these instances. Social media accounts data breach On August 1st, 2020 it was discovered that around 235 million Instagram, Tiktok and Youtube user profiles were compromised. This data security breach happened due to an improperly secured cloud database. A HongKong based company, Social Data was storing the data without password protection on their clouds. The data could be accessed by any individual easily as it was available freely on the internet. The data contained the following records: Profile name. Full real name. Engagement statistics. Number of followers. Age. Gender. Follower demographic. While most of the data mentioned above are available publicly, what’s alarming is that the database contained about 20% of the records contained a phone number or an email address. Such private information is susceptible to cyberattacks, and hence, a cause of major concern. 2. Virgin media A Virgin media database that contained personal details of 900,000 users were accessible online for about ten months before being discovered. The data security breach occurred due to an unsecured database, as it is reported that the database was ‘incorrectly…