Building Resiliency Against Cybercrimes: CyberPeace Foundation

An unprecedented pandemic has been unleashed upon the world leading to businesses moving digital. At a time like this, people are expected to be more alert and careful to not catch the virus. They are also expected to practice good internet and digital safety habits as cyber fraud in on a rise. 

Not just businesses, even the government is working tirelessly to contain the spread of the virus with digital tools. CyberPeace Foundation is an NGO that has been working with government and global organisations for cybersafety campaigns. 

The NGO has a CyberPeace Corps volunteer network that invites participation from citizens, volunteers, and experts that work for cybersafety globally. Their network expands to 2000 volunteers from across the world. 

Vineet Kumar, Founder of CyberPeach Foundation, who has been working at ensuring cyber safety since 2003, gets into an exclusive interaction with Express Computer’s Radhika Udas. 

How does CyberPeace Foundation manage to spread awareness around cyber safety? 

CyberPeace Foundation(CPF) is a leading apolitical civil society organization and think tank of cybersecurity and policy experts. CPF is involved in Policy Advocacy, Research and Training related to all aspects of CyberPeace and CyberSecurity. CPF works in the areas of internet governance, policy review and advocacy, capacity and capability creation and building through partnerships with various government organizations, academic institutions and civil society entities. 

CPF was formed with the vision of pioneering cyber peace initiatives to build collective resiliency against cybercrimes and global threats of cyber warfare. In order to create awareness around cyber safety, we work on multiple fronts to advocate the cause of cyber safety awareness including

• Inclusion and Outreach

• • • We work with leading academia, organizations, and sections of the society to advocate for cybersafety

• Collaboration and building connect

• • • At CPF, we have plenty of internal initiatives which are geared towards advocating cyber safety awareness. One of them is the CyberPeace Corps, a coalition of citizens, volunteers and experts working together for the cause of cyber peace across the world. We also have a coalition called CyberPeace Alliance( , work with leading academic institutions including colleges and schools, collaborate with industries(public and private companies) and civil society organizations.

• Policy and advocacy

• • • We advocate for cyber safety policies via various internal and external initiatives such as roundtables with industry experts, a discussion platform called CyberPeace Talks, CyberPeace Dialogues, Cyber Charcha, Research reports and recommendations on consultation papers.

• Innovation and research

At CPF, we regularly undertake research in order to understand and unearth new cybersafety threats and research on them. We do this via our 25 CyberPeace Centers of Excellence which are located across key Indian cities and also Africa. We also undertook similar research projects with startups, incubators, conducted hackathons,               

What govt organisations and other companies are you working with?                                              

Currently, we work with leading private and public organisations such as the United Nations, UN agencies (UNESCO, UNICEF, UN Women, UNDP,  UNV)

Government – Ministry of Human Resource and Development, NCERT, CBSE,  Ministry of Electronics and Information Technology, Ministry of Women and Child Development, Ministry of Defence,  Ministry of Home Affairs, Bureau of Police Research & Development, National Crime Records Bureau, Police departments across different states in India(Madhya Pradesh, Delhi, Telangana, Uttar Pradesh, Chhattisgarh, Assam, Odisha, West Bengal, Kerala Police to name some of them), National and State Commissions for Women, National Commission for Protection of Child Rights,

Academia – IIT Guwahati, Kaziranga University, Ansal University, NIT Manipur, Gujarat Technological University, Amity University, Indira Gandhi Delhi Technical University for Women, Jharkhand Judicial Academy, BIT Meerut, Somaiya Vidya Vihar University, Veermata Jijabai Technological University, UPES, UEM, Royal Global University Guwahati, Manipur Technical University

Industry – Google, Facebook, WhatsApp, Instagram, Twitter, Bytedance, OLX, Palo Alto Networks, GIZ, .tech Domains, SBI

Civil Society – ICANN, Internet Society, NCMEC, ICMEC, Citizens Foundation, DELNET, CoCoN, TAC NGO Africa

Could you share incidences where you were able to help a government organisation in tackling cybercrime? 

In the recent past, we have collaborated with the National Commission of Women and Facebook to build awareness amongst young women around online resilience and safety via a campaign called Digital Shakti. The year-long campaign was an awareness and sensitization drive owing to which over 60,000 women across 6 states were empowered in the latest cyber safety skills. We also started #EndInfodemic Campaign with National Commission for Women, National Disaster Response Force (NDRF).

In collaboration with UNICEF, we launched the eRaksha project to train law enforcement officers on the nuances of investigation into cybercrimes against children. The project went on to train more than 300 government police officers on investigation tools, procedures and led to the creation of a handbook on the same. 

We are helping different state governments to counter cybercrimes and spread awareness among netizens. We help policy makers as well to understand the subject

We conducted CyberChallenge India in collaboration with NCRB. The aim of the competition was to make the CCTNS platform robust and user friendly keeping it secure.

eRaksha Competition, a Nationwide online safety campaign on Digital Citizenship and Online safety. The idea behind the eRaksha Competition, is to provide a platform to netizens to share tips and strategies on:

• How to be Safe & Responsible Netizens 

• How to address Fake News and Misinformation especially with regard to COVID-19

Where on one end technological innovations are adding value to our lives and making it easier, there has also opened a diverse set of risks which were unfathomable a few years ago. We have been involved in various awareness campaigns over the last couple of years, and we learned that almost every second internet user has had an unpleasant experience online, creating an urgent need to build resilience.

We launched a handbook with CBSE as well. 
What do you believe are the biggest cyber threats at the time of a pandemic?

As people spend more time online owing to the pandemic, cyber threats have increased exponentially. Our research indicates a spurt in the number of cyber threats not just in India but also globally.

• • Misinformation / Disinformation on COVID19 is a big issue.
  • Suspicious domain names registration: We noticed that a lot of domain names have been registered during the pandemic. Till June 3rd, we have identified about 450,000 domains registered related to coronavirus, COVID-19 etc. Many of these domains do not have legitimate information and are suspicious in nature.

• Online scamming: As people are doing work from home and busy more with the computer and internet, scammers are taking advantage of this. Scammers are continuously sending spam emails. In CPF, we have deployed SPAM honeypot which stimulates an open relay. There are a number of phishing, scamming emails that have been captured in the honeypot. 

• Cyberattacks on Critical Information Infrastructure: During the crisis of coronavirus attackers nowadays attack healthcare sector like hospitals, clinics etc. These vulnerable exposed systems that are unmonitored and facing the internet are the most attacked system for the attackers. The vulnerable internet-facing system having Remote Desktop Protocol(RDP) enabled, old Windows serve Platform are the most attacked. Many ransomware attacks have taken place in the healthcare sector during the crisis especially in April 2020. Attackers have targeted the medical manufacturing sector, billing system etc through ransomware. The most common ransomware that has been seen during COVID-19 are NetWalker ransomware, PonyFinal ransomware, Maze ransomware etc.

Could you elaborate on how CPF helps in technology governance? 

CPF helps in tech governance through our interventions with multiple stakeholders including beneficiaries (to understand the issues and scope of interventions needed), industry (by bridging information gaps and capacity building), academia (through interventions on several technical and legal tools and research) and the government. 

With the government and for the larger banner of tech governance, we work both actively and passively. Actively, we do research and investigation reports to inform evidence-based policy and from time to time bring issues of critical concern to the forefront. Reactively, we aid and assist the several bodies and organisations of the government when called upon do so through things like committee hearing, white paper etc.

What do you believe is the future of data privacy? 

Today, we know by the study that there is an economic value to data. Cybercrime enterprise around the world thrives on the lack of data privacy measures, awareness, and regulations surrounding it. As a civil society organization, we believe that citizen data privacy is a fundamental right and essential for sustainable social development. At the same time, we need data to maintain security in society, especially for national security. Therefore, as a civil society organization, we understand that Data Privacy is a balancing act. Our role as an NGO is to stop the abuse of data and instead facilitate use for societal good.

What would be standard 3 tips you would give everyone to ensure cybersecurity since most are working from home?

Some tips would be 

• Install Internet Security Application and Update your firmware and applications regularly: Software updates usually have security patches hence people should keep it updated regularly to avoid attackers trying to exploit the system vulnerabilities

• Verify suspicious links or emails: Never click on a suspicious link or email as it may allow a malicious attacker to gain access to your system. Always verify the same by examining the domain name closely, the origin of the link and rely on email filters if it’s spam content. Users should also use free tools such as 2-factor authentication and check on haveibeenpwned.com if their email id’s have been compromised or not. 

• CyberEthics- Responsible online behavior: Think before you share. Avoid spread of fake news