2 minute read

Learning Cybersecurity at Ground Zero: My GPCSSI’24 Experience

During my summer internship with the Gurugram Cyber Police, I got an unprecedented glimpse into the world of cybercrime investigation. Here’s my journey through some of the most fascinating topics we covered.

The Evolution of Cyber Threats (2008-Present)

It’s interesting to note that 2008 wasn’t just the year of the financial crisis - it marked the birth of several technologies that would revolutionize both the digital landscape and cybercrime:

  • The iPhone transformed mobile computing
  • WhatsApp changed how we communicate
  • Bitcoin introduced decentralized digital currency
  • The Dark Web gained prominence

Digital Investigation Techniques

Call Detail Record (CDR) Analysis

One of our first deep-dives was into CDR analysis - a crucial investigative technique that helps track communication patterns and location history of suspects through their phone records. This proves especially vital in time-sensitive cases like kidnapping or fraud.

Letter Bomb Investigation

We learned about backtracking techniques on social media platforms, which is essential for investigating digital threats. This includes analyzing digital footprints and tracking communication patterns across platforms.

Cryptocurrency Investigations

The rise of crypto-related crimes led us to explore tools like bitcoinwhoswho.com for blockchain analysis. We learned that Ransomware-as-a-Service (RaaS) has become a growing concern, though interestingly, about 53% of ransomware attacks can potentially be recovered.

Modern Cyber Threats

Social Engineering Attacks

Some key learnings about modern attack vectors:

  • Clickjacking and 3D phishing techniques
  • Gmail iframe vulnerabilities
  • Session hijacking and cookie stealing
  • The dangers of remote access tools like Anydesk when misused

Mobile Security

Mobile threats have evolved significantly:

  • Zero-click iMessage attacks exploiting memory vulnerabilities
  • The importance of disabling message previews
  • Call spoofing techniques
  • Homograph attacks targeting banking customers

Emerging Technologies and Threats

The future of cybersecurity is being shaped by quantum computing:

  • Impact on RSA encryption and financial security
  • India’s investment in quantum security (₹650 crore budget allocated to CDAC)
  • Practical exposure to quantum computing through platforms like IBM Quiskit and AWS Braket

Real-World Cases

One of the most eye-opening aspects was learning about current cybercrime patterns:

  • International cybercrime operations in Cambodia, Laos, Vietnam, and Dubai
  • The rise of sextortion cases
  • Social engineering through WhatsApp profile pictures claiming medical emergencies
  • SEO manipulation in cybercrime

Investigation Tools

Essential tools we learned about:

  • Dark web crawlers for data gathering
  • Browser extensions like Ghosty and WOT for security
  • Malwarebytes for malware protection
  • Various data analysis tools for CDR, SDR, and TDR investigations

Key Takeaways

The most important lesson? Cybercrime isn’t just about technical exploits - it’s often about human psychology. As one instructor memorably put it: “STUPIDS AND FOOLS ARE HACKED” (their emphasis, not mine!). The best defense is awareness and continuous education.

This blog post summarizes my learning experience at GPCSSI’24. Some details have been omitted or generalized for security reasons.

You may also enjoy

CVE-2025-22689

1 minute read

WordPress Forex Calculators plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability