V. Anand | வெ. ஆனந்த் Profile picture
Co Founder: @DeepStrat_LLP Mastodon: anand_venkatanarayanan@infosec.exchange
GAYATREA Profile picture 2 subscribed
Mar 18, 2023 5 tweets 2 min read
I laughed for a full 10 minutes scaring the neighbor and their dogs after seeing this.

I will explain why I laughed - The hope that @UIDAI will fix this b/c they had known about this for years.

/1 Image 2018.

/2


huffpost.com/archive/in/ent…
Aug 15, 2022 5 tweets 2 min read
For a very very long time, I have been tracking this. But seems to have hit escape velocity now. This means several digital lending providers are going to face escalating fraud.

CC @suchetadalal @Moneylifers They seem to have mastered quite a few things here.
1. Editing DB Directly w/ third party photographs to defeat Video KYC.

2. w/ PAN Linked to Aadhaar, Loans taken then will hit credit score.
Jan 3, 2022 13 tweets 4 min read
The simple answer to the Q, "why is that so? "was dealt in the book I co-wrote w/ @ShivamShankarS where we said, we will never go back to April 2020, status-quo-ante.

Four Current events have only reinforced that view.

/1 Event 1 - Building a bridge in Galwan.
Dec 20, 2021 10 tweets 3 min read
I will have to do a longer thread on why this is the end of the Secret Ballot and how cambridge analytica type scandals are going to be common.

Plus expect mass deletion of voters. We are definitely going towards a contested election. 1. How secret is your ballot? As @ShivamShankarS explained in the book, already not much b/c Panna Paramukhs + data leakage.

What type of data leakage to political parties?
Nov 5, 2021 5 tweets 2 min read
I have a feeling that given GOI's precarious fiscal position, DBT will eventually fall apart, and the only thing that will actually work is, private party loan stack using Aadhaar, eNach etc.

Case in point: MNREGA payment stoppages, LPG subsidy stoppages, PDS issues etc. And another point - Chinese Loan apps. They used Fintech far better than our local folks. A billion $ loan book with 3X return is what i hear. It is insane even at 50% but 3X means really turning it on.
Sep 26, 2021 11 tweets 2 min read
Platform regulations is a synonym for who gets to be the Monopoly player. Is it the existing players or the new set of players preferred by the party/govt in power?

That is the debate. Rest are just froth. The thought that powers all these regulations is the fundamental axiom that 'Monopolies are inevitable outcome of some natural process'.

So if that is the case, would not a homegrown monopoly better than a foreign monopoly? And if yes, what should be done to do that?
Jul 22, 2021 6 tweets 2 min read
I wrote an analysis on the Arsenal and Pegasus reports on the Bhima Koregaon case and explain why the case has completely collapsed as of today.

I also have found indicators on who has done the planting.

thequint.com/voices/opinion… While you need some technical knowledge to parse the reports, the arsenal analysis is sound and strong.

All they have done is recover the filesystem logs and proved the following:
May 11, 2021 5 tweets 3 min read
This is interesting propaganda. Busting is too simple. and trade craft is hopeless.

Goals of this exercise:
1. Show support from Foreign media.
2. Amplify via distribution channels.

OpSec failures are hence *a feature*.

/1 The name thedailyguardian.com is chosen to rhyme with theguardian.com, a UK news web site which is critical about the regime.

But chose AWS india as hosting provider (Yuck!)
Apr 27, 2021 4 tweets 1 min read
After scouring half of bangalore, got mum vaccinated for the 2nd dose. Not a single private hospital had vaccine. Only govt. Primary health care centers.

There is cheek-a-bowl crowd and the one before my mother had a high temperature and was pulled out from the crowd.

/1
PHC's are also fever clinics. So you get exposure to the virus there as well. As to masks, not everyone wears it and PHC workers are exhausted.

Lines are long b/c cowin registration does not work and paper IDs are the only thing that work. Otherwise they can do it faster.

/2
Mar 31, 2021 4 tweets 1 min read
A full accounting of this disaster will come out soon. Not looking good. There is more, much more than what has been reported so far.
Mar 31, 2021 7 tweets 3 min read
Tracking media reports on the "Let us break end-to-end encryption by adding hashes" is a time sink. But someone has to do it, so that others need not.

Our first winner in "Not knowing what the subject is" is Money control, which contains these gems:

/1 If two people talking to each other is "National Security risk", it gets better.

No discussion on technology. No discussion on Diffie-Hellman. No discussion on OTR deniability. Just some abstract idea on middle ground.

Basically Baba Ramdev Charlatan territory

/2
May 9, 2020 8 tweets 2 min read
If 100 rupees of grain is sent via the PDS distribution channel and only 60 rupees goes to the beneficiary, economists talk about 40% leakage and corruption.

Now if AEPS fails 40% of the time, what is the corruption and leakage? This is world beating technology? For all practical purposes, transfer costs of moving money from one bank account to another is Zero. NEFT and RTGS are dated systems, but they work reliably.

But AEPS is not NEFT, RTGS. It adds 3 more layers.
The Aadhaar Mapper and 2 Seeding Layers.
Apr 3, 2020 4 tweets 1 min read
The amazing thing about people criticizing the PM for suggesting lamps and plates is that they simply don't understand him. He has taken the corono crisis to not only increase his follower count, but has also turned them into a cult. Cults are immune to facts and figures and in fact revel in the irrational and thrive in opposition to the cult. They are fundamentally anti-intellectual and by pass it fully to appeal to the emotions and thereby create long lasting loyalty.
Mar 14, 2020 6 tweets 3 min read
I wrote an analysis on how NRC will actually happen and the various stages in it in @LiveLawIndia.

Hint: Hyderabad (the 127 notices) is the template and not Assam.

And yes, #Aadhaar would be at the heart of it, with biometric blacklists of "D" Category.

/1 Biometric blacklists are already a feature and @UIDAI has built it.

"We can not only cancel Aadhaar but also ensure through the offenders' biometric data that they never apply for it again, preventing their re-entry into the system,"

ndtv.com/india-news/aad…
Mar 6, 2020 5 tweets 2 min read
For those of you wondering, why the #Yesbank moratorium has messed up fintech's and their clients - a short thread:

1. Yes bank had one of the best banking APIs allowing API based banking. The moratorium hence is "Losing the API". 2. Until today, I did not know that I had a Yes bank account b/c I used @Razorpay to generate a virtual account and linked it w/ POS vendors like PayTm, ezeTap etc.

3. Now all settlements from POS vendors are locked, till I move it to other bank accounts.
Feb 14, 2020 9 tweets 9 min read
What happened to the NRC Data? A slightly technical analysis on the Missing NRC data in @asiatimesonline that I wrote is up.

asiatimes.com/2020/02/articl…

If you want more technical details, then read further on this thread. @asiatimesonline 1. There are 3 domains that we could trace
nrcdrafts.com
thefinalnrc.in
thefinalnrc.com

All of these entries' DNS was changed to 127.0.0.1
(See Screenshots below on timeline)
Nov 29, 2019 10 tweets 2 min read
The business model that powers fake news is simply well known human weaknesses such as confirmation bias, novelty of [false] information and addictive sharing which are very similar to the experience of drugs and dope. The delivery mechanisms are also not novel. Just like Cigars are glorified nicotine delivery devices, Bottles are for alcohol, syringes and smell papers are for drugs, but have other uses, Internet, WA and smartphones are dual purpose delivery mechanisms.
Nov 5, 2019 9 tweets 8 min read
Irreversible pawning of the device. That is what Pegasus does. And also potential write access to your sensitive accounts.

Another story I co-wrote with @saikatd on @asiatimesonline on Pegasus.

asiatimes.com/2019/11/articl…

(Also some more interesting stuff. Thread follows) @saikatd @asiatimesonline Link to the full WA petition which contains fascinating technical details and operational, financial details can be found here.

archive.org/details/NSO_Gr…
Oct 11, 2019 5 tweets 2 min read
As a small biz, we anticipated this stupidity months ago and reworked our entire supply chain by withholding payment to the tune of 30% for vendors on our supply chain till they file their returns.

Needless to say, many went out of business.

economictimes.indiatimes.com/small-biz/gst/… Remember that the govt *allows quarterly filing* of GSTR-1. This means that we can't claim Credit until the quarterly GSTR-1 is filed by the counter party, even though goods has been paid for, delivered and transaction is complete.

Now the impact of this move is devastating.
Jun 3, 2019 8 tweets 3 min read
A few comments on this to make people understand what is going on.

1. There are three different data points @ECISVEEP has on a per booth basis
(a) Votes Polled via Voter Turnout App, Web site Data.
(b) Votes Counted via EVM
(c) Votes Verified via VVPAT. 2. All these three data points have to be consistent. Why?
3. Think of a company books as an example. We have P/L, Balance Sheet and Cash flow. If they are inconsistent, you are right to suspect that something is amiss.
May 21, 2019 4 tweets 2 min read
This is cyber-ignorance masquerading as common sense. I am slightly annoyed enough to put out a short thread on the known issues with EVMs as we know it today. Let us start.

1. Do we know the *full design of the EVM* in public domain?
No. 2. Have we audited the software?
No.

3. Have we ensured that the unique number in every EVM Is unique and is crypto secure?
No

4. Have unique numbers in EVMs did not match in the past?
Yes. See this case.