Friday, February 26, 2021

UPI and Wallet Scams

PART I

I received an interesting call today, from number +91 9832708846. The person at the other end claimed to be calling on behalf of PhonePe. Now I'm usually very skeptical of such unsolicited calls, but this one happened just 15 minutes after I had made a PhonePe payment. So it took me a few moments to understand the real motive.

Scamster: Sir mai PhonePe se baat kar raha hu. Aap Anshul bol rahe hain?
Me: Bataiye
Scamster: Sir aapko cashback mila hai
Me: (thinking I will check the app for any coupons) ok, mai dekh lunga 
Scamster: Aapko cashback chahiye ki nahi?
Me: (Confused - what is this guy talking?) Matlab?
Scamster: (loudly) Hain? Aapko cashback chahiye ki nahi 5000 rupaye ka?
Me: (Finally realising this is a scam call) Aap PhonePe se bol rahe ho?
Scamster: Haan
Me: Arey re re re, mujhe to TrueCaller pe kuch aur dikh raha hai
<Call disconnected by scamster>

I don't have TrueCaller installed, but just the mention of it was enough for the scamster to block my number from calling him back.

While I, and many other tech savvy people may safeguard themselves, it made me realise how simple scamming has become in an increasingly connected world. It got me thinking, how is such a scamster operates.

PART II

Modus operandi of the scamster:
  1. Get a list of active phone numbers from darknet
    1. Can be a curated list of numbers within a circle, or  which have active bank account 
  2. Buy set of SIM cards, Android mobile or SIM box
    1. SIM card can be bought against any legal document, no Aadhar required, courtesy our honorable supreme  court which struck down said provision of Aadhar act as
      1. privacy > other considerations
    2. The other legal documents have no biometrics, so you can fake one if resourceful
    3. prepaid SIM doesn't need physical verification of address
  3. Cold call numbers from the list in step 1
  4. Sweet talk into making the target click on a link
    1. When link is clicked
      1. Create a request to UPI/wallet for charging payment
      2. Gaslight target into accepting the information in the guise of it helping the target
  5. If victim realises s/he has been defrauded 
    1. Gaslight again and repeat step 4
  6. Block the number from calling back through Android feature
  7. Keep the amounts scammed low so that 
    1. neither the victim makes a complaint - money lost is lesser than fear of harassment
    2. nor police go through the effort of investigating - When there are scams of crores to be cracked, why go after small ticket scams? 
  8. Form a network of scamsters and keep milking the list of step 1
    1. Many fake call call centers have mushroomed all over as per news reports
Profile of the victim:
  1. Doesn't have a deep understanding of newer payment models
    1. Financially uneducated, Digitally illiterate, informationally uninformed 
  2. Gullible and can be easily manipulated into believing the stranger
  3. Has 1 number and Has a UPI / wallet linked to the primary number
Probable Solutions:
  1. Legal Institutional
    1. Make Aadhar seeding mandatory for mobile phones
      1. Was tried but failed legal challenges
      2. Needs to be brought in on security and criminal grounds
    2. Take issue seriously
      1. This hurts the credibility of digital transactions
      2. Can lead to people going for cash over blackboxes they see as unreliable
    3. Registry for reporting such incidences and effective investigation
      1. Tried to find helpline numbers where to report this call but none seemed handy
        1. The DOT website doesn't help - the grievance redressal option is against the officers, not against the internet provider
          1. The citizen's charter corresponds to 2017-18 and is directed towards ISPs and telecom operators.
        2. The TRAI website didn't help either - it has complaints sections targetted towards the telecom operator, its Value added services
        3. Same is true of the NPCI website
      2. Hence need cross agency system to tackle issues on confluence of multiple Regulator
  2. Retail consumer apps
    1. Most wallets etc simply say we do not send unsolicited mails
    2. Introduce a challenge to identify a communication was from you or not
      1. Similar to an OTP - send an SMS / app notification and make it SOP to have this challenge in all communication to establish 2-way trust
    3. Create industry body to lobby for better tracking mechanisms
      1. Customers should only need to notify their apps that someone tried to (ab)use their name for a scam
Part III

But the question remains, how do these telecallers and scamsters curate your number in their list?
Few options come to mind:
  1. Cold call a list number to check if its active - disconnect before its picked up - this dead weight on the telecom networks allows the check for free, one only needs SIM multiplexers to do this call in automated manner
  2. Somehow get hold of excels from another telecom shop / business concerns - many a times the staff can extract files with limited list of subscribers for internal marketing purpose, which can get leaked in hands of scamsters
  3. Get hold of data from a contact - while you may install only relevant apps on your device, one of your contacts may've installed a shady app on their device, which (the app) in turn used the contacts permissions to harvest all numbers
  4. Send one-off SMSes with unique URLs, which if clicked, means that the number is active.
So, let's look deeper into this option 4. A recent SMS that I received from an unknown number comes to mind. 

Now, I neither have an account ending in those last few digits, nor am I expecting a sum in that range to be transferred. But someone who is in a hurry and didn't realise the reality of the number can definitely be taken for a ride. In this case, the scamster have used only an actual number instead of a 6-character alphanumeric registered senderid, which makes things easier to identify.  

















Tuesday, February 09, 2021

Some poems - 6 - Sometimes

I remember writing this one as a personal challenge, after I read a poem from a college senior who had covered the life of a drop of water. While mine is a lot more depressing in hindsight, nevertheless, here it goes:


Sometimes,
I feel like I am the wind
untamed by anyone around me
unfazed by happenings around me
unnoticed by everyone around me.

Sometimes,
I feel like I am the rain
that washes away everything with my tears
that only a few clouds befriend
whose rage everyone fears.

Sometimes
I feel like I am the river
whose raging waters never cease
whose flood births tyrannies
whose soul rests in the seas.

Sometimes
I feel like I am the sea
with water so salty none can drink
only brine visible, no sign of brink
inside of which all things sink

Sometimes
I feel like I am the Earth
that carries all the weight of the world
that burns inside in its own hearth
and no one understands whose words

But then I was remembered.
Life isn't about the negatives alone
I may have my griefs, but some happy moments I do own.

So Yes.
I am the wind that sets everything in motion
I am the rain that brings joy and fresh notions
I am the river that helps life big and small
I am the sea which is deep
I am the earth that sustains one and all.
 

 

Some poems - 5 - Couplets

I remember these below couplets happened when I was once travelling to college from Delhi. I met a localite who belonged to the town of Loharu travelling in the seat next to mine, and it turned out he was the grandson of a local Urdu poet. On the way, he explained to me some basics of Khyal, Nazm, and Shayari, and encouraged me in my juvenile attempts at writing couplets and poems.

Once again, Crediting https://hindi.changathi.com/ for helping me convert English text into Hindi where required.

Couplet 1

तेरे बिना रहें तो रहें कैसे, तू ही तो हैं साँसों सा ज़रूरी 

तेरे बिना सोचे तो सोचे कैसे, तुझ बिन मेरी सोच अधूरी

तेरे बिना जियें तो जियें कैसे, तू ही तो ज़िन्दगी मेरी

तेरे बिना मरें तो मरें कैसे, तुझे पाना ही हैं आखिरी ख्वाहिश मेरी |

Couplet 2

उन्होंने बात करी कुछ ऐसे अदब से कि हम बेज़ुबान हो गए

उनकी हसीं, उनकी चल, हर अदा पर हम फ़िदा हो कर रह गए

देख के उन्हें मन में हुई हलचल और दिल खामोश ना रह सका

उन्होंने अनकही बात भी आँखों से समझली कुछ ऐसे, कि वो मालिक और हम गुलाम बन गए |

Couplet 3

आग के दरिया में शोलो कि कश्ती में

अंगारो के साथ कोयले कि बसरी में

चलता जा रहा हूँ मैं जाने किस मस्ती में

जला जा रहा हूँ मैं आज अपनी ही हस्ती में |

Couplet 4

कुछ करने से क्यों डरता  है तू - इस मंज़र को बदलने कि कोशिश तो कर

मिट जायेगा नमो निशान इस ख़ामोशी का तू एक मुस्कान फ़ैलाने कि ज़ुर्रत तो कर

जगमगा उठेगा रौशनी का कारवां तू एक दिया जलाने कि हिम्मत तो कर


Some poems - 4 - तूफानों से लड़ने का जिगर रख ऐ बन्दे

I remember writing this one for motivating myself. While I have never managed to remember the complete poem at any point of time, the first 4 lines are something I tend to remember once in a while whenever I'm feeling low.


तूफानों से लड़ने का जिगर रख ऐ बन्दे

मंज़िल तू सारी पार कर जायेगा

गिर कर संभलने का दम रख ऐ बन्दे

फिर एक उड़ान में तू आसमान भी छू कर आएगा |


चाहे मुश्किलें हज़ार रास्ते में तेरे आएं

पत्थर की बौछार हो और काटों के रास्ते बन जाये

तू दिल में रख ताकत इतनी, कि ये रुकावट भी तेरे बढ़ना ना रोक पाएं

तू होसलो में रख बुलंदी इतनी, कि इन मुश्किल राहों में भी तेरे कदम ना लड़खड़ायें |


मुकद्दर में क्या लिखा है ये कोई नहीं जानता

इंसान के काम से ही है हर कोई उसे पहचानता

रख बाज़ुओ में ज़ोर इतना, ना टूटे तेरे कर्मो कि डोर

बस एक मंज़िल बना ले, फिर बढे जा उसकी ओर |


कर ले खुद पर विश्वास इतना, फिर किस्मत के हाथो भी तू ना हार पायेगा 

कर ले खुद को बुलंद इतना, फिर भगवान भी तेरी मंज़िल तुझसे ना छीन पायेगा |


तूफानों से लड़ने का जिगर रख ऐ बन्दे

मंज़िल तू सारी पार कर जायेगा

गिर कर संभलने का दम रख ऐ बन्दे

फिर एक उड़ान में तू आसमान भी छू कर आएगा |


Once again, Crediting https://hindi.changathi.com/ for helping me convert English text into Hindi where required.

Some poems - 3 - Jingle

I found another jingle in my diary, that I wrote for an elective course for Print and Audio Visual Advertising. This was written for a fictional personality development institute, and is a mix of Hindi and English. Here it goes:

Speaker 1 (Jingle):

चलो सुने, Pappu की कहानी, 

Loosers के जैसे जिसकी ज़िंदगानी 


One और minus One का वो total 

बिना ढक्कन की empty bottle


उससे ख़तम होती हर line

फिर भी वो कहता Everything is fine.


Join किया फिर उसने  हमारा  Program

उसकी personality पर  हमने  किया  काम  


Change उसमे  आया  बड़ा  ही  drastic

Interactions में  वो  हो  गया  fantastic


जिसको  सभी  समझते  थे  Zero

अब  वो  है  मोहल्ले  का  Hero


Jobs के  लिए  जो  लगता  था  Jack

अब  उसको  मिलते  हैं  भारी-भरकम  check

   Speaker 2 (Information): 

अगर आप भी अपनी personality को बदलना चाहते हैं, तो आज ही join करे Zenith Personality Development classes

Thankfully, the jingle worked for us (me and project partner for recording) to score good marks in the assignment. Crediting https://hindi.changathi.com/ for helping me convert English text into Hindi where required



Some Poems - 2 - दोस्ती

Continuing with the previous post, sharing another poem from long back. The inspiration was a conversation I had with a friend (which was not poetic). Crediting https://hindi.changathi.com/ for helping me convert English text into Hindi where required


 दोस्ती


एक दिन,

एक दोस्त ने कहाँ मुझसे -


ज़िन्दगी तो है एक सागर,

ओर दोस्ती हैं उसमे उठती हुयी लहरें |


दिल है उस सागर से लगता दोस्ती का किनारा,

समुन्दर में तो बनती हैं हज़ारो लहरें

मगर दोस्त वही जो छु जाये दिल तुम्हारा |


तो कहा मैंने अपने दोस्त से


तुम ज़िन्दगी को सागर कह सकते हो मेरे दोस्त मगर लहरों को दोस्ती नहीं |

तुम किनारे को मेरा दिल कह सकते हो मेरे दोस्त मगर अपने आप को बस एक लहर नहीं |


क्युकी लहरें तो बनती हैं,

किनारे तक जाती हैं,

उससे टकराती हैं,

और फिर बिखर जाती हैं |


तुम्ही बताओ,

हमारी दोस्ती के सामने ये लहरें कहा टिक पाती हैं ?


तो मेरे दोस्त ने कहा मुझसे,

क्या बात है गुरु, जिरह के मन में लगते हो आज

तो क्यों ना तुम्ही बतला दो, क्या है दोस्ती का राज़?


तो फिर मैंने कहा अपने दोस्त से


मेरे दोस्त,


दोस्ती तो एक नदी के सामान होती है,

सागर को भी नहीं पता वो कहा से शुरू होती है |

उस नदी को फर्क नहीं पड़ता रास्ते में क्या बंधन आते हैं,

बल्कि वो नदी तो हर रुकावट को भी साथ बहा ले आती है |


किनारो से मतलब नहीं रखती है वो

कभी सौम्य तो कभी चंचल

कभी मध्धम तो कभी छोटी 

कभी उग्र तो कभी शांत 

कभी गहरी तो कभी मोटी, 

बस, अपनी ही धुन में बहती चली जाती है वो |


तुम लहरों को दोस्ती कह रहे थे

मगर

दोस्ती तो वो चीज़ है जो किसी के रोके नहीं रुक पाती हैं

दोस्ती तो वो ख्वाब है जो किसी के जगाने पर भी नहीं टूट पाती हैं

बस नदी की तरह बहते बहते ज़िन्दगी के सागर में मिल जाती हैं | 


फिर अंत में मेरा दोस्त बोला,

सही कहते हो तुम यार -

दोस्ती हो ही नहीं सकती समंदर की लहरें,

कहा हमारा बरसो का याराना और कहा इन लहरों का एकांत वीराना |

लम्बी हमारी बात हो चुकी है, अब चलो, मेस में जाकर खाते हैं खाना |


Some poems - 1 - एक सवाल मंज़िल से

Having travelled to my hometown recently, I found one of my older diaries from early college days, back when I still used to write poems. Many of them are undated, so I can't recall what inspired me to write them back then :)

Nevertheless, sharing some that I found refreshing while reading today.

Crediting https://hindi.changathi.com/ for helping me convert English text into Hindi where required.


एक सवाल मंज़िल से


मैंने एक दिन पूछ लिया मंज़िल से


तुम्हे पाना सब चाहते हैं ,

तुम्हारे लिए अपना जी जान लड़ाते हैं

तुम्हे पाने के लिए कुछ भी कर जाते हैं


पागल हो जाते हैं जाने कितने तुम्हारे दीदार में 

खानपान तक भूल जाते हैं तुम्हारे ख्याल में

खुद को रंक - बैरागी बना लेते हैं तुम्हारे इंतज़ार में 


फिर तुम क्यों नहीं मिलती उन सबसे ज़िन्दगी की राहों में ?

फिर तुम क्यों नहीं थामती उनको कभी अपनी बाहों में?


तो फिर मंज़िल ने कहा मुझसे


ज़िन्दगी में एक मुकाम तो सभी पाना चाहते हैं

और ये भी सच है,

मुझसे एक मुलाकात के लिए लोग जाने क्या क्या कर जाते हैं


फिर भी उनमे से कुछ ही अपनी नैया पार लगा पाते हैं

क्यूंकि


ये वो लोग हैं,

जो जितना मुझे पाना चाहते हैं, उससे कहीं ज़्यादा खोकर मेरे पास आते हैं

मैं एक झटके में ना मिलु, तो भी हार नहीं मानते हैं

और गिर जाने पर भी, फिर उठकर मेरी ओर ही बढ़ते चले आते हैं |

Sunday, February 07, 2021

Book Review: Death's End

 After finishing the first 2 books in the Remembrance of Earth's Past Series, I picked up the 3rd book in the series: Death's End, written by Cixin Liu, and translated into English by Ken Liu. (Warning: some spoilers may be present in the post)

In this book, I feel the author has outdone the narratives of his previous 2 books. While book 1 was based on initial contact and associated schisms of human world, and much of book 2 was about establishing deterrence through a mutually assured destruction in the dark forest, in book 3, the author has shown a range of ideas around what would happen if the deterrence was broken. Thus, through his narrative of Common Era (early 21st century time before aliens are known), Crisis Era (the threat of alien invasion materialising), Deterrence Era (mutually assured destruction), Broadcast Era (when deterrence is broken between the 2 societies), Bunker Era (preparation for cosmic destruction of solar system), and Galaxy era (post solar system era), the author has covered almost the complete story from common era to  singularity. 

While the previous books had interactions between only 2 eras, in this 3rd volume, one gets to see a myriad number of technological concepts based on many current theories - such as curvature propulsion, fusion propulsion, gravitational signalling, black domain, death lines, 4-dimensional fragment etc.

Through the eyes of Cheng, one sees touches of Hobbesian world - how emotions and responsibility can turn out as weaknesses in this imagined world, first in her failure as a Swordholder, and later, in her failure in allowing Wade to build the escape mechanism.

Though certain questions do remain - such as

  • How could the alien message at the end contain an exhaustive list of over 1.5 million such civilizations having built a mini universe?
  • Given the 3d to 2d letter bomb would never stop working, what did the aliens who sent it meant by retrieval from a magazine?
  • Were there any other civilizational genes, other than the hiding and cleansing genes?
  • What were Trisolaris motivations around Yun Tianming? 
  • Given the bunker era already head anti matter bullets, would they have helped in countering the paper slip by inserting it ahead of other matter of other planets?
  • Of all the weapons to possess for an AI, why did Sophon pick a Katana?
Nevertheless, I think the book is must read, for its myriad themes, and the journey of fantasy based on many real life theories. Overall rating: 5/5

Tuesday, January 26, 2021

Book review: The Dark Forest

The Dark Forest is the 2nd book in the trilogy of books Remembrance of Earth's Past written by Cixin Liu. 

Having recently read the first part of it, I couldn't resist moving forward with the sequel, and so, finished reading this one recently. This one continues from the earlier ending, where humans learn of the incoming TriSolaris fleet. Mostly written from PoV of Luo Ji, it contains some very interesting themes which have been well explored. Some of the themes I feel are very well explored in the book include:

  • Escapism - the human response of fight or flight has been dealt in very good detail, and how it can demoralise the society at large
  • The notion of wallbreakers - what to do when the enemy erects a wall restricting future progress is one way of dealing with such problems
  • Cosmological Sociology - I think it has very sound basic principles. Though many of them can be countered, but let me reiterate the ones mentioned here:
    1. Survival is primary need of civilization - this is the survival principle of modern day thinkers adapted to civilization - all life exists to protect itself
    2. Civilization continuously grows and expands, but the total matter in the universe remains constant - This is akin to a Cosmological Malthusian trap - where population growth is geometric but resource availability is linear, which puts pressure on overall social stability
    3. Chain of Suspicion - reflects the problem of trust that organisms, organizations, and society have faced since inception. While human civilization has existed for only few thousand years, the underlying trust relations have actually been building up over 100s of thousands of years since the very process of evolution began.
    4. Technological Explosion can be understood with importance of surplus in capitalism - technological surplus generated though one advancement serves as capital for further technological advancements and helps fuel them, thus it is hard to predict what kind of surplus and products a galactic civilization may generate within a given timeperiod 
  • The Dark Forest explanation - a response to Fermi's paradox using the cosmological sociology is itself well explained by the conversation between Luo and Da Shi
  • The battle of darkness is similar to Hobbesian state of anarchy, except that it is motivated by absolute belief in defeat - it clearly shows how the material progress is premised on abundance of resources
  • Finally, it is interesting how 2 wallfacers chose the method of cosmological ransom of mutually assured destruction to deter the TriSolaris from annihilating humanity, the first using threat of human technology, while the second successfully getting deployed the technology of other aliens.

However, key themes that I did not find sufficiently answered are (which may get explained in later works):
  • why are there only 4 wallfacers, and how are they chosen?
  • what made the wallfacers derive their phobias? was it another one of the sophon effects, where the trisolaris already had knowledge of neural modification and used it to induce fear?
  • why couldn't the wallfacers innovate out of their wallbreakers attempted explanation by considering that a wallbreaker could be part of the plan as well? Any successful military plan would entail accounting for scenarios where the enemy gets knowledge of the plans, and with sophons, that was very much to be expected

Thus, while the book makes for a compelling read, it does leave a few things to be desired. Yet, I find it a must read book, because of the way the various themes are explored. Overall rating: 5/5.

Saturday, January 23, 2021

Book Review: The 3 body problem

I recently finished reading the book: The 3 body problem by Liu Cixin, translated into English by Ken Liu. 


Its been one of the most intellectually challenging books I've read in recent times, and definitely the best science fiction I've read since I finished the Dune series. 

The fundamental plot revolves around 2 themes: An alien civilization looking to resettle given its unique cosmological disadvantages, and the human civilization on earth being looked down upon by fellow humans for its violence and disdain. What I found most interesting in the book were 

  • The initial storyline around Cultural Revolution and the excesses that it entailed, which is something unique as given Liu's inclinations, these can only be read as very general descriptions.
  • Weaponization of so many futuristic technologies, such as broadcasting of signals through stars, nanowires, satellite bursts through EMP etc.
  • The storyline around proton unfolding and Sophons is again very imaginatively told, and it helps even laymen like me understand what would the concept look like in practise
  • The 3body game and the V-suit are definitely something that will serve as inspiration to future generations of game designers as well as inter-galactic explorers
  • The idea of aliens as gods, the analogy of bugs, and how human-alien interaction may change existing societal structure is thought provoking.
That said, I found some premises of the narrative not upto the mark - such as the excessive environmental vigilantism, silence on the excesses of previous eras and human efforts to compensate for them, and further feel the scenes around violence are not well written. 

Nevertheless, the book is a must read for any space enthusiast. Overall rating: 5/5 

When black boxes seem like voodoo magic

I've been practicing on Leetcode for some time. As some of you may be aware, it is a platform that helps one solves problems online, comes with an online compiler, built in test cases etc, and validates submissions on the basis of given time limits and memory requirements.

While solving one problems on graphs, I hit a roadblock - the test cases just wouldn't pass - test case 3 failed.

Now this was interesting, so I inputted the test case manually to check


Guess what, it worked. Now this is surprising, how can a test work individually when its otherwise failing? So I thought maybe some conditions in my code were not accounting for all execution states, and made minor alterations (no logical change), and resubmitted the code.

But this time, another test failed. And interestingly enough, this was failure at test case 2 (which had passed earlier), which meant that something even more fundamental broke.


Unable to understand what it means, I tried the input again, manually, and it worked:


But, but, but. How is this possible? I finally realised there must be something here which was common in multiple runs, but different in individual runs. Looking carefully at the second error message, it is clear, that some variable was being shared across the runs of the different test cases, when it clearly shouldn't be as per the platform. 

Because, How can an empty list test case find a node for 2?

It seemed, the culprit was here:


Rather than recreating the instance of Solution class, the platform is simply re-sharing the older instance, which contains results as per the previous run, as I've declared the variable visited as a class variable. So the solution was simple, re-instantiate this variable at every run


And we have success:



Thus, what essentially seemed like a bug or Voodoo magic to the lay user, who doesn't have much idea into how the input is being evaluated internally, is simply a reflection of larger phenomenon. End users, and consumers of any black box - be it a an app, a system, a service or a platform, are always at a disadvantage when facing an issue that is unique because of the manner of operations. 

While in this instance, it might have been a feature (or a bug), it is always better to have well intentioned error messages that help the user understand what s/he is doing wrong.

Thus, while the first error message above was not helpful, it was the 2nd one which allowed for some degree of insight into what went wrong here.