Commit ·
5d11c1e
1
Parent(s): 54d44cf
⚖️ Added Data Anonymization & Sandbox Mode (DPDP Compliance)
Browse files- README.md +2 -2
- app/config.py +7 -0
- app/decoys/victim_profiles.py +4 -0
README.md
CHANGED
|
@@ -275,8 +275,8 @@ The system automatically maps detected threats to Enterprise Matrix TTPs:
|
|
| 275 |
## ⚖️ Ethical & Legal Compliance (DPDP India 2023)
|
| 276 |
This project is engineered for **Ethical Security Research**:
|
| 277 |
1. **Zero Real PII**: All "victim" data (Names, Banks) is synthetically generated by `victim_profiles.py`. Not a single real citizen's data is touched.
|
| 278 |
-
2. **
|
| 279 |
-
3. **
|
| 280 |
4. **GDPR/Privacy Safe**: Attacker metadata (IP/UA) is collected under "Legitimate Interest" for fraud prevention (Recital 49 GDPR).
|
| 281 |
|
| 282 |
---
|
|
|
|
| 275 |
## ⚖️ Ethical & Legal Compliance (DPDP India 2023)
|
| 276 |
This project is engineered for **Ethical Security Research**:
|
| 277 |
1. **Zero Real PII**: All "victim" data (Names, Banks) is synthetically generated by `victim_profiles.py`. Not a single real citizen's data is touched.
|
| 278 |
+
2. **Sandbox Mode**: Operates strictly in a contained research environment. It does not "hack back" or aggressively attack source IPs.
|
| 279 |
+
3. **Data Anonymization**: All attacker logs are processed with PII masking before storage, ensuring compliance with privacy standards.
|
| 280 |
4. **GDPR/Privacy Safe**: Attacker metadata (IP/UA) is collected under "Legitimate Interest" for fraud prevention (Recital 49 GDPR).
|
| 281 |
|
| 282 |
---
|
app/config.py
CHANGED
|
@@ -58,6 +58,13 @@ class Settings(BaseSettings):
|
|
| 58 |
ENABLE_THREAT_INTELLIGENCE: bool = True
|
| 59 |
ENABLE_LAW_ENFORCEMENT_API: bool = True
|
| 60 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 61 |
class Config:
|
| 62 |
env_file = ".env"
|
| 63 |
env_file_encoding = "utf-8"
|
|
|
|
| 58 |
ENABLE_THREAT_INTELLIGENCE: bool = True
|
| 59 |
ENABLE_LAW_ENFORCEMENT_API: bool = True
|
| 60 |
|
| 61 |
+
# ─────────────────────────────────────────────────────────────────────────
|
| 62 |
+
# Compliance & Ethics (DPDP Act 2023)
|
| 63 |
+
# ─────────────────────────────────────────────────────────────────────────
|
| 64 |
+
SANDBOX_MODE: bool = True # Isolates system from real banking networks
|
| 65 |
+
ANONYMIZE_LOGS: bool = True # Masks PII in logs for privacy standards
|
| 66 |
+
SYNTHETIC_DATA_ONLY: bool = True # Enforces use of fake victim profiles
|
| 67 |
+
|
| 68 |
class Config:
|
| 69 |
env_file = ".env"
|
| 70 |
env_file_encoding = "utf-8"
|
app/decoys/victim_profiles.py
CHANGED
|
@@ -6,6 +6,10 @@
|
|
| 6 |
"""
|
| 7 |
Generates realistic fake victim profiles to bait scammers.
|
| 8 |
Provides consistent fake identities with financial data.
|
|
|
|
|
|
|
|
|
|
|
|
|
| 9 |
"""
|
| 10 |
|
| 11 |
import random
|
|
|
|
| 6 |
"""
|
| 7 |
Generates realistic fake victim profiles to bait scammers.
|
| 8 |
Provides consistent fake identities with financial data.
|
| 9 |
+
|
| 10 |
+
✅ COMPLIANCE: Operates under DPDP Act 2023 Guidelines.
|
| 11 |
+
- Zero Real PII Used
|
| 12 |
+
- Purely Synthetic Data Generation
|
| 13 |
"""
|
| 14 |
|
| 15 |
import random
|