#FactCheck - Indian Men’s 4x400m Relay Team’s Record-Breaking Achievement in August 2023 Misrepresented as Recent Event

Introduction

Google.org is committed to stepping ahead to enhance Internet safety and responsible online behaviour. ‘Google for INDIA 2023’, an innovative conclave, took place on 19th October 2023. Google.org has embarked on its vision for a safer Internet and combating misinformation, financial frauds and other threats that come from bad actors. Alphabet Big Tech is committed to leading this charter and engaging with all stakeholders, including government agencies. Google.org has partnered with CyberPeace Foundation to foster a safer online environment and empower users on informed decisions on the Internet. CyberPeace will run a nationwide awareness and capacity-building Initiative equipping more than 40 Million Indian netizens with fact-checking techniques, tools, SoPs, and guidance for responsible and safe online behaviour. The campaign will be deployed in 15 Indian regional languages as a comprehensive learning outcome for the whole nation. Together, Google.org and CyberPeace Foundation aim to make the Internet safer for everyone and work in a direction to ensure that progress for everyone is built on a strong foundation of trusted information available on the Internet and pursuing the true spirit of “Technology for Good”.

Google.org and CyberPeace together for enhanced online safety

A new $4 million grant to CyberPeace Foundation will support a nationwide awareness-building program and comprehensive multilingual digital resource hub with content available in up to 15 Indian languages to empower nearly 40 million underserved people across the country in building resilience against misinformation and practice responsible online behaviour.  Together, Google.org and CyberPeace are on their way to creating a strong pathway of trusted Internet and a safer digital environment. The said campaign will be undertaken for a duration of 3 years, and the following key components will run at the core of the same: 

• CyberPeace Corps Volunteers: This will be a pan India volunteer engagement initiative to create a community of 9 million CyberPeace Ambassadors/First Responders/Volunteers to fight misinformation and promote responsible online behaviour going far into the rural, marginalised and most vulnerable strata of society. 
• Digital Resource Hub: In pursuance of the campaign, CyberPeace is developing a cutting-edge platform offering a wealth of resources on media literacy, responsible content creation, and cyber hygiene translated into 15 Indian regional languages for a widespread impact on the ground. 
• Public Sensitisation: CyberPeace will be conducting an organic series of online and offline events focusing on empowering netizens to discern fact from fiction. These sensitisation drives will be taken on by start master trainers from different regions of India to ensure all states and UTs are impacted. 
• CyberPeace Quick Reaction Team: A specialised team of tech enthusiasts that will work closely with platforms to rapidly address new-age cyber threats and misinformation campaigns in real-time and establish best practices and SoPs for the diverse elements in the industries. 
• Engaging Multimedia Content: With CyberPeace’s immense expertise in E-Course and digital content, the campaign will produce a range of multilingual multimedia resources, including informative videos, posters, games, contests, infographics, and more.
• Fact-check unit: Fact-check units will play a crucial role in monitoring, identifying, and doing fact analysis of the suspected information and overall busting the growing incidents of misinformation. Fake news or misinformation has negative consequences on society at large. The fact-check units play a significant role in controlling the widespread of misinformation. 

‍

Fight Against Misinformation 

Misinformation is rampant all across the world and requires attention. With the increasing penetration of social media and the internet, this remains a global issue. Google.org has taken up the initiative to address this issue in India and, in collaboration with CyberPeace Foundation taken a proactive step to multiple avenues for mass-scale awareness and upskilling campaigns have been piloted to make an impact on the ground with the vision of upskilling over 40 Million people in the country and building resilience against misinformation and practicing responsible online behavior. 

‍

Maj Vineet Kumar, Founder of CyberPeace, said,

"In an era in which digital is deeply intertwined with our lives, knowing how to discern, act on, and share the credible from the wealth of information available online is critical to our well-being, and of our families and communities. Through this initiative, we’re committing to help Internet users across India become informed, empowered and responsible netizens leading through conversations and actions. Whether it’s in fact-checking information before sharing it, or refraining from sharing unverified news, we all play an important role in building a web that is a safe and inclusive space for everyone, and we are extremely grateful to Google.org for propelling us forward in this mission with their grant support.”

‍

Annie Lewin, Senior Director of Global Advocacy and Head of Asia Pacific, Google.org said:

“We have a longstanding commitment to supporting changemakers using technology to solve humanity's biggest challenges. And, the innovation and zeal of Indian nonprofit organisations has inspired us to deepen our commitment in India. With the new grant to CyberPeace Foundation, we are proud to support solutions that speak directly to Google’s DNA, helping first-time internet users chart their path in a digital world with confidence. Such solutions give us pride and hope that each step, built on a strong foundation of trusted information, will translate into progress for all.”

‍

Conclusion

Google.org has partnered with government agencies and other Indian organisations with the vision of future-proof India for digital public infrastructure and staying a step ahead for Internet safety, keeping the citizens safe online. Google.org is taking its largest step yet towards online safety in India. There is widespread misinformative content and information in the digital media space or on the internet. This proactive initiative of Google.org in collaboration with CyberPeace is a commendable step to prevent the spread of misinformation and empower users to act responsibly while sharing any information and making informed decisions while using the Internet, hence creating a safe digital environment for everyone.

‍References:

• https://www.youtube.com/live/-b4lTVjOsXY?feature=shared
• https://blog.google/intl/en-in/products/google-for-india-2023-product-announcements/
• https://blog.google/intl/en-in/partnering-indias-success-in-a-new-digital-paradigm/
• https://telecom.economictimes.indiatimes.com/news/internet/google-to-debut-credit-in-india-announces-a-slew-of-ai-powered-launches/104547623
• https://theprint.in/economy/google-for-india-2023-tech-giant-says-it-removed-2-million-violative-videos-in-q2-2023/1810201/

‍

Executive Summary:

BrazenBamboo’s DEEPDATA malware represents a new wave of advanced cyber espionage tools, exploiting a zero-day vulnerability in Fortinet FortiClient to extract VPN credentials and sensitive data through fileless malware techniques and secure C2 communications. With its modular design, DEEPDATA targets browsers, messaging apps, and password stores, while leveraging reflective DLL injection and encrypted DNS to evade detection. Cross-platform compatibility with tools like DEEPPOST and LightSpy highlights a coordinated development effort, enhancing its espionage capabilities. To mitigate such threats, organizations must enforce network segmentation, deploy advanced monitoring tools, patch vulnerabilities promptly, and implement robust endpoint protection. Vendors are urged to adopt security-by-design practices and incentivize vulnerability reporting, as vigilance and proactive planning are critical to combating this sophisticated threat landscape.

Introduction

The increased use of zero-day vulnerabilities by more complex threat actors reinforces the importance of more developed countermeasures. One of the threat actors identified is BrazenBamboo uses a zero-day vulnerability in Fortinet FortiClient for Windows through the DEEPDATA advanced malware framework. This research explores technical details about DEEPDATA, the tricks used in its operations, and its other effects.

Technical Findings

1. Vulnerability Exploitation Mechanism

The vulnerability in Fortinet’s FortiClient lies in its failure to securely handle sensitive information in memory. DEEPDATA capitalises on this flaw via a specialised plugin, which:

• Accesses the VPN client’s process memory.
• Extracts unencrypted VPN credentials from memory, bypassing typical security protections.
• Transfers credentials to a remote C2 server via encrypted communication channels.

2. Modular Architecture

DEEPDATA exhibits a highly modular design, with its core components comprising:

• Loader Module (data.dll): Decrypts and executes other payloads.
• Orchestrator Module (frame.dll): Manages the execution of multiple plugins.
• FortiClient Plugin: Specifically designed to target Fortinet’s VPN client.

Each plugin operates independently, allowing flexibility in attack strategies depending on the target system.

3. Command-and-Control (C2) Communication

DEEPDATA establishes secure channels to its C2 infrastructure using WebSocket and HTTPS protocols, enabling stealthy exfiltration of harvested data. Technical analysis of network traffic revealed:

• Dynamic IP switching for C2 servers to evade detection.
• Use of Domain Fronting, hiding C2 communication within legitimate HTTPS traffic.
• Time-based communication intervals to minimise anomalies in network behavior.

4. Advanced Credential Harvesting Techniques

Beyond VPN credentials, DEEPDATA is capable of:

• Dumping password stores from popular browsers, such as Chrome, Firefox, and Edge.
• Extracting application-level credentials from messaging apps like WhatsApp, Telegram, and Skype.
• Intercepting credentials stored in local databases used by apps like KeePass and Microsoft Outlook.

5. Persistence Mechanisms

To maintain long-term access, DEEPDATA employs sophisticated persistence techniques:

• Registry-based persistence: Modifies Windows registry keys to reload itself upon system reboot.
• DLL Hijacking: Substitutes legitimate DLLs with malicious ones to execute during normal application operations.
• Scheduled Tasks and Services: Configures scheduled tasks to periodically execute the malware, ensuring continuous operation even if detected and partially removed.

Additional Tools in BrazenBamboo’s Arsenal

1. DEEPPOST

A complementary tool used for data exfiltration, DEEPPOST facilitates the transfer of sensitive files, including system logs, captured credentials, and recorded user activities, to remote endpoints.

2. LightSpy Variants

• The Windows variant includes a lightweight installer that downloads orchestrators and plugins, expanding espionage capabilities across platforms.
• Shellcode-based execution ensures that LightSpy’s payload operates entirely in memory, minimising artifacts on the disk.

3. Cross-Platform Overlaps

BrazenBamboo’s shared codebase across DEEPDATA, DEEPPOST, and LightSpy points to a centralised development effort, possibly linked to a Digital Quartermaster framework. This shared ecosystem enhances their ability to operate efficiently across macOS, iOS, and Windows systems.

Notable Attack Techniques

1. Memory Injection and Data Extraction

Using Reflective DLL Injection, DEEPDATA injects itself into legitimate processes, avoiding detection by traditional antivirus solutions.

• Memory Scraping: Captures credentials and sensitive information in real-time.
• Volatile Data Extraction: Extracts transient data that only exists in memory during specific application states.

2. Fileless Malware Techniques

DEEPDATA leverages fileless infection methods, where its payload operates exclusively in memory, leaving minimal traces on the system. This complicates post-incident forensic investigations.

3. Network Layer Evasion

By utilising encrypted DNS queries and certificate pinning, DEEPDATA ensures that network-level defenses like intrusion detection systems (IDS) and firewalls are ineffective in blocking its communications.

Recommendations

1. For Organisations

• Apply Network Segmentation: Isolate VPN servers from critical assets.
• Enhance Monitoring Tools: Deploy behavioral analysis tools that detect anomalous processes and memory scraping activities.
• Regularly Update and Patch Software: Although Fortinet has yet to patch this vulnerability, organisations must remain vigilant and apply fixes as soon as they are released.

2. For Security Teams

• Harden Endpoint Protections: Implement tools like Memory Integrity Protection to prevent unauthorised memory access.
• Use Network Sandboxing: Monitor and analyse outgoing network traffic for unusual behaviors.
• Threat Hunting: Proactively search for indicators of compromise (IOCs) such as unauthorised DLLs (data.dll, frame.dll) or C2 communications over non-standard intervals.

3. For Vendors

• Implement Security by Design: Adopt advanced memory protection mechanisms to prevent credential leakage.
• Bug Bounty Programs: Encourage researchers to report vulnerabilities, accelerating patch development.

Conclusion

DEEPDATA is a form of cyber espionage and represents the next generation of tools that are more advanced and tunned for stealth, modularity and persistence. While Brazen Bamboo is in the process of fine-tuning its strategies, the organisations and vendors have to be more careful and be ready to respond to these tricks. The continuous updating, the ability to detect the threats and a proper plan on how to deal with incidents are crucial in combating the attacks.

References:

1. https://thehackernews.com/2024/11/warning-deepdata-malware-exploiting.html‍
2. http://www.theregister.com/2024/11/19/china_brazenbamboo_fortinet_0day/

Introduction

In an era when misinformation spreads like wildfire across the digital landscape, the need for effective strategies to counteract these challenges has grown exponentially in a very short period. Prebunking and Debunking are two approaches for countering the growing spread of misinformation online. Prebunking empowers individuals by teaching them to discern between true and false information and acts as a protective layer that comes into play even before people encounter malicious content. Debunking is the correction of false or misleading claims after exposure, aiming to undo or reverse the effects of a particular piece of misinformation. Debunking includes methods such as fact-checking, algorithmic correction on a platform, social correction by an individual or group of online peers, or fact-checking reports by expert organisations or journalists. An integrated approach which involves both strategies can be effective in countering the rapid spread of misinformation online.

Brief Analysis of Prebunking 

Prebunking is a proactive practice that seeks to rebut erroneous information before it spreads. The goal is to train people to critically analyse information and develop ‘cognitive immunity’ so that they are less likely to be misled when they do encounter misinformation. 

The Prebunking approach, grounded in Inoculation theory, teaches people to recognise, analyse and avoid manipulation and misleading content so that they build resilience against the same. Inoculation theory, a social psychology framework, suggests that pre-emptively conferring psychological resistance against malicious persuasion attempts can reduce susceptibility to misinformation across cultures. As the term suggests, the MO is to help the mind in the present develop resistance to influence that it may encounter in the future. Just as medical vaccines or inoculations help the body build resistance to future infections by administering weakened doses of the harm agent, inoculation theory seeks to teach people fact from fiction through exposure to examples of weak, dichotomous arguments, manipulation tactics like emotionally charged language, case studies that draw parallels between truths and distortions, and so on. In showing people the difference, inoculation theory teaches them to be on the lookout for misinformation and manipulation even, or especially, when they least expect it. 

The core difference between Prebunking and Debunking is that while the former is preventative and seeks to provide a broad-spectrum cover against misinformation, the latter is reactive and focuses on specific instances of misinformation. While Debunking is closely tied to fact-checking, Prebunking is tied to a wider range of specific interventions, some of which increase motivation to be vigilant against misinformation and others increase the ability to engage in vigilance with success.

There is much to be said in favour of the Prebunking approach because these interventions build the capacity to identify misinformation and recognise red flags However, their success in practice may vary. It might be difficult to scale up Prebunking efforts and ensure their reach to a larger audience. Sustainability is critical in ensuring that Prebunking measures maintain their impact over time. Continuous reinforcement and reminders may be required to ensure that individuals retain the skills and information they gained from the Prebunking training activities. Misinformation tactics and strategies are always evolving, so it is critical that Prebunking interventions are also flexible and agile and respond promptly to developing challenges. This may be easier said than done, but with new misinformation and cyber threats developing frequently, it is a challenge that has to be addressed for Prebunking to be a successful long-term solution. 

Encouraging people to be actively cautious while interacting with information, acquire critical thinking abilities, and reject the effect of misinformation requires a significant behavioural change over a relatively short period of time. Overcoming ingrained habits and prejudices, and countering a natural reluctance to change is no mean feat. Developing a widespread culture of information literacy requires years of social conditioning and unlearning and may pose a significant challenge to the effectiveness of Prebunking interventions. 

Brief Analysis of Debunking 

Debunking is a technique for identifying and informing people that certain news items or information are incorrect or misleading. It seeks to lessen the impact of misinformation that has already spread. The most popular kind of Debunking occurs through collaboration between fact-checking organisations and social media businesses. Journalists or other fact-checkers discover inaccurate or misleading material, and social media platforms flag or label it. Debunking is an important strategy for curtailing the spread of misinformation and promoting accuracy in the digital information ecosystem. 

Debunking interventions are crucial in combating misinformation. However, there are certain challenges associated with the same. Debunking misinformation entails critically verifying facts and promoting corrected information. However, this is difficult owing to the rising complexity of modern tools used to generate narratives that combine truth and untruth, views and facts. These advanced approaches, which include emotional spectrum elements, deepfakes, audiovisual material, and pervasive trolling, necessitate a sophisticated reaction at all levels: technological, organisational, and cultural.

Furthermore, It is impossible to debunk all misinformation at any given time, which effectively means that it is impossible to protect everyone at all times, which means that at least some innocent netizens will fall victim to manipulation despite our best efforts.  Debunking is inherently reactive in nature, addressing misinformation after it has grown extensively. This reactionary method may be less successful than proactive strategies such as Prebunking from the perspective of total harm done. Misinformation producers operate swiftly and unexpectedly, making it difficult for fact-checkers to keep up with the rapid dissemination of erroneous or misleading information. Debunking may need continuous exposure to fact-check to prevent erroneous beliefs from forming, implying that a single Debunking may not be enough to rectify misinformation.  Debunking requires time and resources, and it is not possible to disprove every piece of misinformation that circulates at any particular moment. This constraint may cause certain misinformation to go unchecked, perhaps leading to unexpected effects. The misinformation on social media can be quickly spread and may become viral faster than Debunking pieces or articles. This leads to a situation in which misinformation spreads like a virus, while the antidote to debunked facts struggles to catch up.

Prebunking vs Debunking: Comparative Analysis

Prebunking interventions seek to educate people to recognise and reject misinformation before they are exposed to actual manipulation. Prebunking offers tactics for critical examination, lessening the individuals' susceptibility to misinformation in a variety of contexts. On the other hand, Debunking interventions involve correcting specific false claims after they have been circulated. While Debunking can address individual instances of misinformation, its impact on reducing overall reliance on misinformation may be limited by the reactive nature of the approach.

CyberPeace Policy Recommendations for Tech/Social Media Platforms

With the rising threat of online misinformation, tech/social media platforms can adopt an integrated strategy that includes both Prebunking and Debunking initiatives to be deployed and supported on all platforms to empower users to recognise the manipulative messaging through Prebunking and be aware of the accuracy of misinformation through Debunking interventions. 

1. Gamified Inoculation: Tech/social media companies can encourage gamified inoculation campaigns, which is a competence-oriented approach to Prebunking misinformation. This can be effective in helping people immunise the receiver against subsequent exposures. It can empower people to build competencies to detect misinformation through gamified interventions. 
2. Promotion of Prebunking and Debunking Campaigns through Algorithm Mechanisms: Tech/social media platforms may promote and guarantee that algorithms prioritise the distribution of Prebunking materials to users, boosting educational content that strengthens resistance to misinformation. Platform operators should incorporate algorithms that prioritise the visibility of Debunking content in order to combat the spread of erroneous information and deliver proper corrections; this can eventually address and aid in Prebunking and Debunking methods to reach a bigger or targeted audience.
3. User Empowerment to Counter Misinformation: Tech/social media platforms can design user-friendly interfaces that allow people to access Prebunking materials, quizzes, and instructional information to help them improve their critical thinking abilities. Furthermore, they can incorporate simple reporting tools for flagging misinformation, as well as links to fact-checking resources and corrections.
4. Partnership with Fact-Checking/Expert Organizations: Tech/social media platforms can facilitate Prebunking and Debunking initiatives/campaigns by collaborating with fact-checking/expert organisations and promoting such initiatives at a larger scale and ultimately fighting misinformation with joint hands initiatives.

Conclusion

The threat of online misinformation is only growing with every passing day and so, deploying effective countermeasures is essential.  Prebunking and Debunking are the two such interventions. To sum up: Prebunking interventions try to increase resilience to misinformation, proactively lowering susceptibility to erroneous or misleading information and addressing broader patterns of misinformation consumption, while Debunking is effective in correcting a particular piece of misinformation and having a targeted impact on belief in individual false claims. An integrated approach involving both the methods and joint initiatives by tech/social media platforms and expert organizations can ultimately help in fighting the rising tide of online misinformation and establishing a resilient online information landscape. 

References

1. https://mark-hurlstone.github.io/THKE.22.BJP.pdf
2. https://futurefreespeech.org/wp-content/uploads/2024/01/Empowering-Audiences-Through-%E2%80%98Prebunking-Michael-Bang-Petersen-Background-Report_formatted.pdf
3. https://newsreel.pte.hu/news/unprecedented_challenges_Debunking_disinformation
4. https://misinforeview.hks.harvard.edu/article/global-vaccination-badnews/

‍