#FactCheck - "Viral Video Misleadingly Claims Surrender to Indian Army, Actually Shows Bangladesh Army”

Introduction

Devices and interconnectivity are the pipelines which drive the data into cyberspace, and in turn, the users consume this data to perform different tasks in the digital age. The security of devices and networks is essential as they are the first defenders of cyberspace. Bad actors often target systems and networks with malware and ransomware, these attacks are differently motivated, but all wreak havoc upon the system and can impact individuals and organisations alike. Mobile users worldwide prefer iOS or Android, but both operating systems are vulnerable to cyberattacks these days. Some of these attacks go undetected for a long time.

Op Triangulation

As reported by Kaspersky, While monitoring the network traffic of their own corporate Wi-Fi network dedicated to mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), Kaspersky noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices from the inside, they created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise. This is known as Operation Triangulation and has been in action since 2019 and got detected in 2023.

The Malware

A portion of the filesystem, including some of the user data and service databases, is included in mobile device backups. The files, directories, and database entries’ timestamps make it possible to reconstruct the events that happened to the device roughly. The “timeline.csv” file created by the mvt-ios software contains a sorted timeline of events that is comparable to the super-timeline utilised by traditional digital forensic tools. Pinpointing particular artefacts that show the compromise using this timeframe. This made it possible to advance the research and reassemble the broad infection sequence:

Through the iMessage service, a message with an attachment containing an exploit is delivered to the target iOS device.

The message initiates a vulnerability that results in code execution without any user input.

The exploit’s code downloads multiple additional stages, including additional exploits for privilege escalation, from the C&C server.

After successful exploitation, a fully functional APT platform is downloaded as the final payload from the C&C server.

The first message and the attachment’s exploit are removed

The lack of persistence support in the harmful toolset is most likely a result of OS restrictions. Multiple devices’ timeframes suggest that after rebooting, they might get infected again. The earliest signs of infection that we found date to 2019. The most recent version of the devices that have been successfully attacked as of the time of writing in June 2023 is iOS 15.7.

The final payload analysis is still ongoing. The programme executes with root rights, implements a set of commands for gathering user and system data, and can run any code downloaded as plugin modules from the C&C server.

Malicious Domains

Using the forensic artefacts, it was possible to identify the domain name set used by the exploits and further malicious stages. They can be used to check the DNS logs for historical information and to identify the devices currently running the malware:

addatamarket[.]net

backuprabbit[.]com

businessvideonews[.]com

cloudsponcer[.]com

datamarketplace[.]net

mobilegamerstats[.]com

snoweeanalytics[.]com

tagclick-cdn[.]com

topographyupdates[.]com

unlimitedteacup[.]com

virtuallaughing[.]com

web-trackers[.]com

growthtransport[.]com

anstv[.]netAns7tv[.]net

Safeguards for iOS users

Despite its world-class safety and privacy architecture, iOS is vulnerable to a few attacks; the following steps can be undertaken to safeguard iOS users –

Keeping Device updated

Security patches

Disabling iMessage would prevent Zero clicks exploits or the Triangulation attacks

Paying zero attention to unwanted, unsolicited messages

The user should make sure that any application they are downloading or installing; it should be from a trusted source ( This Zero click attack does not occur by any other means, It exploits / it targets software vulnerabilities in operating systems networks and applications)

Being cautious with the messaging app and emails

Implement device restrictions (management features like parental control and restrictions over using necessary applications)

Conclusion

Operation Triangulation is one of the recent operations combating cyber attacks, but such operations are launched nearly daily. This is also due to a rapid rise in internet and technology penetration across the world. Cyberattacks have taken a new face as they have evolved with the new and emerging technology. The influence of the Darknet has allowed many hackers to remain on the black hat side due to easy accessibility to illegal tools and material over the dark net, which facilitates such crimes.

Introduction:

The Indian Ministry of Communications has come up with a feature known as "Quick SMS Header Information" to provide citizens with more control over their messaging services. This feature would help users access crucial information about the sender through text message, therefore making the details readily available at their fingertips.

The Quick SMS Header service is the key to providing users with the feature to ensure that they are receiving messages from the correct source. Users can instantly learn all the necessary data about the sender of a certain SMS. This data is invaluable for making the distinction between real messages and suspicious spam or phishing, so the user can have a higher level of defense against online threats and scam activities.

Importance of Checking the Header:

1. Authenticity Verification: SMS header data represents another way to confirm the sender. This feature keeps the end user from wrongly assuming that the SMS is from a trusted source or an unknown sender. Hence, the end user is able to make a choice about the authenticity of the message.

2. Mitigating Spam and Phishing: The rise of SMS and phishing scams has created some significant hurdles for users in the process of differentiating between real and fake messages. Through the Quick SMS Header Information service, people will be able to look up any suspicious messages in order to be able to take appropriate steps to prevent links that lead to malicious websites or requests for personal information.

3. Enhancing User Security: The SMS header information plays an important role in ensuring that the user is secure and has no privacy issues.  The checking of the message headers will help us limit the possibilities of bad activities and reduce the chances of being a victim of cybercriminals.

4. Empowering Consumer Awareness: This feature is designed to encourage the people involved  to take responsibility for the security of their devices and establish a safer and more dependable digital platform.

Benefits:

• Enhanced Transparency: By giving access to the header information to the users, it is transparency that is promoted within the telecommunications ecosystem.
• Empowered Decision-Making: Now that users have information about the SMS header, they can make informed decisions regarding their communications and privacy.
• Efficient Resolution of Concerns: The Quick SMS Header Information serves the purpose of providing the needed resolution by telling us the message’s origin in cases where users come across any suspicious messages.
• User-Friendly Interface: With its easy and clear process, this feature caters to users of all technical proficiency levels, ensuring accessibility for all.

Working:

1. Compose Your SMS: Write a message with the header you wish to find the information about. For example, if you want to know details about a header labeled "SBIINB," your SMS should be in the format "DETAILS OF SBIINB." Note, all letters are in capital only.

2. Send it to 1909: Once your message is ready, send it to: 1909. Please note, this may charge you depending upon your current plan. 

3. Receive Response: The response to your SMS will be sent to you by the concerned telecommunication service provider or directly by 1909, a few seconds after you have sent your message. This response will have the data associated with the header above.

Another method to find SMS header information:

TRAI (Telecom Regulatory Authority of India) has made a tool on the webpage (https://smsheader.trai.gov.in/) to check for the SMS header associated with the message. 

TRAI has also mandated header registration for messages pertaining to transactional or promotional purposes. This has helped people identify the SMS header by simply looking into the database as made by TRAI.

Steps:

1. Go to https://smsheader.trai.gov.in/. The page looks like as shown below:

‍

2. Enter your Email, Name and complete the captcha under the Download/View Header Details and click on continue

‍

3. Enter the OTP received on your email with the captcha and click on continue

4. Now enter your SMS header in the format of AA-AAAA, where “AA” is your prefix and “AAAA” is your header name. For example, we have taken “AX-HDFCBK” as our sample header, so “AX” is our prefix and “HDFCBK” is our header name.

5. As soon as we press enter, the site returns the query with the information of the header, as shown below

Conclusion:

The importance of checking SMS headers is something that simply cannot be overemphasized. This is the principal procedure for identifying incoming messages as authentic, and on that basis, the users are able to make informed choices about the messages they receive. It also contributes to the rise of user safety and privacy.

The development of more transparent controls and a stronger decision-making process will make it easier for users to handle their digital lives. The Quick SMS Header Information service is easy and convenient to use, as its interface is simple and understandable for users of all technical levels.

In addition to this, TRAI's attempt to make available an online tool for the maintenance of a comprehensive database of SMS headers strengthens its position towards ensuring security for its users in the telecommunications sector.

‍

Introduction

With the rise of AI deepfakes and manipulated media, it has become difficult for the average internet user to know what they can trust online. Synthetic media can have serious consequences, from virally spreading election disinformation or medical misinformation to serious consequences like revenge porn and financial fraud. Recently, a Pune man lost ₹43 lakh when he invested money based on a deepfake video of Infosys founder Narayana Murthy. In another case, that of Babydoll Archi, a woman from Assam had her likeness deepfaked by an ex-boyfriend to create revenge porn.

Image or video manipulation used to leave observable traces. Online sources may advise examining the edges of objects in the image, checking for inconsistent patterns, lighting differences, observing the lip movements of the speaker in a video or counting the number of fingers on a person’s hand. Unfortunately, as the technology improves, such folk advice might not always help users identify synthetic and manipulated media.

‍

The Coalition for Content Provenance and Authenticity (C2PA)

‍

One interesting project in the area of trust-building under these circumstances has been the Coalition for Content Provenance and Authenticity (C2PA). Started in 2019 by Adobe and Microsoft, C2PA is a collaboration between major players in AI, social media, journalism, and photography, among others. It set out to create a standard for publishers of digital media to prove the authenticity of digital media and track changes as they occur.

When photos and videos are captured, they generally store metadata like the date and time of capture, the location, the device it was taken on, etc. C2PA developed a standard for sharing and checking the validity of this metadata, and adding additional layers of metadata whenever a new user makes any edits. This creates a digital record of any and all changes made. Additionally, the original media is bundled with this metadata. This makes it easy to verify the source of the image and check if the edits change the meaning or impact of the media. This standard allows different validation software, content publishers and content creation tools to be interoperable in terms of maintaining and displaying proof of authenticity.

‍

‍

‍

The standard is intended to be used on an opt-in basis and can be likened to a nutrition label for digital media. Importantly, it does not limit the creativity of fledgling photo editors or generative AI enthusiasts; it simply provides consumers with more information about the media they come across.

‍

Could C2PA be Useful in an Indian Context?

‍

The World Economic Forum’s Global Risk Report 2024, identifies India as a significant hotspot for misinformation. The recent AI Regulation report by MeitY indicates an interest in tools for watermarking AI-based synthetic content for ease of detecting and tracking harmful outcomes. Perhaps C2PA can be useful in this regard as it takes a holistic approach to tracking media manipulation, even in cases where AI is not the medium.

Currently, 26 India-based organisations like the Times of India or Truefy AI have signed up to the Content Authenticity Initiative (CAI), a community that contributes to the development and adoption of tools and standards like C2PA. However, people are increasingly using social media sites like WhatsApp and Instagram as sources of information, both of which are owned by Meta and have not yet implemented the standard in their products.

India also has low digital literacy rates and low resistance to misinformation. Part of the challenge would be showing people how to read this nutrition label, to empower people to make better decisions online. As such, C2PA is just one part of an online trust-building strategy. It is crucial that education around digital literacy and policy around organisational adoption of the standard are also part of the strategy.

The standard is also not foolproof. Current iterations may still struggle when presented with screenshots of digital media and other non-technical digital manipulation. Linking media to their creator may also put journalists and whistleblowers at risk. Actual use in context will show us more about how to improve future versions of digital provenance tools, though these improvements are not guarantees of a safer internet.

The largest advantage of C2PA adoption would be the democratisation of fact-checking infrastructure. Since media is shared at a significantly faster rate than it can be verified by professionals, putting the verification tools in the hands of people makes the process a lot more scalable. It empowers citizen journalists and leaves a public trail for any media consumer to look into.

‍

Conclusion

‍

From basic colour filters to make a scene more engaging, to removing a crowd from a social media post, to editing together videos of a politician to make it sound like they are singing a song, we are so accustomed to seeing the media we consume be altered in some way. The C2PA is just one way to bring transparency to how media is altered. It is not a one-stop solution, but it is a viable starting point for creating a fairer and democratic internet and increasing trust online. While there are risks to its adoption, it is promising to see that organisations across different sectors are collaborating on this project to be more transparent about the media we consume.

References

‍

• https://c2pa.org/
• https://contentauthenticity.org/
• https://indianexpress.com/article/technology/tech-news-technology/kate-middleton-9-signs-edited-photo-9211799/  
• https://photography.tutsplus.com/articles/fakes-frauds-and-forgeries-how-to-detect-image-manipulation--cms-22230
• https://www.media.mit.edu/projects/detect-fakes/overview/
• https://www.youtube.com/watch?v=qO0WvudbO04&pp=0gcJCbAJAYcqIYzv
• https://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2024.pdf
• https://indianexpress.com/article/technology/tech-news-technology/ai-law-may-not-prescribe-penal-consequences-for-violations-9457780/
• https://thesecretariat.in/article/meity-s-ai-regulation-report-ambitious-but-no-concrete-solutions
• https://www.ndtv.com/lifestyle/assam-what-babydoll-archi-viral-fame-says-about-india-porn-problem-8878689
• https://www.meity.gov.in/static/uploads/2024/02/9f6e99572739a3024c9cdaec53a0a0ef.pdf

‍