#Fact Check – Analysis of Viral Claims Regarding India's UNSC Permanent Membership

Assembly elections are due to be held in Assam later this year, with polling likely in April or May. Ahead of the elections, a video claiming to be an Aaj Tak news bulletin is being widely circulated on social media.

In the viral video, Aaj Tak anchor Rajiv Dhoundiyal is allegedly seen stating that a leaked intelligence report has issued a warning for the ruling Bharatiya Janata Party (BJP) in Assam. The clip claims that according to this purported report, the BJP may suffer significant losses in the upcoming Assembly elections. Several social media users sharing the video have also claimed that the alleged intelligence report signals the possible removal of Assam Chief Minister Himanta Biswa Sarma from office.

However, an investigation by the Cyber Peace Foundation found the viral claim to be false. Our probe clearly established that no leaked intelligence report related to the Assam Assembly elections exists.

Further, Aaj Tak has neither published nor broadcast any such report on its official television channel, website, or social media platforms. The investigation also revealed that the viral video itself is not authentic and has been created using deepfake technology.

‍

Claim

‍

On social media platform Facebook, a user shared the viral video claiming that the BJP has been pushed on the back foot following organisational changes in the Congress—appointing Priyanka Gandhi Vadra as chairperson of the election screening committee and Gaurav Gogoi as the Assam Pradesh Congress Committee president. The post further claims that an Intelligence Bureau report predicts that the current Assam government will not return to power.

(Link to the post, archive link, and screenshots are available.)

• ‍https://www.facebook.com/reel/1608947320289506 

‍

FactCheck:

‍

To verify the claim, we first searched for reports related to any alleged leaked intelligence assessment concerning the Assam Assembly elections using relevant keywords. However, no credible or reliable reports supporting the claim were found. We then reviewed Aaj Tak’s official website, social media pages, and YouTube channel. Our examination confirmed that no such news bulletin has been published or broadcast by the network on any of its official platforms.

• https://www.facebook.com/aajtak/?locale=hi_IN 
• https://www.instagram.com/aajtak/ 
• https://x.com/aajtak 
• https://www.youtube.com/channel/UCt4t-jeY85JegMlZ-E5UWtA 

‍

To further verify the authenticity of the video, its audio was scanned using the deepfake voice detection tool HIVE Moderation. 

The analysis revealed that the voice heard in the video is 99 per cent AI-generated, clearly indicating that the audio is not genuine and has been artificially created using artificial intelligence.

‍

Additionally, the video was analysed using another AI detection tool, Aurigin AI, which also identified the viral clip as AI-generated.

‍

‍

Conclusion:

‍

The investigation clearly establishes that there is no leaked intelligence report predicting BJP’s defeat in the Assam Assembly elections. Aaj Tak has not published or broadcast any such content on its official platforms. The video circulating on social media is not authentic and has been created using deepfake technology to mislead viewers.

‍

Introduction

Misinformation has been a significant concern in recent times, especially in the online information landscape. This past month, misinformation has been linked to the communal tensions that have flared up in the North Tripura district. While the law enforcement agencies were quick to respond, misinformation about the law and order situation spread rapidly. Shri Amitabh Ranjanon, Tripura’s Director General of Police, issued a public statement on 21st October 2024, Monday, clarifying “The state's law and order situation has improved, and misinformation is being spread about it”. This instance is a classic example of how misinformation can affect the delivery of good governance to citizens or hamper the relationship between the citizenry and the state mechanisms. Such misinformation undermines the efforts of the law enforcement agencies striving to maintain peace, and distorted narratives can colour public opinion about the authorities and create cycles of misplaced distrust. 

DGP's Statement

DGP Amitabh Ranjanon clarified during an event to commemorate Police Commemoration Day, stating that the state has recorded a lesser number of crimes this year compared to the last 10 years. He emphasized that senior police officials promptly respond to any law and order issues and additional forces have been deployed as necessary. Ranjan highlighted the peaceful celebration of Durga Puja as a testament to the effective law enforcement measures in place, demonstrating communal harmony. 

Impact of Misinformation in communal settings

Misinformation in communal settings can cause anxiety, fear, and distrust among community members, leading to conflicts. It undermines public confidence in law enforcement and government institutions. The spread of false information can erode trust in law enforcement and government bodies, hindering their ability to address and solve conflicts. Therefore, precise data and accurate information are essential in every environment to avoid the harm caused by misinformation. 

Preventive Measures Against Misinformation

1. Look for authenticated sources

In a digital landscape filled with information from various sources, it’s essential to differentiate between credible and unreliable content. Authenticated sources are typically reputable organizations and officials. Users must rely on authenticated sources to ensure the information's accuracy and credibility. Users must verify the source, confirm the claims made in the source by comparing them with other credible sources for accuracy, and follow fact-checking practices.

2. Exercise caution on social media information

Social media platforms can rapidly disseminate information, but they can also serve as breeding grounds for misinformation. The ease of sharing content can lead to the spread of unverified claims, rumours, or even outright falsehoods. Therefore, exercising caution when engaging with information on these platforms is crucial. Users must scrutinize headlines and images as well, especially since misleading images can distort the truth with the advent of AI.  One must always read beyond the headline and check the context of the images used and not make split-second decisions and impressions. Users must engage in critical thinking and share informed opinions responsibly, to promote discussions about the validity of shared content.

3. Role of Awareness

Awareness about misinformation is essential for navigating the complexities of modern communication. People can make better decisions and help create a more informed society by being aware of the strategies used to disseminate false information. Users need to become knowledgeable about typical misinformation strategies, hone their cognitive abilities to critically assess internet content, and verify the reliability of sources before they form opinions, make decisions or share ahead.

Final words

By integrating these simple best practices into our daily lives we can cultivate a more informed public, reduce the spread of online misinformation, and enhance critical thinking skills among peers and the larger digital community.

References

1. https://www.theweek.in/wire-updates/national/2024/10/21/cal8-tr-dgp.html
2. https://www.newindianexpress.com/nation/2024/Oct/21/tripura-dgp-says-misinformation-being-spread-about-states-law-and-order-situation
3. https://indianexpress.com/article/north-east-india/tripura/police-inaction-tripura-dgp-amitabh-ranjan-sharp-decline-crime-rate-9632509/
4. https://www.newindianexpress.com/nation/2024/Oct/21/tripura-dgp-says-misinformation-being-spread-about-states-law-and-order-situation

‍

Executive Summary:

Recently PAN-OS software of Palo Alto Networks was discovered with the critical vulnerability CVE-2024-3400. It is the software used to power all their networks in the next generation firewalls. This  vulnerability is a common injection vulnerability which provides access to unauthenticated attackers to execute random code having root privileges on the attacked system. This  has been exploited actively by threat actors,  leaving many organizations at risk for severe cyberattacks. This report helps to understand the exploitation, detection, mitigations and recommendations for this vulnerability.

‍

‍

Understanding The CVE-2024-3400 Vulnerability:

CVE-2024-3400 impacts the particular version of PAN-OS and a certain configuration susceptible to this kind of a security issue. It is a command injection, which exists in the GlobalProtect module of the PAN-OS software. The vulnerability can be exploited by an unauthorized user to run any code on the firewall having root privileges.  This targets Active Directory database (ntds.dit), important data (DPAPI), and Windows event logs (Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx) and also login data, cookies, and local state data for Chrome and Microsoft Edge from specific targets leading attackers to capture the browser master key and steal sensitive information of the organization.

The CVE-2024-3400 has been provided with a critical severity rating of 10.0. The following two weaknesses make this CVE  highly severe:

1. CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') 
2. CWE-20: Improper Input Validation.

‍

Impacted Products:

The affected version of PAN-OS by CVE-2024-3400 are-

Only the versions 10.2, 11.0, and 11.1, setup with GlobalProtect Gateway or GlobalProtect Portal are exploited by this vulnerability. Whereas the Cloud NGFW, Panorama appliances and Prisma Access are not affected.

Detecting Potential Exploitation: 

Palo Alto Networks has confirmed that they are aware of the exploitation of this particular vulnerability by threat actors. In a recent publication they have given acknowledgement to Volexity for identifying the vulnerability.  There is an increasing number of organizations that face severe and immediate risk by this exploitation. Third parties also have released the proof of concept for the vulnerability.

The suggestions were provided by Palo Alto Networks to detect this critical vulnerability. To detect this vulnerability, the following command shall be run on the command-line interface of PAN-OS device: 

grep pattern "failed to unmarshal session(.\+.\/" mp-log gpsvc.log*

This command looks through device logs for specific entries related to vulnerability. 

These log entries should contain a long, random-looking code called a GUID (Globally Unique Identifier) between the words "session(" and ")". If an attacker has tried to exploit the vulnerability, this section might contain a file path or malicious code instead of a GUID.

Presence of such entries in your logs, could be a sign of a potential attack to hack  your device which may look like:

• failed to unmarshal session(../../some/path)

A normal, harmless log entry would look like this:

• failed to unmarshal session(01234567-89ab-cdef-1234-567890abcdef)

Further investigations and actions shall be needed to secure the system in case the GUID entries were not found and suspicious.

Mitigation and Recommendations:

Mitigation of the risks posed by the critical CVE-2024-3400 vulnerability, can be accomplished by the following recommended steps:

• Immediately update Software:   This vulnerability is fixed in software releases namely PAN-OS 10.2.9-h1, PAN-OS 11.0.4-h1, PAN-OS 11.1.2-h3, and all higher versions. Updating software to these versions will protect your systems fully against potential exploitation.
• Leverage Hotfixes: Palo Alto Networks has released hotfixes for commonly deployed maintenance releases of PAN-OS 10.2, 11.0, and 11.1 for the users who cannot upgrade to the latest versions immediately. These hotfixes do provide a temporary solution while you prepare for the full upgrade.
• Enable Threat Prevention:  Incase of available Threat Prevention subscription, enable Threat IDs 95187, 95189, and 95191 to block attacks targeting the CVE-2024-3400 vulnerability. These Threat IDs are available in Applications and Threats content version 8836-8695 and later.
• Apply Vulnerability Protection: Ensure that vulnerability protection has been applied in the GlobalProtect interface to prevent the exploitation on the device. It can be implemented using these instructions. 
• Monitor Advisory Updates: Regularly checking for  the updates to the official advisory of Palo Alto Networks. This helps to stay up to date of the new releases of the guidance and threat prevention IDs of CVE-2024-3400.
• Disable Device Telemetry – Optional:  It is suggested to disable the device telemetry as an additional  precautionary measure.
• Remediation: If there is an active exploitation observed, follow the steps mentioned in this Knowledge Base article by Palo Alto Networks. 

Implementation of the above mitigation measures and recommendations would be in a position to greatly reduce the risk of exploitation you might face from a cyber attack targeting the CVE-2024-3400 vulnerability in Palo Alto Networks' PAN-OS software.

Conclusion: 

The immediate response should be taken against the offensive use of the critical CVE-2024-3400 vulnerability found in the PAN-OS platform of Palo Alto Networks.  Organizations should actively respond by implementing the suggested mitigation measures such as upgrading to the patched versions, enabling threat prevention and applying vulnerability protection to immediately protect from this vulnerability. Regular monitoring, implementing security defense mechanisms and security audits are the necessary measures that help to combat emerging threats and save critical resources.

‍