#FactCheck - AI-Cloned Audio in Viral Anup Soni Video Promoting Betting Channel Revealed as Fake

Executive Summary:

QakBot, a particular kind of banking trojan virus, is capable of stealing personal data, banking passwords, and session data from a user's computer. Since its first discovery in 2009, Qakbot has had substantial modifications.

C2 Server commands infected devices and receives stolen data, which is essentially the brain behind Qakbot's operations.Qakbot employs PEDLL (Communication Files), a malicious program, to interact with the server in order to accomplish its main goals. Sensitive data, including passwords or personal information, is taken from the victims and sent to the C2 server. Referrer files start the main line of communication between Qakbot and the C2 server, such as phishing papers or malware droppers. WHOIS data includes registration details for this server, which helps to identify its ownership or place of origin.

This report specifically focuses on the C2 server infrastructure located in India, shedding light on its architecture, communication patterns, and threat landscape.

Introduction:

QakBot is also known as Pinkslipbot, QuakBot, and QBot, capable of stealing personal data, banking passwords, and session data from a user's computer. Malware is bad since it spreads very quickly to other networks, affecting them like a worm.,It employs contemporary methods like web injection to eavesdrop on customer online banking interactions. Qakbot is a member of a kind of malware that has robust persistence techniques, which are said to be the most advanced in order to gain access to compromised computers for extended periods of time.
‍

Technical Analysis: 

The following IP addresses have been confirmed as active C2 servers supporting Qbot malware activity:

‍

Sample IP's

• 123.201.40[.]112
• 117.198.151[.]182
• 103.250.38[.]115
• 49.33.237[.]65
• 202.134.178[.]157
• 124.123.42[.]115
• 115.96.64[.]9
• 123.201.44[.]86
• 117.202.161[.]73
• 136.232.254[.]46

These servers have been operational in the past 14 days (report created in the month of Nov) and are being leveraged to perpetuate malicious activities globally.

URL/IP: 123.201.40[.]112

• inetnum: 123.201.32[.]0 - 123.201.47[.]255
• netname: YOUTELE
• descr: YOU Telecom India Pvt Ltd
• country: IN
• admin-c: HA348-AP
• tech-c: NI23-AP
• status: ASSIGNED NON-PORTABLE 
• mnt-by: MAINT-IN-YOU
• last-modified: 2022-08-16T06:43:19Z
• mnt-irt: IRT-IN-YOU
• source: APNIC
• irt: IRT-IN-YOU
• address: YOU Broadband India Limited
• address: 2nd Floor, Millennium Arcade
• address: Opp. Samarth Park, Adajan-Hazira Road
• address: Surat-395009,Gujarat
• address: India
• e-mail: abuse@youbroadband.co.in
• abuse-mailbox: abuse@youbroadband.co.in 
• admin-c: HA348-AP
• tech-c: NI23-AP
• auth: # Filtered
• mnt-by: MAINT-IN-YOU
• last-modified: 2022-08-08T10:30:51Z
• source: APNIC
• person: Harindra Akbari
• nic-hdl: HA348-AP
• e-mail: harindra.akbari@youbroadband.co.in
• address: YOU Broadband India Limited
• address: 2nd Floor, Millennium Arcade
• address: Opp. Samarth Park, Adajan-Hazira Road
• address: Surat-395009,Gujarat
• address: India
• phone: +91-261-7113400
• fax-no: +91-261-2789501
• country: IN
• mnt-by: MAINT-IN-YOU
• last-modified: 2022-08-10T11:01:47Z
• source: APNIC
• person: NOC IQARA
• nic-hdl: NI23-AP
• e-mail: network@youbroadband.co.in
• address: YOU Broadband India Limited
• address: 2nd Floor, Millennium Arcade
• address: Opp. Samarth Park, Adajan-Hazira Road
• address: Surat-395009,Gujarat
• address: India
• phone: +91-261-7113400
• fax-no: +91-261-2789501
• country: IN
• mnt-by: MAINT-IN-YOU
• last-modified: 2022-08-08T10:18:09Z
• source: APNIC
• route: 123.201.40.0/24
• descr: YOU Broadband & Cable India Ltd.
• origin: AS18207
• mnt-lower: MAINT-IN-YOU
• mnt-routes: MAINT-IN-YOU
• mnt-by: MAINT-IN-YOU
• last-modified: 2012-01-25T11:25:55Z
• source: APNIC

IP 123.201.40[.]112 uses the requested URL-path to make a GET request on the IP-address at port 80. "NOT RESPONDED" is the response status code for the request "C:\PROGRAM FILES GOOGLE CHROME APPLICATION CHROME.EXE" that was started by the process. 

Programs that retrieve their server data using a GET request are considered legitimate. The Google Chrome browser, a fully functional application widely used for web browsing, was used to make the actual request. It asks to get access to the server with IP 123.201.40[.]112 in order to collect its data and other resources. 

Malware uses GET requests to retrieve more commands or to send data back to the command and control servers. In this instance, it may be an attack server making the request to a known IP address with a known port number. Since the server has not replied to the request, the response status "NOT RESPONDED" may indicate that the activity was carried out with malicious intent.

This graph illustrates how the Qakbot virus operates and interacts with its C2 server, located in India and with the IP address 123.201.40[.]112. 

Impact

Qbot is a kind of malware that is typically distributed through hacked websites, malicious email attachments, and phishing operations. It targets private user information, including corporate logins or banking passwords. The deployment of ransomware: Payloads from organizations such as ProLock and Egregor ransomware are delivered by Qbot, a predecessor. Network Vulnerability: Within corporate networks, compromised systems will act as gateways for more lateral movement.

Proposed Recommendations for Mitigation

• Quick Action: To stop any incoming or outgoing traffic, the discovered IP addresses will be added to intrusion detection/prevention systems and firewalls.
• Network monitoring: Examining network log information for any attempts to get in touch with these IPs
• Email security: Give permission for anti-phishing programs.
• Endpoint Protection: To identify and stop Qbot infestations, update antivirus definitions.,Install tools for endpoint detection and response.
• Patch management: To reduce vulnerabilities that Qbot exploits, update all operating systems and software on a regular basis.
• Incident Response: Immediately isolate compromised computers.
• Awareness: Dissemination of this information to block the IP addresses of active C2 servers supporting Qbot malware activity has to be carried out.

Conclusion:

The discovery of these C2 servers reveals the growing danger scenario that Indian networks must contend with. To protect its infrastructure from future abuse, organizations are urged to act quickly and put the aforementioned precautions into place. 

Reference: 

• Threat Intelligence - ANY.RUN
• https://www.virustotal.com/gui
• https://www.virustotal.com/gui/ip-address/123.201.40.112/relations

‍

AI and other technologies are advancing rapidly. This has ensured the rapid spread of information, and even misinformation. LLMs have their advantages, but they also come with drawbacks, such as confident but inaccurate responses due to limitations in their training data. The evidence-driven retrieval systems aim to address this issue by using and incorporating factual information during response generation to prevent hallucination and retrieve accurate responses.

What is Retrieval-Augmented Response Generation?

Evidence-driven Retrieval Augmented Generation (or RAG) is an AI framework that improves the accuracy and reliability of large language models (LLMs) by grounding them in external knowledge bases. RAG systems combine the generative power of LLMs with a dynamic information retrieval mechanism. The standard AI models rely solely on pre-trained knowledge and pattern recognition to generate text. RAG pulls in credible, up-to-date information from various sources during the response generation process. RAG integrates real-time evidence retrieval with AI-based responses, combining large-scale data with reliable sources to combat misinformation. It follows the pattern of:

• Query Identification: When misinformation is detected or a query is raised.
• Evidence Retrieval: The AI searches databases for relevant, credible evidence to support or refute the claim.
• Response Generation: Using the evidence, the system generates a fact-based response that addresses the claim.

How is Evidence-Driven RAG the key to Fighting Misinformation?

• RAG systems can integrate the latest data, providing information on recent scientific discoveries.
• The retrieval mechanism allows RAG systems to pull specific, relevant information for each query, tailoring the response to a particular user’s needs.
• RAG systems can provide sources for their information, enhancing accountability and allowing users to verify claims.
• Especially for those requiring specific or specialised knowledge, RAG systems can excel where traditional models might struggle.
• By accessing a diverse range of up-to-date sources, RAG systems may offer more balanced viewpoints, unlike traditional LLMs.

Policy Implications and the Role of Regulation

With its potential to enhance content accuracy, RAG also intersects with important regulatory considerations. India has one of the largest internet user bases globally, and the challenges of managing misinformation are particularly pronounced.

• Indian regulators, such as MeitY, play a key role in guiding technology regulation. Similar to the EU's Digital Services Act, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, mandate platforms to publish compliance reports detailing actions against misinformation. Integrating RAG systems can help ensure accurate, legally accountable content moderation. 
• Collaboration among companies, policymakers, and academia is crucial for RAG adaptation, addressing local languages and cultural nuances while safeguarding free expression. 
• Ethical considerations are vital to prevent social unrest, requiring transparency in RAG operations, including evidence retrieval and content classification. This balance can create a safer online environment while curbing misinformation.

Challenges and Limitations of RAG

While RAG holds significant promise, it has its challenges and limitations.

• Ensuring that RAG systems retrieve evidence only from trusted and credible sources is a key challenge. 
• For RAG to be effective, users must trust the system. Sceptics of content moderation may show resistance to accepting the system’s responses. 
• Generating a response too quickly may compromise the quality of the evidence while taking too long can allow misinformation to spread unchecked.

Conclusion

Evidence-driven retrieval systems, such as Retrieval-Augmented Generation, represent a pivotal advancement in the ongoing battle against misinformation. By integrating real-time data and credible sources into AI-generated responses, RAG enhances the reliability and transparency of online content moderation. It addresses the limitations of traditional AI models and aligns with regulatory frameworks aimed at maintaining digital accountability, as seen in India and globally. However, the successful deployment of RAG requires overcoming challenges related to source credibility, user trust, and response efficiency. Collaboration between technology providers, policymakers, and academic experts can foster the navigation of these to create a safer and more accurate online environment. As digital landscapes evolve, RAG systems offer a promising path forward, ensuring that technological progress is matched by a commitment to truth and informed discourse.

References

• https://experts.illinois.edu/en/publications/evidence-driven-retrieval-augmented-response-generation-for-onlin 
• https://research.ibm.com/blog/retrieval-augmented-generation-RAG 
• https://medium.com/@mpuig/rag-systems-vs-traditional-language-models-a-new-era-of-ai-powered-information-retrieval-887ec31c15a0 
• https://www.researchgate.net/publication/383701402_Web_Retrieval_Agents_for_Evidence-Based_Misinformation_Detection 

‍

Introduction

In the new age of technologies the internet and social media continue to witness a surge in deepfake videos a technological phenomenon that blurs the line between reality and fiction. The string of deepfake videos of Bollywood actors and other famous personalities has raised serious concerns. While Prime Minister Narendra Modi spoke against the risks of artificial intelligence at the G20 Virtual Summit. The central government has recently announced that it will soon set up dedicated regulations to tackle this Menace. This will include holding social media platforms and creators responsible for their actions against the rules and regulations. Very often most people shy away from initiating a legal process or taking action while being victims of misuse of fast-paced tech but the government has announced its big support to the victims and promised to stand by complaints against deepfake videos especially this includes helping individuals to report the incidents and any violations by platforms.

Social media platforms to realign their policies as per the Indian laws

The Ministry of Electronics and Information Technology (MeitY) announced on 24th November 2023 that it will be giving social media platforms seven days time period to align their terms of service and other policies with Indian laws and regulations in order to address the issue of hosting of deepfakes on these platforms. All platforms must align and transform their terms of use with their users to be consistent with the 12 areas that are prohibited under rule 3(1)(b) of the Information Technology (IT) Rules, 2021.

The platforms will ensure harmonization and alignment of their terms & policies so that every user on every platform is aware that when they use a platform the platform intends to be a safe and trusted platform and the platform will not tolerate these 12 types of content or information that have been prohibited under the IT Act and the IT rules. The government approach is to collectively advocate for responsible and safe use of the Internet. The government has taken a proactive step in partnership with these social media platforms to ensure an era where such platforms will be a lot more responsible and a lot more responsive to the expectations under the law and more compliant.

Officer to be appointed under rule 7 

As Deepfake Videos continue to surface on social media, the Government has geared up to curb such content online. Mr. Rajeev Chandrasekhar Minister of State, (Meity), stated that the government will soon appoint an officer to take appropriate action against deepfake videos. This statement came after the government meeting with industry stakeholders and important players held on 24 Nov 2023. He added that Meity and the government of India will nominate an officer under rule 7  (IT rules 2021) and will ensure full compliance expectations from all the platforms. An officer appointed under Rule 7,  will be entrusted with building a mechanism where users can put in their complaints regarding deepfakes and MeitY may also assist such aggrieved users with filing FIRs in such cases. Mr. Rajeev Chandrasekhar, Minister of State, (Meity) also added that we will also be creating a platform where it will be very easy for netizens to bring to the attention of the government of India and notices of allegations or reports of violation of law by the platforms and the rule 7 officer will take that digital platform information and respond accordingly. 

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (updated as on 6.4.2023)

Rule 3(1)(b) states that intermediaries shall inform its rules and regulations, privacy policy and user agreement to the user and shall make reasonable efforts to ‘restrict’ the users from hosting, displaying, uploading, modifying, publishing, transmitting, store, update or sharing any information that is prohibited under this rule which also includes deepfake, misinformation, CSAM(Child sexual abusive material) etc.  As per rule 3(2)(b) Intermediaries shall remove or disable access within 24 hours of receipt of complaints of contents that expose the private areas of individuals, show such individuals in full or partial nudity or in a sexual act or is in the nature of impersonation including morphed images etc. 

Ongoing Efforts Ahead of Crucial Meeting with Tech Giants

Ahead of the government meeting with online platforms such as Google, Facebook, and YouTube on Friday, 24th November 2023, Mr. Rajeev Chandrasekhar Minister of State, (Meity) added that way back from October 2022 the government of India had been alerting them to the threat of misinformation and deepfakes which are part of misinformation. He further added that the current IT rules under the IT Act provide for adequate compliance requirements on their part to deal with deepfake.

Deepfake Misinformation

Misinformation powered by AI becoming an even more potent force to disrupt and to mislead and to create chaos and confusion at a scale and of a type that is deeply detrimental. Deepfakes in a very simple basic way is misinformation which is powered by or enhanced by AI. Video-based deepfake misinformation is more dangerous since it has a greater reach as video consumption today is the preferred choice by users on the internet.

Way forward

The Honorable Prime Minister has raised the issue that deep fakes are deeply disruptive they can create divisions and all kinds of disruptions in communities, in families and therefore misuse of deepfake technology is a very clear present danger to the safe and trusted internet.

The Government is on its way to draft a dedicated legislation dedicated to tackling deepfakes.

Even as we speak to a future regulation and a future law which is certainly required given that our IT Act is 23 years old. However current IT rules provide for compliance requirements by the platforms on misinformation patently false information and deepfakes. Followed by the recent government advisory on misinformation and deepfake.

Conclusion

Prime Minister alerting of the dangers of deepfakes online. The government is now in the process of starting to look very seriously into this issue and also issued guidelines for intermediaries and in a finite period of time it is hoped that the threat of deep fakes would actually no longer exist in in our system. The government made it clear that apart from people spreading deepfake videos, the platforms making them spread and not taking action will also be liable they are currently liable and will be even more so in future after new rules and regulations are brought in.

References:

• https://www.moneycontrol.com/news/technology/deepfakes-meity-gives-social-media-platforms-7-day-ultimatum-to-align-their-policies-to-indian-laws-and-regulations-11805521.html
• https://www.azbpartners.com/bank/amendments-to-the-information-technology-intermediary-guidelines-and-digital-media-ethics-code-rules-2021/#:~:text=Prior%20to%20the%20amendment%2C%20under%20Rule%203(1)
• https://www.drishtiias.com/daily-updates/daily-news-analysis/amendments-to-the-it-rules-2021
• https://youtu.be/zmI2ml1d_Es?feature=shared
• https://pib.gov.in/PressReleaseIframePage.aspx?PRID=1975445

‍