#FactCheck -Viral Video of Electric Car Powered by Generator Is AI-Generated

Introduction
‍

The Ministry of Electronics and Information Technology (MEITy) released the Draft Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Second Amendment Rules, 2026 on March 30, 2026, inviting public comments with a response window closing on April 14. This is a limited 15-day period for public input on proposed rules that will have major constitutional impacts. The brevity and timing of this opportunity demonstrate debatable commitment to stakeholder engagement and meaningful consultation by the drafting agency.

While MEITY describes the proposed amendments as "clarificatory and procedural nature," an analysis shows they will have substantive effects. Collectively, the amended language changes significantly how online speech will be regulated in India by providing the executive with more concentrated regulatory authority, limiting the required transparency of content enforcement, mandating greater retention of data without proportionality-based safeguards, and placing excessive compliance burden on intermediaries. Each of these changes has consequences beyond just changes in process and together, these changes collectively raise substantial concerns regarding compliance with Articles 14, 19, and 21 of the Constitution of India.

‍

The Constitutional Baseline: Shreya Singhal and the Limits of Intermediary Liability
‍

India’s Supreme Court decision in Shreya Singhal v Union of India (2015) 5 SCC 1 provides the foundation for intermediary liability, wherein the Court read down Section 79(3)(b) of the IT Act, 2000, holding that intermediaries are required to act upon receiving actual knowledge only through a court order or a valid notification by the appropriate government authority. The Supreme Court’s decision intended to provide a constitutional protection to intermediaries from being subjected to informal, unverified executive pressure to take down content by requiring that any such order be subject to some level of legal objective credibility or threshold.

‍

Rule 3(4) of the proposed amendments places that balance under significant strain. By requiring intermediaries to comply with advisories, directions, standard operating procedures, codes of practice, and guidelines issued by the Ministry — and tying non-compliance to the loss of safe harbour — the draft effectively lowers the constitutional threshold that Shreya Singhal was designed to maintain. Compliance obligations now potentially arise from instruments that carry no judicial sanction and no mandatory public disclosure.

‍

Rule 3(4): Delegated Legislation or Executive Overreach
‍

The rule-making power conferred on the Central Government under Section 87 of the IT Act is limited to carrying out the provisions of the Act. It does not authorise the creation of new substantive obligations. This principle has been consistently affirmed in Indian Express Newspapers v. Union of India (1985) 1 SCC 641 and Confederation of Ex-Servicemen Associations v. Union of India (2006) 8 SCC 399, where the Court held that delegated legislation must remain within the four corners of the parent statute.

Rule 3(4) tests those limits. It converts executive advisories into binding compliance instruments without a clear statutory foundation in either Section 79 or Section 87. Although the proposed rule requires that such instruments specify their legal basis, there is no requirement that they be published or made publicly accessible. This creates a framework in which legality risks becoming circular — instruments claimed to be lawful solely by reference to a provision that does not clearly authorise them, shielded from scrutiny by their own opacity. Justice Chandurkar’s judgment in Kunal Kamra v. Union of India identified precisely this defect in the Fact Check Unit amendment. Rule 3(4) replicates the structural problem in a broader form.

‍

Compliance Pressure and the Logic of Over-Censorship
‍

The practical consequence of Rule 3(4) lies not only in its legality but in how it reshapes incentive structures for platforms. An intermediary facing the permanent threat of safe harbour loss will not wait to assess the legal merit of each advisory. The rational calculation is to comply early, broadly, and without friction. Lawful content — particularly satire, political commentary, and journalism — becomes vulnerable not because it is unlawful, but because it presents regulatory risk.

This dynamic was visible on 18 March 2026, when stand-up comedian Pulkit Mani (@hunnywhoisfunny) found his satirical Instagram reel being restricted across India. The video had accumulated over 16.5 million views. Users encountered a notice citing Section 79(3)(b) of the IT Act. No reasons were publicly provided. No prior hearing was offered. The same night, several political parody and satire accounts were withheld on X. 

‍

Data Retention, Privacy, and the Proportionality Test
‍

The amendments to Rules 3(1)(g) and 3(1)(h) extend data retention obligations by making them additional to requirements under any other law. The existing 180-day floor for retained user data — covering removed content, registration information, and associated records — becomes a minimum rather than a ceiling. No maximum is specified, and no proportionality requirement accompanies the extension.

‍

This raises direct concerns under Article 21 as interpreted in Justice K.S. Puttaswamy v. Union of India (2017) 10 SCC 1, which held that any state intrusion into privacy must satisfy the triple test of legality, necessity, and proportionality. Undefined retention periods, with no statutory ceiling and no requirement of purpose limitation, risk failing all three. The longer user data is held, including metadata, device information, and records of removed content,  the greater the exposure to surveillance, unauthorised access, and use beyond the original justification.

‍

Circumventing Judicial Scrutiny Through Procedural Redesign
‍

The Bombay High Court, in its August 2021 order, stayed provisions of the IT Rules’ oversight mechanism as prima facie violative of Article 19(1)(a). The Madras High Court in T.M. Krishna v. Union of India affirmed that stay, cautioning that government-controlled media oversight risked undermining press independence. Both matters remain pending before the Delhi High Court.

The amendments to Rules 8(1) and 14 restructure the same oversight machinery through a modified procedural design. By extending the Inter-Departmental Committee’s jurisdiction to cover “matters” referred by the Ministry with no requirement of a complainant, no defined subject matter, and no guaranteed prior hearing, the proposed rules effectively reconstitute what courts found constitutionally suspect. Individual users posting news and current affairs content are now brought within reach of blocking mechanisms originally designed for institutional publishers.

‍

Conclusion
‍

As seen above, the Draft IT Rules 2026 are unable to meet the constitutional and judicial requirements to regulate free speech. What the proposed amendments construct is a durable system in which platforms self-censor under liability pressure, data is retained without proportionate justification, and content oversight expands through procedural adjustment rather than parliamentary legislation. Regulation of the digital public sphere is both legitimate and necessary. But it must be anchored in law, not in the quiet authority of executive advisories. The law must ultimately remain anchored in constitutional values, guided by the enduring principles of justice, equity, and good conscience.

‍

The comment period closes on 14 April 2026. 

Submissions may be sent to itrules.consultation@meity.gov.in.

‍

References
‍

1. https://www.meity.gov.in/static/uploads/2026/03/30591fc6e322dcbcc9dae84a0f02e9e7.pdf 
2. https://www.meity.gov.in/static/uploads/2026/03/a71a21d35c107f2e528363d3eb17646a.pdf 
3. https://www.meity.gov.in/static/uploads/2026/02/550681ab908f8afb135b0ad42816a1c9.pdf 
4. https://neopolitico.com/india/government-blocks-viral-satirical-reel-impersonating-pm-modi-raising-fresh-questions-on-free-speech-and-digital-regulation/
5. https://internetfreedom.in/sound-the-alarm-iffs-first-read-on-meitys-draft-it-rules-second-amendment-2026/ 

‍

Executive Summary:

BrazenBamboo’s DEEPDATA malware represents a new wave of advanced cyber espionage tools, exploiting a zero-day vulnerability in Fortinet FortiClient to extract VPN credentials and sensitive data through fileless malware techniques and secure C2 communications. With its modular design, DEEPDATA targets browsers, messaging apps, and password stores, while leveraging reflective DLL injection and encrypted DNS to evade detection. Cross-platform compatibility with tools like DEEPPOST and LightSpy highlights a coordinated development effort, enhancing its espionage capabilities. To mitigate such threats, organizations must enforce network segmentation, deploy advanced monitoring tools, patch vulnerabilities promptly, and implement robust endpoint protection. Vendors are urged to adopt security-by-design practices and incentivize vulnerability reporting, as vigilance and proactive planning are critical to combating this sophisticated threat landscape.

Introduction

The increased use of zero-day vulnerabilities by more complex threat actors reinforces the importance of more developed countermeasures. One of the threat actors identified is BrazenBamboo uses a zero-day vulnerability in Fortinet FortiClient for Windows through the DEEPDATA advanced malware framework. This research explores technical details about DEEPDATA, the tricks used in its operations, and its other effects.

Technical Findings

1. Vulnerability Exploitation Mechanism

The vulnerability in Fortinet’s FortiClient lies in its failure to securely handle sensitive information in memory. DEEPDATA capitalises on this flaw via a specialised plugin, which:

• Accesses the VPN client’s process memory.
• Extracts unencrypted VPN credentials from memory, bypassing typical security protections.
• Transfers credentials to a remote C2 server via encrypted communication channels.

2. Modular Architecture

DEEPDATA exhibits a highly modular design, with its core components comprising:

• Loader Module (data.dll): Decrypts and executes other payloads.
• Orchestrator Module (frame.dll): Manages the execution of multiple plugins.
• FortiClient Plugin: Specifically designed to target Fortinet’s VPN client.

Each plugin operates independently, allowing flexibility in attack strategies depending on the target system.

3. Command-and-Control (C2) Communication

DEEPDATA establishes secure channels to its C2 infrastructure using WebSocket and HTTPS protocols, enabling stealthy exfiltration of harvested data. Technical analysis of network traffic revealed:

• Dynamic IP switching for C2 servers to evade detection.
• Use of Domain Fronting, hiding C2 communication within legitimate HTTPS traffic.
• Time-based communication intervals to minimise anomalies in network behavior.

4. Advanced Credential Harvesting Techniques

Beyond VPN credentials, DEEPDATA is capable of:

• Dumping password stores from popular browsers, such as Chrome, Firefox, and Edge.
• Extracting application-level credentials from messaging apps like WhatsApp, Telegram, and Skype.
• Intercepting credentials stored in local databases used by apps like KeePass and Microsoft Outlook.

5. Persistence Mechanisms

To maintain long-term access, DEEPDATA employs sophisticated persistence techniques:

• Registry-based persistence: Modifies Windows registry keys to reload itself upon system reboot.
• DLL Hijacking: Substitutes legitimate DLLs with malicious ones to execute during normal application operations.
• Scheduled Tasks and Services: Configures scheduled tasks to periodically execute the malware, ensuring continuous operation even if detected and partially removed.

Additional Tools in BrazenBamboo’s Arsenal

1. DEEPPOST

A complementary tool used for data exfiltration, DEEPPOST facilitates the transfer of sensitive files, including system logs, captured credentials, and recorded user activities, to remote endpoints.

2. LightSpy Variants

• The Windows variant includes a lightweight installer that downloads orchestrators and plugins, expanding espionage capabilities across platforms.
• Shellcode-based execution ensures that LightSpy’s payload operates entirely in memory, minimising artifacts on the disk.

3. Cross-Platform Overlaps

BrazenBamboo’s shared codebase across DEEPDATA, DEEPPOST, and LightSpy points to a centralised development effort, possibly linked to a Digital Quartermaster framework. This shared ecosystem enhances their ability to operate efficiently across macOS, iOS, and Windows systems.

Notable Attack Techniques

1. Memory Injection and Data Extraction

Using Reflective DLL Injection, DEEPDATA injects itself into legitimate processes, avoiding detection by traditional antivirus solutions.

• Memory Scraping: Captures credentials and sensitive information in real-time.
• Volatile Data Extraction: Extracts transient data that only exists in memory during specific application states.

2. Fileless Malware Techniques

DEEPDATA leverages fileless infection methods, where its payload operates exclusively in memory, leaving minimal traces on the system. This complicates post-incident forensic investigations.

3. Network Layer Evasion

By utilising encrypted DNS queries and certificate pinning, DEEPDATA ensures that network-level defenses like intrusion detection systems (IDS) and firewalls are ineffective in blocking its communications.

Recommendations

1. For Organisations

• Apply Network Segmentation: Isolate VPN servers from critical assets.
• Enhance Monitoring Tools: Deploy behavioral analysis tools that detect anomalous processes and memory scraping activities.
• Regularly Update and Patch Software: Although Fortinet has yet to patch this vulnerability, organisations must remain vigilant and apply fixes as soon as they are released.

2. For Security Teams

• Harden Endpoint Protections: Implement tools like Memory Integrity Protection to prevent unauthorised memory access.
• Use Network Sandboxing: Monitor and analyse outgoing network traffic for unusual behaviors.
• Threat Hunting: Proactively search for indicators of compromise (IOCs) such as unauthorised DLLs (data.dll, frame.dll) or C2 communications over non-standard intervals.

3. For Vendors

• Implement Security by Design: Adopt advanced memory protection mechanisms to prevent credential leakage.
• Bug Bounty Programs: Encourage researchers to report vulnerabilities, accelerating patch development.

Conclusion

DEEPDATA is a form of cyber espionage and represents the next generation of tools that are more advanced and tunned for stealth, modularity and persistence. While Brazen Bamboo is in the process of fine-tuning its strategies, the organisations and vendors have to be more careful and be ready to respond to these tricks. The continuous updating, the ability to detect the threats and a proper plan on how to deal with incidents are crucial in combating the attacks.

References:

1. https://thehackernews.com/2024/11/warning-deepdata-malware-exploiting.html‍
2. http://www.theregister.com/2024/11/19/china_brazenbamboo_fortinet_0day/

A video circulating on social media claims that British Prime Minister Keir Starmer was forcibly thrown out of a pub by its owner. The clip has been widely shared by users, many of whom are drawing political comparisons and questioning democratic norms. However, research conducted by Cyber Peace Foundation has found that the viral claim is misleading. Our research reveals that the video dates back to 2021, a time when Keir Starmer was not the Prime Minister of the United Kingdom, but the leader of the opposition Labour Party.

Claim

‍

On January 12, 2026, a video was shared on social media platform X (formerly Twitter) with the claim that British Prime Minister Sir Keir Starmer was asked to leave a pub by its owner. The post suggests that the pub owner was unhappy with Starmer’s performance and contrasts the incident with how political dissent is allegedly handled in India. The viral video, approximately 32 seconds long, shows a man angrily confronting Keir Starmer in English, stating that he had supported the Labour Party all his life but was disappointed with Starmer’s leadership. The man is then heard asking Starmer to leave the pub.

‍

Links to the viral post and its archived version were reviewed as part of the research.

• https://x.com/ashokdanoda/status/2010712226144150013 
• https://archive.ph/bqkUj 

‍

‍

‍

Fact Check

‍

To verify the claim, we extracted key frames from the viral video and conducted a Google reverse image search. During this process, we found the same video posted on an X account on April 19, 2021.The visuals in the 2021 post matched the viral video exactly, clearly indicating that the footage is not recent.The original post described the incident as an event involving Labour Party leader Keir Starmer during his visit to the Raven pub in Bath, and included a warning about strong language used by the pub owner, Rod Humphries. Here is the link to the original video, along with a screenshot:

• https://x.com/StephenSumner15/status/1384118300154634251/ 

‍

‍

Further keyword searches led us to a report published by NBC News on April 19, 2021. According to the report, Keir Starmer, then the leader of the UK’s opposition Labour Party, was confronted and asked to leave a pub in the city of Bath. The pub owner reportedly accused Starmer of failing to oppose COVID-19 lockdown measures strongly enough at a time when strict restrictions were in place across the UK.

• https://www.nbcnews.com/video/anti-lockdown-pub-landlord-screams-at-u-k-labour-party-leader-to-get-out-of-his-pub-110466117702

‍

We also verified who held the office of British Prime Minister in 2021. Official UK government records confirm that Boris Johnson was the Prime Minister at that time, while Keir Starmer served as the Leader of the Opposition.

• https://www.gov.uk/government/history/past-prime-ministers 

‍

Conclusion

‍

Our research confirms that the viral video is old and misleadingly presented. The footage is from 2021, when Keir Starmer was not the Prime Minister of the United Kingdom, but the opposition Labour Party leader. Sharing the video with the claim that it shows a current British Prime Minister being thrown out of a pub is factually incorrect.

‍