There is continual war in cyberspace

Pukhraj Singh
Cyber-intelligence Specialist

On November 26, I uncovered the largest known foreign disinformation operation targeting the Indian users of social media. The word "disinformation" traces its origin to old Soviet intelligence manuals, brought into the popular lexicon in recent years. It was extensively used to define the fierce onslaught of online Russian propaganda and trolling that played some part in swaying the 2016 US presidential elections.

Further details of my investigation are available at www.pukhraj.me. It was a follow-up to a series of disclosures made by social media companies that are struggling to curb state-backed propaganda efforts in cyberspace, dubbed as influence operations.

In August this year, cyber security company FireEye reported a widespread influence operation — purportedly of Iranian origin (but with a perplexing Russian operational signature) — leveraging a network of inauthentic news websites and social media accounts. In a coordinated move prior to the disclosure, Facebook, Twitter and Google brought down hundreds of fake news accounts and pages linked to it.

In October, Twitter also released a downloadable archive of nine million tweets traceable to the same entities, to encourage the integrity of elections.

Upon further digging by open source intelligence analysts and journalists, it was discovered that the scope of the operation extended to many geographies, including India. However, its local impact and reach were ascertained to be minimal.

After a fresh assessment of the case, I have technical evidence to strongly dispute that claim. Contrary to what is known, the campaign was highly successful in engaging and polarising the Indian polity. By exploiting the growing sense of alienation among the Indian minorities and weaponising the left-liberal discourse, the threat actors built a propaganda machine that cut across party and ideological lines. It engaged top political leaders and swathes of Indian social media users. 

The operation garnered hundreds of thousands of Facebook and Twitter impressions. It could very well be the most systematic attempt at domestic foreign interference via cyberspace, meeting the thresholds of cyber-enabled information warfare. If left undeterred, such insidious campaigns could sway a decisive chunk of the populace in the 2019 General Election.

James Van De Velde — who trains American spies at the National Intelligence University — believes that cyberspace is a persistently contested environment where "continual confrontation" has become the norm. Alexander Klimburg — an affiliate at the Berkman Klein Center for Internet & Society at Harvard University — defines this confrontation as a "slow, hardly measurable, and yet steady reinterpretation of information as a weapon."

Such a contest that exhibits peacetime normalcy yet constantly flirts with the established thresholds of conflict — always remaining below them — has become the norm.

General Valery Gerasimov is widely thought to be the exponent of Russian 'hybrid warfare' that fuses conventional and unconventional instruments of projecting state power. We saw its trailers in the Russo-Georgian War of 2008, the Russian annexation of Crimea in 2014 and the 2016 election interference in the US. Gerasimov believes that such disruption of norms is the result of the "blurring (of) lines between the states of war and peace."

"Wars are no longer declared and, having begun," Gerasimov exposits, "proceed according to an unfamiliar template." War is everywhere is his central assertion.

To address this very unfamiliar template, the US Cyber Command (USCYBERCOM) has initiated manoeuvres that mark the unprecedented devolution of protocols and redlines of conflict. As the mid-term elections drew near this October, the USCYBERCOM — believe it or not — warned Russian trolls by sending them direct messages on Twitter. It boggles your mind to imagine a unified command, on  a par with the country's nuclear forces, resorting to such intimidation.

But this is the extant reality of the domain. In the annual assessment provided to the US Congress, American intelligence agencies identified cyber threats as the number 1 risk — ahead of terrorism.

The threat to India from information warfare is largely internal: a diverse, multi-ethnic society subjected to extreme political polarisation. 

If there is anything that makes the Indian polity a (more or less) lucrative cyber target than others, it is geopolitics. The political vocabulary we expend becomes the technical grammar of our adversary's cyber operations. And it is not just the vocabulary used for foreign affairs or other outwardly matters that gets exploited, but even the inward-looking stances on domestic issues.

In fact, as my investigation shows, our internal fault-lines around community, caste and other such demarcations may already be getting weaponised — laying waste to the strategic monoliths created by generals and hawks.

India's cyber defence apparatus is unprepared to handle disinformation at this scale. We do not have a doctrinal view or strategy as to how information warfare is to be dealt with. So, the intent of an operation — whether it should be deemed as a crime, espionage or a violation of our sovereignty — may remain underivable. As a result, proportional response — an essential qualitative and quantitative marker for military operations — would remain ambiguous, too, thus discouraging counter-action.

The only decisive option and deterrent here is the swift neutralisation of the command-and-control via cyber offensive operations — a 'defend forward' cyber strategy that the USCYBERCOM has recently adopted against the Russian actors. Since cyber attacks thrive on plausible deniability, the risks of escalation would be minimal and not affect our relationship with Iran.

Disinformation must be dealt with impartially and apolitically else the situation may worsen even more, leading to domestic collateral damage.

If selective actions are undertaken, they could conveniently undermine the fact most fake news outlets peddling right-wing propaganda are linked to domestic fringe elements (as revealed by websites like AltNews.in). The government needs to acknowledge the national security risk which the weaponisation of polarising/communal politics in cyberspace poses now. The Rubicon got crossed a while back and we have not even approached the election year.