India’s Tek Fog Shrouds an Escalating Political War
(Bloomberg Opinion) -- For much of Prime Minister Narendra Modi’s nearly eight years in power, the relationship between social media platforms, journalists and India’s ruling Bharatiya Janata Party has been nasty and vitriolic, and almost always murky. Now we can start to understand why.
A browser-based application was reportedly used by the BJP to infiltrate social media platforms in order to spread misinformation, target female reporters and home in on anyone it deems an opponent. A report published last week by The Wire, an independent Indian news publication, documented the mechanics and strategy behind the computer program, which is known as Tek Fog, according to a whistleblower claiming to be a disgruntled employee of the ruling party’s information technology cell. It’s unclear when the system came into being, but The Wire has been investigating the claims made by the unidentified source for two years.
Opposition parties have denounced the app as a national security threat, and asked Parliament to probe it, while Modi has remained silent on the revelations. His party didn’t respond to an email seeking comment. The Wire article named Devang Dave, a former head of social media at the BJP’s youth wing, as a supervisor of the Tek Fog operatives. Following the expose, Dave released an email to The Wire in which he denied that the party had ever used — or known about — a secret app to manipulate public opinion.
The BJP, the most well-funded of all Indian political parties, has been an early adopter of information technology. It has harnessed the power of databases and its well-equipped IT cell to target voters. But a misogynistic and abusive app meant to instill fear among journalists and critics goes beyond the pale of acceptable political marketing. Indeed, it would be a “travesty of all democratic norms, and in violation of law,” as the Editors Guild of India said in a statement.
For some of the reporters who have been subject to attack, the revelations are a vindication — even a relief. “I’m happy to know that it isn’t actually a human being lighting up my phone with disgusting, sexually colored abuse on a daily basis, but bots,” says Swati Chaturvedi, a New Delhi-based investigative journalist. “Still, what message does it send about our democracy when private citizens are systematically attacked by a call center of hate?” Chaturvedi has been a target for harassment since publishing her 2016 book, “I Am A Troll: Inside the Secret World of the BJP’s Digital Army.”
The use of bots to distort public opinion is reminiscent of what Russian operatives did on Facebook in advance of the U.S. presidential election.
Tek Fog is much more powerful. From a technical perspective, the reach and effectiveness of this new software is both impressive and deeply worrying. According to the report, users of the platform could tap into and manipulate the trending features on Twitter and Facebook — by automatically sharing or retweeting posts, and targeting existing hashtags — to commandeer the narrative on India’s most widely used social media services. This simple tactic could then amplify propaganda, in order to make a particular idea or opinion appear more popular than it really was, or to shout down opposing views.
More alarming is Tek Fog’s ability to access the contact lists of inactive accounts on Meta Platforms Inc.’s WhatsApp service to disseminate messages and steal personal information. This allowed operatives to be much more precise in their messaging, while also building a database of future targets. The result was brutal. Perceived opponents, including female journalists, were subsequently harassed and trolled across a variety of social media platforms in an attempt to scare them into silence.
That such a merciless campaign could be conducted so efficiently can be partially explained by the social media firms’ strategic decision to make their products accessible through external connections known as application programming interfaces, or APIs. This functionality is ostensibly designed for convenience — you can easily tweet a chosen article directly from a media outlet’s website without going to twitter.com.
Internet companies love it. This convenient access ensures more users, greater engagement and a rising trove of data that they can then tap to sell more targeted ads. But there is a flip side to APIs. As The Wire outlined, Tek Fog allowed users to easily create temporary email addresses and bypass authentication systems — operatives could in effect hack into WhatsApp, Facebook, Instagram, Twitter and Telegram.
And hack they did. In a follow-up article, The Wire outlined how Tek Fog exploited vulnerabilities in these APIs to get unprecedented levels of access to social-media platforms. What’s more, online operators deployed well-known and sophisticated hacking techniques to create fake news that looked like genuine articles written by the original legitimate authors, complete with realistic URLs.
With such functionality at their fingertips, the technical prowess of the world’s most powerful internet companies — from consumer-friendly apps to efficient data-crunching algorithms — could be brought to bear on anyone standing in the way of misinformation campaigns that demonize minorities, discredit political opposition and brand anyone opposing government policies as anti-national. Conscientious journalists, clear-minded citizens and millions of voters don’t stand a chance.
Some groups are particularly at risk. Police in India recently arrested four suspects, all college students, for scraping the social-media profiles of Muslim women — activists, journalists, actors and politicians — and listing them for sale via an app on GitHub, the Microsoft-owned open software development platform.
By contrast, Tek Fog is a military-grade PSYOP — psychological operations — weapon. A capability like this has so far been available only to state actors for use against enemy populations, said Anand Venkatnarayanan, an Indian internet security researcher and co-author of a 2021 book on information warfare. “Putting such a weapon in the hands of non-state actors affiliated to a political party contesting for mind space of citizens in a democracy has never been done before.”
It’s an effective tool to drown out questioning voices. Rohini Singh, another New Delhi-based journalist who faces online harassment routinely, worries about the future of independent reporting in India, particularly as a woman. “When you wake up to 10,000 abuses in your social-media mentions, it does affect you,” Singh said. “Earlier, we had to worry about getting a story right. Now we have to worry about rape threats, invasion of our privacy and non-stop slander. None of us signed up for this. Journalism is not a crime.”
Governments might be able to combat misinformation that infiltrates the internet, if they tried. But it’s increasingly clear that they can’t be relied upon to do so. That’s why social-media platforms need to take the lead, and the first step will be to crack down on external access via APIs. From there, tech firms need to implement better auditing systems so that they have greater clarity on who is using their platforms, and how.
With the internet now such an important tool of modern society, it’s incumbent on the companies that operate it to retake control of the technologies they built. Democracy depends on it.
More From This Writer and Others at Bloomberg Opinion:
This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.
Tim Culpan is a Bloomberg Opinion columnist covering technology. He previously covered technology for Bloomberg News.
Andy Mukherjee is a Bloomberg Opinion columnist covering industrial companies and financial services. He previously was a columnist for Reuters Breakingviews. He has also worked for the Straits Times, ET NOW and Bloomberg News.
©2022 Bloomberg L.P.