Enhancing non-intrusive/ passive based cyber intelligence gathering and social media-based sentiment correlation


Social media is no longer just a tool for social interaction among people. It has instead transformed into a medium that could be manipulated and used for subversive activities. In addition to social media, traditional media, email and other means of communication could also be used to amplify the output of various means used to achieve various nefarious ends. It is thus essential for nation-states to protect their public opinion and identify sources of disharmony or malintent.

Understanding the context
A recent study by the Oxford Institute The report found that digital propaganda and social media manipulation have proliferated massively in recent years — now prevalent in more than double the number of countries (70) vs two years ago (28). An increase of 150%. In the days since India repealed Article 370, a neighbouring nation resorted to using an army of bots to flood social media platforms with anti-India posts. Such efforts have led to manipulated hashtags trending with the bots trying to impress upon social media users that these posts were being made from India. Fake images, quotes and even events were created and used by actors to push their devious agenda.

The main intelligence wing of our neighbouring state has launched a recruitment spree to hire techies and hackers who work as cohorts to wage anti-India propaganda which also reached the shores of nations hosting a significant population of Indian ex-pats. The extent of lies and misinformation spread in a coordinated manner made our intelligence agencies to move fast to monitor and curb such activities.

Such an effort on social media serves two purposes. On the one hand, it attempts to portray our country in a bad light in order to lower public morale while on the other it also seeks to keep our security and intelligence agencies occupied trying to curb these activities. By keeping our agencies busy, they intend to exploit a weakness that may have arisen due to disproportionate deployment of intelligence attention. There seems to be an appetite for using such weaknesses to create a larger disruption in the country.

These forces also seek to demoralise our armed forces personnel through Psychological operations (PSYOPS). The intention is to harm our anti-terror and anti-infiltration operations across the Line of Control and International Border. By creating a smokescreen, some of these countries with adversarial intentions also wish to encourage arms and drugs smuggling and gun-running while encouraging anti-social elements and mercenaries to sabotage from within and conduct espionage.

Adversarial entities, including terrorist groups, are also using social media to ‘brainwash’ the youth of the country. This is done in a coordinated manner by feeding social streams with doctored videos, fake news, fake images and content that has been framed to incite violence. Once recruited, these youngsters are then added to sleeper cells that are activated when these entities want to promote violence or large-scale disruption.

Another item on the agenda of these inimical forces is the disruption of the financial sector in the country. By keeping the sentiment and morale low, they seek to target the financial well being of our country. The immediate targets for such a move include the stock markets, currency trading, trading in commodities and more.

With an explosion in social media channels including Facebook, Twitter, Whatsapp, Youtube, Telegram, Tiktok, Justpaste.it etc., it becomes difficult to monitor and track the movement of fake news and disorienting communication. Most of these social platforms offer complete anonymity thereby affording a smokescreen for elements determined to indulge in mischief. Newer social media platforms are also getting added daily, making it even more difficult to track them as they only appear on the radar when thousands start using them.

Framing a coordinated response

To understand the disruptive nature of these forces, it is essential to understand their motivations and objectives. We need to frame a three-pronged approach to take on these forces. The main elements of this approach will be:

  • Understanding adversarial elements and their intentions
  • Identifying the mediums of influence/disruption
  • Tackling these actors and their tactics before their subversive agenda becomes obvious through action

Our response to these actors should focus on eliminating the influence these actors have on these mediums. They should be contained early by monitoring sentiment on these mediums and identifying sources of negative influence or disruptive propaganda. Monitoring such mediums will also reveal patterns of influence building, topics being tagged and monitored and by extension, the extent of involvement of intelligence agencies belonging to states that with disruptive intent.

Intelligence agencies of other states are running digital influence teams that are working through websites, social media platforms and other digital avenues to propagate disruptive messaging and fake news. We need to counter them across the digital diaspora. There should also be a level two-interception capability to handle accounts, bots or fake news that gets through. In case of episodes such as the recent flare-up at the LoC, we need to activate the countermeasures faster so that the propaganda does not go out of hand and media, citizens and other entities are not misled. This is in addition to baselines monitoring measures that go on during times of normalcy.

Episode-based peaks must be handled and managed faster than activity that is seen during normal times as the chances of such propaganda causing disruption is more during times of geopolitical stress. All allied activity that occurs along with such episodes also needs to be handled as part of a standard digital disruption management tactic.

A digital media communication management centre can help in monitoring and addressing such propaganda through an institutionalised approach.

Platform-based approach
A communication monitoring and management platform will help in this endeavour. The platform should be able to host publicly available suspicious communication/posts posted on various mediums. The spread of such messages and posts should be scuttled by using appropriate interventions. The platform should also identify patterns of intervention from the other side and be able to forecast in some form or manner future modus operandi of adversarial entities. It should also act as the first line of defence against such forces.

Digital signal intelligence
Patterns of online activity seen in the past and associated with disruptive digital intentions should be exposed early as well. Forums that are constantly churning such content directed against India’s interests, our equity, nationhood, economic sentiment etc., should be isolated and reported so that they can be taken down by entities that are hosting them. In case they are hosted in states with adversarial intent, the IP traffic from such sources should be blocked as well.

Content-based response
Involves strategies around redirecting people searching for content linked to terrorist and disruptive activities to safe content. Social media platforms can also be engaged to pull down such content at the earliest by detecting them early using various means including keywords so that they are taken down before they go viral.

A media wing can also be created that works to counter such propaganda and clarifies the national position on issues that matter. Such an agency can also be tasked with managing episodes of disruption on social media. It can be the first line of action against misinformation, disruption and less than acceptable actions on social media.

Sentiment harvesting
Online sentiment analysis gives inputs on a variety of aspects linked to national security. Flooding our social media sites with negative propaganda, for instance, could indicate a deeper desire to create greater disruption. It could also signal investment in other means that could be hidden behind the smoke created to overwhelming our intelligence agencies. Such data can give us a heads up so that our intelligence countermeasures can be initiated faster and in the right direction.

Cluster analysis
Clusters of bots and actors with a disruptive agenda often work in tandem with at least some minimal level of coordination to cause disruption. Thus, even if one cluster is exposed early, the chances are that others can also be brought to light early and curbed.

With the right mix of measures and interventions, our national interests could be protected online, and we can also prevent any damage to our national morale and economic sentiment. We need to invest in strategies and tactics designed to further this agenda from our end.

1. Voter manipulation on social media now a global problem, report finds https://techcrunch.com/2019/09/26/voter-manipulation-on-social-media-now-a-global-problem-report-finds/

Leave a Reply

Your email address will not be published. Required fields are marked *