Why 2019 Indian general election is likely to be influenced by foreign cyber actors

Please challenge this hypothesis. I would like to be rebutted and told that this is just the work of my grandiose imagination.

India has been a hotbed of disinformation since the Cold War. Former R&AW chief Vikram Sood chronicles its history in his new book The Unending Game. He narrates how the KGB had “ten Indian newspapers and one news agency on their payroll and thousands of articles were planted.”

Legendary black ops specialist Bahukutumbi Raman had also recorded the scale of Soviet subversion, assessing the information gleamed from the Mitrokhin Archive.

Matt Tait – a former cyber operative with the GCHQ (the British technical intelligence agency) – highlights an interesting incident in his fantastic keynote at Blue Hat 2017. Tait was the first to flag the Russian hacking of the U.S. infrastructure as a coordinated influence operation, much before the Americans got a handle on it.

In 1983, a fake telegram said to be authored by the U.S. ambassador to the UN Jeane J. Kirkpatrick was leaked to the pro-Soviet press of Delhi. The document called for the balkanisation of India by covert means. The outrage that followed almost led to the complete severing of the Indo-U.S. ties. Tait calls it a classic case of 21st century information warfare.

As I mentioned before:

The political vocabulary you use becomes the technical grammar of your adversary’s cyber operations. And it isn’t just the vocabulary you expend for foreign affairs or other outwardly matters that gets exploited, but even the inward-looking stances on domestic politics.

Your internal fault-lines around community, caste and other such demarcations may already be getting weaponised in some nondescript safehouse, laying waste to the strategic monoliths created by generals and hawks.

A perfect example would be the Russian infiltration of political groups on Facebook, existing on both sides of the divide. On the one hand, the troll army bolstered Trump’s candidacy; on the other, it exploited the internal strife within the Democratic Party.

A leaked presentation of the Psy Group – an Israeli open source intelligence firm – analyses how a pro-Bernie Sanders page was spammed with anti-Hillary messages by Russian trolls. Bernie supporters “left in droves, depressed and disgusted by the venom.”

And just this week, the same operator was seen targeting American conservative think tanks.


That is exactly how it may play out. Disinformation does not aim to sharpen the divide but only degrades the cognitive ability to process information and opinions – thus aggravating our deep-rooted prejudices.

So, it won’t tow, say, the simple BJP vs. Congress line, but would pit the many hues of internal and external partisanship against each other. And the Indian social media, divided as it ever was, is totally ripe for weaponisation.

There could be four – or rather four types of – potential actors: the U.S., Russia, Pakistan and China.

David Sanger writes in his 2018 book The Perfect Weapon:

While in the bad old days the CIA would have brought bags of cash to Italian politicians and Chilean strongmen, election influence had since become the territory of the State Department, whose techniques were significantly more timid and transparent. When the United States intervened in contemporary elections, it usually did so to assure that more people had access to the vote. Rather than cash, it stuffed suitcases with an “Internet in a box” to defeat crackdowns on information.

The U.S. cyberwar machinery is hinged at maintaining declaratory dominance in cyberspace, so its use of operations is very judicious and specific. And its surveillance apparatus is pretty much post-partisan from the Indian lens – in a sense that the Americans have rigged the system so deeply that they do not need to orchestrate any kind of regime change. I am not even accounting for the fact that the political will in the Trump administration may be lacking due to its noticeable rift with the U.S. Intelligence Community – not to mention that the Five Eyes may never reach a consensus on such an operation.

Russia has been most successful in overhauling its Active Measures setup by gluing it with modern-day cyber operations. It is easy to forget that the Active Measures budget of the Soviet Union in the 80s was almost $2 billion, greater than that of whole of the NSA. It was a very sturdy vestigial machine that just needed some oiling.

Russia went a step further and fine-tuned its playbook in Crimea and Ukraine, now being unleashed on the U.S. and the EU.

But the fading Indo-Russian romance cannot be rekindled by mere covert influence. The suitor has, as they say, moved on. It may further antagonise India against its once treasured ally – post-breakup contact with an ex is generally disastrous.

However, just like Putin’s wild, crazy experiment in the U.S., Russia may be tempted to stir the pot a little, especially when it has good topical context on India.

Pakistan, our convenient enemy, does not have a unified cyber operations framework to orchestrate anything at scale –  and scale matters in disinformation. It is still a generation behind in hybrid warfare, preparing for conventional low-intensity conflict under a tactical nuclear weapons umbrella.

Pakistan does boast an integrated net-centric warfare doctrine – glorified by operation Azm-e-Nau – but is stuck in the post-Cold Start inertia. While the Inter Services Public Relations directorate is very skilled in perception management – and could have strategised the information operations mandate instead of traditionalist ISI – it does not have the teeth for cyber offence.

A few shots fired here and there may not mean much. I will be very impressed if the Pakistanis are able to pull off anything at all.

That leaves China. It has the perfect vantage point and is fully apprised of the opportunity. But 3PLA does not play the short game. It, too, has deeply rigged the Indian infrastructure so tactical disruption may not even be necessary.

As former NSA cyber operative Dave Aitel posits, detectability is a systemic weakness and the Chinese know it. This may explain why they have a “loose C&C,” to borrow from The Grugq.

The PLA enjoys plausible deniability by nurturing a heterogeneous cyber ecosystem that can accommodate all species: low and high skilled, and military and private operators. This also means that China can feed its D-teams to the wolves in case U.S. turns up the heat. That gives it enough flexibility across the spectrum of attribution.

This could pose a big problem for India. Lacking rigour, institutional memory and analytical capabilities, our agencies have the tendency to over-attribute everything to China. I can cite numerous examples. This may backfire geopolitically. Even if our agencies get lucky, they could easily misattribute the D-team as an A-team without an escalatory strategy in place.

It is quite possible that China may even be unequipped to play the short game.

Theirs is a custom-built system for economic cyber espionage, which means downstream declassification, fusion centres and what not. At the top of the pyramid is a full-throttled electronic warfare monster. The middle may be weak.

Sure, cyber feeder school Shanghai International Studies University may provide the language capabilities, the PLA still won’t have the operational agility necessary for disinformation – not to mention the healthy internal rivalry that worked to the advantage of Putin. So, it will, most probably, be a long game.


Over the course of a decade or two, India did not build institutional memory and comparative understanding of the cyber operations frameworks of the U.S., Russia, China and others. Without the larger picture, figuring out the intent of a state-sponsored cyber operation becomes highly prone to a miscalculation. And unlike the American private sector, which actually took the lead in exposing the Russian intrusions, our industry does not have that kind of mobilisation.

As nation states compete with each other to expand the reach of their cyber capabilities, it is certain that they will test disinformation if not leverage it. And in cyberspace, there’s no difference between a drill and a real-world op. Testing your offensive toolkit is the same as rendering it fully over adversary’s infrastructure.


As a Vice Admiral, retired from the Indian Navy, once reassured me: India survives despite all odds because God takes care of its peoples. I hope that is very well the case. If nothing else, our diversity of religion, culture and language (more than 1600 at the last count) – which, too, is being swept away by divisive forces – may just be that last deterrent.