A ‘perfect’ disinformation op during the India-China-Australia tensions?5 minutes read

“Almost all disinformation operations are imperfect by design, run not by perfectionists, but pragmatists.”

— Thomas Rid in Active Measures: The Secret History of Disinformation and Political Warfare

As Thomas Rid quips in his book Active Measures, cyber-enabled information operations are more active but less measured. So, it is rare to see the instance of an old-school disinformation operation that seems to have served its purpose quite effectively.

Active Measures, in the general sense of the term, are rarely this successful, so the operation I am going to discuss certainly stands out.

The setting was two unrelated geopolitical escalations: the border clashes between India and China, and the standoff between China and Australia over an ongoing cyberattack.

A sensational piece of news pops up in Hindustan Times on June 18: China opens another front, steps up cyberattacks that target India: Intel.

The timeline of this item is really interesting.

On the same day, Indian news outlets broke the story of a brutal clash between the Indian and Chinese troops in the Galwan valley.

It was the severest escalation between the burly neighbours in many decades. The 20 Indian casualties bore the signs of hand-to-hand combat perpetrated with nail-studded clubs and other such monstrosities. A limited war between the two nuclear-armed states was not being ruled out.

It was natural to imagine that China, with its tremendous cyber offensive capabilities, would expend them for power projection. The aforementioned news made sense.

Yet, reading between the lines, one finds many loopholes in the plot.

First, the “HT Correspondent” byline is vague for such an exclusive “intel” input.

Second, an ongoing DDoS attack would have produced some telemetry in the public sphere as well and the commercial industry would have noticed it, but no sensors tripped back then.

Third, attributing DDoS attacks is really tough; they aren’t particularly well-suited for orchestrating a diplomatic blame game, if that was the intention behind the leak.

Four, an obvious fallacy: nobody knows for sure if the fabled “People’s Liberation Army’s Unit 61398” exists anymore after the Strategic Support Force-focused restructuring by Xi Jinping. And even if it does, it is highly likely that targeting India doesn’t fall under the remit of this Technical Reconnaissance Bureau.

Bear in mind, the tensions between India and China were brewing since a few weeks and the freak overlap between the news on the deadly clash and the aforementioned HT story could just be a coincidence.

So, what purpose did the news item possibly solve?

On June 19, just a day after the suspected item was published, the Australian prime minister warned of “sophisticated, state-based” cyber-attacks. The reference, obviously, as we came to know later, was China.

It is too long a story for this post, but in the ongoing global trade war on 5G, China has positioned itself very, very aggressively against the Five Eyes, especially Australia and New Zealand.

So much is the stress that it threatens the ripping apart of the most powerful post-war geopolitical alliance in the world — based on shared signals intelligence and bonding over Anglophone heritage.

The aforementioned HT story got traction in the Australian strategic community and think tanks, and seems to have accentuated the global narrative against China.

From an operational lens, the HT story perfectly and uncannily fits into the century-old template of disinformation operations (Grugq might say that the template is millennia-old).

Going by Rid’s deconstruction, it “[exacerbated] existing tensions and contradictions in the…[Indian] body politic.”

Loosely coupling a shocking episode in Galwan with cyberattacks nicely played into the cognitive dissonance and emotions of the larger Indian public, which was quite aggrieved and clamouring for revenge.

Again, quoting Rid, disinformation operations “are not spontaneous lies by politicians, but the methodical output of large bureaucracies.”It seems highly likely that the motivation of this story came from a foreign intelligence input on the Galwan clash, which had happened three days before the border incident was divulged by the Indian media. The covert input was weaponised exactly how the KGB undertook “reflexive control.”

Last but not the least, it is not at all surprising that the HT story was technically, geopolitically and conceptually flawed. No one explains that better than Rid, “Almost all disinformation operations are imperfect by design, run not by perfectionists, but pragmatists.”

Attributability is a concern in disinformation, but not serious enough to merit the abandoning of a rewarding operation. There are numerous examples of a clear attribution of disinformation operations from the Cold War.

So, we could apply the Occam’s Razor to figure out who could be behind this planted story. I have more inputs on the source but am not in a position to reveal them.

One must also know that the HT plant served the target audience really well — the lay reader who is not technical enough to be scrutinising; the “useful idiots” in KGB’s parlance. (Note: I have mentioned KGB twice just as an academic reference; I am not implying that Russia is behind it).

On a slightly related note, it is quite fascinating how an informational campaign by the Australian prime minister really upset the cost-benefits of a Chinese cyber operation, especially since the latter was being used for adversarial signalling. I am studying the informational weaknesses of cyber operations quite closely.

Some references: