Incident 210: Indian Political App Tek Fog Allegedly Hijacked Trends and Manipulated Public Opinion on Other Social Media Platforms
Suggested citation format
The Wire investigates claims behind the use of ‘Tek Fog’, a highly sophisticated app used by online operatives to hijack major social media and encrypted messaging platforms and amplify right-wing propaganda to a domestic audience.
New Delhi: Over a series of tweets in April 2020, an anonymous Twitter account @Aarthisharma08 claiming to be a disgruntled employee of the Bharatiya Janata Party's (BJP's) Information Technology Cell (IT Cell) alleged the existence of a highly sophisticated and secret app called 'Tek Fog'. They claimed this app is used by political operatives affiliated with the ruling party to artificially inflate the popularity of the party, harass its critics and manipulate public perceptions at scale across major social media platforms.
The Twitter handle's mention of Tek Fog – a 'secret app' that they said was able to 'bypass reCaptcha codes' allowing fellow employees to 'auto-upload texts and hashtag Trends' – caught the attention of the authors of this piece, who reached out to the individual behind the account in order to investigate the existence of this hitherto unknown app.
Over subsequent conversations, the source claimed their daily job involved hijacking Twitter's 'trending' section with targeted hashtags, creating and managing multiple WhatsApp groups affiliated to the BJP and directing the online harassment of journalists critical of the BJP, all via the Tek Fog app.
The source went on to allege that they had decided to come forward after their supposed handler – Devang Dave, ex national social media and IT head, Bharatiya Janata Yuva Morcha (the youth-wing of the BJP) and current election manager for the party in Maharashtra – failed to deliver on a lucrative job offer promised in 2018 if the BJP was able to retain power in the 2019 Lok Sabha elections.
Over the next two years, a process of correspondence followed where the team at The Wire set out to test what could and could not be verified in the allegations made by the whistleblower, in addition to investigating the broader implications of the existence of such an app on the public discourse and the sanctity of the country's democratic processes.
Each of the allegations made by the whistleblower were subjected to a process of independent verification through which the team sought to learn more about the different functionalities of the app, the identity of the app creators, its users and the organisations enabling its use. Via encrypted emails and online chat rooms, the individual behind the Twitter account sent several screencasts and screenshots demonstrating the app's features. The source also shared payslip and bank statements to establish their identity (on this condition that this not be made public) and that of their employers.
The source did not provide The Wire direct access to the Tek Fog app. They claimed that this was due to the presence of various security restrictions – including the requirement of three one-time passwords (OTPs) to login to the app dashboard and the use of a local firewall that prevents access outside of the facility. They were, however, able to connect us via email to a BJYM official who provided code scripts that helped the team identify the various external tools and services connecting to the secure server hosting the Tek Fog app. The same script also led The Wire's team to one of the servers hosting the app, allowing us to independently verify that the app was functional at the time of publication and was not just a prototype.
In addition to the primary evidence provided by the source, the team at The Wire also employed a wealth of open-source investigative techniques to conduct an extensive forensic analysis of the various social media assets provided by the source, and to corroborate the network infrastructure underpinning the use of the app. The team also interviewed other independent experts and current employees at the organisations implicated in the broader operation in a bid to glean more insight into the network.
Through this process, The Wire was able to build upon these first shreds of evidence and uncover a vast operation pointing towards the existence of a group of public and private actors working together to subvert public discourse in the world's largest democracy by driving inauthentic trends and hijacking conversations across almost all major social media platforms.
Pandora's app of social media manipulation: Four alarming features
The screencasts and screenshots of Tek Fog provided by the source highlighted the various features of the app and helped the team gain further insight into the operational structure of the network of cyber troops using it on a daily basis to manipulate public discourse, harass and intimidate independent voices, and perpetuate a partisan information environment in India.
Engineering the public narrative
One of the primary functions of the app is to hijack the 'trending' section of Twitter and 'trend' on Facebook. This process uses the app's in-built automation features to 'auto-retweet' or 'auto-share' the tweets and posts of individuals or groups and spam existing hashtags by accounts controlled by the app operatives.
This feature is also used to amplify right-wing propaganda, exposing this content to a more diverse audience on the platform, making extremist narratives and political campaigns appear more popular than they actually are.
The Wire verified this claim by monitoring the inauthentic and suspicious on-platform activity of two trending hashtags provided by the source ahead of time. Each of the provided hashtags reached the platforms' trending section after being inauthentically amplified by a range of suspicious accounts.
One of the hashtags – #CongressAgainstLabourers – was shared by the source at 8:25 pm IST on May 4, 2020, as part of a screenshot revealing their 'daily task' list for that day. According to the same screen, the source was tasked with making the hashtag appear in at least 55,000 tweets and reach the 'trending' section of the platform.
An analysis of the on-platform activity of the hashtag via Meltwater Explore, a social media analysis tool, revealed that the hashtag had first appeared two hours prior on Twitter, eventually peaking at around 9 pm, half an hour after the source had shared the screen. The trend went on to accumulate 57,000 mentions, surpassing their assigned goal by 2,000 tweets. Moreover, the screen also showed how the source had posted the hashtag using 1,700 accounts in the first two hours after 'activating' the task, a fact that was corroborated by this independent analysis with exactly 1,700 accounts posting the hashtag at around 6:30 pm IST.
The screenshots also show that these accounts are created using the in-app features that allow individual operatives to generate 'temporary' email addresses, activate phone numbers and by-pass programming limitations, and email and OTP verification set by WhatsApp, Facebook, Instagram, Twitter and Telegram.
The team, however, could not verify whether these were 'temporary' accounts created by the app or the existing accounts belonging to real BJP workers and app operatives that were integrated into the app to allow for scheduled posting.
Phishing 'inactive' WhatsApp accounts
Another alarming feature offered by the app is its ability to allow individual operatives to hijack 'inactive' WhatsApp accounts of private citizens and use their phone number to message their 'frequently contacted' or 'all contacts', using a technique resembling 'token theft'. App operators also use this feature to phish the personal information of targeted users to add to a cloud-based political database. The addition of private citizens into this database makes them available as potential targets in future harassment and trolling campaigns.
The Wire verified this feature by asking the source to perform a real-time demonstration of the WhatsApp exploit. Within minutes of being provided with a custom text message by the authors, the source used the Tek Fog app to hijack an 'inactive' WhatsApp account belonging to one of the authors and used the compromised account to send the custom text message to the researchers' 'frequently contacted' users on the platform.
All the top five users (including one that belonged to the other author) received the custom text message confirming that this particular feature of the app was functional at the time of analysis.
Using database of private citizens for targeted harassment
The screenshots and screencasts of the app show an extensive and dynamic cloud database of private citizens categorised according to their occupation, religion, language, age, gender, political inclination and even physical attributes. The screenshots also indicate that this database allows app operatives to 'auto-reply' to individuals or groups by connecting a Google Sheet or by auto generating keywords and phrases, a vast majority of which are abusive or derogatory.
The Wire verified this feature by monitoring the replies sent to 'female journalists', one of the targeted groups shown in the app. Between January 1, 2021, to May 31, 2021, the team parsed 4.6 million replies received by 280 of the most retweeted women journalists on Twitter, discovering that 18% (over 800,000 replies) were made from accounts managed via the Tek Fog app. Many of these replies included one or more profane keywords shown in the app screenshots, suggesting that the delineation of targets into different categories allows operatives to target victims with extreme granularity.
The Wire was unable to access any of the connected Google Sheets as the app operatives do not possess a direct link allowing them to edit or view the documents but rather can only select available 'inputs' from an auto-suggested menu in the app. However, AltNews, has previously reported on the BJP's use of Google Sheets to disseminate narratives.
No trace left behind
Another important functionality present in the app screens was the ability for app operatives to delete or remap all existing accounts at a moment's notice. This feature theoretically allows them to destroy all incriminating evidence of their past activity.
However, the very nature of the feature itself precluded The Wire from independently verifying whether it was active at the time of publication.
The corporate-technical nexus behind Tek Fog
After reviewing the features of the Tek Fog app the team asked the whistleblower to provide information regarding their employers. A bank statement and payslip sent by them surprisingly listed the involvement of two private companies, Persistent Systems and Mohalla Tech Pvt. Ltd. as their 'employer' and 'assigned client', respectively.
Persistent Systems is an Indian-American publicly traded technology services company founded in 1990. Mohalla Tech Pvt. Ltd. is the company behind Sharechat, a popular Indian regional language social media platform funded by Twitter.
The source explained that Persistent Systems employ them as a 'social media incharge' based out of the company's corporate office in Nagpur, India. However, their current project to operate the Tek Fog app required close collaboration with Sharechat and the person they identified as their immediate supervisor, Devang Dave, the former National Social Media and IT Head of BJYM and the current election manager for the BJP in Maharashtra.
The Wire could not independently confirm Dave's direct supervisory role though our technical analysis confirms a broad connection.
Persistent Systems link to Tek Fog
Persistent Systems is a technology services company that has heavily invested in acquiring government contracts since 2015. In an interview with The Hindu Businessline in January 2018, Mritunjay Singh, the then-executive director and president-services of the company claimed that the company was 'bullish on government spending on Information Technology to give a boost to its revenues'. A few months later, in July of the same year, India's Ministry of Health and Family Welfare chose Persistent Systems to build a digital data hub that would record, store and process health information across ten Indian states.
The Wire investigated Persistent Systems' role in the Tek Fog operation by reaching out to an independent source currently employed at the company. This source provided screenshots of the company's Microsoft Sharepoint (an internal collaboration tool), indicating the app's active development through around 17,000 assets identified by the search term 'Tek Fog'.
These assets include technical documents that suggest the development of different layers of the app, including Twitter and WhatsApp integration, data input tools through Google forms, payment infrastructure via Paytm and automation tools using Tasker – an Android application that triggers specific actions like sending a message, based on inputted 'contexts' like user location, time, date, event and gesture.
The Wire contacted Persistent Systems for their response but they refused to comment on the piece prior to publication.Update on January 8, 2022: Persistent Systems, which has not yet responded to the questions sent to them earlier by The Wire, has issued a statement today denying involvement with Tek Fog, Mohalla Tech Pvt. Ltd and Sharechat.
Using Sharechat to seed hate speech
The source claimed that the app operatives used Sharechat, the flagship product of Mohalla Tech Pvt. Ltd. to test and curate fake news, political propaganda and hate speech before automating it to other popular social media platforms like Twitter, Facebook, and WhatsApp.
Marketed as India's #1 social media app, Sharechat has thousands of targeted regional communities that allow millions of users to share posts, news, photos, memes, and videos in their local language. The app acts as both a social network – where users can follow accounts, message existing users – and an open broadcasting platform, where people share content with strangers.
Sharechat supports 14 different local languages and focuses on hyperlocal content catering to India's burgeoning class of non-English speaking social media users predominantly hailing from the Tier-2 and Tier-3 cities. With a claimed base of 160 million users in India, the company raised $502 million in April 2021 from Tiger Global, Snap and some existing investors such as Twitter, and $145 million in a fresh funding round last July, valuing the company at nearly $3 billion.
During the Uttar Pradesh elections in 2017, Ankur Shrivastava, the product lead at Sharechat, published a Medium post highlighting the company's steps to woo political parties to the social media platform. This included creating special communities and tags for regional parties and deriving a popularity index for them in the UP elections. A year later, MoneyControl published an article highlighting how multiple regional and national parties had created profiles on the vernacular platform, hoping to leverage the platform's access to its predominantly regional audience.
To verify their claim and provide further insight into the platform's connection to the broader operation, the whistleblower provided a list of 14 accounts controlled by them via the Tek Fog app, each of which had a linked account on Sharechat.
The Wire monitored the public posts made by these accounts on Sharechat as well as on Twitter/Facebook over a period of 30 days from April 1 to April 30, 2020. A script that compared the posts made by the accounts on Sharechat to those made by the same account on Facebook/Twitter was utilised revealing that 90% of the posts were common across the various platforms. Further review of the timestamps of these posts highlighted that these common posts were first uploaded on Sharechat before being migrated over to Twitter or Facebook.
To determine whether this pattern represented the broader behaviour of the Tek Fog network of accounts, we parsed 3.8 million publicly available posts uploaded in the popular 'Hindi' and 'Marathi' trending communities on Sharechat. This dataset was mapped onto a network graph via Graphistry, a visualisation software to highlight the relationships between different communities within Sharechat and other publicly available mainstream social media platforms, including Twitter 'lists' and Facebook 'groups'.
The graph showed that almost 87% of content uploaded into popular Marathi communities and 79% of posts in Hindi communities on Sharechat were subsequently shared onto mainstream social media platforms by accounts participating in these 'trending' regional language based political communities.
All of their posts were then fed into the IBM Watson tone analyser, a natural language processing (NLP) tool capable of detecting emotional and language tones. Using various deep learning AI models, we classified these posts under different emotional and tonal labels. This analysis helped illuminate if the shared content has an emotion of hatred and, if so, where the hatred was redirected to: gender, religion, disability, ethnicity, caste and sexual orientation. This technique was used to categorise all the posts under four brackets: Racist, Sexist, Casteist or None – those falling under the first three brackets with a confidence level of 90% and above were labeled as hate speech. Out of the total 3.8 million posts reviewed via this method, almost 58% (2.2 million) of them could be labeled as 'hate speech'. This result was cross verified using Comprehend, another NLP tool provided by Amazon Web Services.
The Wire reached out to the grievance officer of Sharechat for their response on the story but they denied an immediate comment, seeking more time for an internal investigation. After the publication of the story, Sharechat sent a response denying any link with TekFog and its promoters. (It's response is appended below the story).
The A records: Tying it all together
To better understand the connection between the Tek Fog operation and the BJYM, the source connected the authors via email to another current BJYM office-holder. This individual sent us a piece of code via their official email id, that helped the team identify the various external websites and tools connecting to the secure server hosting the Tek Fog app.
This bit of code, called a Network Profiler, was written in the Python language and displayed the Tek Fog server's real-time network activity – showing data sent and received and a list of all the websites and services accessing the app. The BJYM office holder executed the code, timestamped on February 1, 2020, at 6:46 PM GMT. It 'unlocked' the Tek Fog application programming interface – or API, a connection between two systems executed through code – hosted on a content delivery network managed by Persistent. The code bypassed the inbuilt security system to spit out a list of websites and services accessing the Tek Fog app on that particular day.
The Wire was able to corroborate the authenticity of the script by having it reviewed by an independent expert, currently employed as a lead software architect at Microsoft. The independent expert was able to restore the missing libraries present in the original script, and ran the script on their local computer. They went on to confirm that the script acts as an 'inbound network profiler' that produces a list of all the websites and services accessing their local servers.
The team also used a threat intelligence platform to reveal the digital identity of these services, by their links (for example, The Wire is identifiable by its link thewire.in).
One of the first identified links was metabase.sharechat.com – suggesting Sharechat's direct involvement in the Tek Fog operation. Apart from Sharechat, there were popular business tools used for productivity (Google Docs and Sheets, Zoho), automation (Zapier, Tasker) and analytics (Grafana, Google Analytics). Others, however, linked to pro-establishment Hindi-and-English websites and news platforms, including Republic World, OpIndia, ABP News and Dainik Jagran, raising questions regarding the complicity of certain digital media outlets in helping the BJP perpetuate a partisan informational ecosystem in the country.
The remaining links corroborate integral parts of the broader Tek Fog investigation, including the involvement of BJYM through Devang Dave. Two of the listed links – 18.104.22.168 and 22.214.171.124 – accessed the Tek Fog app: the first established a link with the BJYM website and the second with isupportnamo.org, which is managed by Dave.
Dave denied these claims via email saying that his technical team couldn't find any association of BJYM or isupportnamo servers with such an app ever. He also claimed that "none of his team members or anyone has been ever also in touch with such an app or people associated with such an app".
Dave's response contradicts common technical understanding. Tek Fog is a private app and has no open APIs – meaning it's not possible for you or me to establish a connection with it and exchange data. Doing that would require, at the very least, the deliberate involvement of some employees working at these organisations.
Adding to the intrigue, an hour before Devang's response to the questions posed by The Wire, the Twitter account belonging to the original whistleblower was compromised, and the associated user name was changed from @AarthiSharma08 to @AarthiSharma8. The change in user name can be independently verified by visiting the URL of an old tweet from the account that now redirects to the new username.
When the authors reached out to the source to inquire into the reason behind this change, they confirmed that their account had been hacked, and their emails and passwords associated with the account were changed. The source provided the authors with a screenshot of the security email they had received from Twitter that alerted them to the hack.
Locating the Tek Fog server
The final piece of the puzzle was to locate and archive a copy of the Tek Fog app. To achieve this, the team sought to verify the BJYM source's claim that the servers using the IP addresses 126.96.36.199 and 188.8.131.52 – two of the links in the script output – were geo-replicated servers hosting the app itself.
Geo-replication is a form of system design in which the same app data is stored on multiple servers located at distant physical locations. Commonly, this is a way to ensure those accessing the contents of the server don't have to wait for it to transmit data from another part of the planet; closer servers respond faster. But such data distribution also means that if one server is compromised, another can take over its responsibilities, thus evading hacking attempts or surveillance.
The Wire created a server to monitor and archive the two IP addresses on February 5, 2021, to verify the authenticity of this claim. After four months, on June 1, 2021, at 00:00 hrs, the server at 184.108.40.206 displayed the 'login screen' of the Tek Fog app, and remained 'live' for 24 hours, before switching to a page that said 'access denied' on June 2, 2021, at 00:00 hrs. The design of the login screen matched the screenshots initially handed to the team by the original whistleblower working as an app operator out of the facility in Nagpur, providing us with further confidence in the authenticity of the operation and further technical evidence that Tek Fog was a live app that had progressed beyond a merely theoretical phase.
The long road ahead
Given the operation's ideological nature, the true motive behind Persistent Systems and Mohalla Tech Pvt. Ltd. involvement in the BJP's organised social media manipulation campaign remains opaque. What is clear, however, is that the potential scale, sophistication and pervasive nature of the Tek Fog operation provide unprecedented evidence of private actors engaging in the application of dubious digital practices – typically seen in totalitarian and closed societies such as China and North Korea – in the world's largest democracy.
In subsequent stories forming part of the Tek Fog investigation, The Wire will explore the technology behind the secretive app and how the ruling party's political operatives used the app's organised social media manipulation campaigns around significant national events such as the anti-Citizenship (Amendment) Act protests, the Delhi communal violence and the COVID-19 pandemic in the country.
Update 09:30 pm: After the publication of the story, Sharechat, which had declined to respond to our questions before publication, sent a written statement denying any link to Tek Fog or its promoters, which we are publishing below in full:
Your story seems to insinuate certain relationships between the creators of the alleged ‘Tek Fog’ application and Mohalla Tech Private Limited. These are completely incorrect and false, and no such relationships exist between us. We would like to reiterate in absolutely no uncertain terms that we are not aware of, nor have we assisted (financially or otherwise) at any point in time and in any manner, the group of persons related to this ‘Tek Fog’ application. Further, we have no relationship (currently or in the past) with Persistent Systems of any manner whatsoever.
In the interest of transparency, we would request that you share further details of the claims made by you in your article for our teams to investigate.
As a platform, we invest significantly in countering hate speech, misinformation and other forms of harmful content on our platform. This is an ongoing issue that social media platforms across the world are working to solve, and it is well known that such operators spread similar content across platforms as a part of their activities.
To address this specifically, we take the following measures:
We partner with multiple third party fact checkers including BoomLive, Factly, NewsChecker and others to help identify and tag misinformation on the platform in 12 Indic languages including Marathi and Hindi, that covers more than 98% of the content posted on the platform.
We have developed and incorporated technology based tools that help us flag and takedown such content on a regular basis.
Our users also actively participate in the process of content moderation by reporting content on the platform that may violate our rules.
We have large teams both internally and externally that aid us on content moderation and responding to these user reports.
In the month of November 2021 alone, we removed 7,037,688 pieces of content from our platform that were against our community standards. We also aggressively take actions against accounts and in many instances permanently ban user accounts that attempt to spam or otherwise misuse the platform in violation of our terms of service and community guidelines. In the month of November 2021 alone, we took action against 319,701 accounts on the platform.
We would urge you to refer to our monthly transparency reports available at https://help.sharechat.com/transparency-report for greater details.
We reiterate that our company has no connections with this application, persons or companies mentioned by you and such claims are unfounded.
Social media operatives apparently affiliated to India’s ruling Bharatiya Janata Party (BJP) use a specialized app to hijack Twitter trends, harass critics, and spread propaganda through defunct WhatsApp accounts, according to a new investigation by The Wire, an Indian publication.
The app, called Tek Fog, allows users to bypass controls like email and text-message verification that companies like Twitter and Facebook build into their products. It can also act as a master control for a number of Twitter accounts, fake or otherwise, pushing hashtags, content and retweets through a single interface.
On WhatsApp, Tek Fog takes over people’s inactive accounts to then message their contacts. “App operators also use this feature to phish the personal information of targeted users to add to a…political database,” The Wire wrote. “The addition of private citizens into this database makes them available as potential targets in future harassment and trolling campaigns.”
How the BJP’s supporters spread propaganda online
The Wire’s main source, a disgruntled social media worker, was employed by a private tech company, Persistent Systems, and assigned to work with another client company, Mohalla Tech. Mohalla Tech owns ShareChat, a social media platform that operates in Indian languages and is funded in part by Twitter.
The source also said that they were supervised directly by Devang Dave, the former social media head of the Bharatiya Janata Yuva Morcha (BJYM), the BJP’s youth wing. Although The Wire could not confirm this link or prove that the BJP directed the use of the app, its reporters conducted a forensic technical analysis and found that users from a BJYM domain accessed Tek Fog. Dave denied that his organization or its members used Tek Fog.
The investigation is among the clearest pieces of evidence yet of the BJP’s orchestration of online propaganda and hate speech. The party’s “IT cell”—shorthand for hired social media flunkies—includes a vast number of real people manually pushing out content and hate speech.
But as Tek Fog shows, the BJP also benefits from more sophisticated techniques. And the fact that Persistent Systems has won at least one government contract raises the question of whether the Indian taxpayer is indirectly footing the bill for the BJP’s web campaigns.
Tek Fog’s manipulation of Twitter includes, at the most basic level, the amplification of pro-BJP hashtags through artificially generated mentions and retweets. It also includes an “auto-reply” function that can target users by religion, age, gender, or profession.
Between January and April 2021, when The Wire tracked 4.6 million replies received by 280 prominent women journalists, it found that 18% of these replies came from accounts managed by the Tek Fog app. Two separate language analysis tools, from IBM and Amazon, found that a majority of posts posted via Tek Fog to ShareChat could be classified as “hate speech.”
Technology is being used against the people, and those in the world’s largest democracy are the latest victims.
For much of Prime Minister Narendra Modi’s nearly eight years in power, the relationship between social media platforms, journalists and India’s ruling Bharatiya Janata Party has been nasty and vitriolic, and almost always murky. Now we can start to understand why.
A browser-based application was reportedly used by the BJP to infiltrate social media platforms in order to spread misinformation, target female reporters and home in on anyone it deems an opponent. A report published last week by The Wire, an independent Indian news publication, documented the mechanics and strategy behind the computer program, which is known as Tek Fog, according to a whistleblower claiming to be a disgruntled employee of the ruling party’s information technology cell. It’s unclear when the system came into being, but The Wire has been investigating the claims made by the unidentified source for two years.
Opposition parties have denounced the app as a national security threat, and asked Parliament to probe it, while Modi has remained silent on the revelations. His party didn’t respond to an email seeking comment. The Wire article named Devang Dave, a former head of social media at the BJP’s youth wing, as a supervisor of the Tek Fog operatives. Following the expose, Dave released an email to The Wire in which he denied that the party had ever used — or known about — a secret app to manipulate public opinion.
The BJP, the most well-funded of all Indian political parties, has been an early adopter of information technology. It has harnessed the power of databases and its well-equipped IT cell to target voters. But a misogynistic and abusive app meant to instill fear among journalists and critics goes beyond the pale of acceptable political marketing. Indeed, it would be a “travesty of all democratic norms, and in violation of law,” as the Editors Guild of India said in a statement.
For some of the reporters who have been subject to attack, the revelations are a vindication — even a relief. “I’m happy to know that it isn’t actually a human being lighting up my phone with disgusting, sexually colored abuse on a daily basis, but bots,” says Swati Chaturvedi, a New Delhi-based investigative journalist. “Still, what message does it send about our democracy when private citizens are systematically attacked by a call center of hate?” Chaturvedi has been a target for harassment since publishing her 2016 book, “I Am A Troll: Inside the Secret World of the BJP’s Digital Army.”
The use of bots to distort public opinion is reminiscent of what Russian operatives did on Facebook in advance of the U.S. presidential election.
Tek Fog is much more powerful. From a technical perspective, the reach and effectiveness of this new software is both impressive and deeply worrying. According to the report, users of the platform could tap into and manipulate the trending features on Twitter and Facebook — by automatically sharing or retweeting posts, and targeting existing hashtags — to commandeer the narrative on India’s most widely used social media services. This simple tactic could then amplify propaganda, in order to make a particular idea or opinion appear more popular than it really was, or to shout down opposing views.
More alarming is Tek Fog’s ability to access the contact lists of inactive accounts on Meta Platforms Inc.’s WhatsApp service to disseminate messages and steal personal information. This allowed operatives to be much more precise in their messaging, while also building a database of future targets. The result was brutal. Perceived opponents, including female journalists, were subsequently harassed and trolled across a variety of social media platforms in an attempt to scare them into silence.
That such a merciless campaign could be conducted so efficiently can be partially explained by the social media firms’ strategic decision to make their products accessible through external connections known as application programming interfaces, or APIs. This functionality is ostensibly designed for convenience — you can easily tweet a chosen article directly from a media outlet’s website without going to twitter.com.
Internet companies love it. This convenient access ensures more users, greater engagement and a rising trove of data that they can then tap to sell more targeted ads. But there is a flip side to APIs. As The Wire outlined, Tek Fog allowed users to easily create temporary email addresses and bypass authentication systems — operatives could in effect hack into WhatsApp, Facebook, Instagram, Twitter and Telegram.
And hack they did. In a follow-up article, The Wire outlined how Tek Fog exploited vulnerabilities in these APIs to get unprecedented levels of access to social-media platforms. What’s more, online operators deployed well-known and sophisticated hacking techniques to create fake news that looked like genuine articles written by the original legitimate authors, complete with realistic URLs.
With such functionality at their fingertips, the technical prowess of the world’s most powerful internet companies — from consumer-friendly apps to efficient data-crunching algorithms — could be brought to bear on anyone standing in the way of misinformation campaigns that demonize minorities, discredit political opposition and brand anyone opposing government policies as anti-national. Conscientious journalists, clear-minded citizens and millions of voters don’t stand a chance.
Some groups are particularly at risk. Police in India recently arrested four suspects, all college students, for scraping the social-media profiles of Muslim women — activists, journalists, actors and politicians — and listing them for sale via an app on GitHub, the Microsoft-owned open software development platform.
By contrast, Tek Fog is a military-grade PSYOP — psychological operations — weapon. A capability like this has so far been available only to state actors for use against enemy populations, said Anand Venkatnarayanan, an Indian internet security researcher and co-author of a 2021 book on information warfare. “Putting such a weapon in the hands of non-state actors affiliated to a political party contesting for mind space of citizens in a democracy has never been done before.”
It’s an effective tool to drown out questioning voices. Rohini Singh, another New Delhi-based journalist who faces online harassment routinely, worries about the future of independent reporting in India, particularly as a woman. “When you wake up to 10,000 abuses in your social-media mentions, it does affect you,” Singh said. “Earlier, we had to worry about getting a story right. Now we have to worry about rape threats, invasion of our privacy and non-stop slander. None of us signed up for this. Journalism is not a crime.”
Governments might be able to combat misinformation that infiltrates the internet, if they tried. But it’s increasingly clear that they can’t be relied upon to do so. That’s why social-media platforms need to take the lead, and the first step will be to crack down on external access via APIs. From there, tech firms need to implement better auditing systems so that they have greater clarity on who is using their platforms, and how.
With the internet now such an important tool of modern society, it’s incumbent on the companies that operate it to retake control of the technologies they built. Democracy depends on it.