As geopolitical tensions at the Ladakh border between India and China continue to simmer, the conflict hardly seems to be restricted at our physical borders. In over two months, the government of India has banned over 200 apps that had some form of ties to China. Government officials, through a Ministry of Electronics and Information Technology (MeitY) directive, stated that these apps were found to be harvesting user data, and in turn, posed considerable threat to the sovereignty of India. The same effect has now been revealed by an Indian Express investigation, which found Zhenhua Data Information Technology Co., a private Chinese company with strong ties to the Chinese government, to be collecting, analysing and charting a huge database of information about over 1,000 publicly influential figures in India.
Zhenhua’s Big Data-driven hybrid warfare
According to the Express investigation, Zhenhua publicly advertised “threat intelligence services” as its key offering. Put simply, Zhenhua uses cyber tools to target and identify key individuals in its client’s opposition. It then uses a host of tactics, including scraping information off public databases, social media, government documentation and all other sources of information it can find, in order to track the digital footprint of individuals. This, in turn, also helps it keep track of institutions and groups as well – something that it does by establishing a ‘relational database’ between the individuals that are being surveilled.
This relational database is all important, since this is what helps Zhenhua tie down critical aspects in India, such as political alliances between individuals, behavioural traits among key personalities, opinions and the extent of influence that a person holds in both regional and national spheres. Not only does Zhenhua limit its cyber surveillance to the personalities in question, but also regularly scan through their relatives, peers and acquaintances.
As part of its investigation, The Indian Express has revealed that Zhenhua’s database includes detailed information trees about at least 1,350 individuals in the field of politics and law. Their surveillance of Indian politics include national parties such as the Bharatiya Janata Party and the Indian National Congress, and also regional ones such as Trinamool Congress, Shiv Sena and more. This list seemingly included 700 politicians who were directly tracked, and over 400 individuals that are closely linked to them. There were over 350 current and former Members of Parliament, and a further ‘family list’ that apparently includes over 100 individuals and are said to be linked closely to the key personalities as well.
How and why is China doing this
At the centre of China’s cyber espionage activities is its attempt to infiltrate India’s political structure, thereby gaining an upper hand on its geopolitical rival. Threat intelligence, as Zhenhua puts its own service as, is a known tactic that is often employed by many law enforcement agencies nowadays to apply surveillance on crime suspects and track them down. While this would prove to be productive for a nation, the same, when applied by a foreign nation on another, turns into state-sponsored cyber espionage and cyber warfare activity – a key part of hybrid warfare.
By tracking down the key political and legislative personalities of India, China and its government may look for cues towards tracking down India’s strategic leanings and try to win an upper hand at the border – be it in warfare or during negotiations. Even harvesting the data of Indians en masse, akin to what the Indian government mentioned was the security flaw in the banned Chinese apps, gives China the ability to apply Big Data analysis and eke out behavioural and sentimental analysis – something that can prepare them to launch seemingly innocuous cyber attacks on Indian citizens.
At the end of the day, the key takeaway from China’s cyber and hybrid warfare activities against India is tactical advantages. What makes matters worse is that the process of legal recourse for India is also not clear. Speaking to News18, N.S. Nappinai, senior advocate of cyber laws at the Supreme Court of India, says, “What is important to note is the mode and manner through which the data collection is done. For data being scraped off social media, there is no Indian law that bars it, and a lot about it also depends on the specific terms of usage of the social media platforms themselves. The real grey area persists in the data collection from non-public information platforms.”
Nappinai further says, “If China is deploying a bot to collect mass information about individuals from the internet, that can be penalised under more than one provision of India’s laws. As far as the banned Chinese apps are concerned, unfortunately the data collection there is legal. If a specific app is hosted in another country, whose laws govern it and mandate that it has to share information with the government under specific circumstances, that is unfortunately legal. It may be so that India’s analysis has showed that China will legally have the right to access information collected, gathered together and assessed on Indian residents.”
Nappinai also states that many nations may also use this legal entry point into the available data to carry out social engineering and thought influence manoeuvres, which falls in line with the risks that Express’ report highlighted on Zhenhua’s threat intelligence analysis activities for China. Given India’s strategic importance, China’s latest hybrid warfare tactic appears to be an attempt to gauge India’s prevalent most critical narratives, and attempt to influence the same too.