Social media once used by common men for the purpose of having communication with their dear ones for exchange of ideas and messages; unfortunately now it has been transformed into one of the basic aid for espionage as intelligence agencies, terrorist organizations etc. have also became its end-user. Besides the positive aspects of e-governance and e-transaction networked systems, more particularly social media platforms are now being deployed to organize anti-government dissent, spread disaster information, enhance political campaigning, and magnify the effects of terror recruitment campaigns at domestic as well as international level. Because of all these it has been recently emerged as a source of big-data and occasionally being used as a platform either for cyber-espionage or some more vicious purposes like dissemination of terrorist propaganda, recruitment of terrorists and so on. In backdrop of these phenomena, study of cyber-operations in the domain of social media is the need of hour.
In the era of information and Technological advancement, calculation of capacity of Nation has trespassed the physical dimension as a measure of ones’ political and military prowess. Policymakers, intelligence agencies, journalists and even some scholars are very much concerned about impending threats which are simultaneously emerging with new digital technologies i.e. cyber-terrorism, cyber-espionage etc. Evaluating an actor’s ‘cyber power’ is an inherently complex problem involving a laundry list of military, normative and technical variations. Exact assessment of an actor’s offensive as well as defensive cyber capabilities or its aggregate ‘cyber power’ is an important objective for intelligence agencies, military forces and policymakers of different nations. Having proper information about an actor’s real capabilities not only affects expectations of success or failure on the battlefield, but also peacetime bargaining situations, escalation dynamics, deterrence and even the durability of international norms. Actors that are extremely successful at engaging in social media activities are assumed to be technically proficient and even capable of engaging in ‘cyber-operations’.
PCs and Internet are inalienable part of the modern information based society as well as governance; and social media is a new mean for modern day communication. Every innovation brings some grey side of it, so as in the case of social media. Social media platforms are becoming more than a tool for data extraction and intelligence gathering. Armed forces, intelligence agencies, policymakers and academicians nowadays are focusing on the broader utility of social media operations for military effectiveness and working about how successful social media operations can be integrated with existing cyber operations? A successful social media operation may act as a powerful force multiplier for physical strength as well as cyber capabilities of the actor’s country. Thinking seriously about the nature of social media operations may inform the armed forces about future direction of military force structure and would also help the governments to develop policies to deal with any eventualities. Of course it would be an even-handed functioning
SOCIAL MEDIA: A VIRTUAL WEAPON FOR CYBER ESPIONAGE
In addition to serving the purpose of social networking and exchange of ideas, Social sites are simultaneously being used for cyber-espionage; as information from any part of the world, about any individual or any institutions can be extracted without being traced. Anyone using social media platform, if associated with any organization/institution dealing with either of any, as— national security, ministry, research institution, intelligence agency, critical information infrastructure, policy making bodies, think-tank, they are very much prone to social media espionage. Besides these, who are having in possession with either of anything like software development, marketing/business plans, customers details, source codes, pricing information, technological details, chemical formulas, strategic and intelligence documents, they are also much vulnerable to be targeted through/for cyber espionage. Following entities are usually involved for targeting through the social media for cyber-espionage: (a) Insider, who may be either an agent of any foreign intelligence agency or any disgruntled employee; (b) Corporate/Political competitor; (c) Foreign intelligence agency.
Espionage has got a very fast but effective mean to reach out every individual through social media. Social media provides a psychological outlet to tell the world about ourselves and it also opens an unrestricted platform where people really want to know about others while simultaneously telling about themselves. Since most of us define ourselves based upon our works, hobbies, friends, likes etc., it’s easy for those seeking to harm to select certain key traits which they hope will give them access to the details of our personal or professional information. These people/actors are well versed in the skill of social engineering of cyberspace for designing traps based upon “trust” to manipulate targets to provide access to private, confidential or strategic information.
In cyber-security, we often use the term ‘phishing’ to describe general attempts by a hacker to gain access of someone’s bank accounts, passwords, personal information etc. while other cyber-criminals are now involved in catphishing scams by impersonation in order to develop very personal (sometimes romantic) relationship with unsuspecting prospective victim. Catphisher usually develops a very fascinating online profile, and through their skills become a smooth talker by preying on the vulnerable victims. Sometimes request to meet this wonderful person are met with great troubles which can only be dispensed with if prospective victim sends a temporary loan to pay for tickets and lodging etc. and as soon as money is sent, the evanescence of profile as well as the extraordinary person takes place and both disappear somewhere in the infinite cyberspace— most probably in search of some new victim. In some unfortunate cases, because of the entreat of the catphisher, the victim may actually meet the catphisher who turns out to be a blackmailer, sexual deviant, or even a slave trader and compel his/her prospective victim to go with him where the victim is forced into bonded labor or as a sex worker.
In all such cases, the catphisher is looking to exploit its victim who far too often are children, teenagers or women. Such practice is also used for corporate espionage again with the mean of any social site. The prospective victim may be targeted because of his/her association with a particular business group or some government office. As soon as contact has been established, the actor/attacker can install any particular malware in prospective victim’s personal or professional computer device(s) through his digital interactions. This may include keystroke loggers, Trojan horse, logic bombs, Ransomware etc., it is however remarkable to discuss here that cyber espionage through social media is not only limited for the lust of money, account hacking and identity theft, but actors often seek to exploit any user for more vicious purposes; some terrorist organizations recruit unsuspecting people to join their effort through social media and these organizations also disseminate their propaganda through social media.
CYBER OPERATIONS THROUGH SOCIAL MEDIA: INSTANCES OF STATES AS WELL AS NON-STATE ACTORS
High profile nature and rise of social media activities by states as well as non-state actors has recently drawn the attention of those interested in cyber security and espionage; intelligence agencies, policy makers and scholars are analyzing social media’s relationship to cyber operations in either of two ways. In first case, some scholars have stretched the concept of cyber operations to explicitly include social media activity, where cyber operations include a variety of operations as viral messaging on such medias, building internal messaging apps, intra-group operational security, deploying Distributed Denial of Service (DDoS) capabilities or even the deployment and use of advanced offensive cyber capabilities to achieve physical effects. However, second view maintains a narrower concept of cyber operations but still views social media prowess as having a positive relationship with cyber capabilities where social media operations are not just synonymous with cyber operations but also an indicator of actors’ cyber capabilities. Actors efficiently engaging social media operations are also viewed to be technically competent enough to degree of engagement in cyber operations.
Some of the popular instances of cyber operations through social media which included transnational complexities resulting in bitter relationship to the extent of war.
1) Russo-Ukrainian Conflict 2014:
After the disintegration of Soviet Union, there started a rivalry between Russia and Ukraine as later has been tilted towards the block of NATO which was not bearable to Russia. Consequently in the year 2014 the situation became very much tense as people of Crimea (one of the province of the Ukraine) by the virtue of their right to self-determination, decided to join the Russian Federation which grew as bone of contention between the two countries and therefore a war broke out in February, 2014.
During this conflict use of social media operations and espionage has been conducted as supplementary to the conventional capabilities demonstrated the emerging significance of social media operations by the government bodies. Social media platforms has been used by Russian military forces, intelligence agencies, and proxies for information gathering, targeting and operational planning purposes. Ukrainian military forces, proxies, and civilians also deployed social media actors to spread information as well as gain advantage. The significant strategy of Russian government on that time was to use social media platforms for the purposes of military disinformation and propaganda campaigns by its social media user citizens as a ‘troll army’— heavily active to justify the move by Russian government and its foreign policy initiatives, including those in Crimea. Russian military units have also been active in Ukraine, as evidenced by numerous incidents where Russian soldiers posted Geo-tagged content (e.g., photos of weaponry) and commentary (referring to active fighting in Ukraine) to Instagram. Social media helped the reporters and academicians for the documentation of Russian military equipment deployed in places like Crimea and Ukraine. Ukrainian civilians did also use social media to effectively communicate events as they are transpiring. For example, civilians have used social media to track Russian soldiers and to signal for help when caught between Ukrainian soldiers and pro-Russian separatists.
2) Russian interference in US Presidential Election:
A very relevant example for cyber operation conducted by any state is the Russian contents under active measures campaign against the United States via social media. According to an indictment against 13 Russian individuals in the year 2018, the Internet Research Agency began its campaign to influence Americans just before the three years earlier to the presidential election, i.e. in 2013, to identify target audiences and subsequently test and hone those messages with highly sophisticated influence delivery and measurement tools. However, some users didn’t believe it was effective because they were unable to see any such content in their news feeds, but because of dark ads, these users wouldn’t have received these materials as they were not potentially effective targets for particular messages. Some argue that Russia’s active measures against the United States were not effective because many of the posts were of low engagement rate.
3) Use of Social Media by ISIS:
Like any other genuine individual and organization social sites offered flexible and streamlined set of tools for ISIS also. ISIS routinely uses multiple social media platforms to broadcast anti-US propaganda, besides dreadful video messages, destructive contents and terrifying images. Social media has equipped ISIS with valuable means for targeted recruitment campaigns and attempts to radicalize target populations. A very remarkable case was of the recruitment of one US teen girl named Hoda Muthana (then of 20 yrs.) in November, 2014 to join their cause in Syria.
Subsequently Muthana also used social media to recruit others for the same purpose. However, it is remarkable here to note that ISIS’s social media activity has been bidirectional, i.e. all parties can use the contents on each other’s social media platform either for the purpose of information-gathering or targeting. For example, the United States Air Force used social media data posted by an ISIS supporter to target an ISIS military compound. Open source investigators have also successfully mapped the Twitter network of known ISIS supporters by analyzing commonly used location and content data.
4) Hacking of Twitter accounts in US:
Recently there occurred a scam through hacked accounts of various verified users of Twitter on 14 July, 2020 where potentially thousands of people were scammed out of money when through the hacked Twitter accounts of prominent users promise has been made to double the money which fans or followers would send them in crypto-currency Bitcoin.
Using Twitter’s internal system, the hackers’ messages had reach out at least up to 350 million people; and it was recovered that about $110,000 has been scammed. It was an unprecedented cyber-attack compromising the privacy, trust and cyber-security of eminent personalities across the globe. No doubt hackers could have or may have accessed some confidential data from those profiles. In this case the cyber-criminals have managed to access administrative privileges, which allowed them to bypass the passwords of any account they wished. According to primary investigation it was revealed that it was done by coordinated social engineering attack. This incident has been much critical as US Presidential election is just four months away.
DATA EXTRACTION FROM SOCIAL MEDIA
Virtual possession of digital data has been a new criterion for the assessment of power, more the data one controls more powerful he is. In this era of information revolution the organization having more data and consequential ability to utilize these accordingly, remains in leading position. Consequently we are in a worldly order of conflict for the possession of more information which is now an integral part of military conflict and social media has been weaponized for sometimes and get transformed into a sort of a battlefield for another time. Unwittingly, social sites companies have created the ultimate weapons of information warfare and some social media platforms are being used for data-diddling.
Edward L. Bernays during the period of World War I coined the phrase ‘psychological warfare’ to describe his work. After the war, he desired to find a niche for his unique skill set, so he penned down a sort of Machiavellian style manifesto for influencing the common mass. Every advertising campaign is one more experiment in influence messaging and one more round of grooming audiences for susceptibility to influence. Same thing is now being done in the case of social media but with a ‘U-turn change’ where people himself are sharing their interests and dislikes which is being milched as metadata by the corporate or intelligence agencies in some specific cases.
Social sites are also enabling their users to crowd-source for answers relating to their lifestyle i.e. from auto mechanic recommendations, health questions, favorable destinations for vacations etc. and usually users give their feedbacks or upload the images relating to these. Consequently these feedbacks or images can be analyzed for content, giving social sites a cache of information such as who love to travel and even if he prefers mountains or the beach, what is his political orientation or affiliation. Development of data-mining tools of social media platforms didn’t stop there, e.g. when Facebook added facial recognition system to enable tagging user(s) by automatic digital detection of the configuration of faces of user(s), the company could collect more data as fodder for artificial intelligence and mapping users’ networks. Expansion of like button options provided more sensitive metrics on emotional responses and it helps to dig-out the attitude, likes and dislikes of any individual. Further, data-hovering capabilities of any social media platform aren’t limited to activity on that particular site/app, but any home page that offers convenient login with that specific profile on any social sites definitely delivers information about activity outside the social media platform.
Although social media platforms may be the precision-guided munitions of information warfare, collecting the data is only half of the equation. Information is only helpful if we possess an effective mechanism for analysis and having knowledge about their areas of applications. In Facebook’s case, users can be sorted for delivery of influence messaging, and the company collects detailed information on responses. A very relevant example is contents from Russian active measures campaign against the United States via social media. Some users didn’t believe it was effective because they were unable to see any such content in their news feeds, but because of dark ads, these users wouldn’t have received these materials as they were not potentially effective targets for particular messages. According to an indictment against 13 Russian citizens in the year 2018, the Internet Research Agency of Russia began its campaign to influence Americans just before the three years earlier to the presidential election, i.e. in 2013, to identify target audiences and subsequently analyze those messages with highly sophisticated influence delivery and measurement tools. Later on these information have been applied as per the requirement. Although, some argued that Russian active measures against the US were not effective because many of those posts were of low engagement rate. But merely counting likes and shares is not an accurate measure of a post’s effectiveness. Without knowing the full metrics or the intended outcomes of the posts, it is impossible to know their effectiveness, and even low engagement rates offer valuable feedback for the next iteration of the message. However, a low ‘Like counts’ on Facebook does not necessarily mean a low engagement rate. Depending on the size of the target group, a seemingly low like count could actually be a respectable rate of engagement. Likewise, that like count does not show how many of those likes extended the post’s reach organically.
Data from the social sites can be extracted through either of three distinct kinds of cyber-operations, as— information-gathering, defensive and offensive social media operations , which have been expatiated as follows:
1) Information-gathering media operations
Information-gathering media operations (IGMO) put emphasis on passive information-gathering used for monitoring adversary activities and targeting as well. The military forces and intelligence agencies do not directly interact with known social media platforms but instead are passively monitoring and documenting required social media activities. IGMO focuses on two types of data: (a) direct data collection (the content displayed on social media); and (b) metadata collection (technical details related to the characteristics of social media users and the mechanics of their social media use).
Direct data collection allows access to the actual content displayed on social media services without any software, digital technique or hacking. However, upto some extend the actor has to involve himself in the activity of stalking the profile of required individual/institution.
Metadata collection is not as qualitatively rich as direct data collection, though it can reveal important details regarding a target’s location, the time of day when target is active, the target’s social graph (network connections), specific applications that the target is using to access services, whether the target is using a mobile device, and in some cases even the specific hardware and software configuration of the device that the target is using but only after deduction of undesirable data.
2) Defensive social media operations
Defensive social media operations (DeSMO) involve using social media in a more active way than IGMO, but not as active as OSMO. Actors can use social media as a broadcasting platform to conduct counter-messaging or counter-propaganda activities to widely broadcast information to otherwise difficult-to-reach audiences; as demonstrated in the Russian troll and ISIS cases. In fact, US government agencies are already using social media services to counteract known propaganda and radicalization campaigns.
Despite its value, DeSMO has the potential downside of providing an adversary with direct data collection opportunities and metadata that would otherwise not be revealed. By engaging in counter-messaging, the actors involved are revealing information about, for example, their own capabilities, location, or system configurations. DeSMO does not play a direct role in terms of cyber operations, but has been acknowledged as a key component of de-radicalization campaigns.
3) Offensive social media operations
As the term offensive itself suggests OSMO are collection of activities conducted on social media platforms which includes active gathering of information, conduct information campaigns, deliver precision cyber effects alongwith to counter, degrade, deny, or destroy an adversary’s social media capability. To meet out such requirements social media’s bidirectional nature is to be used as a vector to target the adversaries through their own social media activity. OSMO can enable any military forces or intelligence agency to spam known actors or networks to increase the overall signal-to-noise ratio within a given social media environment. This more active form of engagement with an account may incentivize the target actor to lash out in response, thereby revealing more direct and indirect information.
Besides remarkable output through IGMO, DeSMO and OSMO by yielding potentially valuable advantages, these benefits are, however, not universal due to some reasons, as — Firstly, social media operations only yield a benefit in conflict areas that already have a high degree of connectedness and social media activity. Trying to use social media techniques in non-networked environments will be of futile effect. Secondly, social media operations are obviously bidirectional, actively using social media might provide unintended benefits to an adversary. Thirdly, social media operations are likely to involve very large networks, requiring a high degree of competency and sophistication to effectively monitor and influence lacking which may be of adverse impact. Fourthly, many social media operations will have to be conducted in real-time or near real-time, and effective operations will require continuous monitoring and response. Finally, there are significant regulatory, doctrinal, and structural issues that must be resolved if social media operations are going to be conducted by military forces or even intelligence agencies. Overall, these limitations restrict the use social media operations but do not eliminate their utility.
Agencies and civilians require more and more data about the internal political events, treaty details, armed strength, intelligence reports, policies, cyber-security level etc. of other nations; and for this we need to extract data through cyber-operations. Cyber-espionage through social media has been evolved with the prolific growth of the fashion of various social media platforms; espionage agents now don’t need to break into any physical structure or run for any memory-chip etc. to collect any valuable data. Consequently the threat landscape for government units, political or commercial organizations and also for the individuals has been expanded alongside the adoption of social media and digital channels— which became inevitable in modern ICT (Information and Communication Technology) age. However, bad eyes of the espionage actors have also taken notice upon the significant information posted on different social media channels as many of these social media platforms lie outside the traditional cyber-security parameters and consequently enabling them to have easy access for any such platform. In recent time the extraction of personal information from someone’s personal/professional profile on any social site has been a huge preference over any other data source as these are the first hand data, generally generated by the user(s) and hence assumed to be authentic.
Analysis of the basic level reveals that both social media operations and cyber operations share some common elements, i.e. firstly, they both rely heavily on building up skilled human trained with some degree of technical or computer knowledge involving some knowledge of computer programme and network effects; secondly, they both involve elements of working in real time; thirdly, they both involve working within limitations set by systems. In the case of social media operations, these limitations are set by the specific platform being used. In the case of cyber operations, the limitations are primarily dictated by the target’s systems and the nature of the specific vulnerability that is being exploited. Fourthly, in almost all cases social media platforms ensure access by default where an actor has direct access to a target or a specific network because it is a built-in property of the platform. For example, social media platforms such as Twitter or Facebook are public by default.
In the case of cyber operations, the key problem is to overcome restricted access. The target in a Cyber Operation is restricting access by default whereas with social media the target welcomes the actor. Similarly, in the social media case the actor wants to magnify and broadcast a message or type of content using network properties. In the offensive cyber case, the actor often wants to conceal and narrow the scope of the operation. Finally, social media operations directly contribute to Cyber Intelligence, Surveillance, and Reconnaissance (Cyber ISR) and Cyber Operational Preparation of the Environment (Cyber OPE)— valuable at the operational as well as tactical levels. Operations can reveal useful information for weaponeering a specific cyber capability against a specific target. Social media operations may also reveal a means of capability deployment against a target’s systems and alternative mechanisms for command and control as well. In addition to these, cyber-operations in social media facilitates us for fortifying organizational and even national cyber borders which will require innovative thinking and a cultural shift for cyber-security and cyber-awareness.
Despite sharing some basic characteristics, social media activity does not translate frictionlessly into cyber capability. Each cyber-environment faces distinct problems and therefore, requires different tools and skills for extraction of data. Social media operations emphasis upon tactical levels and directly contribute to the effectiveness of Cyber Intelligence, Surveillance, and Reconnaissance (Cyber ISR) as well as Cyber Operational Preparation of the Environment (Cyber OPE).
However, there are certain limitations to evaluate an actor’s cyber capabilities ex ante for at least six reasons. First, technology in cyberspace is inherently of dual characteristics as those capabilities are sometimes offensive and defensive on other. Second, physical instantiations of cyber capabilities are rare and counting troops and ammunition do not work well in a cyber-context and even successful cyber operations had never been publicly reported. Third, in some cases there may be intentional disclosure of financial or personnel details revealing about the money allocated or number of human resources working for that cyber-operation in order to dodge the actor by using the technique of ‘cyber camouflage’ used to conceal the real quality and quantity of data and therefore, measuring an actor’s latent cyber capabilities. Fourth, even under ideal conditions there is still a large degree of uncertainty that afflicts operational planning and peacetime bargaining situations. Fifth, a non-state or even a state actor’s social media prowess is not a strong indicator of its technical proficiency for cyber capabilities. States may think strategically about the use of social media in terms of active information-gathering, phishing, spamming, offensive cyber delivery methods, and targeted network degradation may provide a key advantage during conflict.