War with digital tools: Hybrid warfare and the damage it can inflict

Much of hybrid warfare is deniable. If a hacker takes down a public asset, it is hard to prove he was acting on behalf of a foreign government

A big-data firm linked to the Chinese government has been tracking India’s top leaders and public personalities, a collaborative investigation points out. The firm is reportedly engaged in hybrid warfare — a war waged away from borders but nevertheless with the potential to inflict serious damage. Here’s a look at what it is and how it can play out:

What is hybrid warfare?

War, according to the Prussian theorist Carl von Clausewitz, is the continuation of politics by other means. Hybrid war does this in new ways. Shorn of the jargon, hybrid warfare uses digital tools to do a variety of things in the political, economic and technological spheres. 

One method is to mount surveillance on influencers, and thus gain an understanding of how they respond to multiple situations. Second, there’s the use of digital tools to manipulate public opinion, like influencing an election, or a referendum. Third, it can be used to cause direct damage to public infrastructure. One great advantage: much of hybrid warfare is deniable. If a hacker takes down a public asset — say, a power grid or a communication network — it is hard to prove he was acting on behalf of a foreign government. 

How can surveillance of influencers translate into hybrid warfare? 

Blackmail is useful. Few politicians are snowy-white clean. There are persistent rumours that Russia is in possession of dirty secrets about the current US president and that this has led to US soft-pedalling diplomacy vis-a-vis Russia. Similar rumours abound about the judiciary. Also, the knowledge that Politician X is, for example, close to a numerologist, or a masseur, or a spiritual leader, can be useful if you can access the numerologist, or the spiritual leader. 

Beyond this, it is possible to build up behavioural profiles: What will Politician X do in a given situation, if you know their actions, 24x7, in many situations?

In what ways can hybrid warfare manifest itself? 

One way is to influence election results. If you have, for example, data about the preferences, tastes, incomes, spending habits and so on of a sizeable population, you can micro-target election campaigns to pick up votes. The Brexit Referendum and the 2016 US presidential elections were clearly subjected to malign versions of such influences. 

It is possible to build up databases, gathering data from many different sources, both public and private. For example, electoral rolls and results are public information that can be downloaded by anyone. If those are tied to Facebook, credit card, debit card, location, Twitter and Instagram data, profiles can be built of individuals comprising entire electorates. 

How can hybrid warfare cause active damage?  

Modern nations rely on digital systems to deliver governance. Most modern infrastructure is “smart” and digitally managed. This is increasing as Internet of Things (IoT) catches on and more devices, living spaces and offices become “smart”.  All smart infrastructure is vulnerable to cyber-attack. 

Apart from telecom networks, power grids are especially vulnerable. Modern grids must use a mix of power from different sources with different intermittency, voltages, etcetera. Since they are very “smart”, they are also very vulnerable. 

Grids have been hit multiple times in multiple places. The first time was in 2015, when the east Ukrainian power grid was knocked out by a cyber-attack attributed to a Russian hacker group. It may have been coincidental, but at the time there was an armed conflict between separatists backed by Russia and the Ukrainian government forces. 

Earlier, in 2008, Georgia and Russia engaged in a short shooting war over separatist Georgian provinces such as South Ossetia. Again, it may have been coincidental, but the entire Georgian internet went down, making it near impossible for the Georgian government to function. 

At almost the same time — 2009-2010 — a very sophisticated and malicious worm called Stuxnet propagated across networks everywhere. It’s estimated that in India alone up to 8 per cent of all computers were infected. The worm did no damage whatsoever, except to centrifuges used in Iran’s nuclear programme. It destroyed at least 20 per cent of Iran’s nuclear centrifuges, issuing instructions that made them malfunction. It’s believed that this worm was a joint Israeli-US effort, but again deniability applies. 

Ransomware has been used to extort money from hundreds of municipalities and other public infrastructure in the recent past. The cyber attacker encrypts servers containing vital data and asks for money to decrypt. In a hybrid warfare scenario, the hacker may simply encrypt the data and disappear. India’s Aadhaar database could, for example, be a prime target for such an attack.