The devastating 9/11 attack put the global intelligence community in overdrive and forced agencies to reform and retool in order to fight international terrorism. The US Congress, for instance, spent billions of dollars to support the transformation of the CIA and other components of US intelligence. Following the 26/11 Mumbai attacks, India’s security architecture too underwent changes and has since been able to unravel numerous terror plots.
But the world today is confronted with security threats that go beyond terrorism.
In 2018, it was reported that a senior IAF officer was sharing sensitive information with two women he had befriended on Facebook. It was later discovered that he had been honey-trapped by a spy agency that was using fake social media profiles. Certainly, the officer knew that he was acting against the Official Secrets Act. But the incident itself is a testament to how technology can be and is being used for espionage. Since then, many such cases have been reported. It is near impossible to identify the different ways in which technology can pose a threat to intelligence agencies.
While the top brass can issue orders to be mindful of sharing sensitive information with strangers on the internet, it should be the mandate of the RAW, as India’s primary external intelligence agency to train its workforce to identify such threats and employ strategies to mitigate them. Simultaneously, the RAW should also see how it can best use emerging technologies to achieve its goals.
There is still no evidence of the adversary breaking into the top-level in India and reported episodes to show that honey-trappers usually try to spread fake news. That, however, is no reason for India’s intelligence community to not break out of the status quo.
In the context of India, the RAW was the first intelligence agency to recognise the need to have a technical cadre, which included officers in surveillance tasks such as satellite monitoring, terrestrial monitoring. Unfortunately, it has not been able to match the rate at which technology is progressing. This asymmetry leads to the state being responsive, not proactive.
New technologies will likely be integrated into the functioning of the Intelligence Bureau under its new leadership. This should be the approach of the entire intelligence community in India, regardless of jurisdiction or mandate.
If anything is to be learnt from the 26/11 Mumbai experience, it is that intelligence agencies must stay ahead of the curve, adapt to these rapid shifts and not jeopardise the nation’s first line of defence.
Also read: RAW needs to become more like CIA, and move away from IAS & IPS
Scary world of AI
Not just social media, the application of emerging technologies like Artificial Intelligence (AI) is rapidly changing the nature of threats that countries today have to tackle. WIRED carried a story on extended corporate espionage and how Chinese hackers were able to gain access to Boeing’s military transport planes. This is just one instance in which technology was used as a tool of intelligence. The world is yet to fully understand the influence of Russia’s social media platforms on the 2016 US presidential election. Episodes like these beg for a change in the approach to national security. Not just nations, even non-state actors such as ISIS has weaponised social media in a manner that was unheard of previously. As far as we know, India has thus far been successful in mitigating threats of such scale.
Technology like AI can make it near impossible to break into the adversaries’ networks. Earlier this year, Elon Musk’s ‘Open AI’ created an AI application that excelled at mass-producing fake news. The AI was so good at generating misinformation that the company decided not to release it. Similarly, AI-based generative adversarial networks (GANs) can be used to generate entirely new human faces and have them target powerful networks for information.
Spies have actually already used AI-generated social profiles to connect with their targets. A fake LinkedIn profile made under the name Katie Jones had made high profile connections in the US administration. This included “a deputy assistant secretary of state, a senior aide to a senator, and an economist being considered for a seat on the Federal Reserve”. Emerging technologies are levelling the playing field and increasing the demands made of intelligence agencies.
Also read: RAW officials are being given pink slip because of an archaic British-era appraisal process
What should RAW lookout for?
A common theme in tech-based intelligence attacks is manipulation of information networks. This was on full display in the Facebook and Cambridge Analytica scandal and in the Katie Jones case – both of which beg the question: what should India’s intelligence agency RAW look out for?
AI-driven espionage and threats can be carried out remotely with limited resources. Moreover, because of the rate of advancement in technologies, threats evolve at a rapid pace. Since platforms such as Facebook do not have a clear deepfake policy or one on AI-generated content, these tools of misinformation can be deployed at scale without little warning. Moreover, even when you manage to completely debunk a piece of dangerous content, it does not mean that it won’t be shared further.
A technical solution to a technical problem is obvious, but not sufficient. Because the algorithms learn by competing with each other, any deepfake detectors are unlikely to work for long before being outsmarted. This makes the role of human agents in intelligence indispensable, regardless of the scale of the advancement of technology.
The elementary solution to this is two-fold. First, India’s RAW should train its workforce so that it is able to harness technology to the agency’s benefit. Analysts and field operatives should have a foundational knowledge of emerging technologies and how they can potentially threaten national security. The National Technical Research Organisation (NTRO) is an excellent agency and can fill the gap for RAW, so that there isn’t a need for officers to go deep into the technical know-how. But elementary knowledge should be mandatory.
Also read: India must make Intelligence Bureau responsible for countering terrorism, not RAW
Second, the agency should not shy away from suitably collaborating with experts in matters that require deep subject knowledge. The RAW, like its counterparts across the globe, is being forced to move faster, but sometimes this comes at the cost of digging deeper. This is because the RAW needs to scan an expansive landscape, now including the online landscape, to monitor and collect information, while also processing and analysing it to actionable items.
Combining intelligence with data from other government sources like the NTRO and open-source information can minimise the uncertainty and miscalculation that were previously unavoidable in espionage. Some of these capabilities are available in the open market. For instance, facial recognition software—mostly developed by private companies—allows governments and law enforcement agencies to store and search vast numbers of faces. There are a plethora of existing systems that can simplify the work of intelligence agencies while reducing inaccuracies.
Shibani Mehta is a Policy Analyst at the Geostrategy Programme of The Takshashila Institution. Rohan Seth is Policy Analyst with the Technology and Policy Programme of The Takshashila Institution. Views are personal.
India has no shortage of cybercriminals whom the GOI has conveniently left alone with the exception of limited action when there is an uproar in the US or Britain. The “Shadow Brokers” ransomware attacks and hackings were traced to India (the name shadow broker translates to a woman’s name Chhaya Dalal, whatever the reason why criminals chose that name) as are nearly daily phone frauds run by what India conveniently calls “fake call centers.” Is RAW aware of which unemployed programmer (s) in India would be open to being hired by Chinese or other foreign intelligence to steal Indian secrets from within? It would be far easier for the Chinese to hire Indians and make them do their dirty work for example, while also using apps, China assembled phones and computers, and Chinese modems, exchanges and other telecom equipment to spy on India. You might be surprised at how much easier this would be compared to using AI or other technology instead. I understand that the prevailing mood in India is that phone criminals and cyberfrauds ought to be dealt with mildly because they are “our boys” who are only cheating the hated goras and NRIs. That would change very fast when these crooks take on Indians and on government agencies for external enemies. Trusting a criminal to not harm you because you let him / her thieve from foreigners is the same level of stupidity as Churchill’s proverbial point about feeding a crocodile in the hope that it would eat you last. If India does not deal with the enemies that live inside the country, it will have n one else to blame when cataclysm hits it from within as well.
Elon Musk Left openAI around 7 months back and hasn’t been part of OpenAi for more than 1 and half year. So it is not Elon Musk’s OpenAI