February 13, 2022

TekFog – BJP Automating Hate

Bappa Sinha

AN online news portal The Wire has recently published a three part investigative report on a sophisticated secret app called TekFog. This is used by BJYM’s (the youth-wing of the BJP) IT Cell to automate its online hate campaigns. According to the investigation, the app can “hijack” WhatsApp accounts of people without their knowledge or consent, and use these accounts in automated campaigns. These campaigns consist of sending hate messages on social media platforms such as Twitter and Facebook and even morph URLs of Real News stories to redirect the readers to Fake News stories.

It has been well known for a while that BJP had invested huge sums of money to build a vast online social media troll army which it uses to spread its divisive misinformation campaigns, and to troll and abuse voices opposed to the BJP and the Modi government. What is new about these revelations is the sophistication of the tools at their disposal, hacking of WhatsApp accounts, automate their trolling activity at scale and the active connivance of corporate houses in enabling these tools to help the BJP’s troll army.

One of the most alarming things about the TekFog app seems to be its ability to hijack WhatsApp accounts of private citizens. This is done by sending a video or image attachment to the targeted WhatsApp account from an unknown contact. This file contains malware, which gets activated when the targeted person clicks on the attachment. At this point the target WhatsApp account gets compromised and can be used by TekFog operatives. The malware also downloads the entire contact and other personal information of the person to the TekFog servers. Also, the activity status of the targeted WhatsApp account is also monitored from the TekFog app by the IT Cell operatives. Once the activity status of the account becomes ‘inactive’, the account becomes available to the TekFog operatives to send messages to the contacts of the account and anyone else. All this is done without the owner’s knowledge.

The choice of using the account only once it becomes ‘inactive’ is a practical one and not a technical limitation, as sending fake messages while the owner still actively uses the account might raise suspicions. This type of attack is in some ways similar to that employed by Pegasus. Though Pegasus attacks are more sophisticated – they are zero click attacks –meaning the no clicks are required by the targeted person to install the malware as opposed to the person requiring to click on the attachment in the case of TekFog.

Another feature of the TekFog app is the ability to trend hashtags and topics on Twitter. Topics are supposed to trend on Twitter when a lot of people spontaneously post on a particular topic within a short period of time, for example when a real breaking news happens. Ability to manipulate this trending feature on Twitter is coveted by social media teams as it can then be used to amplify their narrative and also often these trends drive the mainstream news reporting. The TekFog app has the ability to make automatic posts, tweets and retweets on Twitter and Facebook from accounts controlled by the app. The app can control hundreds and even thousands of such accounts. So, a single TekFog operative could automatically generate thousands of posts from a large number of different accounts in a very short period of time, leading to the hashtag or topic being pushed by these posts to trend on Twitter.

It was always well known that BJP IT Cell routinely gets their communal and fake news topics to trend on Twitter using their troll army. These revelations make it clear that the BJP can trend topics with a relatively small number of operatives using the TekFog app. The number of tweets or retweets are not from real people but TekFog operatives using the app. While the accounts controlled by the app could be accounts of real BJP IT Cell members handed over to TekFog with their consent, it appears the app also has the ability to create “temporary” email addresses, activate phone numbers and bypass captcha code to automatically create thousands of fake accounts on social media platforms such as Twitter and Facebook.

This ability to auto-post from multiple social media accounts is used for another very pernicious activity – trolling and abusing those critical of the BJP/RSS, especially women journalists active on social media platforms. The app has access to a cloud database of people critical of BJP/RSS including students, activists, journalists, comedians, etc together with their personal information such as religion, language, gender, sexual orientation, age and in some cases physical attributes such as skin complexion and other personal attributes. This information is then used to specifically target individuals for trolling and abuse based on their characteristics, from multiple accounts on Twitter by replying to their posts. The replies use abuses, threats or derogatory misogynist phrases kept in google sheets linked to the app. The most frequently targeted individuals are, predictably, women and Muslims.

Yet another feature of this sophisticated app is the ability to add code to the URL of an existing published real news article on a mainstream platform which would result in the unsuspecting user getting redirected to a similar looking but fake news article on a different website. This exploit is in some ways similar to URL injection attacks used by hackers to break into websites and probably takes its inspiration from such well known modes of attack.

As we can see, the TekFog app is effectively a cyberweapon which is being actively used by people affiliated with the BJP on a daily basis in order to further its agenda and silence its critics. The creation of such a tool clearly requires a high level of technical sophistication. The Wire report points to the involvement of a publicly traded Software company – Persistent Systems – in the development of this app. According to The Wire report, a source working in the company shared screenshots of internal documents confirming active development of the app by the company. Persistent Systems heavily invested in acquiring government contracts since 2015 and their executives have publicly boasted about being 'bullish on government spending on information technology to give a boost to its revenues'. Persistent Systems ended up landing a massive contract to build a digital data hub that would record, store and process health information across ten Indian states. If Persistent Systems is indeed working with BJP’s troll brigade and helping automate their tools, the availability of private personal data of people through Persistent Systems’ access to the digital data hub is dangerous for people’s privacy.

The social media companies such as Twitter, Facebook and an Indian company called ShareChat also seem to be complicit in allowing such activity on their platforms by turning a blind eye to these activities which clearly have been happening on a well organised basis and on a large scale. These platforms typically have systems in place to detect automated activity, referred to as bot activity, and to shut them down. And yet all these platforms failed to any take action on such activities which have gone on for years.

The TekFog investigations show that highly sophisticated tools are being employed by the ruling party to engage in hate speech and misinformation and in silencing its critics through online trolling, abuse and threats. This is illegal and amounts to cyber warfare against the country’s citizens. And all this is being done with the active or tacit connivance of tech corporates and social media companies. The general public needs to be educated of these nefarious activities and we at the same time need to demand legal action against the ruling party and also the corporates who have enabled them to acquire and use such cyber-weapons on our own people.