It was a WhatsApp message that led to the cornering and killing of Muddasir Khan, the brain behind the Pulwama terror attack that killed 40 personnel of the Central Reserve Police Force.
In the first week of March, the Delhi Police picked up Sajjad Khan, a close aide of Muddasir. Aware of the fact that Sajjad was in touch with Muddasir over WhatsApp, intelligence officials used the former’s phone to send a message to Muddasir. Only, the message had a malware link. As soon as Muddasir clicked on the link, intelligence officials obtained his internet protocol (IP) address and traced his location. On March 11, Muddasir and two other Jaish-e-Mohammed militants were gunned down in a joint operation by the Army and the CRPF in Jammu and Kashmir. All the officers involved were applauded by their seniors for their role in, what they called, “one of the rarest of the rare and excellent intelligence operation”.
The demand for spyware—even as the debate over its misuse rages on—among security and intelligence agencies is only growing. “We use a variety of spyware to get ‘actionable intelligence’ inputs,” said a senior officer with the Signals Intelligence Directorate, which is a joint service organisation manned by personnel from the Army, Navy and Air Force. “And while using such spyware, we need to be a step ahead of militants. Otherwise, we would not be able to track them.”
Human intelligence apart, security agencies depend heavily on technical intelligence for counter-terrorism operations. It is said that nearly 70 per cent of the Army’s operations against militants in Jammu and Kashmir suffered owing to restrictions on mobile and internet services following the removal of the special status by the Union government. Moreover, militants and terrorists keep changing their communication channels to cover their digital footprint—they have now moved on from WhatsApp and Telegram to Threema, Tutanota and ProtonMail, and Indian agencies are having trouble keeping a track of them.
According to an intelligence official, Threema, with its end-to-end encryption, deletes messages from servers, leaving little trace and preserving anonymity. Created in 2012, the app became popular after whistleblower Edward Snowden’s leaks about the US National Security Agency’s mass surveillance in 2013. It was learnt that terrorists who targeted the Holey Artisan Bakery in Dhaka in 2016, killing 29 people, were using Threema. Likewise, Switzerland-based ProtonMail is a self-destructing and encrypted email service. It is said that Cambridge Analytica, the data analytics firm that reportedly collected information of millions of Facebook users without their consent, was using ProtonMail to hide its email trail.
The Indian military establishment gets its intelligence from various agencies including the National Technical Research Organisation, the Research and Analysis Wing, the National Security Council and the Intelligence Bureau. The Defence Intelligence Agency controls the Army’s prized technical intelligence assets—the Signals Intelligence Directorate and the Defence Image Processing and Analysis Centre (DIPAC). While the Signals Intelligence Directorate is responsible for acquiring and decrypting enemy communications, the DIPAC controls India’s satellite-based image acquisition capabilities. For the cyber domain, the ministry of defence has raised the Defence Cyber Agency, headed by Rear Admiral Mohit Gupta, to bolster its capabilities to tackle threats emanating from hackers, mostly from China and Pakistan.
However, there have been instances of security agencies misusing its assets. In 2011, a clandestine military intelligence unit called the Technical Support Division was accused of tapping the phones of top politicians and bureaucrats. Headed by Colonel Hunny Bakshi, it was reportedly set up under then Army chief General V.K. Singh, who had taken on the government over his age dispute. The unit was shut down by General Bikram Singh within a month of his taking over the reins from V.K. Singh.
Even the armed forces face constant threats of snooping from enemy nations. The defence ministry had ordered all officials to uninstall more than 42 apps, including Chinese apps like WeChat and Weibo and the Sweden-based Truecaller, as they had been classified as spyware. The advisory was issued after an alert that foreign intelligence agencies, especially from China and Pakistan, were targeting smartphones to steal data. A few months ago, the Army also tweeted a video, alerting its men of Chinese hackers. The video showed how Chinese phone numbers that begin with the digits +86 pop up on WhatsApp groups and extract data on the phone. The defence ministry also keeps issuing guidelines to its personnel about using smartphones and social media groups.
Technology, it seems, is a double-edged sword for our security agencies.