A shout out for 'Whistleblowers' to expose misuse of 'Tek Fog' app

The Prime Minister’s own Twitter handle was hacked in December. This week the official Twitter handle of the Ministry of Information and Broadcasting was also found to have been hacked.

While the PM’s handle was used to promote a Crypto currency, Bitcoin, when speculation was rife that the Government would introduce legislation in Parliament to regulate crypto currencies (it didn’t), hackers renamed the I & B Ministry’s official handle ‘Elon Musk’.

But typically, the Government has not reacted to the breach. No explanation has been offered on how the breach occurred and if any attempt has been made to track the culprits. The Government’s silence therefore on allegations of large-scale digital manipulation by using a ‘private app’ Tek Fog made following an investigation by digital news portal The Wire has come as no surprise.

The investigation, however, drew attention internationally but the experts did not evince any surprise.

• India’s IT Cells are to public discourse what ballot box stuffing is to fair elections. I deeply hope India remains the world’s largest democracy but the Indian government seems increasingly inclined to learn from the neighbouring People’s Republic of China.

-Facebook Whistleblower Sophie Zhang

• I used to say that India is a lab for this kind of thing. What you see in India will arrive in Europe and other parts of the world in a few years. Yes, you should be scared.

-Baptiste Robert, French Ethical Hacker

Both Zhang and Baptiste were reacting to the ‘insane’ story of manipulation in ‘Digital India’ reported by The Wire. A week after the three-part report was first published, the Government or IT Ministry are yet to react.

Maharashtra’s Minister of State (MoS) for Home and Information Technology Satej Patil however tweeted this week, “I am astounded by the silence of the GoI & IT Ministry over the #TekFog expose.”

He went on to add, “A political party is using an app for mass targeting and harassment of Indian citizens and journalists, especially women journalists, hacked into inactive WhatsApp numbers of Indian citizens. This is a global shame to our democratic country! I request @GoI-Meity, @AshwiniVaishnaw to go beyond party lines and take impartial cognizance of this issue at the earliest.”

The story published by the portal between January 6 and January 10 alleged manipulation of social media trends on an industrial scale, hacking and hijacking of WhatsApp accounts, remotely accessing phones and storing personal data of unsuspecting citizens without their consent or knowledge.

The investigation was apparently triggered by a whistle-blower who claimed to have worked with a tech firm since 2014 as a ‘social media manager’. The whistle-blower first flagged the issue in April 2020, the report claimed. Apparently paid a pittance, the whistle-blower was promised a ‘lucrative government job’ if BJP returned to power in 2019. When the job did not materialize, the disgruntled employee quit and shared on social media how a secretive, ‘private app’ Tek Fog was being employed to hijack data and manipulate trends to favour the BJP.

The secret app was able to bypass ‘recaptcha codes’, hijack Twitter’s trending section and Facebook trends with targeted hashtags, creating and managing large number of WA Groups and ‘directing online harassment’ of dissenters and journalists.

The app was used to generate temporary email addresses, activate phone numbers and bypass programming limitations and ‘email and OTP verification’ set by Facebook, WhatsApp, Instagram, Twitter and Telegram. It was also used to hijack inactive WA accounts and use the phone numbers to send messages to their contacts.

The app was also being used to create and maintain a ‘cloud based’ political database with personal details of people—dissenters and journalists—including their political inclination, physical attributes, language proficiencies etc. besides their age, gender, religion and occupation.

Accessing the app’s dashboard, the investigators found, required not one but three ‘One Time Passwords’ to log in. It was also protected by a local firewall. What was even more sinister, they discovered, was users could delete all existing accounts created and maintained by the app, literally running into millions, “at a moment’s notice”, removing all incriminating evidence.

A Nagpur based tech company, Persistent Systems, and another tech company Mohalla Tech Pvt Ltd., which maintains Sharechat, stand accused of using and maintaining the app for the Bharatiya Janata Yuva Morcha (BJYM). While both companies refused to answer questions or comment on the The Wire’s report before it was published, after publication they both issued statements denying any knowledge of or involvement with the secret app. They also denied any wrongdoing or any connection with BJYM. Both the companies have, however, enjoyed patronage by BJP governments at the Centre and in states.

Ayushman Kaul and Devesh Kumar, who carried out the 20-month investigation for The Wire, have put out an appeal to those who work or worked in the past for Persistent Systems, Sharechat or Mohalla Tech. “If you have used or know more about the app Tek Fog, get in touch at tekfog@protonmail.com with details.”

The problem is that there is always bad tech for good tech, says leading cybercrime investigator and cybersecurity consultant Ritesh Bhatia. “The Tek Fog App is just one of the many out there and there are many such Apps which are being increasingly used as a cyberweapon and not a digital tool. It is not being used for the right thing and that is what makes the issue a whole lot more serious,” he says. According to Bhatia, three things need to be done to take care of things. One, the archaic IT Act has to be reworked since it provides not strict enough action for trolling, cyber bullying etc. A cyber harassment law therefore has to be enacted.

Two, people should be vigilant and not trust what they hear and see since information, news and data are being manipulated on an industrial scale; and third, the top echelons of the government, the leaders, must intervene.

Most tech experts believe that only an investigation can unravel the extent and nature of the manipulation. “Right now, we don’t know enough of what has happened. We only have some evidence through some leaks, and know that this system exists. We only know some part of it. Unlike the Pegasus case where a Supreme Court-appointed committee is looking into it, there is not much noise here,” points out independent cyber security researcher Srinivas Kodali.

Several MPs including Derek O’Brien in the Rajya Sabha and Adhir Ranjan Chowdhury in the Lok Sabha have written to the chairman of the Parliamentary Standing Committee attached to the Ministry of Home Affairs, Anand Sharma, to convene a meeting to discuss the report. But the absence of clinching evidence and the Government’s refusal to accept anything is amiss, experts feel, make chances of an investigation by the Government remote.

However, in their letters to the Standing Committee chairman, Members of Parliament pointed out that the exposé had shown that the Tek Fog app allowed users the ability to hijack WhatsApp accounts of citizens, remotely accesses inactive accounts in their contact lists and to use the inactive numbers to send targeted messages to all their contacts.

The application can automate the sending of WhatsApp messages, flooding social media with misinformation and fake news, misleading citizens, and manipulating political narratives. The Wire report claimed it was used to send abusive messages to several women journalists. ''Use of such manipulative technology is a threat to national security, free speech and unfettered media, and to the citizens' privacy and safety,” the MPs pointed out.

The last word from an ethical hacker. “This is manipulation on a large scale. We need journalists more than ever. We need whistleblowers more than ever… Politics is for people, not to mislead or manipulate them.”

(This article was first published in National Herald on Sunday)