The term “hybrid warfare” is difficult to define. How you define it may depend on how a government views hybrid threats. Hybrid warfare is no longer a subject that is exclusively studied by armed forces; the conversation has widened tremendously to include organizations and individuals who have found themselves targeted by this population centric, military strategy.
In general, hybrid warfare can be defined as a non-singular approach to modern warfare. Meaning, military operations or political strategies can take multiple forms, blending conventional and irregular warfare methods that can originate from armed forces, state and non-state sponsored adversaries. These include cyber and influential campaigns, and targets may not always be military forces.
Definition: Cancel Culture – The modern trend of shaming an individual or corporation.
Cancel culture is arguably one of the most toxic trends on the internet. It can take many forms but typically consists of suppressing the opposition via online shaming, doxing, swatting and harassing the individual, corporation or country who does not comply with the perceived standards in a given region of the world. This trend has spread globally over the years and gained popularity.
So how does cancel culture play a part in military operations, specifically hybrid warfare?
TL;DR – Manipulation via social discord to create a mob mentality that aligns with political strategy.
TikTok is a Chinese video-sharing social network owned by ByteDance that allows users to create and share short form mobile videos. The app was initially released in September 2016 and became one of the most downloaded apps in the United States in 2018. As of 2018, TikTok was available in over 150 markets and in 75 languages.
Recently, however, geo-political events have taken control of the narrative, setting in motion the cancelation of TikTok. The core issue surrounding the app is that, just like many other apps, it collects user data. The owner, ByteDance, is based in Beijing and that is sparking security concerns with many western countries.
For years, researchers, law enforcement and individuals have tried to warn the public about the dangers of TikTok. In 2019, the geo-political tides began to shift as U.S. senators began calling for a federal investigation into the app. Then, in the beginning of 2020, the U.S. Army banned TikTok, and the Netherlands started a formal investigation into the App, citing security concerns. Issues surrounding TikTok continued to pile on through the first half of 2020, including Apple catching TikTok Spying on iPhone users and India banning 59 Chinese apps, including TikTok, Weibo and WeChat.
TikTok is not out of the hot seat yet, as other countries debate whether or not to ban TikTok and other Chinese apps from its marketplace. While this is happening, other countries are similarly restricting Chinese application developers and companies; for example the United Kingdom moved to ban Huawei from their 5G market and the United State imposed visa restrictions on Huawei employees.
As the move to cancel TikTok and other Chinese companies becomes a hard reality in 2020, the owner of TikTok, ByteDance, moved to establish an office in Mumbai in July, despite being banned in the country.
A Case of Hybrid Warfare: China vs India
Throughout the month of June 2020, tensions between China and India dramatically escalated. The two countries have been engaged in a tense standoff since May in the Galwan Valley, a disputed area along the Line of Actual Control, LAC. On June 15, the two sides engaged in a deadly clash in the Galwan Valley, resulting in the death of 20 Indian soldiers. As a consequence, cyber activity has increased, with both non-state and state sponsored actors carrying out a number of operations against each other, including denial of service attacks and defacements:
- On June 18, 2020 OneIndia reported that India had successfully mitigated a Distributed Denial of Service Attack by China. This attack allegedly targeted the country’s financial payment systems according to India’s Intelligence Bureau. The attackers targeted ATM’s, banking systems and government websites with DDoS attacks.
- In an updated article on June 23, OneIndia reported that India’s Intelligence Bureau traced the unsuccessful DDoS attacks back to Chengdu, headquarters for the People’s Liberation Army’s Unit 61398 (a rare failure in my opinion if the attribution if correct).
- On June 19, CERT-In issued an advisory, detailing a COVID-19 related phishing campaign targeting Indian individuals and businesses. This alert highlighted a pending large scale phishing campaign and provided a screenshot of the suspected lure for the campaign. The lure was designed to appear to have originated from local authorities in charge of dispensing government funds for COVID-19 support. The email would have allegedly taken the victim to a fake website where they would either download malware or enter personal/financial information.
- On Monday, June 22, Reliance’s JioFiber experienced an outage that impacted residence in Delhi, Jaipur, Kolkata, Ahmedabad, Mumbai, Hyderabad, and Bengaluru. While the cause of the outage is unknown currently, Reliance did confirm that customers in northern India, as well as other areas, were experiencing an outage. Events such as these, even without attribution during moments of conflict, can emotionally compromise citizens, creating panic and fear that they are under attack from foreign adversaries.
- On Tuesday, June 23rd, a police official in Maharashtra said there had been over 40,000 cyber-attacks on India’s information technology infrastructure and banking sector over the previous 5 days. These attacks leveraged Denial of Service, Hijacking of Internet Protocol, and Phishing.
As the blend of conventional and irregular warfare continues, both sides are starting to publicly move away from conflict, relying on a hybrid variation of tactics and techniques, including the indirect support of non-state actors, cyber activity and information/influential campaigns to achieve their objective, while projecting political instability and preventing people from suspecting government involvement by stimulating and manipulating hatred and division.
Very Real Dangers
Hybrid warfare and cancel culture can be a dangerous thing when combined. By over stimulating citizens with narratives of hatred and nationalism, governments are creating a form of cancel culture and pride that will inspire patriotic hacktivists to act against opposing sides.
Technology can provide a more immersive and rewarding experience for users around the world but as more governments and processes become digitalized and controlled, we may see more forms of hybrid warfare, where unconventional targets such as corporate networks and citizens become the center of attention for population-centric, military strategies.
How to Protect your Organization from Hybrid Threats
This is a very challenging question, considering corporations and individuals could be among those targeted by non-state and state sponsored hackers. In general, any machine connected to the internet will present some form of a risk for those managing the security of a targeted network. These are risks that both nation state hackers and patriotic hacktivist will take advantage of.
One of the biggest concerns around political events lately is the loss of connectivity during pivotal moments that result in the loss of visibility of real time data to the public. Moments like these can damage a country’s reputation by projecting an image of instability due to degradation of services. For example, every time a social network in the United States goes down, some immediately suspect the event is related to a nation-state attack.
While attribution is difficult in general, hackers will use these moments of uncertainty and opportunity to their advantage to destabilize a government by promoting a strategic political viewpoint of projecting instability. Adding to the confusion of an attack, attribution of a hybrid threat can be almost impossible, making it difficult for certain victims to determine if an attack originated from an individual or a nation-state.
In general, protecting your organization from nation-state attacks and hybrid threats starts with awareness and education. This means researching and understanding your company’s exposure to and association with geopolitical events. While some corporations are targets of persistent campaigns, others suddenly find themselves the target of an attack in relation to a breaking or current political event.
If you are concerned you may be a target of a hybrid threat or a nation-state attack, take the time to review your network and geo-political exposure. Maintaining and inspecting your network along with monitoring the political landscape can help you prepare for pivotal moments when global conflicts impact your network and application availability.