The femme fatale is as old as war itself. The “woman” who can lure men to reveal all has been a strategic weapon that has evolved so much that you don’t even need a real female to do it now. On January 11, the Israeli government announced that the Islamist group Hamas had gained access to the mobile devices of dozens of its soldiers using online honey traps.
The Israeli government said that Hamas operatives, posing as women, sent unsolicited messages to Israeli soldiers on Facebook and other social media platforms to strike up relationships. The operatives then enticed the soldiers to download little-known apps on the pretext of conducting video calls. The operatives would then immediately break off contact. The apps apparently downloaded malicious codes onto the soldiers’ phones, turning them into tracking devices.
The Israeli government investigated the Hamas operation when some soldiers complained about it. The Hamas operatives had allegedly asked for details of their military activities. While Israel claims no military secrets were compromised, the Hamas operation highlights the risk of online honey traps.
In December 2015, an IAF maintenance officer deployed in Punjab was arrested for allegedly providing secrets to a woman he met via social media. The woman, who made contact with the officer on Facebook, claimed to be a journalist with a British magazine. They corresponded via Facebook, Viber and WhatsApp for nearly three years. The officer reportedly provided details of aircraft and troop movements to the woman, whose IP address was tracked to an ISI base near Peshawar.
In August 2014, a subedar in the Indian Army posted in Hyderabad was arrested for allegedly passing on information about troop movements and military exercises to a woman Pakistani spy he met on Facebook. The spy had befriended him using an alias and claimed to be associated with an NGO working with the military. The woman made several cash payments to him and sent him explicit pictures to build trust.
As early as 2010, Indian intelligence agencies suspected that Pakistan may have trained up to 900 spies to honey trap Indian officials and politicians. The ubiquity of smartphones and social media has arguably made that number redundant. Trojans and worms can infect individual devices and leak information without triggering firewalls, while conversations conducted using VoIP are very difficult to track. In addition to state actors such as the ISI, online honey traps could also be used by militant groups given their relatively low cost and risk of detection.
Another potent threat is the use of such methods by arms dealers to build relations with, and blackmail, officials. In 2011, the Indian Navy dismissed a commodore who was in charge of inspecting the Admiral Gorshkov aircraft carrier (presently the INS Vikramaditya) after a CD of him with a European woman surfaced. Officials suspected that the commodore was honey trapped into underreporting the extent of renovation work on the ship, which tripled to $2.3 billion from initial estimates.
While the Indian military follows strict protocols on its internal communications, keeping watch over the personal devices of lakhs of its personnel is also increasingly becoming a prerequisite. The risk is compounded by the rapid growth of “budget” smartphones, mostly from Chinese manufacturers and that have minimal protection against spyware. Social media is proving to be a battlefield in itself … one that cannot be ignored.