It is said the truth is often stranger than fiction, and such is the case in India where a “honeytrap” was sprung by an Indian adversary who successfully leveraged social networks to acquire state secrets from India’s DRDO. Seemingly innocent chats with tools like WhatsApp can put cleared personnel in the crosshairs of a honeytrap.

DRDO the target

India’s Defence Research and Development Organisation (DRDO) has multiple missile test ranges and is responsible for the research, development, and testing of weaponry for India. The integrated test range (ITR) located in Chandipur – is where India most recently tested their ballistic missile, “Prahar” from test pad three.

WhatsApp and Messenger USed to Set The honeytrap

The antagonist is a “female”, who said she was “resident in Liverpool, UK originally from Rajasthan.” Her efforts began in February 2020. Armed with a multitude of personas – seven in total – she ensnared her targets. To some she was a nurse, to others a member of the Indian defense staff, she was who they wanted her to be. She used both English and Hindi in her engagement; chatting  with her targets using Facebook messenger, Instagram, and WhatsApp and had regular voice and video calls with two of the arrested.

Her targets were infatuated with her. This infatuation fogged the counterintelligence warnings of foreign adversary interest in DRDO. The infatuation also gave her the upper hand in the personal relationship which she leveraged. We can only imagine the content of their video exchanges, which resulted in her proposing marriage to two and inviting a third to one day come to her home in Chandipur for a “visit.” What we do see is a dosage of tradecraft, in her exercising operational control over her targets – how they communicated, how they received money, and what information they provided to her.

1. Communications

She used a UK SIM card and directed the accused to acquire separate SIM cards, not associated with their persona, for those instances they spoke to her.  This technique was an attempt to avoid detection by the counterintelligence entities within India monitoring communications from India abroad of those individuals with access to national defense information/facilities.

2. Money

In addition, investigators have identified at least one of the arrested received money (38,000 Indian rupee – US $513) split across multiple deposits so as to avoid attracting attention. The money was sent from abroad, via a Dubai bank, not in and of itself unusual given foreign remittance is a regular occurrence from those outside India. (NB: $513 seems like a paltry amount to commit espionage, put in the context of the average month wage for an air condition tech in Chandipur is US$347, it isn’t so paltry.)

3. Reporting

What did they compromise? Four of those arrested in mid-September were individuals working on air conditioning and generators at ITR test pad three. These individuals had physical access to the facility and thus were able to provide low-level observational  data. The fifth was the driver for the director of the facility and provided an overview of the daily movement of his principal.

The case unraveled when one of those she compromised used their SIM associated with their persona to call a foreign number – remember, her SIM was registered in the UK. This was picked up by the counterintelligence monitors/investigators and the investigation revealed the relationship with the unidentified woman. What followed was good, old fashioned investigative work, which eventually revealed her multiple personas and contact with others. While court records are not readily available from India, it would not be a stretch to assume call data records, message/text logs, and forensic dives into devices occurred and allowed the unwinding of the latest honeytrap target defense secrets.

Pakistan’s ISI is persistent

India’s law enforcement has not been able to confirm the adversary with 100% certainty, though the finger pointing is directed squarely at Pakistan. As Pakistan’s ISI is persistent in their targeting of India – three recent examples:

  • On September 16, an individual was arrested in Rajasthan for gathering information and taking photos at an Indian Army camp. The arrested individual delivered LPG cylinders, using the ability to move about the base to provide ground level reporting.
  • On July 15, an individual was arrested in Delhi possessing sensitive maps and documents from the Indian Army, with the intent to provide them to ISI. The individual had a history of travel to Pakistan.
  • In February 2021, a DRDO photographer, Ishwar Behara, was sentenced to life imprisonment for espionage. Behara had taken photos within the restricted area at the ITR and passed those photos over the course of 8-10 months to the ISI – Pakistan’s Inter-Services Intelligence (ISI).

The takeaway? The honeytrap is alive and well. We saw it used in 2017 when Hamas created a bevy of Facebook personas, all of which were wily females, against the Israeli Defense Forces. The Hamas-IDF op worked in much the same way manner which the operation unfolded against India’s DRDO in 2021. Prudence dictates FSO’s meld these stories into their CI briefs, as the internet touches each of us, and the United States has adversaries who also have the ability to reach out and touch their target’s of choice,  with individuals crafted to be the perfect match.

 

Related News

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008). He is the founder of securelytravel.com