Nato troops hooked by ‘catfishing’ con give up sensitive info
Their own bosses set up fake Facebook pages to persuade soldiers to give up secrets
Nato troops have been persuaded to reveal sensitive details about military manoeuvres and even abandon their posts in a clandestine social media operation launched by their own side.
More than 150 soldiers were snared in the “catfishing” trap – creating fake identities on Facebook and Instagram to manipulate them. A secret “red team” based at Nato’s StratCom Centre of Excellence in Latvia targeted the troops as they took part in a scheduled military exercise “in an Allied country”.
StratCom’s report did not reveal which of the 29 Nato countries was subject to the test. However, the report has been presented to Congress in Washington. It detailed how operatives set up fake social media pages, luring soldiers into closed Facebook groups, where fake accounts then asked them sensitive questions about the military exercise they were involved with.
The operatives were able to obtain information from the soldiers, including location of battalions and troop movements. They even got hold of material that could have been used for blackmail, such as finding married soldiers who used dating sites, and persuaded some to engage in “undesirable behaviour” such as leaving their positions.
StratCom carried out the “catfishing” project for a month, which also showed how slow Facebook was to shut down fake pages. The entire operation cost just $60, demonstrating how easy it would be for Russian agents to do something similar.
Nato officials said a decision to launch the secret study was taken in the wake of the Cambridge Analytica scandal, and Mark Zuckerberg’s appearance before Congress in April 2018, which highlighted how easily individuals’ data could be harvested.
The report said: “Overall, we identified a significant number of people taking part in the exercise and managed to identify all members of certain units, pinpoint the exact locations of several battalions, gain knowledge of troop movements to and from exercises, and discover the dates of active phases of the exercises. The level of personal information we found was very detailed and enabled us to instil undesirable behaviour during the exercise.”
Instagram was found to be a valuable source of time-sensitive information, and Facebook’s “suggested friends” function was highly useful in identifying other soldiers taking part in the exercise. StratCom obtained personal phone numbers and e-mail addresses for soldiers in “high-value” units, and photographs of their equipment.
The social media companies had “varying degrees of success” tackling the operatives, with some fake profiles and Facebook groups never closed down.
The report concluded that social media being used to gather mission-sensitive information would be a “significant challenge for years to come”.
Lord West, the retired Royal Navy senior officer who was a security adviser to former UK prime minister Gordon Brown, said he hoped servicemen would know the perils of loose talk online. “Clearly one always has to be aware online who exactly you are speaking to,” he said. “There are certain things you don’t talk about online, even to friends, let alone people you don’t know.”
Last month it emerged that Pakistani intelligence agents have been adopting female social media personas to “catfish” Indian soldiers, inducing them to divulge operational information.
– © The Sunday Telegraph