Royal Air Force servicemen have reportedly been tricked into revealing military secrets on dating app, Tinder. Sources within the air force told the Mail on Sunday that the scam had led to information being given to an unidentified third party.
The agent is alleged to have posed as a female colleague by hacking into the Tinder profile of an RAF servicewoman and manipulating several men; at least one attempt is known to have been successful.
Social Engineering Risks
In an internal memo obtained by the Mail on Sunday, air force security advisers warned personnel about the growing risk of online social engineering and “online reconnaissance against social media profiles”.
Social engineering is a growing cybersecurity risk which sees individuals manipulated or coerced into divulging sensitive information. Individuals across a number of sectors are increasingly falling prey to sinister figures posing as friends or prospective love interests.
The memo noted that service personnel are now at risk of being targeted by “skilled and convincing operatives” who look to obtain classified or confidential information.
As of yet, it is not known who was responsible for the social engineering attack. However, the internal memo suggests that information pertaining to British military operations and its capabilities are prime targets for “hostile state and non-state actors”.
The attempts took place just weeks after several of the UK’s newest military jets arrived in the country. The F-35 Lightning II stealth fighter is the UK’s newest generation of high-tech fighter jet.
Long-term, the UK plans to purchase over 130 of the jets from US company, Lockheed Martin.
The RAF has denied that any information to do with F-35 jets was given up as part of the sting.
Lisa Forte of Red Goat Cyber Security believes that as organisations continue to invest in technical defences, attackers are turning to new methods such as social engineering – which is now one of the fastest growing attack vectors.
In order to defend against this, she said, training is key.
“There are only really a handful of effective defences against social engineering. The most important is training. This needs to be good quality, face-to-face training that focuses on social engineering. This will help protect staff at work and in their personal lives and show them what a valuable resource social media can be for attackers.
“Finally, you need to establish a culture where staff feel safe to report mistakes or strange behaviour of their colleagues. The sooner you know someone is targeting your staff the better.”
Forte noted that social engineering not only affects an organisation, but can have damaging effects on the individual victim.
She said: “I have worked on cases where hackers and competitors have employed sophisticated social engineering campaigns to steal pretty much anything of value. It is not just the victim organisation that suffers the consequences though. I worked on several cases where the targeted member of staff was left needing counselling and in one case, had to be sectioned.”