Secret information about F-35 fighter jets in service with the RAF came within an inch of being compromised after a hacker succeeded in honeytrapping an RAF airman through the compromised Tinder profile of an RAF airwoman.
The airwoman's Tinder profile was used by the hacker to get in touch with an airman and then to lure him into divulging details about the F-35 fighter jets, 48 of which have already been purchased by the UK and four of which landed at the RAF Marham base a couple of months ago.
In an internal memo released to all personnel, the RAF did admit that the hacker succeeded in obtaining some information from the honeytrapped airman but did not reveal how sensitive the information was or whether such information was already available in the public domain.
"Within the last week a serving member of the RAF had their online dating profile hacked. It subsequently transpired that the perpetrator then attempted to befriend another serving member of the RAF to apparently elicit comment and detail on F-35.
"Fortunately, little information was disclosed and the individual whose account had been hacked reported this matter expediently enabling prompt follow-up action and investigation. Nevertheless, this incident serves to highlight the risk of social engineering (SE) and online reconnaissance against social media profiles that disclose links to HM Forces," the RAF said.
While the RAF has downplayed the incident, RAF sources told the Daily Mail that "information about the hugely sensitive and expensive stealth jet had been passed to an as-yet unidentified third party" and that the RAF is alerting all personnel to be aware of social engineering attacks.
"SE (Social Engineering) is psychological manipulation to elicit confidential or sensitive information. SE can be instigated over the phone or in a social setting (ie, in a bar) as well as online. A skilled and convincing operative will aim to elicit information through friendship, sympathy and/or obligation in order to accumulate pieces of information to build up a bigger picture.
"It should be noted that UK military posture, policy and capabilities continue to be significant targets of interest for hostile state and non-state actors," the internal memo read.
Commenting on the honeytrapping of an RAF airman on Tinder and the subsequent disclosure of sensitive information about the F-35 to a hacker, Joseph Carson, chief security scientist at Thycotic told SC Magazine UK that even though the hacker had succeeded in taking over a Tinder profile and fooling RAF personnel, this incident cannot be termed as hacking as the criminal was not using any advanced cyber-skills.
"However, always be cautious with any online social accounts as weak passwords or reused passwords can be easily cracked by any script kiddie who has access to YouTube," he added.
The honeytrapping incident took place in the first half of June, around the time when Bryn Jones, former chief combustion technologist at Rolls-Royce, was arrested by Scotland Yard under the Official Secrets Act for allegedly passing on sensitive information about the F-35 fighter jets to China.
During the time of his arrest and subsequent release under investigation, Mr. Jones served as a visiting professor at the Aeronautical University of Xian and offered advice about gas turbine engines. It is not known whether the information supplied by him to the Chinese was sensitive in nature.
The F-35 is not only a lethal fifth-generation stealth fighter aircraft but is also vital for the UK defence industry as it has the potential to generate US$ 12.9 billion (£10 billion) worth of orders for the UK and is expected to support over 24,000 jobs.
The fighters will be jointly operated by the Royal Navy and the RAF and will also be part of the latest aircraft carrier HMS Queen Elizabeth's fighter contingent. More than 500 companies in the UK are part of the F-35's supply chain and over 200 RAF personnel are presently testing the aircraft and getting familiar with it in the US.