Social engineering attack via Tinder almost compromised F-35 fighters
Threats / Social engineering attack via Tinder almost compromised the UK’s F-35 fighter jets
6 August 2018
In yet another incident of state-sponsored or lone wolf hackers attempting to gain insight on the UK’s top-secret military assets, a fraudster recently tried to honeytrap a serving RAF airman on Tinder after hijacking the Tinder account of an RAF airwoman.
The fraudster was apparently trying to gain sensitive information about the cutting-edge F-35 stealth fighter, 48 of which have been purchased by Britain from the United States for £9.1 billion and a few of which are already in service. Britain will ultimately purchase as many as 138 F-35s, each costing around £92 million.
The fifth-generation F-35 stealth fighter is presently being operated by the UK, Australia, Israel, the United States, and several other NATO countries and features several unique characteristics such as “advanced stealth, speed and agility, fully fused sensor information, network-enabled operations and advanced logistics and sustainment”.
As such, the aircraft is a significant challenger to fifth-generation fighter planes developed and operated by the likes of Russia and China and has, therefore, attracted immense interest ever since it was announced to the world. As such, the fact that hackers are using social engineering to get their hands around secret details about the aircraft comes as no surprise to experts.
Honeytrapping airmen on Tinder
The said hacker, who hacked into an RAF airwoman’s Tinder account, then used the account to initiate a conversation with an RAF airman and allegedly tried to make him divulge details about the F-35, some of which are presently being operated by the RAF.
Fortunately, the social engineering tactic failed as not only was the airman not connected to the F-35 programme, the woman whose account was hijacked also learned about the hack and informed her superiors immediately. After investigating the campaign, the RAF issued an internal memo to all servicemen to warn them about the risk posed by social engineering attacks.
“Within the last week a serving member of the RAF had their online dating profile hacked. It subsequently transpired that the perpetrator then attempted to befriend another serving member of the RAF to apparently elicit comment and detail on F-35.
“Fortunately, little information was disclosed and the individual whose account had been hacked reported this matter expediently enabling prompt follow-up action and investigation. Nevertheless, this incident serves to highlight the risk of social engineering (SE) and online reconnaissance against social media profiles that disclose links to HM Forces.
Was F-35 really compromised on Tinder?
However, according to the Daily Mail, the hacker was successful in luring at least one airman into divulging details about the F-35 on Tinder. While it is not clear whether such information was highly sensitive or compromised the effectiveness of the F-35, it is clear that the £9.1 billion, which Britain is spending on these new jets, would be a complete waste if such is the case.
“To justify the huge price tag, the planes must achieve aerial supremacy and evade sophisticated air defence systems – hence the vast secrecy surrounding them and the speed with which the RAF responded to the security breach,” it noted.
Considering how valuable the F-35 is to NATO countries and to Lockheed Martin, the firm that built it, it is beyond doubt that U.S. and NATO authorities will engage with the RAF to find out what information was leaked to hackers, to assess the nature of such information, and to take remedial steps to ensure the information can not be used by hostile countries to negate the fighter aircraft’s capabilities.
This isn’t the first time that the security and capabilities of Britain’s most expensive war-fighting assets have been threatened by hackers. Last year, experts warned that Britain’s latest aircraft carrier, the 65,000-tonne HMS Queen Elizabeth, could be vulnerable to cyber-attacks in future as several of its systems were running the outdated and severely-vulnerable Windows XP operating system. The Royal Navy denied it.
Experts have also warned that Britain’s fleet of four Vanguard-class nuclear submarines could be vulnerable to cyber-attacks via malware injection during manufacturing, mid-life refurbishment or software updates and data transmission. They also warned that hackers could use weaponised underwater drones to conduct close proximity kinetic and cyber-attacks on ballistic missile submarines.