On October 4, Russia’s state-owned broadcaster RT published a story mocking a NATO report on a cybersecurity drill conducted with troops stationed in Latvia during military exercises. The story was headlined “Catfished: NATO dupes its own soldiers using fictitious Latvian woman on Tinder,” and mocked the idea of NATO using fake female profiles to trick its own forces, as well as the reason for the exercise - defense against potential Russian cyber-espionage.
The report in question refers to an exercise carried out in the summer of 2018 by NATO’s Center for Strategic Communications (Stratcom), based in Riga, Latvia, during a multinational military exercise. While soldiers from NATO member states were deployed for the regular military exercises, Stratcom operatives created fake profiles and websites to obtain vital strategic and operational information from military personnel. Using their fake accounts, operatives managed to elicit sensitive and personal details from the NATO soldiers.In one case, they succeeded in luring at least two soldiers away from their posts to meet with a fictitious woman they found on the Tinder dating app.
In January 2019, Stratcom published a report detailing the risks uneducated social media behavior of military personnel poses to the security of the troops and operations.
The RT article strongly implies that there is no such threat from Russia, but there are precedents. In its August 2018 testimony to the U.S. Congress, the NYC-based firm Graphika outlined the following types of ongoing Russian cyber operations:
● Crafting fictitious online personas to infiltrate communities
● Infiltrating radical political communities on both sides to enhance their mutual distrust
● Targeting both sides of a country’s most divisive issues
● Mixing pop culture references and radical political discourse to influence young minds
● Using bots and trolls for inorganic amplification
● Launching cyberattacks in conjunction with information operations
Since Russia invaded Ukraine in 2014, it has used various internet-based information warfare methods against that country and its military. For example, Ukrainian soldiers serving near the front lines often received intimidating text messages, or messages encouraging them to desert or collaborate with Russia’s local proxies. Some of the text messages came from spoofed numbers and were written so as to appear to be messages from other Ukrainian military personnel. In addition, several media reports in 2017 claimed German troops stationed in Lithuania had raped a local 15-year-old girl. The story was found to be fabricated, with Russia as the main suspect.
NATO member military personnel have not been the only targets of such activity. The Telegraph reported on an incident in which a Pakistani intelligence agent posed as an Indian military nurse to elicit sensitive information from Indian soldiers.
The Russian military is also well aware of the danger of soldiers’ careless use of social media. At the start of 2019, Russia banned its military personnel from using smartphones and posting on social media about their service. This came long after a variety of international government and non-governmental investigatory organizations started using tracking the activities of Russian military personnel in Ukraine and Syria through their social media posts and geolocation data. A report by Simon Ostrovsky for Vice News titled “Selfie Soldiers” traced the path of a Russian soldier from his hometown in Russia’s Far East to Ukraine’s Donbas region based on photos he had taken of himself and posted on the Russian social network VK.com.