In a sophisticated sting operation, the profile of an RAF airwoman on dating app Tinder was hacked, allowing a spy, posing as the woman, to contact RAF servicemen and sweet-talk at least one into revealing details about the F-35 Lightning II fighter.
RAF sources last night confirmed information about the hugely sensitive and expensive stealth jet had been passed to an as-yet unidentified third party. A secret agent has tried to trick RAF personnel to pass over details of the £9bn F-35 stealth fighter project after they hacked the Tinder profile of a female RAF airwoman. The RAF has sent a warning about the risk posed by ‘online social engineering’. It is unclear if a foreign power was involved, but suspicion is likely to centre on the intelligence services of Russia and China. Both countries are desperate for information on the F-35 fleet which represents the next generation of stealth fighter and a potential threat to their own military assets. Confidential documents obtained by The Mail on Sunday provide details of the RAF’s concern about the extraordinary plot, which swung into action just weeks after the first four F-35s arrived at RAF Marham in Norfolk on June 7.
The UK is committed to buying 138 of the jets, each costing £92 million. The first order is for 48 and the purchase price and servicing costs will bring the MoD bill up to £9 billion. To justify the huge price tag, the planes must achieve aerial supremacy and evade sophisticated air defence systems – hence the vast secrecy surrounding them and the speed with which the RAF responded to the security breach. A memo sent from the RAF’s head of security to top brass on July 9 said: ‘Within the last week a serving member of the RAF had their online dating profile hacked. It subsequently transpired that the perpetrator then attempted to befriend another serving member of the RAF to apparently elicit comment and detail on F-35. ‘Fortunately, little information was disclosed and the individual whose account had been hacked reported this matter expediently enabling prompt follow-up action and investigation. ‘Nevertheless, this incident serves to highlight the risk of social engineering (SE) and online reconnaissance against social media profiles that disclose links to HM Forces.’ Former Rolls Royce engineer Bryn Jones, pictured, was earlier arrested following security concerns.
Mr Jones denies any wrongdoing While the RAF say ‘little information’ was lost, any breach of security around the F-35 will be seen as deeply damaging and highly embarrassing by service chiefs. To underline the seriousness, all RAF personnel, in particular, those with access to the F-35s, have been warned to be on high alert for approaches by foreign agents. Service personnel who share information that could be useful to enemies of the state face charges under the Official Secrets Act. The memo, written by the RAF’s Principal Security Advisor (PSyA) continues: ‘SE is psychological manipulation to elicit confidential or sensitive information. SE can be instigated over the phone or in a social setting (i.e. in a bar) as well as online. A skilled and convincing operative will aim to elicit information through friendship, sympathy and/or obligation in order to accumulate pieces of information to build up a bigger picture.’ In a clear reference to the threat from foreign spies, it adds: ‘It should be noted that UK military posture, policy and capabilities continue to be significant targets of interest for hostile state and non-state actors.’ The RAF initially denied the embarrassing security breach, but after being confronted with the memo said: ‘As a matter of policy the RAF do not discuss security measures.
However, we can confirm that our procedures are under constant review and are regularly updated to ensure correct guidance is available for our people. This has recently been completed with respect to online use.’ RAF sources said that no information of a sensitive or classified nature about the F-35 had been disclosed in any conversations ‘via the dating site’, but did not rule out the passing of data by other means. The F35-B stealth jet is the most expensive fighter the RAF have ever ordered The breach took place within weeks of the arrest of Bryn Jones, a 73-year-old former chief combustion technologist with Rolls Royce, the firm that provides the F-35 engines. He was also a visiting professor in gas turbine combustion at the Aeronautical University of Xian in central China. Scotland Yard confirmed that the investigation into the father-of-five is continuing. Mr Jones is understood to deny any wrongdoing. In the wake of the nerve agent attack in Salisbury in March, the UK expelled 23 Russian diplomats it believed were engaging in spying. At the time Defence Secretary Gavin Williamson said: ‘What is also clear is the Kremlin is using its growing hybrid capabilities to subvert, undermine and influence countries around the world. Its cyber operations are active and brazen.’ Last week General Sir Nick Carter, the Chief of the Defence Staff, said Russia posed a threat in terms of cyber attacks, assassination bids, fake news and the undermining of political processes.
Five more F-35s landed at RAF Marham from the US on Friday, bringing the total in the UK to nine. The plot and the use of Tinder, a smartphone app that lets an estimated 50 million global users ‘like’ or ‘dislike’ each other and arrange dates, has emerged as thousands of British troops remain in eastern European states such as Estonia and Ukraine. They have received special training in an effort to prevent them from falling victim to honey-traps. Describing the threat posed by Russia, Mikk Marran, head of Estonia’s intelligence service, has warned: ‘Cyberespionage might be used, disinformation campaigns, blackmailing on the basis of stolen data – they have a huge toolbox.’