Investigators say ISI scouring Facebook, Twitter & LinkedIn to trap young Indians in defence sector, suspect 1,100 Indian IP addresses for ISI link.
Lucknow, Roorkee: It was 5 am on a Monday when 22 men — some in uniform— showed up with a search warrant at the door of BrahMos Aerospace senior systems engineer Nishant Aggarwal in Nagpur.
They took his laptop, mobile and iPad, and grilled him over the next 15 hours.
By that night, Aggarwal, 27, was arrested under the Officials Secrets Act (OSA) for allegedly possessing 22 sensitive documents marked ‘secret’, relating to the manufacturing and integration of the supersonic cruise missile BrahMos.
Some of the documents included missile blueprints that investigators say have made their way to an operative of Pakistan’s premier intelligence agency, the Inter-Services Intelligence (ISI).
The next day, on 9 October, the media labelled Aggarwal a spy and a traitor who had been honey-trapped by Pakistani agents.
The hitch in the story: Investigators now believe that Aggarwal may not have intentionally leaked the documents but may have fallen prey to a covert operation from across the border.
Investigators say Aggarwal was contacted through LinkedIn and enticed with a job offer. He was allegedly convinced to download an app that contained a malware, which in turn allowed ISI operatives access important documents on his laptop.
The engineer, however, allegedly had ‘secret’ files that he should not have had access to. While in his interrogation Aggarwal claimed that he accessed the files for training purposes, he has been charged under sections of the Official Secrets Act (OSA) for possessing them.
“Aggarwal was booked under OSA after the ATS found that he copied and obtained some documents illegally from BrahMos Hyderabad facility,” said an officer of the Uttar Pradesh Anti-terrorism Squad (ATS), which is now probing the case. “Those documents were then obtained by a Pakistani intel operative by some means.”
This case, however, is just the tip of the iceberg.
The UP ATS and Military Intelligence (MI) have now identified 1,100 such IP addresses in India, which they say are in touch with IDs of Pakistani Intelligence Officers — either through Facebook, Twitter or LinkedIn.
UP ATS officials say that just in the case of Aggarwal, the ISI has begun to target young individuals in positions of power, mainly the defence services, to extract information from them through various means.
The ATS is now contemplating sending legally vetted messages to the 1,100 IP addresses, alerting them about this racket.
“It has become important to sound people of this ongoing racket so that they do not fall for it like the others did and end up directly or indirectly sharing sensitive information,” an ATS officer said. “We are about to start the exercise soon.”
Also read: For 8 Obama years, US failed to escape ISI trap, or stop it from hurting allies Kabul, India
‘They float baits, wait for a reaction’
Investigators told ThePrint that the ISI runs a BPO (Business Process Outsourcing) operation based out of Pakistan, with teams operating at three levels.
At the first level, a group of “spotters” allegedly work on locating and zeroing in on “profiles of interest” or “potential targets” on social media. ATS officials say these profiles are usually of people working in the defence sector such as clerks, record staff, officers in defence procurement and production.
Once a list of these potential targets is charted out, it is then passed on to the second level of workers called “engagers”, who are in charge of establishing contact with the profiles.
“These second-level ISI operatives based in Pakistan first dangle a bait and wait for a reaction. The moment they get a response, they strike” an investigator said.
“In all the cases that we have seen off late, these people use a similar modus operandi. The chats are similar, their ways of extracting information from them too are similar,” he added.
The engagers posing as women reportedly establish contact with the potential targets here in India, either on Facebook, Twitter, LinkedIn or even Instagram.
“These people would either send a job offer on LinkedIn or randomly ‘like’ or comment on your picture on Facebook to initiate a dialogue. If you respond, they will then send you a friend request,” an officer said. “The display picture they use is often of glamorous women, to attract people to initiate a dialogue. Their agenda is to win the trust of the person and shift the conversation to Whatsapp.”
The so-called women at this stage, the officer said, may also be men in the guise of women. “These chats too have a set template. The real women come in at the next stage,” the officer added.
At the final level, real women are brought in as they now speak to their targets over the phone and even through video chats. “They bring in real women at the last stage as it requires maintaining direct contact with the target,” he added.
This was highlighted in the arrest of Border Security Force (BSF) jawan Achyutanand Mishra, who was allegedly “honey-trapped” by the ISI over Facebook. He was picked up from Noida in September.
Investigators say that Mishra was allegedly so besotted by his handler, a woman who posed as a defence correspondent, that he began sharing photographs and was making video calls to her.
He also allegedly leaked to the woman, whom he ‘befriended’ online, photographs, videos and documents of BSF camps, training centres, tactical information, including that of the location of units and recordings of operation briefings by company commanders.
Similarly, another BSF jawan was arrested last week by the Punjab Police for leaking secret documents, photos and videos of secure installations to ISI operatives.
A spate of these cases has become a serious challenge for the investigation agencies, which are now looking for ways to deal with them.
“It has become a serious security threat,” an intelligence officer said. “If men in important positions keep falling for these traps, our national security will be greatly compromised.”
Also read: Pakistan army is so insecure that every unauthorised remark on it sends it into a tizzy
How LinkedIn profile did an engineer in
For investigators, the case of BrahMos engineer Aggarwal is providing vital clues to the modus operandi of the ISI operation.
ATS officials say the engineer flouted a company rule that led ISI operatives onto him — his profile on LinkedIn, a professional social network, revealed that he worked at BrahMos Aerospace.
According to investigators, he was contacted by a “woman” on LinkedIn, who first introduced herself as a “consultant”, before saying his profile was extremely impressive and could fetch him a well-paying job in Manchester, United Kingdom.
Aggarwal allegedly fell for the trap and responded immediately by sharing his CV.
“Aggarwal responding to the cue was enough for them to strike. At first, the two were in touch through LinkedIn but later moved to Facebook messenger and subsequently to Whatsapp,” an ATS officer said.
“For a few days, the woman asked Aggarwal about his work, his role in BrahMos and gathered some information about his access to the laboratories, following which she told him that she has found a prospective employer for him who is in the defence services in Manchester and is ready to pay a good salary.”
The woman told Aggarwal that the employer, however, will only speak to him through “secured communication” for which he would have to download an application.
“She sent Aggarwal a link and asked him to download the application for a secured chat with the prospective employer. Aggarwal downloaded the said application and got in touch with the person who claimed to be from the defence services in Manchester,” the officer said. “The two spoke over that application for a few days, after which it stopped working. Thinking it was a system issue, Aggarwal deleted it.”
The officer further said Aggarwal’s IP address figured during an analysis of social media accounts being carried out by intelligence units.
“Similar inputs about Aggarwal being in touch with an IP address of a Pakistan based operative were also received from the MI, following which a raid was conducted and he was arrested,” the ATS officer said.
During investigation, indications of malware were found on Aggarwal’s laptop, which has now been sent for forensic analysis.
“It appears that the information from his laptop, which includes secret documents that he had accessed from the Hyderabad lab, got leaked from his system because of the malware. He was, however, booked under OSA as he was not authorised to keep the documents he had accessed,” an investigator said.
Also read: Pakistan still hasn’t learnt to tolerate politicians who speak the truth on terrorism
Family cries foul
For the engineer’s family, all this is of little consolation. They say Aggarwal was a gold medallist from NIT Kurukshetra, and had recently received the young scientist award at BrahMos.
They also insist that the documents he possessed he had got for training.
“He got those papers to learn about how missiles are made. Most of those documents were manuals that he received during training sessions. How can the ATS arrest him because of possessing those?” Ritu Aggarwal, his mother said.
“He is always keen about reading material that will help him excel. Recently, he even created a car engine that works on urine. Will anyone with an average brain be able to do it?”
His wife, Kshitija, whom he married in April this year, said they don’t even own a car.
“If he leaked the documents for money then we would have received some monetary benefits. Why would we be living in a rented house? We do not even own a car,” she said.
Aggarwal’s sister, Kanika, said the attacks on social media have greatly distressed the family. “We have been suffering. No one cared to check the facts of the case and we were labelled as the family of a traitor,” she said.
Kanika claims that her brother never brought his work home.
“None of us even knew that he was working on such a big project and today he has been declared a spy,” she said. “The other day a group of people gathered outside our house and threatened to smash the windows. Our Facebook profiles are full of abuses. Do we really deserve this?”