Westminster honeytrap scandal an example of spearphishing and damaging breach of privacy

April 6, 2024 |

The ever expanding story of a senior Tory getting caught up in a sexting scandal and sharing private phone numbers highlights the dangers and impacts of spear phishing and the breach of privacy in passing on confidential phone numbers. The Times and others report that a Senior Tory MP in the UK, William Wragg, gave out personal phone numbers because he was compromised in a honeytrap. The result was that at least 12 people received unsolicited Whats App messages. The Times has run a series of stories on this leading off with Senior Tory admits leaking MPs phone numbers in honeytrap sext scandal. It seems that Wragg was compromised by someone he met on Grindr, a gay dating app. He appears to be a victim of spear phising which is helpfully described by the Times here.

Recent data breaches have focused on cyber attacks and malware.  But someone disclosing personal information belonging to other people without their consent or relevant to the purpose for which it was created is a data breach.  In this case it involved private contact details.  The circumstances surrounding why the information was provided are unusual and dramatic, spear phishing and likely blackmail/extortion.

The Times story provides:

A senior Conservative MP has admitted his involvement in a honeytrap sexting scandal targeting a minister and fellow MPs.

William Wragg, chairman of a Commons select committee, told The Times he handed over the personal phone numbers of colleagues to a man he met on Grindr, a gay dating app.

The vice-chairman of the 1922 Committee of Tory backbenchers said that he provided the details after sending intimate pictures of himself to the user. Wragg said he was “scared” that the man “had compromising things on me”.

Those colleagues – who included several MPs, members of their staff and a political journalist – were sent unsolicited flirtatious messages from senders identifying themselves as “Charlie” or “Abi”. It is understood that two MPs responded by sending an explicit picture of themselves.

The scandal, which has heightened concerns over the vulnerability of MPs to cyberattacks, is now the subject of an investigation by Leicestershire police, which has received a complaint of “malicious communications” against an MP. Experts believe it was an incident of “spearphishing”, a technique used to gather highly personal, sensitive or compromising material.

The Times approached Wragg, 36, after speaking to victims who believed he was involved. The MP for Hazel Grove, who is openly gay, said he was “mortified” and apologised for his “weakness”.

He said: “They had compromising things on me. They wouldn’t leave me alone. They would ask for people. I gave them some numbers, not all of them. I told him to stop. He’s manipulated me and now I’ve hurt other people.

“I got chatting to a guy on an app and we exchanged pictures. We were meant to meet up for drinks, but then didn’t. Then he started asking for numbers of people. I was worried because he had stuff on me. He gave me a WhatsApp number, which doesn’t work now. I’ve hurt people by being weak. I was scared. I’m mortified. I’m so sorry my weakness has caused other people hurt.”

On Wednesday Politico reported that MPs had been sent late-night texts from an unknown number. The sender would explain that they had met years ago, usually in one of the parliamentary bars. The person identified themselves as “Charlie” or “Abi”, from a phone number with a profile picture featuring a man in a white T-shirt having a meal with a woman in a blue and white dress.

To male MPs targeted, “Charlie” also provided a picture featuring him dressed in a white T-shirt in what appears to be a bar.

Soon into the conversation, men targeted by “Charlie” were sent an explicit picture and asked to reciprocate. Many blocked “Charlie” or did not reply. However, The Times understands two MPs did respond by sending an explicit picture of themselves.

“Charlie” said he used to work in parliament and bragged of having had sex with Tory and Labour MPs. When questioned by one MP on who he worked for, “Charlie” said he had had an internship with Wragg in 2022. Wragg denied this.

Wragg’s connection to the scandal emerged on Wednesday as MPs confided in each other about their suspicions.

Wragg had already announced his intention to stand down as an MP at the election. If there are complaints to whips, he could face being forced to sit as an independent. Parliament is in recess, meaning Wragg will not return to Westminster for nearly two weeks.

Sir Lindsay Hoyle, the Commons Speaker, has written to all MPs and staff to tell them the parliamentary security department is investigating. Anyone with knowledge of the messages is urged to come forward. Security guidance for phones and wider cybersecurity advice was also circulated.

A parliamentary spokesman said: “Parliament takes security extremely seriously … We provide members and staff with tailored advice, making them aware of security risks and how to manage their digital safety.”

The article about spear phishing provides:

This month a senior Tory MP, who is gay, received an unusual WhatsApp message. Although the number was unknown, the tone was friendly and familiar. “Hey stranger! How’re you? Miss seeing you round parliament.”

The profile picture was unfamiliar: a man in a white T-shirt who looked in his early twenties, sharing a meal in an exotic location next to a smiling woman.

While the MP was suspicious, they continued to exchange messages and the tone quickly moved from flirtatious to explicitly sexual. “Guessing you aren’t single at the min?” was sent to one of those targeted.

The MP was not alone. Over a few days “Charlie” and his female alias “Abi” sent more than a dozen messages to Tory and Labour MPs, as well as to prominent journalists.

The identity of Charlie and Abi, who may be the same person, is now viewed as an urgent matter for the victims, police and parliamentary authorities.

The modus operandi, which succeeded in persuading at least two MPs to send explicit images, was consistent. Charlie targeted gay men and Abi contacted heterosexual men.

Charlie said he had broken up with his girlfriend and was bisexual. He started bragging about other MPs he claimed to have slept with, both Labour and Conservative, listing their names. “Are you bucking the gay trend of open relationships?” was used to quickly move the conversation towards sex

Within the space of a few messages, Charlie sent a picture of his penis, requesting images in return. He used a WhatsApp feature that ensures the receiver can view it only once, and is unable to take a screenshot.

William Wragg, MP for Hazel Grove, was the first to publicly reveal he had been ensnared. He encountered Charlie on the gay dating app Grindr and after sending explicit pictures of himself agreed to provide colleagues’ personal phone numbers.

Many of those approached immediately deleted or blocked the messages. Others were sceptical but pressed for details. The honeytrapper spun a story, saying the pair had met several years ago. Often the claimed location was one of the parliamentary bars: Strangers, for MPs and their guests, or The Woolsack, better known by its former name The Sports and Social. The bars are a hive of late-night mingling, as MPs and others from both inside and outside the parliamentary estate knock back a drink. So the story about having met Charlie or Abi sounded plausible to some.

The conversation continued and sometimes evolved into discussing other MPs. Charlie said he worked at a national UK charity, which The Times is not naming.

Wragg’s involvement gave the honeytrapper added credibility. Having sent explicit pictures the MP said he felt “worried because he had stuff on me”. Charlie pressed him for MPs’ numbers. Wragg said he pushed back but the requests were insistent.

The full scale of the targeting of MPs emerged when some began to speak to one another, raising suspicions. They pressed Charlie for more information and he told them that he used to be an intern for Wragg in 2022. When they asked Wragg to verify the story, he backed up Charlie’s version.

Wragg then changed his story. He denied knowing Charlie and said he confused him for someone else. By this stage, the small group of targets who were talking to one another decided to act. They told Charlie that they knew what was going on and were prepared to go to the police.

The article about honeytraps provides:

In 1961, Jeremy Wolfenden, the former Paris correspondent of The Times, was appointed Moscow bureau chief for The Daily Telegraph. Wolfenden was highly intelligent, a rising star of British journalism. He was also alcoholic, promiscuous and homosexual.

The KGB spotted a target. A handsome young Russian barber at the Ministry of Foreign Trade was ordered to seduce him. A cameraman hid in Wolfenden’s closet to take compromising photos. KGB blackmail ensued to force him to spy on other members of the western community at the height of the Cold War.

When Wolfenden reported what was happening to the British authorities, MI6 pressured him to turn double agent and string the KGB along by spying on his spymasters. He may have been blackmailed by both sides. Wolfenden had himself transferred to Washington and got married, but he could never extricate himself from the web. He died aged 31, after a mysterious fall in his bathroom.

Wolfenden had fallen prey to one of the oldest, nastiest and most effective techniques of illicit information gathering: the honeytrap, a word coined by the novelist John le Carré but a method of extracting information as old as espionage itself, and more widely deployed today than ever before.

The word is now swirling around Westminster again, with the admission by a senior Conservative MP that he has been caught in a honeytrap sexting scandal targeting a minister and fellow MPs. William Wragg said that he had handed personal phone numbers of colleagues to a man he met on Grindr, a gay dating app..

Wragg said that he had provided the honeytrapper with intimate photos and was then pressured and manipulated to provide more information. The man “had compromising things on me”, he said.

There is no evidence of foreign involvement in the case but the episode has all the hallmarks of a classic honeytrap: the intimate approach, the extraction of sensitive, graphic, personal information in the guise of sexual interest, and the gradual spreading of the net to entrap others.

The honeytrap is an increasingly powerful form of coercion in the digital age, when sexual contact frequently begins online and often involves the exchange of compromising material between people who may never meet and who, on one side of the story, may not even exist. Dating apps are the spymaster’s dream, a way to approach strangers in the psychological soft spot where almost all humans are susceptible to manipulation: the hunger for sex and love.

Last week, the German foreign ministry warned tourists not to go on dates in Russia with anyone they met online. “Be careful on Tinder, Hinge, Bumble and co,” the statement declared. “Russia is not the best destination at the moment for a first date with your online flirt.” MI5 has long warned of the danger of honeytraps.

A 14-page document distributed to British banks, businesses and financial institutions entitled “The Threat from Chinese Espionage” pointed to Chinese efforts to target western businesspeople using sexual blackmail. It explicitly warns of Chinese attempts to “exploit vulnerabilities such as sexual relationships … to pressurise individuals to co-operate”.

Very clever people do very stupid things for sex, and intellect, training, patriotism and character are frequently powerless against a well-laid and carefully executed honeytrap. Mordechai Vanunu, the technician who revealed Israel’s atomic bomb programme, knew perfectly well that Mossad was on his trail in 1986 and hid in a secret location in London while his story was being verified. Yet when he met an attractive woman, “Cindy”, while out sightseeing and she invited him for a romantic weekend in Rome, he went: only to be seized, drugged, taken to Israel and tried for treason.

Honeytraps hinge on the potential humiliation of exposure. Even the suggestion, however flimsy the evidence, that sex and secrets have been exchanged is enough to wreck political careers. John Profumo was brought down when it emerged that his lover, Christine Keeler, was also the mistress of Yevgeny Ivanov, a Soviet attaché in London in the early 1960s.

The press went into meltdown over the security implications of the secretary of state for war bedding a woman who was sleeping with the enemy, but Ivanov ridiculed the idea of a honeytrap. “It is ludicrous to think that Christine Keeler could have said to John Profumo in bed one night, ‘Oh, by the way, darling, when are the cruise missiles going to arrive in Germany?’”

The most successful Anglo-American honeytrap was Amy Thorpe, codenamed “Cynthia”. Deployed by MI6 and the OSS (the forerunner of the CIA) during the Second World War to seduce high-level diplomats, she obtained intelligence on the Enigma machines and the cipher books of fascist Italy.

Of all honeytraps, none is more notorious, or less deserving of that title, than Mata Hari. A Dutch exotic dancer, she was accused by the French of seducing their officials and politicians and passing their secrets to the Germans during the First World War. She was almost certainly an innocent scapegoat.

The honeytrap, as a weapon, was pioneered and perfected in the Soviet Union. During the Cold War, the KGB seduced foreigners using “Mozhno girls” (Mozhno means “it is permitted”, as the women were allowed to flout regulations restricting contact with foreigners).

It was Markus Wolf, the East German Stasi spymaster, who turned sexual spying into an art by deploying a small army of “Romeo spies” to the West. The war had left many West German women, including several in senior political roles, without male partners.

Wolf ruthlessly exploited their loneliness; the Stasi’s seducers penetrated the upper echelons of the political establishment. “A lot can be done with sex,” said Wolf. “This is true in business and espionage because it opens up channels of communication more quickly than other approaches.”

Leicestershire police are now investigating the identity of “Charlie”, the name used by the individual or individuals behind the alleged “spear-phishing” attack on Wragg and some of his colleagues.

In the great wilderness of the internet we may never know Charlie’s real identity or the motives for gathering compromising material. But we already know what sort of person Charlie is, for it takes a supremely hard heart to set a honeytrap and use sex as a snare. “I was running an intelligence service,” said Wolf. “Not a lonely-hearts club.”

Leave a Reply

Verified by MonsterInsights