NEW DELHI: It was a group of 300 ISI cyber 'jihadis' led by the Rana brothers of Karachi who honeytrapped and blackmailed Group Captain Arun Marwaha to extract Indian defence secrets from the IAF officer who once trained intelligence officers and naval commandos, police said on Friday.
A Delhi Police officer, part of the team investigating the case, told IANS that Indian Air Force (IAF) officer Marwaha -- posted at the Air Headquarters in Delhi -- was lured by Sajid and Abid Rana and their group members, including some women, who used to chat with Marwaha on social media by posing as sex models.
According to the police officer, Marwaha, 51, shared information and documents with two Pakistani agents who chatted with him on Facebook, pretending to be women. The fake accounts, in the names of 'Kiran Randhawa' and 'Mahima Patel', were used to lure him.
During sex chats, Marwaha passed on the secret information to the group run by Pakistan's Inter-Services Intelligence (ISI).
The police officer said the Rana brothers had earlier targeted thousands of Indian officers by sending them chat requests through Trojan malware disguised as legitimate software to hack and gain access to the users' systems.
Users are typically tricked by some form of social engineering into loading and executing the malware on their systems.
A similar application was also used by Pakistani terrorists to access Indian troop's movement before and after the terror attack on the IAF base in Pathankot in January 2016, the officer said.
"Rana brothers used this application, which is basically a data-stealing software, to take control of the user's phone," he said.
The Karachi-based cyber unit observes the Internet habits of Indian defence officials by tracking their social media activities.
"The officers using smartphones of Chinese origin are particularly under their radar. Those visiting porn sites or befriending women using various social media and clicking on links on these sites are being monitored closely," he said.
The police officer said many other hacking softwares are used by the members of this cyber unit. Some of the commonly used are free proxy, squid, java anon proxy, shadowsoc, tiny proxy, nginx, stunnel, internet junkbuster, proxomitron, safe squid, ghost proxy, steady proxy and others.
These softwares help hackers dodge the investigation agency by re-routing their IP addresses, making the origin of a cybercrime almost untraceable.
The Group Captain was first detained by the IAF on January 31 after his activities were found "suspicious".
The Air Force later approached the Delhi Police to investigate.
He allegedly used his smartphone to click pictures of classified documents pertaining to the IAF headquarters and then sent them via WhatsApp.
According to a Special Cell officer, the defence officer befriended the ISI agents posing as women models and chatted with them regularly on WhatsApp, exchanging intimate messages.
The ISI agents also blackmailed him after he sent them his nude pictures and videos, the officer said.
"The documents which Marwaha shared mostly dealt with training and combat-related air exercises. We also found he shared documents of the exercise 'Gagan Shakti'," the officer added.
The IAF officer had a good track record so far and had trained officers of the Marine Commandos (Marcos) of the Navy and intelligence wing of the IAF.