Rhett Greenhagen
5 min readAug 19, 2020

The concept of Dating has evolved, leaps and bounds. Social media’s existence has radically changed the way people communicate. People now have the ability to show those parts of their lives that they want to. It has given them the freedom to show a different side to themselves, even if it is far from reality.

Dating now has also gone through a similar change. With the solidification of online dating as a means to meet new people, people can portray a “character” that may/may not reflect their true selves. While helps people get matched with partners, they otherwise couldn’t have matched it, there is something else at play here. Since it is so easy to create a profile on these platforms, there is an added risk of getting professionally and personally “compromised”.

Online Dating — The Good and the Bad

Online dating isn’t a relatively new concept. Dating back to early 2000s, users would meet potential partners in IM chat rooms. While online dating has attracted scepticism, it doesn’t imply that is bad. With the rise of apps such as Tinder, Bumble, OKCupid, Grindr, dating has become easier.

There are many reasons why people today prefer to find dates online. Besides the convenience of “weeding” out people, the process is more psychological. It has become easier for socially anxious folks to meet new people and even engage in Hookups. It also allows people to stalk other people. All of these reasons are predominantly psychological. Also, it has provided an opportunity for people to explore who they really are, in terms of their tastes and preferences.

People long for companionship! That’s where online dating has succeeded; it has made it incredibly simple. However, this major advantage is also a flaw, security wise. Lack of sound data protection measures is a serious concern. As noted earlier, anyone can sign up for an account on these platforms. Just like social media, people can create a plethora of fake profiles for nefarious purposes.

Going back to online dating’s psychological effects, it also brings negativity in that aspect. It has reportedly reduced self-esteem of users due to constant rejection. A rise in Identity Crises, manipulation and Catfishing are the major drawbacks of this system.

How Intelligence Operatives fit into the picture

Social Media has been a playground for Foreign Intelligence Operatives to strategically extract sensitive information. Foreign Intelligence Operatives target those with security personnel who may/may not have a security allowance. They similarly target dating platforms for the same. According to prominent cyber security researcher Rhett Greenhagen, a survey of mobile dating applications reported large number of false identities in areas surrounding military bases. By employing social engineering attacks, these operatives extract sensitive information from these users. Greenhagen identified multiple profiles that attempted to authenticate info fed to them to explore real identities.

The flaws of Online Dating, while advantageous to the masses, are incredibly useful for these operatives. By preying on the psychological disadvantages of users, they have been able to gain confidential information with ease.

How do Intelligence Operatives Identify Potential Targets

Communication is at the centre of identifying potential targets. Since communication drives interaction on these platforms, these operatives focus more on communicating. Grindr, which is an app for homosexual men to land hook-ups, is a popular choice among these operatives. It is because closeted individuals, especially security personnel, are deemed as being in a position to give up more information. Greenhagen believed that operatives prefer Grindr because of users’ psychological need to fulfil their desires, whilst keeping their “secret”.

According to Greenhagen, these operatives use two methods to determine motives for Spying — MICE Methodology and RASCLS Framework. Here is an overview of the two methods: -

· MICE Methodology — Money, Ideology, Compromise and Ego. According to this method, operatives focus on these aspects that will help them gain information. In a sense, its about finding the right “fit” that will make any target give up the information. Based on the sensitivity of these areas, targets will be tempted to forfeit confidential information

· RASCLS Framework — Reciprocation, Authority, Scarcity, Commitment, Liking and Social Proof. RASCLS Framework was invented due to the shortcomings of the MICE Method. Since it has become easier for people to devise shortcuts to deal with stimuli, RASCLS identifies their behavioural patterns. RASCLS has shown to improve compliance, which holds the key to extracting information from potential dates. By employing this tactic, operatives have been successful in manipulating the vulnerable.

Greenhagen further said that he and his team developed the Actionable Intelligence Lifecycle. This methodology aimed to document, capture and analyse patterns to ID fake identities. They focused on developing yardsticks to detect false identities to assist countering intelligence gathering operations. Since communication is used to gain data and users can report spammy accounts, there exist multiple fake accounts.

Attackers set their account locations around known military locations. They do this by using a Fake-GPS program that helps them spoof their location. They then identify 3 target profiles that meet their criteria and make the first move. Once every ounce of information is extracted, attackers typically use Python to scrape chat data. Python allows them to automate and filter out important information from the irrelevant ones.

Cyber Security Researchers, such as Greenhagen, have a two step process to identify foreign operatives: -

· They first analyse malicious users. Researchers investigate chats and access malicious URLs sent by these users. These URLs further help them identify the domains where their “targets” are operating

· Researchers then create custom profiles and implement Social Engineering attacks on these operatives. Communication is once again key here. Researchers initiate communication with these targets. They further employ Versioning to weed out irrelevant or unstructured data

· Rounding up the Actionable Intelligence Lifecycle, researchers retain the data and information collected. They formally document the data, even the unstructured data. This is kept for future use.

Final Thoughts

The revelations made before shouldn’t dissuade users from using dating apps. Safe social media practices are applicable here as well. This is because of the similarities and interconnectedness between these platforms. Since communication leads to future interactions, users need to be wary while communicating. If they feel that there are security “red flags” that might threaten their sustenance, they need to move on.

It might seem unrealistic to get hacked while using these platforms and knowing that gives these operatives the edge. Its safe to say that if users let their guard down, they unknowingly open themselves to being exploited here. Therefore, users must look underneath the “surface” to find their fit on these apps.

https://www.theundercroft.net/programming/spies

Rhett Greenhagen

“I am always ready to learn although I do not always like being taught.” — Winston Churchill