ARTICLE AD BOX
LONDON — British politics has been unsettled by talk of honey traps and blackmail after more than a dozen men in U.K. politics were sent flirtatious messages on WhatsApp.
The messages from two suspicious mobile numbers to MPs, aides and journalists, revealed by POLITICO Wednesday, escalated in several cases to the sender sharing explicit images. In at least one case, a target reciprocated
POLITICO rounds up seven key points we’ve learned about the suspected “spear fishing” attack, a personalized form of “phishing,” meaning to gather compromising information on a victim.
1) A telltale modus operandi
All the suspicious messages were sent on WhatsApp from one of two mobile phone numbers, by users calling themselves alternatively “Abi” or “Charlie,” and tended to start the same way.
The sender claims to have met the recipient at a recent political event or venue — such as a Westminster bar, a party conference or on a local by-election campaign.
The sender then typically voices faux-embarrassment at not being remembered by their target.
In several cases, the sender uses near-identical language, claiming they and their target previously “had a little flirt,” and quickly escalates to sending an explicit photo.
When the target (in most cases) goes silent, the sender pesters them over several days to elicit a response. In one case the sender messaged “say something,” “hey,” “I’m really sorry” and “much planned for the long weekend?”
2) Detailed knowledge of targets
Many of the messages contain striking personalized references that made their targets more likely to be taken in.
The sender would alternatively refer to themselves as a man when contacting gay men, or a woman when contacting straight men.
Two people were sent references to their work on the Mid Bedfordshire by-election of October 2023. One of these received a message discussing their work on “the Nandy campaign” (Labour MP Lisa Nandy stood for the party leadership in 2020.)
A third person was told they had previously met the message sender in the “Sports” — a nickname for the U.K. Parliament’s Woolsack bar, formerly called the Sports and Social Club. A fourth was told they met the sender at the annual Labour Party conference in Manchester. A fifth was asked if they still worked for their current boss.
A sixth, a broadcaster, was asked how they and their boyfriend — whom the sender correctly named — were doing. “Was v nice to hear you on the radio yesterday,” the sender added.
A seventh, a former MP, was told: “Miss you in Westminster.”
3) Targets are all men
All the targets are men. Some are straight, several are gay. Some are Tories, some are Labour. Some are journalists, some officials. But they are all men.
“Charlie” told an ex-MP — who is gay — that “I’m single again so making the most of the gays in Westminster,” adding: “Mmm you do look good.”
But in messages to a Labour Party staff member from the same number, the sender said their name was “Charlotte.” The man reciprocated and asked if she wanted to meet. She replied she was busy playing netball. “If you’re lucky, I’ll slip you a picture of me in my gym shorts x,” she added.
Similar messages are known to have been sent over a long period, from January 2023 to late March this year. Those confirmed as targets by POLITICO are three MPs, including a serving minister in the U.K. government; two political journalists; a broadcaster; four party staffers; a former Tory MP; and an All-Party Parliamentary Group manager. The Guardian identified a 13th target, a former government special adviser.
4) We don’t know how many have been targeted
POLITICO revealed Wednesday morning that at least six people working in Westminster had received the messages. By 5 p.m., six more had come forward.
Cybersecurity experts told POLITICO it would be near impossible to know how many people had been targeted, as many will be embarrassed — particularly if they reciprocated. One of the 12 people we spoke to had sent explicit images back.
Those who were targeted have been encouraged to speak to parliament’s security department for advice. POLITICO is aware of at least three men who have taken up the offer.
5) MPs think a foreign power is responsible…
The story has alarmed security hawks in the ruling Conservative Party, who believe state-sponsored cyber-attacks are on the rise.
Last week the U.K. government blamed “Chinese state-affiliated actors” for two “malicious cyber-campaigns” targeting the British political system — one against the Electoral Commission, and the other against a group of MPs and peers.
There is no suggestion the two matters are linked, and POLITICO has been unable to identify who sent the messages.
But Alicia Kearns, chair of the Commons Foreign Affairs Committee, told the Daily Mail: “There is almost certainly a foreign hostile state behind this.” Former Conservative Party Leader Iain Duncan Smith added: “This is an assault on parliamentary democracy but everyone is scared stiff of calling out foreign agents.”
6) … But experts aren’t so sure
A dossier of messages to the first six targets was reviewed by four cybersecurity experts, who told POLITICO people in key positions in parliament were being targeted with ill intent.
The experts generally voiced doubt that a foreign state was responsible, though none of them ruled out the possibility.
Dominik Wojtczak, head of the Cybersecurity Institute at the University of Liverpool, said he believed the messages were part of a “spear phishing attack” and “the purpose is most likely to simply obtain indecent images of the victims and then blackmail them.”
Daniel Prince, a professor of cybersecurity at Lancaster University, said while such activity ranges from fraudulent romantic messages to “classic nation state espionage,” the speed at which these cases moved to exchanging explicit photos suggests it was less sophisticated.
But Ciaran Martin, former chief executive of the U.K.’s National Cyber Security Centre, said: “Malicious actors, including nation states, have a history of using digital messaging to try to cultivate relationships with people they think have political influence. Some of this activity is high quality and convincing. Some of it can be spotted a mile away.”
7) WhatsApp makes scamming easier
The rise of instant messaging and social networks makes targeted attacks easier to carry out, with malign actors able to create virtual numbers and buy cheap SIM cards on the high street.
John Scott Railton, a senior researcher in phishing at the Citizen Lab at the University of Toronto, told POLITICO neither of the two phone numbers was registered to a mainstream mobile phone network.
When POLITICO later phoned the “Charlie” number, a man unconnected to the messages answered and said he had recently started using the number through TextMe — the U.S. based app supplies its users with temporary “assigned numbers” allowing them to send text messages. There is no suggestion of wrongdoing by the firm.
The “Abi” number, meanwhile, has already been flagged multiple times as suspicious on the website who-called.co.uk, which gathers user reports of unsolicited numbers. Users variously claimed it was linked to a “romance scam,” “catfishing” and a “bloke pretending to be a girl.”
Wojtczak said he suspected one person’s social media account had been compromised and then used to gather others’ phone numbers.
“Using WhatsApp for these attacks can make them more effective,” added Wojtczak. “Such a message can feel more personal than email. It is easier to catch someone off-guard when on a mobile device, and malware protection may not be as good as [when] using an email client.”