The ISI hackers befriended Indian defence personnel on Facebook and engaged with them through a private messenger chat

NEW DELHI: The National Investigation Agency (NIA) has initiated a probe into a pseudonymous Facebook account, created by Pakistani spy agency ISI, to remotely inject a concealed malware in the computers, phones and other devices of defence personnel, staff working in defence establishments and linked departments to steal sensitive information related to national security, people familiar with the development said.

The account, identified as, which appears in the name of Shanti Patel, contaminated the systems in order to gain unauthorised access to the restricted data of the computer resources, they added.

The leak using Facebook and other apps first came to notice when Andhra Pradesh police launched an investigation into the matter based on source information in June 2020. It was one of the incidents that prompted the army to issue a directive on July 9, 2020 asking all its officers and soldiers to delete 89 social networking, micro-blogging and gaming apps including Facebook, Instagram, Snapchat among others from their devices.

NIA has now taken up the investigation on the basis of Andhra Pradesh police case to look into national and international linkages of the suspects and ramifications of data theft on the national security.

One of the officers cited above said the central anti-terror probe agency will look into the matter under Official Secrets Act (OSA), Unlawful Activities Prevention Act (UAPA), Information Technology Act and conspiracy to wage a war against India as sensitive data may have been accessed by the suspects, who worked for the ISI. It is not known yet what kind of information was accessed using the malware installed on the devices of defence personnel.

Describing the modus operandi, an officer said “the ISI hackers posing as Facebook ‘Shanti Patel’ account befriended Indian defence personnel and then engaged with them through a private messenger chat on the internet.”

“The suspects spread the malware by displaying them as folder with attractive photographs of women,” this officer said.

Investigation has revealed the malware was being spread from an unknown location in Islamabad, Pakistan.

Earlier, NIA investigated a naval spy ring run by ISI, which used social media accounts to honey trap sailors for collecting sensitive and classified information regarding locations/movements of Indian naval ships and submarines in eastern naval command at Vishakhapatnam, and other defence establishments in 2018-19. At least 15 persons were arrested in the case and a charges sheet was filed in June 2020.