With incidents of honey trap and social engineering attacks on government employees on the rise, the Ministry of Home Affairs recently issued directions on how to tackle such incidents, including directing officials from staying away "from unknown dating sites", asking them to report to their seniors if any unknown individuals tries to contact them via social media platforms, and more.
These are part of an internal office memorandum issued by the MHA earlier in January, as part of standard operating procedures government officials should follow for cybersecurity incidents. Moneycontrol has accessed a copy of the said office memorandum.
This comes at a time when social engineering attacks and honey trap cybersecurity attacks have been rampant on government officials. 'Honey trapping' refers to the use of romantic or sexual relationships to get information out of a target.
Earlier in 2023, a DRDO official was arrested by the Maharashtra police for divulging sensitive information to Pakistan-based intelligence operatives in a suspected case of honey trapping.
Later, Moneycontrol also reported how central government officials were receiving malware-laden emails disguised as recommendations on how to prevent honey trapping.
The MHA's January SoP says, "Be particularly wary of individuals who seem to be overly interested in personal/professional life, or who ask for sensitive information."
"Whenever an unknown individuals tries to contact an officer through WhatsApp, Telegram, Facebook, LinkedIn, or any other social media app/website, government should immediately inform his superior officers," the SoP read.
Additionally, the SoP urges officials to "steer away from unknown dating sites", not "meet any unknown or little known person in any shady or lonely places like hotel rooms", and to not "engage in video calls from unknown numbers on social media platforms..."
Guidelines to be update
The MHA's SoP also contains chapters on defending against malwares, preventing internet connection control, and so on. The MHA has said that these SoPs are an interim measure, until the National Information Security Police and Guidelines (NISPG) 2019 are updated and finalised.
The NISPG guidelines include measures for strengthening network and infrastructure security; physical security; application security; data security; personnel security; threat and vulnerability management; security and incident management; identity, access and privilege management, etc.
In the yet-to-be-updated NISPG guidelines, it has been proposed that CERT-In's June 2023 guidelines and MHA's current SoP will be subsumed in the final NISPG document.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
