How modern spies exploit social media and encryption to evade surveillance

We are living in a time when secrets are just a click away and geopolitical tensions play out not only across borders but also in digital platforms. Spying has found a new sanctuary — the open world of social media and encrypted messaging applications.

The arrest of Jyoti Malhotra, a travel blogger from Hisar, Haryana, for allegedly spying and sharing sensitive information with Pakistani intelligence operatives has brought this matter into the light again.

Jyoti, met Ehsan-ur-Rahim, also known as Danish, a staff member at the Pakistan High Commission in New Delhi, during a visit in 2023. Danish allegedly acted as her handler and introduced her to several Pakistani Intelligence Operatives (PIOs).

Ehsan-ur-Rahim, the Pakistan High Commission staffer allegedly central to the case, was declared persona non grata and expelled from India on 13 May 2025.

The case remains under investigation but suggests a subtle network where digital avatars, diligently crafted digital identities, and encryption messaging protocols become camouflage and avenue for exchange of information.

Historically, spying conjured up looks of trench coats, dead drops, invisible ink, and secret meetings in gloomy cafes. But the contemporary spy works differently — with Instagram DMs rather than morse code, burner phones rather than briefcases, and Slack channels rather than safe houses.

Jyoti’s situation is the prime example of such a shift. Police reports say Malhotra travelled to Pakistan twice in 2023. After returning to India, she reportedly continued communicating with the operatives through encrypted platforms, including WhatsApp, Telegram, and Snapchat.

“The blogger had saved Shakir’s name with ‘Jatt Randhawa’ so that no one could create doubt on her. After returning from Pakistan in 2023, she remained in touch with all the operatives on encrypted platforms like WhatsApp, Telegram, and Snapchat,” the FIR read.

Social media: The spy's paradise

Social media applications provide contemporary spies with something priceless: Access. Access to individuals, their habits, where they are, what they believe, what makes them vulnerable, and most importantly — their trust.

Over the past few years, identical episodes have seen the day of the light. These included Navy personnel who were honey-trapped on social media sites and persuaded into sharing sensitive naval deployment information with women they perceived to be romantically interested in them. The women, who were subsequently identified as operatives from Pakistani intelligence, employed social engineering tactics perfected on sites such as Facebook and Instagram.

This interaction was then transferred to WhatsApp and Telegram once initial trust had been established — applications that provide encryption and disappearing messages.

The art of digital seduction

Digital espionage is not just about hacking networks — it's about hacking people. Emotional manipulation, affection, ideology, flattery — all play a role. Over the years, several Indian defence personnel have been trapped via social media by operatives posing as NRIs or global researchers, then exploited for documents, maps, and military plans.

Malhotra reportedly visited Pakistan twice in 2023. Just after her Pak visits, Malhotra visited Jammu

and Kashmir, as shown on her YouTube channel.

Hisar superintendent of police (SP) Shashank Kumar Sawan said, "Her known income sources do not justify her foreign travel. We suspect external funding. On the surface, she was just a travel blogger.”

“She had interacted with several high-profile individuals during her visits to Pakistan. Even though her arrest happened recently, intelligence agencies were already monitoring her activities closely.”

"They were developing her (Jyoti Malhotra) as an asset. She was in touch with other YouTube influencers, and they were also in touch with the PIOs... She used to go to Pakistan, like on sponsored trips... She was in Pakistan before the Pahalgam attack, and the investigation is on to establish linkages, if there are any. We are also investigating, as we have leads that other people were also involved with her," the SP added.

Encryption: Shield and sword

Whereas encryption is a fundament of digital freedom and press liberty, it is equally the ideal tool for behind-the-scenes communication. Messaging apps such as Signal, Telegram, Wire, Threema, and even VPN-tunneled chat servers built expressly for a given agency are on the rise in the world of espionage. They offer not only end-to-end secure message transmission but also self-delete messages, screenshot shielding, and anonymous logins.

In 2020-2021, the French and Dutch police dismantled into a well-known encrypted messaging service known as EncroChat, exploited by criminal gangs and spies alike.

The raid uncovered a secret world of illicit arms trade, narcotics trafficking — and even state-sponsored surveillance operations. Several operatives caught were clean with no past criminal histories and lived double lives — much like the online personas adopted by suspected spies today.

The puzzle of attribution

One of the main issues with cyber-espionage is attribution. Traditional spying, in which faces, voices, and physical evidence are important, gets done in the mist of metadata, phantom avatars, and encrypted logs these days.

Was Jyoti an unwitting pawn or a knowing participant? Was she aware her encrypted communications were with a foreign agent, or was she just chasing a story for content?

India is not alone in experiencing this wave of cyber espionage. In America, FBI counterintelligence reports in 2023 indicate an increase in Chinese agents communicating with American academics on Twitter (now X), LinkedIn, and Clubhouse to obtain information about defence technologies and political tactics.

MI5 in the UK revealed that a Chinese operative, ‘Christine Lee’, had infiltrated circles of parliament through social networking and donations. She had built connections through online engagement and was identified after various suspicious encrypted messages between her, and foreign diplomats were picked up.

The trend is obvious: Online believability is the new disguise, and encryption is the cloak that makes it difficult to detect.

The need for digital vigilance

As technology advances, so must the counterintelligence infrastructure. Using mere traditional surveillance — CCTV, tapped phones, email intercepts — is no longer sufficient. Agencies now utilise machine learning algorithms to identify anomalous metadata patterns, employ false honeypot accounts to probe for phishing or honey traps, and even track open-source intelligence (OSINT) software for indications of espionage use.

The new age

Jyoti Malhotra's case is not an accident; it is a reminder of how espionage has changed in the age of digital surveillance. The distinction between influencer and informant, conversation and conspiracy, has blurred.

As platforms become brighter and safer, so too do their enemies who leverage them. The age of the cloak-and-dagger has been replaced by selfies and DMs, but the stakes are as high — perhaps higher — as state secrets, defence strategy, and national security march hand-in-hand with hashtags and digital avatars.