The recent nationwide crackdown on Pakistan’s spy network in India has turned out to be an inflection in Indian national security. When described as one of the largest operations in recent times, it truly reveals the extent of the foreign espionage that is in existence and a transformation in the way the Pakistan Inter-Services Intelligence (ISI) now operates. Traditional espionage, once reliant on face-to-face contact and long-term cultivation, has evolved into a sophisticated digital strategy.
ISI’s Evolving Digital Entrapment Landscape
The Inter-Services Intelligence has revamped its doctrine, shifting from classic espionage to advanced intelligence targeting across India.
From Physical to Digital Espionage
Historically, the field of espionage required the physical interactions between handlers and assets. However, the ISI has upgraded continuous entrapment tools for the digital age, with a claim that no direct contact was now necessary. This evolution has effectively ‘lowered the operational barriers for foreign agencies’. By leveraging India’s increasing digital footprint, the ISI can now prey on tech professionals in sensitive domains just by seemingly innocuous methods, such as accepting a Facebook friend request. This refashioning of ISI’s espionage doctrine, exploiting the very digital communications that constitute the fabric of everyday life, goes thus. India’s rapid digital adoption presents both a valuable opportunity and a significant national security risk. The objective has been maximization in reach and invisibility of handlers, thereby facilitating operations at a broader and drawback-level stage.
Also Read, Chinese Spy Balloon: A New Kind of Aerial Threat?
Exploitation of Social Media and Influencers
Most alarming in ISI’s updated strategy is the active recruitment of social media influencers. The ISI exploits individuals with large online followings to gather intelligence, influence narratives, and spread propaganda. The case of Jyoti Malhotra is a glaring example of the strategy of grooming her as an asset “to push their narrative” and “build narratives to confuse the public.”
Malhotra’s blaming of Indian security agencies for Pahalgam attack is a deliberate “disinformation strategy to erode public trust in national institutions.” The ISI actively conducts psychological operations to sow discord and weaken societal resilience. This new trick also means not just whom to target but the new purpose-to influence the opinion of the public and possibly destabilize the internal cohesion of the target country.
The Pakistan High Commission as a Central Hub
The Pakistan High Commission in New Delhi has always come up as a major nexus for recruitment, visa facilitation, and handler meetings across the investigations. Several Pakistani intelligence officers, notably Ehsan-ur-Rahim alias Danish, were repeatedly named for cultivating Indian assets extensively.
These officers played a central role in recruitment, training, and coordination of operations across multiple Indian regions. Their involvement indicates a sustained, high-level effort by Pakistani agencies to deepen covert penetration into Indian territory. Such cultivation often spanned months, involving digital grooming, ideological seeding, and encrypted communication to build trust and loyalty.
India’s expulsion of Danish underscores how seriously it viewed the misuse of diplomatic cover for espionage. The repeated mention of Pakistan intelligence officers “posted at the Pakistan High Commission,” who were actively “cultivating Indian YouTubers and influencers,” points to an institutionalized and systematic form of espionage recruitment operation under diplomatic protection.
The Network’s Diverse Human Assets
The recent crackdown exposed a wide range of individuals manipulated by ISI, showing its broad targeting strategy. This operation highlights how the agency taps into different societal layers—teachers, clerics, workers, and self-proclaimed professionals alike. Such diversity reveals a deliberate plan to exploit vulnerabilities regardless of economic class, profession, or ideological inclination. The individuals involved served varied roles—from information couriers to surveillance agents—tailored to their social positions and access. The following table outlines key individuals, their backgrounds, the support they offered, and the tactics used against them.
Jyoti Malhotra: The Influencer Asset and Narrative Builder
Jyoti Malhotra, a 34-year-old travel blogger and YouTuber from Hisar, Haryana, enjoyed a moderate online following of about 3.2 lakh subscribers on her YouTube channel and 13.4 lakh followers on Instagram. Her channel, Travel with Joe, was famous for videos such as “Indian Girl in Pakistan” and “Indian Girl Exploring Lahore”. Pakistani handlers allegedly lured Jyoti with promises of money and easy access to Pakistani visas. A central element in this phase of her manipulation entailed a “relationship with a Pakistani intelligence agent” with whom she had even travelled to Bali. Her involvement deepened through “sponsored trips” to Pakistan, where she received “special treatment” under AK-47-wielding guards. She first came into contact with her ISI handler, Ehsan-ur-Rahim alias Danish, in 2023 at the Pakistan High Commission while applying for a visa.
Apart from passing on sensitive information, Malhotra’s key role was also to build the “narrative” and carry out the “disinformation strategy”. She was in direct contact with at least four Pakistani operatives, including Danish and was fully aware of their ISI affiliations. The recovery of 12 TB of data from her devices, despite attempts to delete chats, underscores the digital nature and scale of her operations.
Devender Singh: The Student Recruit and Information Provider
Devender Singh, a 25-year-old student, was arrested from Haryana. Singh’s manipulation started with a trip to Pakistan in November, a usual way for initial contact and cultivation. He kept in contact with four Pakistani intelligence officers (PIOs)- three men and a woman. Police are investigating a possible honeytrap, suggesting he may have been manipulated through personal relationships. His recruitment aligns with common ISI tactics—social media lures, monetary offers, false promises, and encrypted messaging. Devender Singh allegedly shared sensitive information, including photos and a video of the Patiala military cantonment, with ISI agents. About 300 GB of data recovered from his personal gadgets included information on recorded incriminating conversations and photographs and videos of Pakistani phone numbers, thus giving the evidence of his act of espionage.
Shehzad Wahab: The Business Cover and Agent Recruiter
The 35-year-old Shehzad Wahab, a trader from Rampur in Uttar Pradesh, really forged his way through life. From a driver and blanket seller, he went on to importing ladies’ suits and fabrics from Pakistan. ISI handlers facilitated Wahab’s visits to Pakistan and expanded his garment business as a cover for illegal operations. A major technique of manipulation was his ability to brainwash over 20 persons and recruit them in the name of religion as spies for the ISI, a leverage of ideological bent. Wahab also assisted in the transfer of money for the Pakistani handlers and helped arrange visas and travel documents for the people he involved himself with. This networking, established and expanded mainly by Wahab, was operating on its sub-network. He would use his garments business and travel multiple times each year to Lahore.
Besides recruitment, he also shared “crucial information related to India’s internal security” to the ISI and gave Indian SIM cards to ISI agents for clandestine communications. The mobile phone records further showed him to have been in “constant communication with ISI members in Pakistan”. The recruitment by Shehzad Wahab of “20 plus persons” exhibits a “pyramid scheme” model in growing the ISI network. Instead of direct recruitment by ISI, a cultivated agent becomes a force multiplier, expanding the network exponentially by use of religion.
Arman and Mohammad Tarif: The Logistical Facilitators
Arman, 24, from Nuh, held a 12th-grade certificate, ITI diploma, and taught at a private school.
Mohammad Tarif, also from Nuh, posed as a doctor and gained fame as a healer without medical qualifications. Both of them had traveled several times to Pakistan on the pretext of family visits. Tarif admitted Pakistan High Commission recruited him in 2018 during a visa application, demanding SIM cards as bribes. Both accepted cash payments and promised visa facilitation for others in return for the bribes.
Arman allegedly sent Defence Expo photos, contacts, and strategic data to ISI handler Danish, compromising national security. Tarif reportedly gave over 12 SIMs, shared Sirsa Airbase visuals with Pakistani officials like Asif Baloch and Zafar. Both acted as recruiters and contacts, directly tied to the Pakistan High Commission in Delhi for coordination and exchange.
Arman and Tarif, although described as “minor players”, provided indispensable logistical and low-level intelligence support.
Ansarul Miya Ansari: The Infiltrator and Terror Plot Link
Ansarul Miya Ansari, from Nepal, worked as a taxi driver in Qatar since 2008. He was recruited and radicalized in Rawalpindi during his June 2024 visit. There, he met senior Pakistani Army officials and underwent espionage training. He confessed to giving money initially, later radicalizing targets using issues like Babri Masjid and CAA/NRC grievances. ISI designated Ansari a “highly trained spy” and “Pakistani agent,” assigning him to gather intel for Delhi attacks.
The accused had gathered classified military data, including documents, photographs, and GPS coordinates of critical mission locations. He was arrested in central Delhi with sensitive documents while attempting to flee to Pakistan via Nepal. Ideological radicalization alongside monetary inducements truly indicates a layered building of deep commitment.
Nishant Agrawal: The High-Value Honeytrap
Nishant Agrawal, a former engineer at BrahMos Aerospace Pvt Ltd, worked at the highly sensitive technical research section at Nagpur. He received the prestigious DRDO Young Scientists’ Award, a top professional recognition. However, he later fell victim to an ISI honeytrap. ISI operatives lured him using fake Facebook profiles like ‘Sejal’, ‘Neha Sharma’, and ‘Pooja Ranjan’. The ‘Sejal’ profile was traced back to an ISI handler. The modus operandi was strikingly similar to that deployed against another DRDO scientist, Pradeep Kurulkar. He was similarly seduced by fake female profiles (Zara Dasgupta, Juhi Arora) via messaging apps using London phone numbers.
These digital honeytraps prey on psychological vulnerabilities, entangling their targets cognitively, leading them to share sensitive information. Agrawal was suspected of leaking “sensitive data about BrahMos”, the critical missile programme. He was also able to hack into computer systems of nearly 100 personnel of various defence forces between 2015 and 2018- a systematic broad targeting. This case demonstrated the efficacy of digital honeytraps for high-value targets.
Manipulation Modus Operandi: A Synthesis of Tactics
The ISI recruits and finesses people for espionage through a calculated and multi-pronged approach. The window of opportunity ranges from exploiting a personal weakness to manipulating loopholes. Financial gains often serve as the initial bait. Ansarul Miya Ansari’s case shows how small monetary gains led to deeper exploitation by the ISI. Visa facilitation is a strong temptation, especially for those wishing to travel to Pakistan for religious grounds or personal reasons. ISI approached individuals like Jyoti Malhotra and Arman via official channels, including the Pakistan High Commission.
A marked departure has occurred from honey traps and towards digital trap management. Fake and seductive social media profiles were used to lure and manipulate Nishant Agrawal and Pradeep Kurulkar. Ideological radicalization is equally strong; handlers like Shehzad Wahab exploit faith to secure lasting loyalty beyond money.
The ISI targets financially unstable individuals with criminal backgrounds to exploit their local networks. It provides operational support and ensures logistics through tools like untraceable SIM cards. Further, passport and financial facilitation enable cross-border movement and funding of clandestine operations.
Evolving Counter-Intelligence Response
The counter-intelligence methods in the country have demonstrably evolved to face the new methods. The success of such operations, like foiling a Delhi terror plot, shows improved vigilance and nationwide surveillance efforts. The advanced forensic analysis of digital devices has been instrumental in these successes, with such devices producing volumes of data. One can well call the conflict a “cat-and-mouse game”, with the changing and continuous aspects of confrontation. Dynamics in ISI methods would inevitably push Indian counter-concessions to be adjusted in real time. A proactive, predictive approach remains essential, despite shifting influencer tactics and targeted incidents like Defence Expos.
Digital-age national security demands constant tech investment, skilled intelligence, and layered awareness campaigns to tackle evolving complex challenges. It’s more about thwarting disruptive measures against suspects and misinformation campaigns before they even take effect rather than catching spies.
