Posed as attractive females with avatar images, Syrian rebels were compromised via Skype chats. It sounds like something out of a great Hollywood movie, that the truth is that hackers were able to lure victims into chats online eventually sending a photo laden with malware to ultimately stole a significant amount of documents from Syria rebels.

With this one photo of a female avatar, scheme operators were able to get hold of valuable documents that provided insight into specific military operations. Opposition members from Syria were the target of the “honey trap” whereby females in Skype chats appeared to be strong supporters willing to steal plans for battle but also to identify defectors.

According to FireEye, a US cyber-security firm, not only was opposition fighters from Syria targeted but also humanitarian workers and media activists. At this time, it is unknown if any of the information gathered was passed on to the government of Syria and the hackers’ identity is unclear. However, it was confirmed that among the material stolen were detailed military plans that involved the town of Khirbet Ghazaleh being recaptured.

Through the Skype chats and cache of documents stolen, opposition strategies, along with supply needs, tactical battle plans, chat sessions, and even personal information were taken. As a result, “actionable military intelligence” that would provide a huge and immediate advantage on the battlefield was revealed.

The type of information hacked could easily prevent supplies from passing through vital routes, identify and track individuals who played a key role, and unveil an ambush that had been carefully planned. One aspect of the “honey trap” hack that makes it so unique is that in addition to high-tech tools, online chats via Skype were used.

In an effort to tailor the attack, the women would ask specific targets if they were chatting via computer of smartphone. With that information, a photo containing malware was sent, which in turn had the ability to get into the personal files and retrieve the wanted information.

Included in the documents stolen were important correspondence, battle maps, annotated satellite images, rosters, attack coordinates, weaponry lists, battle orders, and the various groups fighting.

This particular attack was extremely effective because multiple members of the Syrian opposition were using the same computer. Because of this, information was captured from multiple targets from just one computer. Although the majority of data was taken from May through December 2013, logs go back to 2012 and show activity as recent as 2014.

Officials have been able to determine that the hackers used servers outside of Syria and had tools and used tactics not commonly associated with hackers from Syria. The “honey trap” case is just one hacking attack on Syria conducted by opposition activists, as well as those considered pro-regime.