ARTICLE AD BOX
By Henry Zeffman & Phil Kemp
BBC News
When news broke of men at Westminster being targeted by flirtatious WhatsApp messages from mysterious figures calling themselves "Charlie" or "Abi" many assumed it was a classic honeytrap.
Some MPs were quick to point the finger at Russia, China and other "hostile states" suspected of using nefarious tactics to obtain compromising material.
But it now looks a lot less straightforward than that. Security sources are steering us away from the hostile state theory.
So who was behind the scam (if that's what it was)? And what did Charlie and Abi want?
Here is what we know - and, almost as importantly, what we don't know about one of the weirdest, and most troubling, stories to hit Westminster in a long time.
It all began in Bournemouth
Thought this was a story confined to the Conservative Party and William Wragg - the MP who ended his own career after admitting he had been "scared" into sharing colleagues numbers with someone he met on a dating app?
The honeytrapper - as we shall call him, her or them - first popped up on Saturday, 23 September last year in Bournemouth, the opening day of the Liberal Democrats' annual conference.
We have spoken to two male conference attendees who received messages that day on the gay hook-up app Grindr from someone with the user name M-xl.
M-xl said he was 28 and interested in "chat, friends, hookups". He used a photo of a blonde man appearing in his 20s.
Grindr is a proximity-based app, meaning that you are shown the profiles of those who are nearest to you.
Falling into conversation with one of those he messaged, M-xl said he had heard about "orgy stories" from the conference.
The conference attendee responded with what he said was a made up story. "Hot," M-xl replied.
By this point, he was in a bar with friends. "I said to the people I was with: 'Hang on, have you had a message from this person?' And we'd all had similar messages," he said.
"They were kind of hinting they wanted to sleep with MPs," the second attendee told us. "They were asking for gossip, if I knew of anyone that would be interested in sleeping with them."
His name was Charlie
Months later, people would suspect what became known as the Westminster honeytrap of being the act of anyone ranging from a lone individual seeking sexual gratification to being the actions of a hostile state.
But those messaged in Bournemouth reached a different conclusion: they thought they were being targeted by a journalist seeking information.
"Just as a heads up to gays," another man wrote on a group chat for some male friends at the conference, "pretty sure there's a Journo honeytrap on Grindr".
Others then disclosed that M-xl had asked them questions about what the worst thing they had ever heard an MP do was, and to share any compromising photos they had of others.
Certainly there were plenty of journalists in Bournemouth to cover the Liberal Democrat conference.
Yet despite Grindr being designed to show you men nearby, M-xl was not actually there. One of those messaging M-xl realised why he appeared keen on information but not that keen on meeting up: he was using a feature of the app where you can chat to profiles elsewhere. M-xl appeared in fact to be in north London.
In one case we're aware of, the conversation with M-xl progressed to WhatsApp. They asked what his real name was. M-xl said his name was Charlie.
Mystery deepens at Labour gathering
Different party, different city, same approach. A few weeks later M-xl was messaging men at the Labour conference in Liverpool.
So far, several attendees, including an MP, have reported speaking to M-xl on Grindr there. One was reportedly sent explicit photos by the account.
The BBC has not been able to speak directly to those who exchanged messages with M-xl on Grindr at the Labour conference. A crucial question is whether M-xl was indeed in Liverpool or was messaging from London, as with the Liberal Democrat conference.
But according to The Times, M-xl told at least one user that he worked for a lobbying organisation and had been working at a stall in the convention centre.
Honeytrapper gets by-election fever
On 19 October, Labour overturned two vast Conservative majorities in by-elections in Mid-Bedfordshire and Tamworth.
It was a big night for the honeytrapper too. As polls closed, one person working in parliament received a message from a number they did not have saved on WhatsApp asking them if they were staying up for the by-election results. They called themselves Charlie. And they used a photo of the same person as M-xl.
This was the first "out of the blue" message we are aware of - what would become Charlie and Abi's modus operandi.
The next day, as jubilant Labourites celebrated their victories, one got a message from Abi. "Long time no speak," it said. "But think I saw you from a distance in MB yesterday...how're you?"
The activist had indeed been in mid-Bedfordshire that day. Abi claimed they knew the individual from their work on a previous political campaign.
A missed opportunity?
The honeytrapper seems to have simply ceased operating for several months after the by-elections. We are not aware of anybody who was in contact with them, either on Grindr or WhatsApp, between October and February.
But a new disclosure by the Metropolitan Police on Thursday makes that picture less clear.
In response to enquiries by the BBC, the Met admitted that it had received reports from two different MPs about receiving unsolicited explicit images - in October, November and March. It's unclear whether the October and November reports were different MPs or the same one, followed by a new MP sounding the alarm in March.
As part of their regular liaison with the Met, parliamentary security officials were informed.
Was this a missed opportunity? Should MPs have been warned at this point to avoid any messages from Abi and Charlie?
One MP we spoke to argued otherwise, saying that MPs received frequent general warnings about their cyber-security.
"We're meant to be grown-ups. We get warnings the whole time," they said. And the Met said there was no suggestion at this point of the scale of people being targeted.
Finally rumbled
Either way, the honeytrapper's known actions became much more intense after the Met was first made aware of their work.
From February onwards, it seems to have mainly been politicians and political journalists receiving unwanted messages, as some of us have already recounted, including details of a fractious exchange on the morning of Monday, 11 March.
At one point during this exchanges Abi appeared to admit that she was indeed the same person as Charlie.
That evening the honeytrapper's activities resumed with a passionate intensity.
Last week we reported that a former MP had been messaged by Charlie just after 5pm.
We now know that another man, a former Conservative MP, received a message from Charlie 15 minutes earlier that same night, to which he did not respond.
A serving government minister also received a message from Charlie late that night, telling Politico that they engaged briefly before blocking that number.
It means that at least four people were targeted by the honeytrapper on just that day. As it happened, it was a heady day in Westminster too, with Rishi Sunak holding a widely-discussed meeting with the executive of the 1922 committee of Conservative backbenchers.
On 19 March, Conservative MP Luke Evans made a complaint to Leicestershire police about an unsolicited image he received of a naked woman. He also alerted the Conservative chief whip. The BBC is aware of another man working in Westminster who was contacted by Charlie on 22 March.
Yet other than the Liberal Democrat conference attendees right back in October 2023 there is no evidence that at any point any of the many targeted realised that they were part of a broader group.
Not, that is, until a story on the Politico website, on 2 April, brought Abi and Charlie to public attention and the honeytrapper's scheme was rumbled.
The unanswered questions
Let's start with the biggest question: who is behind this?
We simply don't know, and nor do the Met as far as we know.
One initial theory - that these are the actions of a hostile state - seems to have been roundly discounted. Security sources say there is no sign of the high level of sophistication or insight that would suggest a state is involved.
So, who then? William Wragg's statement last week may provide some clues to what is going on.
He says that he felt "threatened" into handing out the phone numbers of colleagues by somebody he had met on Grindr. Yet there is no reason why he should have had the numbers for those in other parties who were not contacted via Grindr, and they generally say they have never interacted with him.
It is also unclear when Mr Wragg handed over the numbers, or indeed when he first began interacting with the honeytrapper.
As well as the who, there is the why?
Some people involved, including MPs, were asked for and sent explicit photos.
But we are not aware of any instances where they were specifically blackmailed or told the photos would be used in a certain way.
Some of the targets believe that the motive was sexual: that the person wanted explicit photos of specific people for their own pleasure.
How widely did this spread?
This may prove an unanswerable question.
Almost every day we have reported on this story we have learnt of at least one more target. It may well be that shame or embarrassment is preventing more from coming forward, at least to journalists rather than to the police.
Yet if the honeytrapper is never identified, we may never know how vulnerable Westminster's inhabitants are to security threats.
And there is no doubt that more sophisticated scams will come their way soon.