Spies Use AI-Generated Faces To Connect With Targets

Uploaded on 2019-06-24 in TECHNOLOGY-Key Areas-Social Media, FREE TO VIEW

When you make a new connection with someone there is your implied endorsement that they are a real person. Katie Jones seemed very real and she seemed very plugged into Washington’s political scene. 

The 30-something redhead boasted a job at a top think tank and a who’s-who network of pundits and experts, from the Brookings InstitutionShe was connected to a deputy assistant secretary of state, a senior aide to a senator and the economist Paul Winfree, who is being considered for a seat on the Federal Reserve. But Katie Jones doesn't exist, The Associated Press has established. 

Instead, the persona was part of a vast army of phantom profiles lurking on the professional networking site LinkedIn. And several experts contacted by the AP said Jones' profile picture appeared to have been created by a computer program.

"I'm convinced that it's a fake face," said Mario Klingemann, a German artist who has been experimenting for years with artificially generated portraits and says he has reviewed tens of thousands of such images. "It has all the hallmarks."

Experts who reviewed the Jones profile's LinkedIn activity say it's typical of espionage efforts on the professional networking site, whose role as a global Rolodex has made it a powerful magnet for spies.

"It smells a lot like some sort of state-run operation," said Jonas Parello-Plesner, who serves as program director at the Denmark-based think tank Alliance of Democracies Foundation and was the target several years ago of an espionage operation that began over LinkedIn.

William Evanina, director of the US National Counterintelligence and Security Center, said foreign spies routinely use fake social media profiles to home in on American targets, and accused China in particular of waging "mass scale" spying on LinkedIn.

"Instead of dispatching spies to some parking garage in the U.S to recruit a target, it's more efficient to sit behind a computer in Shanghai and send out friend requests to 30,000 targets," he said in a written statement.

Last month, retired CIA officer Kevin Mallory was sentenced to 20 years in prison for passing details of top secret operations to Beijing, a relationship that began when a Chinese agent posing as a recruiter contacted him on LinkedIn. Unlike Facebook's friends-and-family focus, LinkedIn is oriented toward job seekers and headhunters, people who routinely fire out resumes, build vast webs of contacts and pitch projects to strangers. That connect-them-all approach helps fill the millions of job openings advertised on the site, but it also provides a rich hunting ground for spies. And that has Western intelligence agencies worried.

British, French and German officials have all issued warnings over the past few years detailing how thousands of people had been contacted by foreign spies over LinkedIn. In a statement, LinkedIn said it routinely took action against fake accounts, yanking thousands of them in the first three months of 2019. It also said "we recommend you connect with people you know and trust, not just anyone."

The Katie Jones profile was modest in scale, with 52 connections. But those connections had enough influence that they imbued the profile with credibility to some who accepted Jones' invites. 

The AP spoke to about 40 other people who connected with Jones between early March and early April of this year, many of whom said they routinely accept invitations from people they don't recognise.

C4ISRNet

You Might Also Read:

You Should Read LinkedIn's New Privacy Policy Carefully:

 

« Turning Amsterdam Into A Smart City
Cyber Criminals Have Created An Invisible Internet »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

SRI International

SRI International

SRI International is a research institute performing client-sponsored R&D in a broad range of study areas including computing and cybersecurity.

London Office for Rapid Cybersecurity Advancement (LORCA)

London Office for Rapid Cybersecurity Advancement (LORCA)

LORCA's mission is to support the most promising cyber security innovators in growing solutions to meet the most pressing industry challenges and build the UK’s international cyber security profile.

Barbara IoT

Barbara IoT

Barbara is an industrial device platform specifically designed for IoT deployments.

TechStak

TechStak

TechStak is the easiest way for businesses to find and connect with IT Pros and other technology solution providers in their area.

Montreal International

Montreal International

You’re an entrepreneur planning to launch a company in an innovative sector such as AI, cybersecurity, 'deeptech' or fintech? You’ve found the right place!

ColorTokens

ColorTokens

ColorTokens Xtended ZeroTrust Platform protects from the inside out with unified visibility, micro-segmentation, zero-trust network access, cloud workload and endpoint protection.

N8 Identity

N8 Identity

N8 Identity helps organizations realize the vision of Autonomous Identity Governance™ with AI-driven Identity solutions.

IT Band Systems

IT Band Systems

IT Band Systems is an international provider of IT products and services including web server monitoring and web security consulting.

Spyderbat

Spyderbat

Spyderbat ATI closes the manual investigation gap between detection and response by instantly presenting causally connected threat activity to security analysts at the onset of an investigation.

OSI Security

OSI Security

OSI Security's primary services include penetration testing, security auditing, web application security testing and risk management.

Vala Secure

Vala Secure

Vala Secure is a cybersecurity and compliance consultancy that always stays ahead of regulations, future threats and ever-changing security environments.

FourthRev

FourthRev

FourthRev is an education-technology start-up with a mission to solve the skills crisis of the Fourth Industrial Revolution.

Tentacle

Tentacle

Tentacle has developed a configurable data management tool that helps organizations to improve their information security programs and overall security posture.

Aeries Technology

Aeries Technology

Aeries is a technology services organization offering capabilities in Technology Services, Digital Transformation, and Business Process Management.

Winslow Technology Group (WTG)

Winslow Technology Group (WTG)

Winslow Technology Group is a leading provider of IT Solutions, Managed Services, and Cybersecurity Services dedicated to providing exceptional business outcomes for our customers since 2003.

Cynch Security

Cynch Security

Cynch Security are passionate about building a world where every business is resilient to cybersecurity risks, no matter what their size.