Spy Agencies Are Hiring Via LinkedIn

The US intelligence establishment is growing more concerned about Chinese espionage agencies that are using fake LinkedIn accounts to identify and recruit American citizens who have access to government and commercial secrets. 

That's not a recent development. Indeed, it was Five year ago that the CIA' s William Evanina, then US counter-intelligence chief, told Reuters that intelligence and law enforcement officials had tipped off LinkedIn (owned by Microsoft) about China’s  aggressive activity on the professional networking platform 

Today, the warnings about the risks of professional networks being used for espionage purposes have increased. 

China has been using the LinkedIn platform to recruit Americans with access to valuable sensitive government and commercial data.  Similarly at the time, both British and German authorities had issued similar warnings. In October this year the “Five Eyes”, the intelligence alliance between the United States, United Kingdom, Canada, Australia, and New Zealand, issued an alert on how China exploit social networks to build relationships with professionals with access to sensitive information. 

In fact, more governments are finding value in leveraging these platforms for spying purposes, which is a disturbing turn of events given that such platforms are meant to encourage interaction among global professionals.  

The following examples are just some samples that show this increasing trend:

United Kingdom:    According to The Guardian newspaper, in October 2023 roughly 20k Britons have been approached by Chinese intelligence via LinkedIn with the purpose of stealing sensitive industrial or technology information.  The head of the domestic spy agency, MI5 observed that individuals working in AI, quantum computing, or synthetic biology were especially at risk.

In response, the 'Think Before You Link' campaign offers an innovative app which allows users of social media and professional networking sites, to better identify the signs of fake profiles used by foreign spies and other malicious actors, and take steps to report and remove them, was launched in 2022 by the UK Government.

Canada:    In June 2023, the Canadian Security Intelligence Service (CSIS) issued a warning via social media over the potential recruitment of “high value” Canadians via LinkedIn and other professional social media platforms.  Canadian citizens considered of interest s are being unwittingly recruited online by Chinese intelligence officers to spy for them.

The Netherlands:    In February 2022, the Dutch General Intelligence and Security Service (AIVD) acknowledged that thousands of employees at Dutch high tech companies had been consistently connected by Chinese and Russian intelligence personnel in an attempt to steal sensitive company secrets.  Approaches were made via fake accounts on LinkedIn, the largest global professional network, appearing to be colleagues in the science and engineering fields, or else as recruiters.  Per AIVD, once first contacted, the relationship quickly progressed citing the targeted individual’s expertise and knowledge as entry into collaboration.

Several other governments have been identified in exploiting professional social media platforms in similar ways and for similar purposes. 

  • North Korea cyber-enabled activity has primarily focused on the theft of money and its exploitation of professional social media is no different. 
  • Iran has also been active in this arena, executing phishing campaigns targeting individuals of interest via professional social media platforms with malware embedded attachments to install backdoors, and steal data and credentials.  

Iranian threat actors would typically entice targets via fake profiles to join professional communities to develop relationships under the guise of participating in closed groups.

To combat this growing threat, there have been calls for professional social networking platforms to vigorously police its offerings and remove fake and questionable profiles and accounts like Twitter and Facebook have been doing.  LinkedIn has stepped up efforts for identifying and neutralising fake profiles.  

Being able to confirm the authenticity of individuals via a trusted third party would go a long way to reducing the potential impact on individual professionals and the organization they work - a form of cyber resilience that could have benefits for both personal and national security.

LinkedIn:   Gov.UK:    Reuters:  Oodaloop:    Guardian:      Yahoo:    Facebook:   CBS News:   Cyberwar.NL:

Image: Bastian Riccardi

Spy Agencies Warn Of New Threats From Chinese Hackers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Cyber Security Executive Confesses To Hacking Hospitals
Supply Chain Attack On British Law Firms »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

European Cyber Security Organisation (ECSO)

European Cyber Security Organisation (ECSO)

The main objective of ECSO is to support all types of initiatives or projects that aim to develop, promote and encourage European cybersecurity.

ISACA Conferences

ISACA Conferences

ISACA is dedicated to offering the most dynamic and inclusive conferences to keep you abreast of the latest advances in IT and Information Security.

SKOUT Secure Intelligence

SKOUT Secure Intelligence

SkOUT Secure Intelligence (formerly Oxford Solutions) provides cyber security monitoring services to organizations around the globe.

Salt Communications

Salt Communications

Salt communications is a global leader in secure communications. Our bespoke platform is the secure communications solution that uniquely gives complete control to our customers.

Very Good Security (VGS)

Very Good Security (VGS)

VGS is the modern approach to data security. Our SaaS solution gives you all the benefits of interacting with sensitive and regulated data without the liability of securing it.

Advens

Advens

Advens is a company specializing in information security management. We provide Consultancy, Security Audits and Technology Solutions.

SixThirty CYBER

SixThirty CYBER

SixThirty is a venture fund that invests in early-stage enterprise technology companies from around the world building FinTech, InsurTech, and Cybersecurity solutions.

Aligned Technology Solutions (ATS)

Aligned Technology Solutions (ATS)

ATS manage, monitor, and maintain everything from your network and servers to your workstations and mobile devices, and we do it proactively to eliminate downtime and keep hackers at bay.

Netpoleon Group

Netpoleon Group

Netpoleon is a leading provider of integrated security, networking solutions and value added services.

Let's Encrypt

Let's Encrypt

Let’s Encrypt is a free, automated, and open digital certificate authority, run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

Brace168

Brace168

Specialising in Cyber Security incident identification and response, Brace168 is uniquely positioned to provide a vast experience in managed security services to meet the needs of all business types.

National Cyber Safety and Security Standards (NCSSS) - India

National Cyber Safety and Security Standards (NCSSS) - India

National Cyber Safety and Security Standards has been started with a great vision to safeguard India from the current threats in the cyber space.

DataSolutions

DataSolutions

DataSolutions is a leading value-added distributor of transformational IT solutions in the UK and Ireland.

Getronics

Getronics

Getronics guides customers through their own transformation journeys, leveraging an integrated and secure-by-design IT portfolio.

Strata Information Group (SIG)

Strata Information Group (SIG)

Strata Information Group (SIG) is a trusted partner in IT solutions and consulting services.

Infinavate

Infinavate

Infinavate Fort CyberVault offers end-to-end services that comprehensively responds to the organization’s information security and privacy needs.