Spy Agencies Are Hiring Via LinkedIn

Uploaded on 2023-11-28 in TECHNOLOGY-Key Areas-Social Media, INTELLIGENCE--USA, INTELLIGENCE--International, FREE TO VIEW

The US intelligence establishment is growing more concerned about Chinese espionage agencies that are using fake LinkedIn accounts to identify and recruit American citizens who have access to government and commercial secrets. 

That's not a recent development. Indeed, it was Five year ago that the CIA' s William Evanina, then US counter-intelligence chief, told Reuters that intelligence and law enforcement officials had tipped off LinkedIn (owned by Microsoft) about China’s  aggressive activity on the professional networking platform 

Today, the warnings about the risks of professional networks being used for espionage purposes have increased. 

China has been using the LinkedIn platform to recruit Americans with access to valuable sensitive government and commercial data.  Similarly at the time, both British and German authorities had issued similar warnings. In October this year the “Five Eyes”, the intelligence alliance between the United States, United Kingdom, Canada, Australia, and New Zealand, issued an alert on how China exploit social networks to build relationships with professionals with access to sensitive information. 

In fact, more governments are finding value in leveraging these platforms for spying purposes, which is a disturbing turn of events given that such platforms are meant to encourage interaction among global professionals.  

The following examples are just some samples that show this increasing trend:

United Kingdom:    According to The Guardian newspaper, in October 2023 roughly 20k Britons have been approached by Chinese intelligence via LinkedIn with the purpose of stealing sensitive industrial or technology information.  The head of the domestic spy agency, MI5 observed that individuals working in AI, quantum computing, or synthetic biology were especially at risk.

In response, the 'Think Before You Link' campaign offers an innovative app which allows users of social media and professional networking sites, to better identify the signs of fake profiles used by foreign spies and other malicious actors, and take steps to report and remove them, was launched in 2022 by the UK Government.

Canada:    In June 2023, the Canadian Security Intelligence Service (CSIS) issued a warning via social media over the potential recruitment of “high value” Canadians via LinkedIn and other professional social media platforms.  Canadian citizens considered of interest s are being unwittingly recruited online by Chinese intelligence officers to spy for them.

The Netherlands:    In February 2022, the Dutch General Intelligence and Security Service (AIVD) acknowledged that thousands of employees at Dutch high tech companies had been consistently connected by Chinese and Russian intelligence personnel in an attempt to steal sensitive company secrets.  Approaches were made via fake accounts on LinkedIn, the largest global professional network, appearing to be colleagues in the science and engineering fields, or else as recruiters.  Per AIVD, once first contacted, the relationship quickly progressed citing the targeted individual’s expertise and knowledge as entry into collaboration.

Several other governments have been identified in exploiting professional social media platforms in similar ways and for similar purposes. 

  • North Korea cyber-enabled activity has primarily focused on the theft of money and its exploitation of professional social media is no different. 
  • Iran has also been active in this arena, executing phishing campaigns targeting individuals of interest via professional social media platforms with malware embedded attachments to install backdoors, and steal data and credentials.  

Iranian threat actors would typically entice targets via fake profiles to join professional communities to develop relationships under the guise of participating in closed groups.

To combat this growing threat, there have been calls for professional social networking platforms to vigorously police its offerings and remove fake and questionable profiles and accounts like Twitter and Facebook have been doing.  LinkedIn has stepped up efforts for identifying and neutralising fake profiles.  

Being able to confirm the authenticity of individuals via a trusted third party would go a long way to reducing the potential impact on individual professionals and the organization they work - a form of cyber resilience that could have benefits for both personal and national security.

LinkedIn:   Gov.UK:    Reuters:  Oodaloop:    Guardian:      Yahoo:    Facebook:   CBS News:   Cyberwar.NL:

Image: Bastian Riccardi

Spy Agencies Warn Of New Threats From Chinese Hackers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cyber Security Executive Confesses To Hacking Hospitals
Supply Chain Attack On British Law Firms »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CCL Solutions Group

CCL Solutions Group

CCL is one of Europe’s leading digital investigation specialists, supporting law enforcement, government and organisations across both public and private sectors.

Simula Research Laboratory

Simula Research Laboratory

Simula Research Laboratory carries out research in the fields of communication systems, scientific computing and software engineering.

VigiTrust

VigiTrust

VigiTrust is a security firm specializing in cloud based eLearning programs, security compliance portals and providing security assessments.

Zettaset

Zettaset

Zettaset’s XCrypt Data Encryption Platform delivers proven protection for Object, Relational/SQL, NoSQL, and Hadoop data stores…in the cloud and on-premises.

DOS

DOS

DOS is an Ecuadorian company with 3 decades of presence in the market and extensive experience in the planning, management and execution of IT Service Integration Projects.

Scout Ventures

Scout Ventures

Scout Ventures is an early stage venture capital firm that is making the world a better, safer place by cultivating standout frontier technologies.

neoEYED

neoEYED

neoEYED helps banks and fintech to detect and prevent frauds using a Behavioral AI that recognizes the users just by looking at “how” they interact with the applications.

IQ4 - Cybersecurity Workforce Alliance (CWA)

IQ4 - Cybersecurity Workforce Alliance (CWA)

Cybersecurity Workforce Alliance, a division of iQ4, is an organization comprised of a diverse range of professionals dedicated to the development of the cybersecurity workforce.

10dot Cloud Security

10dot Cloud Security

10dot Cloud Security is a security service management company. Our solutions give you contextualised visibility into your network security.

Kintent

Kintent

With Kintent, compliance becomes a habit, is simple to understand and achieve, and is continuously testable so that your customers can see that you are adhering to all your trust obligations.

Nineteen Group

Nineteen Group

Nineteen Group delivers major-scale exhibitions within the security, fire, emergency services, health and safety, facilities management and maintenance engineering sectors.

Atlant Security

Atlant Security

Atlant Security is a cyber and IT security company offering consulting and implementation services.

RMC

RMC

RMC was purpose-built for Mission Assurance and ICS/OT cybersecurity, dedicated to strengthening and protecting government and commercial assets.

Gen Digital

Gen Digital

At Gen™, our mission is to create technology solutions for people to take full advantage of the digital world, safely, privately, and confidently – so together, we can build a better tomorrow.

SoftForum

SoftForum

SoftForum is a company specializing in next-generation information security solutions in the Quantum-Resistant-Cryptography (PQC) field.

NANO Corp

NANO Corp

At NANO Corp, we keep your network visible, understandable, operational and secure with state-of-the-art technology.