Spy Agencies Are Hiring Via LinkedIn

The US intelligence establishment is growing more concerned about Chinese espionage agencies that are using fake LinkedIn accounts to identify and recruit American citizens who have access to government and commercial secrets. 

That's not a recent development. Indeed, it was Five year ago that the CIA' s William Evanina, then US counter-intelligence chief, told Reuters that intelligence and law enforcement officials had tipped off LinkedIn (owned by Microsoft) about China’s  aggressive activity on the professional networking platform 

Today, the warnings about the risks of professional networks being used for espionage purposes have increased. 

China has been using the LinkedIn platform to recruit Americans with access to valuable sensitive government and commercial data.  Similarly at the time, both British and German authorities had issued similar warnings. In October this year the “Five Eyes”, the intelligence alliance between the United States, United Kingdom, Canada, Australia, and New Zealand, issued an alert on how China exploit social networks to build relationships with professionals with access to sensitive information. 

In fact, more governments are finding value in leveraging these platforms for spying purposes, which is a disturbing turn of events given that such platforms are meant to encourage interaction among global professionals.  

The following examples are just some samples that show this increasing trend:

United Kingdom:    According to The Guardian newspaper, in October 2023 roughly 20k Britons have been approached by Chinese intelligence via LinkedIn with the purpose of stealing sensitive industrial or technology information.  The head of the domestic spy agency, MI5 observed that individuals working in AI, quantum computing, or synthetic biology were especially at risk.

In response, the 'Think Before You Link' campaign offers an innovative app which allows users of social media and professional networking sites, to better identify the signs of fake profiles used by foreign spies and other malicious actors, and take steps to report and remove them, was launched in 2022 by the UK Government.

Canada:    In June 2023, the Canadian Security Intelligence Service (CSIS) issued a warning via social media over the potential recruitment of “high value” Canadians via LinkedIn and other professional social media platforms.  Canadian citizens considered of interest s are being unwittingly recruited online by Chinese intelligence officers to spy for them.

The Netherlands:    In February 2022, the Dutch General Intelligence and Security Service (AIVD) acknowledged that thousands of employees at Dutch high tech companies had been consistently connected by Chinese and Russian intelligence personnel in an attempt to steal sensitive company secrets.  Approaches were made via fake accounts on LinkedIn, the largest global professional network, appearing to be colleagues in the science and engineering fields, or else as recruiters.  Per AIVD, once first contacted, the relationship quickly progressed citing the targeted individual’s expertise and knowledge as entry into collaboration.

Several other governments have been identified in exploiting professional social media platforms in similar ways and for similar purposes. 

  • North Korea cyber-enabled activity has primarily focused on the theft of money and its exploitation of professional social media is no different. 
  • Iran has also been active in this arena, executing phishing campaigns targeting individuals of interest via professional social media platforms with malware embedded attachments to install backdoors, and steal data and credentials.  

Iranian threat actors would typically entice targets via fake profiles to join professional communities to develop relationships under the guise of participating in closed groups.

To combat this growing threat, there have been calls for professional social networking platforms to vigorously police its offerings and remove fake and questionable profiles and accounts like Twitter and Facebook have been doing.  LinkedIn has stepped up efforts for identifying and neutralising fake profiles.  

Being able to confirm the authenticity of individuals via a trusted third party would go a long way to reducing the potential impact on individual professionals and the organization they work - a form of cyber resilience that could have benefits for both personal and national security.

LinkedIn:   Gov.UK:    Reuters:  Oodaloop:    Guardian:      Yahoo:    Facebook:   CBS News:   Cyberwar.NL:

Image: Bastian Riccardi

Spy Agencies Warn Of New Threats From Chinese Hackers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Cyber Security Executive Confesses To Hacking Hospitals
Supply Chain Attack On British Law Firms »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IASME Consortium

IASME Consortium

IASME is one of five companies appointed as Accreditation Bodies for assessing and certifying against the UK Government's Cyber Essentials Scheme.

a1qa

a1qa

a1qa specializes in the delivery of full-cycle software QA and application testing services.

Kore Telematics

Kore Telematics

Kore is a leading managed service provider for IoT and M2M applications.

Exostar

Exostar

Exostar is the cloud platform of choice for secure enterprise and supply chain collaboration solutions and identity and access management expertise.

QOMPLX

QOMPLX

QOMPLX integrate, contextualize, and analyze data from virtually any source to help you identify operational risk and inefficiencies throughout the enterprise.

Dell Technologies

Dell Technologies

Dell Technologies Consulting Services enables a highly resilient business amidst the proliferation of cloud-based IT services and constant threats to your most critical information.

Redstor

Redstor

Redstor's complete data management helps you discover, manage and control your data from a single control centre, unifying backup and recovery, disaster recovery, archiving and search and insight.

X4 Technology

X4 Technology

X4 Technology is a leader in finding the very best technology talent for some of the world’s most innovative start-ups and globally recognised brands.

Talon Cyber Security

Talon Cyber Security

Talon delivers the leading enterprise browser designed to bring security to managed and unmanaged devices, regardless of location, device type or operating system.

IT Acceleration

IT Acceleration

IT Acceleration is a full-service IT management and support, IT compliance and Digital Forensics company.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MicroAge

MicroAge

Powered by five decades of experience, lasting partnerships, client relationships, and the values that guide us daily, MicroAge is here to help you secure, accelerate, and transform your business.

Aceiss

Aceiss

Aceiss empowers access security, providing unprecedented visibility and insights into user access.

Ping Identity

Ping Identity

At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. That’s digital freedom.

One Step Secure IT

One Step Secure IT

One Step provide Managed IT Services, Cybersecurity Protections, and Compliance to businesses in the USA nationwide.

Inroad Technologies

Inroad Technologies

Inroad Technologies provide IT services that help keep your business computers, servers and networks secure and trouble-free.