Spy Agencies Are Hiring Via LinkedIn

Uploaded on 2023-11-28 in TECHNOLOGY-Key Areas-Social Media, INTELLIGENCE--USA, INTELLIGENCE--International, FREE TO VIEW

The US intelligence establishment is growing more concerned about Chinese espionage agencies that are using fake LinkedIn accounts to identify and recruit American citizens who have access to government and commercial secrets. 

That's not a recent development. Indeed, it was Five year ago that the CIA' s William Evanina, then US counter-intelligence chief, told Reuters that intelligence and law enforcement officials had tipped off LinkedIn (owned by Microsoft) about China’s  aggressive activity on the professional networking platform 

Today, the warnings about the risks of professional networks being used for espionage purposes have increased. 

China has been using the LinkedIn platform to recruit Americans with access to valuable sensitive government and commercial data.  Similarly at the time, both British and German authorities had issued similar warnings. In October this year the “Five Eyes”, the intelligence alliance between the United States, United Kingdom, Canada, Australia, and New Zealand, issued an alert on how China exploit social networks to build relationships with professionals with access to sensitive information. 

In fact, more governments are finding value in leveraging these platforms for spying purposes, which is a disturbing turn of events given that such platforms are meant to encourage interaction among global professionals.  

The following examples are just some samples that show this increasing trend:

United Kingdom:    According to The Guardian newspaper, in October 2023 roughly 20k Britons have been approached by Chinese intelligence via LinkedIn with the purpose of stealing sensitive industrial or technology information.  The head of the domestic spy agency, MI5 observed that individuals working in AI, quantum computing, or synthetic biology were especially at risk.

In response, the 'Think Before You Link' campaign offers an innovative app which allows users of social media and professional networking sites, to better identify the signs of fake profiles used by foreign spies and other malicious actors, and take steps to report and remove them, was launched in 2022 by the UK Government.

Canada:    In June 2023, the Canadian Security Intelligence Service (CSIS) issued a warning via social media over the potential recruitment of “high value” Canadians via LinkedIn and other professional social media platforms.  Canadian citizens considered of interest s are being unwittingly recruited online by Chinese intelligence officers to spy for them.

The Netherlands:    In February 2022, the Dutch General Intelligence and Security Service (AIVD) acknowledged that thousands of employees at Dutch high tech companies had been consistently connected by Chinese and Russian intelligence personnel in an attempt to steal sensitive company secrets.  Approaches were made via fake accounts on LinkedIn, the largest global professional network, appearing to be colleagues in the science and engineering fields, or else as recruiters.  Per AIVD, once first contacted, the relationship quickly progressed citing the targeted individual’s expertise and knowledge as entry into collaboration.

Several other governments have been identified in exploiting professional social media platforms in similar ways and for similar purposes. 

  • North Korea cyber-enabled activity has primarily focused on the theft of money and its exploitation of professional social media is no different. 
  • Iran has also been active in this arena, executing phishing campaigns targeting individuals of interest via professional social media platforms with malware embedded attachments to install backdoors, and steal data and credentials.  

Iranian threat actors would typically entice targets via fake profiles to join professional communities to develop relationships under the guise of participating in closed groups.

To combat this growing threat, there have been calls for professional social networking platforms to vigorously police its offerings and remove fake and questionable profiles and accounts like Twitter and Facebook have been doing.  LinkedIn has stepped up efforts for identifying and neutralising fake profiles.  

Being able to confirm the authenticity of individuals via a trusted third party would go a long way to reducing the potential impact on individual professionals and the organization they work - a form of cyber resilience that could have benefits for both personal and national security.

LinkedIn:   Gov.UK:    Reuters:  Oodaloop:    Guardian:      Yahoo:    Facebook:   CBS News:   Cyberwar.NL:

Image: Bastian Riccardi

Spy Agencies Warn Of New Threats From Chinese Hackers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cyber Security Executive Confesses To Hacking Hospitals
Supply Chain Attack On British Law Firms »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Wibu-Systems

Wibu-Systems

Wibu-Systems is a leading provider of solutions for the Digital Rights Management (DRM) and anti-piracy industry.

InfoGuard

InfoGuard

InfoGuard is a leading Swiss company providing comprehensive cyber security and network solutions.

X4 Technology

X4 Technology

X4 Technology is a leader in finding the very best technology talent for some of the world’s most innovative start-ups and globally recognised brands.

BLUECYFORCE

BLUECYFORCE

BLUECYFORCE is the leading professional training and cyber defense training organization in France.

CHEQ

CHEQ

CHEQ provides fully autonomous, preemptive technology for brand safety and ad-fraud prevention.

RiskXchange

RiskXchange

RiskXchange's cybersecurity risk rating solution helps businesses solve complex cybersecurity and compliance challenges by providing a 360-degree view of your cybersecurity posture.

ADL Consulting

ADL Consulting

ADL Consulting provide information security-related consultancy and training support to businesses across the UK. Our services include ISO27001, GDPR, Cyber Essentials and training.

Nineteen Group

Nineteen Group

Nineteen Group delivers major-scale exhibitions within the security, fire, emergency services, health and safety, facilities management and maintenance engineering sectors.

GajShield

GajShield

GajShield Infotech provides Data Security Firewall solutions to Corporate’s and Government agencies.

Marcum Technology

Marcum Technology

Marcum Technology consultants are focused on helping you reach your company’s full potential by exploring creative ways to integrate tomorrow’s technology into your business today.

The Security Bulldog

The Security Bulldog

The Security Bulldog distills and assimilates open source cyber intelligence to enable security teams to understand threats more quickly, make better decisions, and accelerate detection and response.

6WIND

6WIND

6WIND deliver virtualized, cloud-native, distributed high performance & secure networking software solutions to support new applications such as 5G, IoT, SD-WAN.

Heartland Business Systems (HBS)

Heartland Business Systems (HBS)

Heartland Business Systems serves commercial, public sector and small to medium business with results-driven and dedicated information technology services.

NetScout Systems

NetScout Systems

NetScout assures digital business services against disruptions in availability, performance, and security.

Convergence Networks

Convergence Networks

Convergence Networks is one of North America's leading Managed Services & Security Providers.

SecuRedact

SecuRedact

SecuRedact is an AI-powered tool to detect and pseudonymize personal data in text and images. Fast, local, secure, and free to try.