Spy Agencies Are Hiring Via LinkedIn

Uploaded on 2023-11-28 in TECHNOLOGY-Key Areas-Social Media, INTELLIGENCE--USA, INTELLIGENCE--International, FREE TO VIEW

The US intelligence establishment is growing more concerned about Chinese espionage agencies that are using fake LinkedIn accounts to identify and recruit American citizens who have access to government and commercial secrets. 

That's not a recent development. Indeed, it was Five year ago that the CIA' s William Evanina, then US counter-intelligence chief, told Reuters that intelligence and law enforcement officials had tipped off LinkedIn (owned by Microsoft) about China’s  aggressive activity on the professional networking platform 

Today, the warnings about the risks of professional networks being used for espionage purposes have increased. 

China has been using the LinkedIn platform to recruit Americans with access to valuable sensitive government and commercial data.  Similarly at the time, both British and German authorities had issued similar warnings. In October this year the “Five Eyes”, the intelligence alliance between the United States, United Kingdom, Canada, Australia, and New Zealand, issued an alert on how China exploit social networks to build relationships with professionals with access to sensitive information. 

In fact, more governments are finding value in leveraging these platforms for spying purposes, which is a disturbing turn of events given that such platforms are meant to encourage interaction among global professionals.  

The following examples are just some samples that show this increasing trend:

United Kingdom:    According to The Guardian newspaper, in October 2023 roughly 20k Britons have been approached by Chinese intelligence via LinkedIn with the purpose of stealing sensitive industrial or technology information.  The head of the domestic spy agency, MI5 observed that individuals working in AI, quantum computing, or synthetic biology were especially at risk.

In response, the 'Think Before You Link' campaign offers an innovative app which allows users of social media and professional networking sites, to better identify the signs of fake profiles used by foreign spies and other malicious actors, and take steps to report and remove them, was launched in 2022 by the UK Government.

Canada:    In June 2023, the Canadian Security Intelligence Service (CSIS) issued a warning via social media over the potential recruitment of “high value” Canadians via LinkedIn and other professional social media platforms.  Canadian citizens considered of interest s are being unwittingly recruited online by Chinese intelligence officers to spy for them.

The Netherlands:    In February 2022, the Dutch General Intelligence and Security Service (AIVD) acknowledged that thousands of employees at Dutch high tech companies had been consistently connected by Chinese and Russian intelligence personnel in an attempt to steal sensitive company secrets.  Approaches were made via fake accounts on LinkedIn, the largest global professional network, appearing to be colleagues in the science and engineering fields, or else as recruiters.  Per AIVD, once first contacted, the relationship quickly progressed citing the targeted individual’s expertise and knowledge as entry into collaboration.

Several other governments have been identified in exploiting professional social media platforms in similar ways and for similar purposes. 

  • North Korea cyber-enabled activity has primarily focused on the theft of money and its exploitation of professional social media is no different. 
  • Iran has also been active in this arena, executing phishing campaigns targeting individuals of interest via professional social media platforms with malware embedded attachments to install backdoors, and steal data and credentials.  

Iranian threat actors would typically entice targets via fake profiles to join professional communities to develop relationships under the guise of participating in closed groups.

To combat this growing threat, there have been calls for professional social networking platforms to vigorously police its offerings and remove fake and questionable profiles and accounts like Twitter and Facebook have been doing.  LinkedIn has stepped up efforts for identifying and neutralising fake profiles.  

Being able to confirm the authenticity of individuals via a trusted third party would go a long way to reducing the potential impact on individual professionals and the organization they work - a form of cyber resilience that could have benefits for both personal and national security.

LinkedIn:   Gov.UK:    Reuters:  Oodaloop:    Guardian:      Yahoo:    Facebook:   CBS News:   Cyberwar.NL:

Image: Bastian Riccardi

Spy Agencies Warn Of New Threats From Chinese Hackers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cyber Security Executive Confesses To Hacking Hospitals
Supply Chain Attack On British Law Firms »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CRU Data Security Group (CDSG)

CRU Data Security Group (CDSG)

CRU is a pioneer in devices for data mobility, data security, encryption, and digital investigation.

Forter

Forter

Forter provides new generation fraud prevention to meet the challenges faced by modern enterprise e-commerce.

Incognito Forensic Foundation Lab (IFF Lab)

Incognito Forensic Foundation Lab (IFF Lab)

IFF Lab is a premier cyber and digital forensics lab in India that offers forensic services and solutions, cyber security analysis and assessment, IT support, training and consultation.

Shieldfy

Shieldfy

Shieldfy is a cloud-based security shield for your website to protect it from cyber attacks and malwares.

Dracoon

Dracoon

DRACOON is market leader in the German-speaking region for secure enterprise file sharing.

Prove Identity

Prove Identity

Prove (formerly Payfone) is a leader in mobile & digital identity authentication for the connected world.

Syndis

Syndis

Syndis is a leading information security company helping to defend organizations by providing bespoke services and innovative security solutions in the global market.

StoneLock

StoneLock

StoneLock is a trusted leader in the design and manufacture of facial recognition software and technology.

Analog Devices Inc (ADI)

Analog Devices Inc (ADI)

Analog Devices is uniquely positioned to deliver security at the edge, where the data is born, because our sensor solutions convert the physical, analog world into the digital world.

QuSecure

QuSecure

QuSecure provides a software-driven security architecture that overlays your current infrastructure and provides next-generation security to protect your entire network from quantum threats.

HACKNER Security Intelligence

HACKNER Security Intelligence

HACKNER Security Intelligence is an independent security consultancy delivering comprehensive security assessments across IT security, physical security, and social engineering.

ITSEC Asia

ITSEC Asia

ITSEC Asia works to effectively reduce exposure to information security threats and improve the effectiveness of its clients' information security management systems.

Zigrin Security

Zigrin Security

Zigrin Security offer comprehensive, hands-on security testing of internal networks, applications, cloud-based solutions, e-commerce applications and mobile devices.

Bytium

Bytium

Bytium provides top-tier IT services and solutions designed to empower everyone, from individuals to global corporations. Specializing in cybersecurity and proactive IT management.

Cyberscope

Cyberscope

Cyberscope is a Web3 security firm specializing in smart contract audits, crypto security audits, and blockchain vulnerability assessments.

Minimus

Minimus

Minimus, a pioneering application security startup, offers a groundbreaking platform that eliminates over 95% of Common Vulnerabilities and Exposures (CVEs) from software supply chains.