Spy Agencies Go Recruiting on LinkedIn

Uploaded on 2015-09-21 in NEWS-Cybersecurity News, INTELLIGENCE--Europe, GOVERNMENT-National, FREE TO VIEW

talent-src LinkedIn fake recruiters 2

 F-Secure analysed bogus LinkedIn accounts to discover that they belong to individuals supposedly working for Talent Src (Talent Sources).

MI5 have warned that ‘hostile intelligence services’ are clandestinely targeting Government employees through the popular online CV website. Secret agents working for malign foreign powers, including Russia and China, have created fake profiles on the social networking service to lure unsuspecting victims.

In the elaborate scam, that wouldn’t be out of place in a James Bond novel, enemy spies are using bogus accounts on the website, described as like Facebook but for business professionals, to try and ‘find, connect with, cultivate and recruit’ current and former Government employees. Instead of a trusting civil servant connecting with a potential business partner, they are unwittingly tricked by a foreign agent into exposing a treasure trove of personal details, including pictures, phone numbers, email addresses and information about their work in Whitehall.

Security experts have said that even current members of Britain’s spy agencies, MI5, MI6 and GCHQ, have put potentially risky information in LinkedIn profiles. Others on the website work, or were previously employed, in departments which deal with highly-sensitive intelligence such as the Foreign Office, Home Office or Ministry of Defence. Now spy chiefs have launched a crackdown to minimise the threat of enemy agents coaxing out secrets.

In a document sent by email on July 24, MI5 announced a ‘Security Service Espionage Alert’. Containing the MI5 logo, the missive identifies a string of ‘key points’. In July 2009, the new head of MI6 Sir John Sawers’ personal details were plastered over Facebook. These include the warning that ‘Hostile foreign intelligence services are increasingly using LinkedIn to find, connect with and begin cultivation and recruitment of current and former HMG [Her Majesty’s Government] employees.’

It adds: ‘MI5 investigations have identified a large number of HMG employees connected to known hostile foreign intelligence service cover profiles.’
The document, circulated in Whitehall, provides ‘advice to help you protect yourself online and what to do if you think you may have been the subject of an approach.’

LinkedIn, which was founded in December 2002, has more than 364million users in 200-plus countries.
Professor Anthony Glees, of the University of Buckingham’s Centre for Security and Intelligence Studies, said last night: ‘An enemy agent who might know he is a spy would be able make deductions from that about what our intelligence agencies are interested in at the moment.
‘What people don’t understand is that social media is used as a tool for intelligence gathering not just by us but by other countries who are hostile to us.' 
Russia, along with China, has been accused of mobilising a huge cyber-spying operation targeting the UK and other nations. Security sources have warned that Moscow and Beijing routinely seek to steal military secrets from government and major defence contractors.

MI5 has repeatedly warned that it is tackling ‘industrial-scale’ cyber-attacks from both hostile countries, terrorists and organised gangs.

In March 2013, NATO’s most senior commander was embroiled in a major security alert after a fake Facebook account was set up in his name by suspected Chinese spies. Senior British military officers and Ministry of Defence staff are understood to have accepted ‘friend requests’ from a bogus account for Nato’s then Supreme Allied Commander James Stavridis.
In the mistaken belief they had linked up with the American admiral on social media, they then unwittingly provided a vast trove of personal details. And in July 2009, the new head of MI6 Sir John Sawers’ personal details were plastered over Facebook.

Shortly after being appointed, his own security was breached when his wife posted photographs on Facebook showing him in tight fitting swimming trunks, along with details about where Sir John’s family live and work, and where they spend their holidays. In an embarrassing blunder for MI6, millions of people could have gained access to compromising photographs of Sir John Sawers and his family on the social networking website.

Mail: http://dailym.ai/1FX1CNL
 

« Iran and Saudi Marching To Cyber War!
What Does Facebook Want With AI? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

SolarWinds

SolarWinds

SolarWinds as a worldwide leader in solutions for network and IT service management, application performance, and managed services.

Zentera Systems

Zentera Systems

Zentera's CoIP (Cloud over IP) solution offers enterprise-grade networking and security for the emerging cloud ecosystem.

Cyber Security Research Centre - University of Cardiff

Cyber Security Research Centre - University of Cardiff

Cardiff University's Centre for Cyber Security Research is a leading UK academic research unit for cyber security analytics.

Ivanti

Ivanti

Ivanti provide user-centered IT solutions designed to increase user productivity while reducing IT security risk.

Honeynet Project

Honeynet Project

The Honeynet Project is a leading international non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools.

TÜV Informationstechnik (TÜViT)

TÜV Informationstechnik (TÜViT)

TÜViT is a leading service provider in the IT sector offering unbiased and independent tests and certifications of IT products, hardware, software, systems and processes.

Ritz

Ritz

Ritz is the largest holistic pure-play cyber security solutions provider in Myanmar.

CyberCareers.gov

CyberCareers.gov

CyberCareers.gov is a platform for Cybersecurity Job Seekers, Federal Hiring Managers and Supervisors, Current Federal Cybersecurity Employees, Students and Universities.

NTIC Cyber Center - USA

NTIC Cyber Center - USA

NTIC Cyber Center is an organization dedicated to making the National Capital Region (Washington DC) more resilient to cyber-attacks.

PreEmptive Solutions

PreEmptive Solutions

PreEmptive Protection hit the sweet spot between cost, convenience and functionality by helping you protect and secure your apps in a smarter way.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.

CDS

CDS

CDS is a strategic change agency enabling organisations and businesses to create and build better services to meet the evolving needs of customers, employees and citizens.

Buguard

Buguard

Buguard is a multi-award-winning supplier of Application Security Assessments and GRC services.

Cyphershield

Cyphershield

Cypershield is a Security and Smart Contract audit company providing professional smart contract auditing services for varied Crypto projects.

SignalRed

SignalRed

SignalRed provides the cutting edge next-generation penetration testing and secure development solutions to startups and large enterprises.

Concertium

Concertium

Concertium is a complete cybersecurity partner equipped with the expertise and services to deliver end-to-end visibility and protection from evolving cyber threats.