Security Minister Tom Tugendhat said the government is aware that Chinese intelligence is using social media to attack British citizens. Photo: DANIEL LEAL/AFP
This discovery reveals how revolutionary LinkedIn, owned by Microsoft, has been, not only for job seekers and recruiters, but also for spy agencies.
Former army officers, government officials, and even well-connected academics or think tanks often share information. There is more information on LinkedIn than anywhere else on the Internet, which helps spies quickly identify potential targets.
«Basically, it's just a digitization of how human intelligence works,» says Ed Arnold, researcher Fellow of the Royal United Services Institute. for European security.
Instead of spending days or weeks figuring out if a potential source of espionage is «ideologically motivated or money motivated, or if there's room for blackmail», LinkedIn allows agents to send out many approaches at the same time and just see who's biting.
While not all approaches will produce results, the minimum effort required for this spray-and-pray approach is well worth it. What's more, agents can do espionage work from the comfort of their homes in China rather than traveling abroad.
Spies hid behind LinkedIn profiles that used stock or stolen profile photos and seemingly plausible job stories.
In short, LinkedIn offers a «really effective» spying method, says Arnold.
LinkedIn, which has 930 million users worldwide, declines to say how many accounts have been deleted or flagged as being used by intelligence agencies. However, it says that 12% of fake accounts labeled «automatically protected» were «manually blocked.»
Dan Lomas, assistant professor of international relations at the University of Nottingham, says: «China is doing this on a massive scale, and governments are now aware of the risk.”
Lomas says it is. an ideal place for uncomplicated and highly paid intelligence operations.
“You used to have to hire an agent or officer to get personal information that you can use to try and get closer to the targets you need to hire.
“With LinkedIn, you don't have to do that anymore. Your agent is safe and can sit in China, contacting people through social networks who will give all the information in the hope of getting a job.
“What is their role, who do they work with? What is their expertise? This is all valuable information and is key if I want to recruit someone and surprise them by showing that we know a lot about them.”
Philip Ingram, a former Colonel in the Intelligence Corps, recounts how I was attacked via LinkedIn, a similar Chinese operation similar to the one that singled out Tauler.
As a media commentator and security consultant, Ingram has a relatively high profile on compared to most of his military colleagues.
«I got a link request, like you, on LinkedIn, but when I clicked on a man, Robin Zhang,» he says.
However, he became suspicious after “Zhang” invited him to speak at a Chinese security conference.
“He lacked details about exactly what the conference was called,” Ingram recalls. Zhang refused to meet Ingram in London, instead inviting him to China and offering to pay in cash.
«The alarm went off,» says the former colonel.
Warnings about using LinkedIn for such Malicious targets have plagued the British security services for a decade now.
Gawain Tauler thought he was being courted for the benefit of a consulting job for a Chinese company hoping to enter the UK market. Photo: STEVE FINN
Efforts to counter the use of LinkedIn by spy agencies have intensified in recent years as hostile countries, including Russia and Iran, as well as China, have realized the potential of the site to easily achieve new goals.
Cyber security firm SecureWorks In 2015, the Threat Squad uncovered a network of 25 fake accounts that it said exhibited «the expected behavior of a task force operating outside of Iran.»
Nearly ten years later, little has changed. In July, the Israeli intelligence agency Shin Bet issued a rare public warning that Iranian spies were masquerading as Israeli job seekers on LinkedIn, impersonating people's existing professional connections to trick them into revealing sensitive information.
Professor Alan Woodward of Computer Security Expert at the University of Surrey says that even he has been approached by spies on a business web site.
«I've had quite a few approaches that were far from sophisticated,» he says. “They appeal to ego and often offer money for a consultation to write a report on some topic that you might have some inside knowledge on.
“It is not always those who are directly connected with state institutions who become the object of attack. Industrial espionage is probably the majority.»
Some LinkedIn users don't help themselves by advertising their access to military, industrial, and government secrets.
One group clearly targeting people with a high level of clearance to classified information, has 385 members and mentions the names of these clearances — «Advanced Check» and «Security Check».
«Please give a link to our group and recommend it to your colleagues.» it says.
DV and SC are the two highest grades given by the government inspection agency. In a bygone era, publicly advertising oneself as the holder of one of these permits was tantamount to asking for its revocation.
However, today, high-ranking government officials are much more willing to advertise their credentials in order to increase their chances of getting lucrative jobs in the private sector.< /p>
A LinkedIn spokesperson said the site has a dedicated threat prevention and protection team that looks for and removes fake accounts, using information from «government agencies» to identify and neutralize spy accounts.
«Creating a fake account is a clear violation of our terms of service.»
Recalling his encounter with Chinese LinkedIn spies, Tauler says, «Do you really think I'm going to take your money, no matter how poor I am, to betray your country? You must be joking.»
Свежие комментарии