Propaganda groups supported by the Chinese Communist Party are known to use foreign social media platforms like Twitter, Facebook, etc., for disseminating false information, aka fake news. However, very few people are aware that Beijing has its claws deeply embedded in the professional platform LinkedIn. Here, they hire people to act as spies in the U.S. and other nations.
The LinkedIn operations
Unlike other social media websites, LinkedIn is not banned in China, as the company agreed to abide by the censorship policies of the government. To hire spies in other countries, the Chinese agents first open fake accounts on LinkedIn. They then scout the website for professionals working in an area of their interest. Next, the Chinese agent poses as a high ranking official of some business organization or research group and contacts the unsuspecting LinkedIn target, offering a better career or business opportunity. It is during the meeting that the professional realizes that the other party works for the Chinese spy agency.
In May this year, a former CIA employee named Kevin Patrick Mallory was sentenced to 20 years in prison for spying on behalf of China. Mallory came into contact with Chinese agents after he received a message through LinkedIn. “We’ve seen China’s intelligence services doing this on a mass scale… Instead of dispatching spies to the U.S. to recruit a single target, it’s more efficient to sit behind a computer in China and send out friend requests to thousands of targets using fake profiles,” William R. Evanina, the Director of the National Counterintelligence and Security Center, said in a statement (The New York Times).
The U.S. isn’t the only country being affected by such spy tactics of Beijing. Intelligence agencies in Britain, France, and Germany have warned citizens about the dangers of foreign agents approaching them through LinkedIn. In 2017, Germany’s intelligence agency had identified close to 10,000 citizens who were contacted by Chinese officials. Last year, the intelligence agencies in France warned the government that Chinese spies were in touch with 4,000 people ranging from company executives, government employees, and scientists.
Iran is also a major player in using LinkedIn to further its interests. “Iran has a critical need for strategic intelligence and is likely to fill this gap by conducting espionage against decision-makers and key organizations that may have information that furthers Iran’s economic and national security goals. The identification of new malware and the creation of additional infrastructure to enable such campaigns highlights the increased tempo of these operations in support of Iranian interests,” Fireeye threat research said in a blog.
In a recent espionage effort, Iranian hacking group APT34 posed as researchers from Cambridge University on LinkedIn. They gained the trust of certain professionals working in government departments, utilities, and energy companies by soliciting resumes for job openings. After the victims’ trust was gained, APT34 sent a document entitled Research Staff at the University of Cambridge, encouraging them to open it.
The document apparently contained malware able to collect system information as well as download and upload files. Previously, another Iranian hacking group had gained access to a company’s sensitive information by setting up fake social media accounts of attractive women and honey-trapping unsuspecting employees of the company.