LinkedIn was vector for 10,000 hostile state recruiting efforts against Brits, warns MI5

Ten thousand Britons have been targeted on LinkedIn by recruiters for the Chinese and Russian intelligence services, according to an awarenss campaign launched by domestic spy agency MI5 this morning.

Details were previewed in this morning’s Times newspaper, which warned specifically of people with “access to classified or sensitive information” being targeted by Britain’s enemies.

The Centre for the Protection of National Infrastructure (CPNI), an MI5 offshoot, told the newspaper its figure of 10,000 compromise attempts over five years was a conservative one, with MI5 chief Ken McCallum saying in a prepared statement: “Malicious profiles on professional networking sites are being utilised on an industrial scale.”

UK government’s chief security officer, Dominic Fortescue, added in a statement: “Since the start of the pandemic, many of us have been working remotely and having to spend more time at home on our personal devices. As a result, staff have become more vulnerable to malicious approaches from hostile security services and criminal organisations on social media.”

A briefing document about the Think Before You Link campaign stated: “Importantly, we are not telling users to stop using social media or professional networking sites. Rather, we are raising awareness that some individuals may be operating with nefarious intent.”

Access to sensitive information or skills?

The campaign is primarily targeted at public-sector workers in members of the multinational Five Eyes espionage alliance, with the US FBI and Office of the Director of National Intelligence both praising CPNI’s efforts along with Australia and New Zealand. It targets recruiting efforts by hostile countries’ spies rather than simple phishing.

Mike Burgess, Australia’s director general of security, added: “Five Eyes collaboration is critical – the international scale and nature of the threat requires an international response.”

While The Times reported that Russia and China state actors were the biggest suspects, much LinkedIn phishing and targeting activity has come from North Korea in recent years, though the technique is not confined to Little Kim’s nation. A couple of years ago, for example, a deepfake account on LinkedIn was used to target a Russia specialist at British think tank Chatham House.

The world of tech is well used to LinkedIn approaches from malicious or not-as-they-seem characters. Most of these are from dodgy recruiters trying to fill quotas rather than state-sponsored attempts to compromise key personnel or steal valuable information, however.

Different countries take different approaches to recruiting informants or people with access to sensitive information or skills. Russia, for example, jails cybercriminals and then offers early release if they agree to work for intelligence agencies’ hacking units. ®

READ MORE HERE