Updated Ten thousand Britons have been targeted on LinkedIn by recruiters for the Chinese and Russian intelligence services, according to an awareness campaign launched by domestic spy agency MI5 this morning.
Details were previewed in this morning's Times newspaper, which warned specifically of people with "access to classified or sensitive information" being targeted by Britain's enemies.
The Centre for the Protection of National Infrastructure (CPNI), an MI5 offshoot, told the newspaper its figure of 10,000 compromise attempts over five years was a conservative one, with MI5 chief Ken McCallum saying in a prepared statement: "Malicious profiles on professional networking sites are being utilised on an industrial scale."
UK government's chief security officer, Dominic Fortescue, added in a statement: "Since the start of the pandemic, many of us have been working remotely and having to spend more time at home on our personal devices. As a result, staff have become more vulnerable to malicious approaches from hostile security services and criminal organisations on social media."
A briefing document about the Think Before You Link campaign stated: "Importantly, we are not telling users to stop using social media or professional networking sites. Rather, we are raising awareness that some individuals may be operating with nefarious intent."
Access to sensitive information or skills?
The campaign is primarily targeted at public-sector workers in members of the multinational Five Eyes espionage alliance, with the US FBI and Office of the Director of National Intelligence both praising CPNI's efforts along with Australia and New Zealand. It targets recruiting efforts by hostile countries' spies rather than simple phishing.
Mike Burgess, Australia's director general of security, added: "Five Eyes collaboration is critical – the international scale and nature of the threat requires an international response."
While The Times reported that Russia and China state actors were the biggest suspects, much LinkedIn phishing and targeting activity has come from North Korea in recent years, though the technique is not confined to Little Kim's nation. A couple of years ago, for example, a deepfake account on LinkedIn was used to target a Russia specialist at British think tank Chatham House.
The world of tech is well used to LinkedIn approaches from malicious or not-as-they-seem characters. Most of these are from dodgy recruiters trying to fill quotas rather than state-sponsored attempts to compromise key personnel or steal valuable information, however.
Different countries take different approaches to recruiting informants or people with access to sensitive information or skills. Russia, for example, jails cybercriminals and then offers early release if they agree to work for intelligence agencies' hacking units. ®
Updated to add
LinkedIn commented: "We welcome the online safety efforts of the Centre for the Protection of National Infrastructure and its work to expand their Think Before You Link campaign in the United Kingdom. Teams at LinkedIn work to keep LinkedIn a safe place where real people can connect with professionals they know and trust. We actively seek out signs of state sponsored activity on the platform and quickly take action against bad actors in order to protect our members. Our Threat Intelligence team removes fake accounts using information we uncover and intelligence from a variety of sources, including government agencies. Our teams utilize multiple automated techniques, coupled with human reviews and member reporting to maintain LinkedIn as a safe and trusted platform. And we enforce our policies, which are very clear: fraudulent activity with an intent to mislead or lie to our members is a violation of our terms of service."