Return to the list of client alerts
While we have long suspected that the Chinese use LinkedIn to spy on us, they apparently not only do that, but they also use it to steal intellectual property from us as well. Based on a number of recent court cases, they have refined this to a well honed skill and we need to start protecting ourselves better.
Ron Rockwell Hansen, a former Defense Intelligence Agency case officer pleaded guilty on March 15th to attempted espionage against the U.S. He collected and printed out information on former and current DIA case officers before a trip to China in 2015. He exchanged this information and other sensitive information that he got from other DIA case officers for hundreds of thousands of dollars.
In October, French intelligence agents released a report outlining out the Chinese had contacted nearly 4,000 French government workers, corporate executives and scientists via LinkedIn in an effort to steal information and/or get them to spy for China.
The German press says that up to 10,000 Germans were contacted by the Chinese via social media, mostly LinkedIn.
Glenn Duffie Shriver of Virginia was recruited by the Chinese and paid $70,000 to become an undercover operative for the Chinese. He, too, was convicted.
61 year old Kevin Mallory, a former CIA case officer faces life in prison after being convicted last year of spying for China. He passed both classified and unclassified information to the Chinese.
This is likely just the tip of the iceberg – many of which will never be uncovered and others which are being kept under wraps, either because of national security concerns or embarrassment.
The Chinese are very brazen in their attempts to steal information and create secret agents, the efforts of the White House to stop it not withstanding. There is no evidence that tariffs are making a difference in recruiting efforts.
Using LinkedIn, they pose as a job recruiter or a colleague with similar interests and try to elicit information about a business, technology or products. They, obviously, don’t tell people that they work for Chinese intelligence. By sending out tens of thousands of messages, they will snare a few people. Sometimes they offer them money to speak at a conference. Maybe in China.
Once they get people to give them information, they have leverage over them to get more. By the time people figure out what is happening, they are in over their head.
Using LinkedIn and other social media, they are armed with a great deal of information about the “mark” which they use to reel him or her in.
Again, business executives, middle managers and engineers are all high value targets, as are government workers. All to improve their ability to steal intellectual property.
This is not a problem which management alone can fix!
Employees – engineers and software developers in the U.S. tech industry are likely high value targets as are others who have access to either sensitive information or large amounts of personally identifiable information. Obviously, people who have access to controlled unclassified information, export controlled (ITAR) information and even classified information are definitely considered high value targets.
The con people using vanity, sex and money – techniques as old as the bible. And they still work.
While you cannot stop employees from posting on social media, you should train them to understand the impact of over disclosing information. This is one case where less is better.
You also need to train them on how to respond to unsolicited solicitations and provide a mechanism for them to report these efforts.
If one employee rebuffs them by ignoring them, they will just move on to the next, which is why it is important to report these activities to HR and security. The Chinese will not stop just because a few employees do not take the bait.
Lastly, be extra vigilant while travelling, both domestically and especially internationally. If someone really cute of the opposite sex approaches you in a hotel bar and talks you up, he or she may be interested in more than a casual fling. You are not that hot, I bet. If you need assistance in building a training program for travelling employees, contact us.
Source: CyberScoop.