Dutch intelligence service warns public about online recruitment by foreign spies

February 15, 2022 by Leave a comment

AIVD HollandLAST WEEK, THE DUTCH General Intelligence and Security Service (AIVD) launched an awareness campaign dubbed ‘Check before connecting’. The purpose of the campaign is to inform the Dutch public about risks of foreign actors using fake accounts on social media, in efforts to acquire sensitive business information. According to the AIVD, such online campaigns frequently target and recruit employees of Dutch private sector companies. The awareness campaign is carried out via Twitter, Instagram and LinkedIn. It is aimed at raising awareness in society at-large. The AIVD will publish a number of fictitious practical examples over time, in order to educate the public.

AIVD director-general Erik Akerboom told Dutch newspaper Het Financieele Dagblad that Dutch and other Western secret services have been surprised by the sheer number of cases in which private sector employees disclosed sensitive information, after being blackmailed or enticed with money to share information. After foreign intelligence operatives make initial contact with their target via LinkedIn, the relationship quickly turns more “personal”, according to Akerboom. The new contact acts flatteringly about the unsuspecting target’s knowledge and competence. “You are asked to translate something. This can be followed by a physical meeting”, he says.

Potential targets are “ranked” by their position in an organization, position in a business network, and level of access to sensitive information. “The rankings determine which persons are prioritized for recruitment attempts”, according to Akerboom. This sometimes involves the creation of fake human resource recruitment agencies, as British, Australian and American intelligence agencies have warned about in the past.

While not a new phenomenon, the scope and effectiveness of foreign infiltration attempts have now reached a scale that has prompted the AIVD to warn the public. China and Russia have made attempts to acquire advanced technology in Western countries, including the Netherlands, via corporate takeovers, digital espionage, and human intelligence operations. Last year, the Netherlands expelled two Russian spies who successfully recruited employees at a number of Dutch high-tech companies. One of the Russians created fake profiles posing as a scientist, consultant and recruiter. The AIVD did not disclose the names of these companies. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , ,

Cybersecurity researchers uncover first-ever use of LinkedIn to spread malware

June 18, 2020 by Leave a comment

LinkedInCybersecurity researchers have uncovered what is believed to be the first-ever case of hackers using LinkedIn to infect the computers of targeted users with viruses, according to a new report. The hackers appear to have been sponsored by government and to have targeted employees of carefully selected military contractors in central Europe, according to sources.

The existence of the alleged cyberespionage operation was revealed on Wednesday by researchers at ESET, a cybersecurity firm based in Bratislava, Slovakia, which is known for its firewall and anti-virus products. The researchers said that the operation was carried out in 2019 by hackers who impersonated employees of General Dynamics and Collins Aerospace, two leading global suppliers of aerospace and defense hardware.

ESET researchers said that the hackers made use of the private messaging feature embedded in LinkedIn to reach out to their targets. After making initial contact with their intended victims, the hackers allegedly offered their targets lucrative job offers and used the LinkedIn private messenger service to send them documents that were infected with malware. In many cases, the targets opened the documents and infected their computers in the process.

The use of the LinkedIn social media platform by hackers to make contact with their unsuspecting victims is hardly new. In 2017, German intelligence officials issued a public warning about what they said were thousands of fake LinkedIn profiles created by Chinese spies to gather information about Western targets. Germany’s Federal Office for the Protection of the Constitution (BfV) said it had identified 10,000 German citizens who had been contacted by Chinese spy-run fake profiles on LinkedIn in a period of just nine months. And in 2018, a report by France’s two main intelligence agencies, the General Directorate for Internal Security (DGSI) and the General Directorate for External Security (DGSE), warned of an “unprecedented threat” to security after nearly 4,000 leading French civil servants, scientists and senior executives who were found to have been accosted by Chinese spies on LinkedIn.

Tricking a target into accessing a virus-infected document file is not a new method either. However, according to the researchers at ESET, this was the first case where LinkedIn was used to actually deliver the malware to the victims. As for the identity of the hackers, there appears to be no concluding information. However, ESET said the attacks appeared to have some connections to Lazarus, a group of hackers with North Korean links. Lazarus has been linked to the 2014 Sony Pictures hack and the 2016 Central Bank of Bangladesh cyber heist, which was an attempt to defraud the bank of $1 billion.

LinkedIn told the Reuters news agency that it had identified and terminated the user accounts behind the alleged cyberespionage campaign. Citing client confidentiality, ESET said it could not reveal information about the victims of the attacks. Meanwhile, General Dynamics and Raytheon Technologies, which owns Collins Aerospace, have not commented on this report.

Author: Joseph Fitsanakis | Date: 18 June 2020 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , ,

French government report says thousands approached by Chinese spies on LinkedIn

October 24, 2018 by Leave a comment

LinkedInA French government report warns of an “unprecedented threat” to security after nearly 4,000 leading French civil servants, scientists and senior executives were found to have been accosted by Chinese spies using the popular social media network LinkedIn. The report was authored by France’s main intelligence agencies, the General Directorate for Internal Security (DGSI) and the General Directorate for External Security (DGSE). According to the Paris-based Le Figaro newspaper, which published a summary of the classified report, the two intelligence agencies presented it to the French government on October 19.

The report describes Chinese efforts to approach senior French scientists, business executives, academics and others, as “widespread and elaborate”, and warns that it poses an “unprecedented threat against the national interests” of the French state. It goes on to state that nearly 4,000 carefully selected French citizens have been approached by Chinese intelligence operatives via the LinkedIn social media platform. Of those nearly half, or 1,700, have leading posts in French industry, while the remaining 2,300 work in the public sector. In their totality, those targeted are involved nearly every area of industry and government administration, including those of nuclear energy, telecommunications, computing and transportation, said the report. According to Le Figaro, those targeted were approached online by Chinese spies who employed fake identities and identified themselves as headhunters for Chinese corporations, think-tank researchers or consultants for major companies. They then invited targeted individuals to all-expenses-paid trips to China for conferences or research symposia, or offered to pay them as consultants.

The DGSI-DGSE report concludes that most of those targeted displayed shocking levels of “culpable naivety” and a “completely insufficient” awareness of online espionage methods. To address this, French intelligence agencies have produced guidelines on detecting and evading attempts at recruitment or luring from intelligence operatives using social media, said Le Figaro. French civil servants are now being informed of these guidelines through a concerted campaign by the French intelligence community, said the paper. The report, however, did not say whether similar efforts were taking place in the French private sector.

Author: Joseph Fitsanakis | Date: 24 October 2018 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , ,

German intelligence warns European officials of fake Chinese LinkedIn profiles

December 11, 2017 by Leave a comment

BfV GermanyIn an unusual step, German intelligence officials have issued a public warning about what they said are thousands of fake LinkedIn profiles created by Chinese spies to gather information about Western targets. On Sunday, Germany’s Federal Office for the Protection of the Constitution (BfV) held a press conference in which it said that it had discovered a wide-ranging effort by spy agencies in China to establish links with Westerners. The agency said that it undertook a 9-month investigation, during which it identified 10,000 German citizens who were contacted by Chinese spy-run fake profiles on LinkedIn. Across Europe, the number of targets could be in the hundreds of thousands, according to the BfV.

The main targets of the operation appear to be members of the German and European Union parliaments. Also targeted are members of the armed forces, lobbyists and researchers in private think tanks and foundations in Germany and across Europe. These individuals were all targeted as part of “a broad attempt to infiltrate Parliaments, ministries and administrations”, said BfV Director Hans-Georg Maassen. He added that the fake LinkedIn profiles are of people who claim to be scholars, consultants, recruiters for non-existent firms, or members of think tanks. Their profile photographs are usually visually appealing and are often taken from fashion catalogs or modeling websites. During the press conference BfV officials showed examples of what they said were fake LinkedIn accounts under the names “Rachel Li” and “Alex Li”. The two identified themselves as a headhunter for a company called RiseHR and a project manager at the Center for Sino-Europe Development Studies, respectively. The information on these accounts was purely fictitious, said the BfV officials.

Individuals who have been targeted by the Chinese include European politicians and senior diplomats, according to the Germans. Many were invited to all-expenses-paid conferences or fact-finding trips to China by their LinkedIn contacts, presumably in attempts to recruit them for Chinese intelligence. At the closing of the press conference, the BfV urged European officials to refrain from posting private information on social media, including LinkedIn, because foreign intelligence operatives are actively collecting data on users’ online and offline habits, political affiliations, personal hobbies and other interests. In a statement issued on Monday, the Chinese government dismissed the German allegations, saying that the BfV’s investigation was based on “complete hearsay” and was thus “groundless”. Beijing also urged German intelligence officials to “speak and act more responsibly”.

Author: Joseph Fitsanakis | Date: 11 December 2017 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , ,

Further arrests in Edward Lin spy case ‘possible’, says US official

April 15, 2016 by Leave a comment

Edward LinAn American official has told Newsweek magazine that the possibility of further arrests in the espionage case of United States Navy flight officer Edward Lin should not be ruled out. Last Sunday, the US Navy reported the arrest Lt. Cmdr. Lin, who faces two counts of espionage and three counts of attempted espionage, among other charges. Aside from a three-page, heavily redacted charge sheet released by the Navy, almost nothing is known about this case. However, as intelNews opined earlier this week, there are several clues that point to the seriousness of the charges against Lin, and their potential ramifications for US national security, which are likely to be extensive.

On Thursday, longtime intelligence and security correspondent Jeff Stein wrote in Newsweek magazine that Lin appeared to have “scores of friends in sensitive places” in the US and Taiwan. That is not surprising, given that Lin served as the Congressional Liaison for the Assistant Secretary of the Navy, Financial Management and Comptroller, between 2012 and 2014. A cursory survey of Lin’s LinkedIn page, said Stein, shows endorsements by a senior commander at the US Naval Air Station at Guantanamo, Cuba, as well as the US Pacific Fleet’s senior intelligence analyst on Southeast Asia. Other endorsers include Congressional liaison officers for the US Navy, a Taiwanese military attaché, and a former official in Taiwan’s Ministry of Defense.

It is believed that Lin was arrested over eight months ago, but Stein says the investigation, which is being conducted jointly by the Naval Criminal Investigative Service and the Federal Bureau of Investigation is still underway. He quotes an unnamed “US official who asked for anonymity in exchange for discussing some details of the case” as saying that, given Lin’s extensive contacts in the US intelligence establishment, the possibility of further arrests in the case should not be ruled out. Lin is currently being held in the Naval Consolidated Brig in Chesapeake, Virginia.

Author: Joseph Fitsanakis | Date: 15 April 2016 | Permalink

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , , , ,

News you may have missed #857 (hacking edition)

November 12, 2013 by Leave a comment

Mossad sealBy IAN ALLEN | intelNews.org
►►UK spies hacked Belgian phone company using fake LinkedIn page. British spies hacked into the routers and networks of a Belgian telecommunications company Belgacom by tricking its telecom engineers into clicking on malicious LinkedIn and Slashdot pages, according to documents released by NSA whistleblower Edward Snowden. The primary aim, reports the German newsmagazine Der Spiegel, which obtained the documents, was to compromise the GRX router system that BICS controlled, in order to intercept mobile phone traffic that got transmitted by the router.
►►Indonesian hackers behind attack on Australian spy service website. Indonesian hackers are believed to have brought down the website of the Australian Secret Intelligence Service, Australia’s leading spy agency. The page was not working on Monday afternoon after hackers launched a “denial of service” attack. A “404 not found” message typically appears when a website crashes under a “denial of service” attack. The cyber attack is reportedly a response to revelations that Australia had been spying on its closest neighbor through its Jakarta embassy.
►►Hamas blasts alleged Mossad website. Hamas officials released a warning about a website called Holol (“solutions”), claiming it is a ruse set up by Israel’s Mossad intelligence agency to recruit Gazans as informants. The website’s “Employment” page states, “due to our connections with the Israeli Civil Administration, we can help you bypass the bureaucratic tape and procedural processes which prevent you from leaving Gaza”. The site also offers Israeli medical assistance, “due to connections with the Ministry of Health and the Israeli Civil Administration”. Palestinians interested in contacting the website’s officials are asked to provide their full name, telephone number, email, topic of inquiry, and an explanation of why they are asking for help. Last month, Lebanese group Hezbollah accused the Mossad of being behind a website seeking information on Hezbollah’s intelligence wing.

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , , , , , , , , , , , , , ,

Belgian intelligence employees ‘outed themselves’ on LinkedIn

November 28, 2012 by 6 Comments

LinkedIn logoBy JOSEPH FITSANAKIS | intelNews.org |
Several alleged employees of Belgian security and intelligence agencies have revealed their identities on social networking sites, it has been reported. Belgian newspaper De Standaard, which made the revelation in a leading article on Tuesday, said that many LinkedIn and Facebook users appear to list their employer as Belgium’s State Security Agency (Sûreté de l’État or SE/SV) or the Coordinating Body for Threat Analysis (OCAM/OCAD). The SE is Belgium’s foremost civilian intelligence agency, operating under the country’s Ministry of Justice. OCAM is one of Belgium’s several anti-terrorist intelligence collection and analysis agencies, which operates under the joint supervision of the Justice and Interior Ministries. De Standaard contacted the two agencies, which refused to comment on whether the social networking profiles are authentic. But the paper spoke with an unnamed Belgian senior intelligence official, who said that this was potentially a very serious issue for Belgian national security. “Russian and Chinese intelligence services employ thousands of people”, said the official, “and have the resources and time to manually search for such profiles and then exploit the information they provide. Our people could, by their very presence on such sites, become the target of hostilities”. De Standaard also spoke to Belgian Senator Dirk Claes, who is a member of the country’s Parliamentary Committee on Intelligence. He told the paper that his colleagues in the Committee would be up in arms if the profiles turned out to be authentic. “These individuals have security clearances and are obligated to stay in the background, as much as possible. I will be raising this issue in the [Intelligence] Committee”, Claes told De Standaard. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , , ,

German ex-spies to be fined for advertising skills online

August 11, 2010 by 2 Comments

BND seal

BND seal

By IAN ALLEN | intelNews.org |
At least a dozen German former intelligence officers are to face disciplinary action after they were found advertising their past spy careers on a job-seekers’ professional networking Web site. The German government authorized the country’s leading external intelligence agency, the Federal Intelligence Service (BND), to initiate an internal investigation, after German tabloid newspaper Bild drew attention to the online revelations in a leading article. The newspaper listed 12 former BND officers who advertised their past intelligence careers on their publicly listed résumés on Xing.com, a German-language website that serves as Germany’s version of LinkedIn.com. German federal legislation expressly forbids BND personnel from ever publicly revealing their professional ties with the spy agency, even after dismissal, resignation or retirement. Read more of this post

Filed under Expert news and commentary on intelligence, espionage, spies and spying Tagged with , , , , , ,