The risk that hostile intelligence services will use LinkedIn as a recruitment tool has been widely reported. One such report, by Mika Aaltola at the Finnish Institute of International Affairs published in June 2019, focused on Chinese activity on LinkedIn. The phenomenon, however, is neither confined to Chinese intelligence operations nor limited to that particular social media platform. All intelligence agencies use similar exploits, as illustrated by the Iranian-linked hack of Deloitte in which a LinkedIn connection was used to gain an employee's trust. Even so, the number of reported cases attributed to the Chinese — including those of former intelligence officers such as Kevin Mallory and corporate espionage cases such as one involving an engineer at GE Aviation — suggest their intelligence services are among the most active and aggressive users of LinkedIn as a recruitment tool.And this makes mitigating the threat critical, whether on LinkedIn or any other social media platform.
How Hostile Intelligence Agencies Use LinkedIn
Countering the threat coming through LinkedIn requires an understanding of how intelligence services use it in recruitment operations. This is best achieved by viewing the platform through the lens of the human intelligence recruitment cycle.
The recruitment process consists of three basic phases: spotting, developing and pitching. Each can be broken down into smaller steps, and there can be a great deal of variation in the process depending on the target and circumstances.
In the spotting phase, intelligence officers list people with access to the desired information and rank them according to the odds of extracting it. Before the internet, intelligence officers who wanted to target someone, say, on team X at a given company working on technology Y or with access to program Z, might have to do some serious legwork. The steps might have included obtaining a company roster or using some other means to acquire the names of people working on a given project at a given company. In some cases, they might even have had to recruit an access agent inside the company to help. All this could take quite a bit of time and effort, and if not accomplished deftly, could trigger suspicions at the targeted company.
But in a world of social media, intelligence officers can use LinkedIn to acquire a list of employees at a particular company or agency with specific job titles in a matter of seconds. In many cases, employees list the specific projects or technologies they are working on, with some even helpfully providing their security clearance levels. While social media tools are not a guaranteed method for intelligence officers to build a comprehensive list of everyone with access to a program or technology, they can easily jump-start that process. By looking for co-workers of the people identified in the initial search, intelligence officers may then be able to add people who were not as explicit in their LinkedIn profiles to the potential target list.
Read more here.