Chinese Spies Use LinkedIn to Lure Westerners into Sharing Sensitive Information
Chinese intelligence agents are using LinkedIn and other job search websites to trick Western workers into divulging sensitive information, according to a joint advisory by the FBI and other governments.
Chinese intelligence agents are employing a new tactic to gather sensitive information from Western workers: posing as recruiters on LinkedIn and other job search websites. According to a joint advisory issued by the FBI, the U.K.'s security service MI5, and the governments of Australia, Canada, and New Zealand, Chinese spies are creating fake online personas to lure Westerners into sharing non-public information that could benefit Beijing. The advisory warns that Chinese spies are posing as online recruiters and human resources firms representing fake companies supposedly located outside of China.
Their goal is to obtain sensitive information from Western workers that could provide China with a strategic advantage. This tactic is part of a broader effort by Chinese intelligence services to acquire privileged military, political, and economic intelligence. The targets of these spies include security clearance holders, military personnel, journalists, academics, and think-tank employees with knowledge of unclassified information.
They are often selected based on their resumes and the likelihood that they might have access to sensitive or non-public information. The advisory notes that even unclassified information can be useful to Chinese spies if it is combined with other, more sensitive information. The joint advisory comes as governments continue to issue warnings about Chinese espionage, despite recent efforts by the U.S.
and the U.K. to improve relations with Beijing. While Chinese spies often rely on hacking to steal information, this advisory highlights the growing use of public websites and communities to cultivate sources.
In response to the advisory, a spokesperson for LinkedIn stated that creating fake accounts or misrepresenting one's identity is a clear violation of the company's terms of service. The spokesperson emphasized that LinkedIn remains focused on detecting state-sponsored abuse and will continue to enforce its policies against fake accounts.
Source: TechCrunch