Latest LinkedIn Espionage Target Reminds of the Importance of Caution When Considering Shared Connections

Intelligence

A clearance holder listens intently while co-workers share essential information that is vital to national security.

The case of the US v Kevin Patrick Mallory, a man who claims his relationship with China began with a LinkedIn connection,  will soon be in the courts. Both sides are engaged in a daily jostle of legal filings to accentuate their points of view in accordance with the constraints within the process for dealing with classified materials in the courts.

Mallory, according to the Washington Post, says he was approached by Richard Yang, who was posing as a recruiter for Shanghai Academy of Social Sciences, but who was in reality a Chinese intelligence officer. Mallory claims he was approached by Yang via LinkedIn – a common refrain at a time when the Defense Security Service argues most attacks against defense contractors begin with the social network. The DOJ’s list of evidence which they intend to introduce at Mallory’s trial does not include any logs from LinkedIn.

Mallory claims he saw this approach by someone he identified as hostile to the United States as an opportunity to further serve his nation. Mallory’s logic? His depth of experience within the U.S. intelligence community was sufficient to allow him to bamboozle the PRC intelligence officers (PRC-IO) into thinking they had him on the hook. He then intended to reveal the contact to the U.S. government.

Hogwash – you are not a spy hunter

Yes, hogwash.

China’s HUMINT operations against the U.S. is in full swing. The U.S. National Industrial Security Program community (DCID/NISPOM) mandates regular counterintelligence briefings to all cleared personnel. Mallory would know to report any and all contact with foreign nationals to their FSO (Facility Security Officer) and the CSA (Cognizant Security Authority). But he had no FSO or CSA to report to, as his clearance was suspended in 2011 for cause.  He claims to have reached out to an individual he believed associated with the CIA, which begs the question, why didn’t he call the Washington Field Office of the FBI?

If the PRC-IO was in touch, it is beyond the pale that someone with Mallory’s knowledge would not have known to report the contact from Richard Yang the moment Mallory arrived at the conclusion that something was fishy about Yang.

Yet he didn’t.

He wanted to make himself attractive to the PRC, and he succeeded.

Mallory Baits chinese intelligence

Like the shiny new lure and dodger used to attract salmon to the hook, so, too, did Mallory use his profile and connections used to lure PRC-IO and make himself look more attractive as a source.

I took a peek at Mallory’s LinkedIn connections and profile and found that more than 50 of my own connections were connected to him. We all have our personal barometer by which we engage with individuals on social networks. Some connect with everyone who asks, others do a bit of due-diligence. Many look at how the requesting person’s connections are and if they recognize the names, they connect. A flawed concept of implied trust.

If you are reading this and are within the 500+ connections he has on LinkedIn, you may want to review your personal barometers given the number of former intelligence officers and defense/intelligence contractors from within the U.S., UK and other Intel communities who are “1st tier connections” with Mallory.

Why did Mallory break trust with the United States?

Perhaps Mallory’s private business venture as a global competitive intelligence consultant wasn’t panning out. Perhaps he wanted a nest egg for the next stage of his life, where he puts his feet up and sips Mai Tai’s.  Whatever his motivation, the Department of Justice in both their criminal complaint and the Grand Jury indictment project Mallory as a willful, collaborative, and engaged individual working with the PRC-IOs.

I agree.

Furthermore, as pointed out in a prior piece in June 2017, there are a great many indicators which lead this pair of eyes to the conclusion that Mallory was all-in.

  • responsive to tasking
  • providing classified materials to his PRC-IO
  • using COVCOM to reduce personal, face-to-face, interaction with PRC-IO
  • receiving remuneration for his completed tasking
  • expanding his network via LinkedIn and direct communications to individuals with knowledge or access

Shanghai Academy of Social Science

According to both the indictment and criminal complaint, the academy is known within U.S. intelligence circles to be used as a cover by PRC-IO.

Kristen Gunness, the CEO of Vantage Point Asia who is an expert on Chinese foreign policy and security affairs, is set to testify that “Chinese intelligence services are known to use think tanks, including SASS, as cover for their intelligence officers.”

Mallory has filed his own paperwork, via his lawyers, to exclude Gunness, claiming all she can provide is heresay, as she has no direct knowledge of the academy being used as a cover mechanism.

Counterintelligence Briefings

In the same request to exclude testimony of Gunness, Mallory requested that the testimony of Michael Sulick (former Director of the Directorate of Operations at the CIA) and H. Michael Higgens also be excluded. Both are on tap to explain “no one who has undergone training and has experience in United States human intelligence and counterintelligence operations” consistent with that of the experts “would reasonably believe he or she could engage in unilateral asset recruitment and/or passage of classified information to a foreign agent or government.”

Contacted by a stranger on LinkedIn?

Individuals who enjoy the trust of the United States should by hypersensitive about falling within the targeting pool of the PRC or any other hostile intelligence organization.  You the individual do not choose whether or not you are a target. The adversary makes that decision. Given the number of articles over the past several years on the use of LinkedIn by intelligence services, don’t hesitate to report any foreign national contacts to  your FSO, and keep both yourself and your classified engagement safe.

Christopher Burgess (@burgessct) is an author and speaker on the topic of security strategy. Christopher, served 30+ years within the Central Intelligence Agency. He lived and worked in South Asia, Southeast Asia, the Middle East, Central Europe, and Latin America. Upon his retirement, the CIA awarded him the Career Distinguished Intelligence Medal, the highest level of career recognition. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century” (Syngress, March 2008).

More in Intelligence