The United Kingdom’s MI5 director general Ken McCallum called out the behavior of the UK’s intelligence and military communities’ personnel and their use of the social network, LinkedIn. McCallum minced no words noting that personnel were identifying themselves as involved in sensitive classified work and that these disclosures were a breach of government directives. McCallum highlighted how LinkedIn was being used to target UK government and business by the nation’s adversaries.
EVERNIGHT CONNECTION
The message coming from MI5 mirrors that which has been projected by the U.S. Federal Bureau of Investigation (FBI), who in October 2020, together with the National Counterintelligence and Security Center (NCSC), as part of the national insider threat awareness month, published a 30-minute video, “The Evernight Connection” which detailed the modus operandi used by the Chinese to leverage social networks, like LinkedIn. At that time, NCSC director William Evanina noted, “Social media deception continues to be a popular technique for foreign intelligence services and other hostile actors to glean valuable information from unsuspecting Americans,”
“The Evernight Connection” is loosely based on two cases which we have dissected here, the case of Dickson Yeo and that of Kevin Mallory. Yeo is infamously noted for observation to the FBI, how he felt like he was addicted to LinkedIn, as every day their (LinkedIn) algorithm would suggest to him new potential targets for him to contact. Mallory’s case was a more classic case of being approached by the Chinese via LinkedIn and then roped in (willingly) to collaborate again the U.S. intelligence community. Though he made the case he was doing it for country and honor, the reality was he bit the bait hook, line, and sinker and became 100% collaborate, using cover communications and being paid for completion of his tasks. And, perhaps most importantly, specifically with respect to LinkedIn, he harvested his substantial collection of connections he had formed within the LinkedIn application to try and advance his access to classified materials.
HARVESTING LINKEDIN
Back to the UK’s instance, following the McCallum’s dressing down of the communities, the Daily Mail did a quick search (you and I can do a similar search) which revealed that over 1200 individuals had revealed that they are affiliated with and engaged in classified work. Frankly, I am surprised that so few were discovered. Doing the same for the United States, the number would be substantially higher. The key isn’t so much as revelation that one works, overtly, for an intelligence or military entity, rather it is in the sharing the nuances of their work where the potholes in the road occur.
Not surprising, Check Point Research has shown that LinkedIn continues to “reign as the most imitated brand” used by cyber criminals in launching phishing attacks designed to compromise users devices. The report notes that the ubiquitous messaging from the app makes it a prime candidate for spoofing with “You appeared in 8 searches this week” or “You have one new message” or “I’d like to do business with you via LinkedIn.”
It should be noted, that days prior, both McCallum and FBI director Wray issued a, rare, joint threat warning concerning China as a nation state adversary actively engaging in influence operations against the respective countries.
This follows on the heals of FBI’s Wray being often quoted as saying that every 10-12 hours the FBI opens a new counterintelligence case involving China, director general McCallum noted in his comments that MI5 was investigating over 100 “intelligence leads” which have been brought to their attention via the UK’s Center for the Protection of National Infrastructure (CPNI) – “Think Before You Link” app which is available for UK personnel to conduct a “due diligence” check on foreign contacts.
FSO CI Briefings
FSO’s should take the MI5 director general’s admonishment, couple it with the NSCS/FBI video and ensure both are included in the annual counterintelligence briefings. It must be said, repeatedly, “Too Much Information” leads to operational compromise, trade secret and national defense secret loss, and needless provision of targeting information to an adversary.