MI5 Warns of Spies Using LinkedIn To Trick Staff Into Spilling Secrets (bbc.com) 35
According to the United Kingdom's Security Service, known as MI5, hostile states are creating fake LinkedIn profiles to trick users into spilling secrets. The BBC reports: At least 10,000 UK nationals have been approached by fake profiles linked to hostile states, on the professional social network LinkedIn, over the past five years, according to MI5. "Malicious profiles" are being used on "an industrial scale," the security agency's chief, Ken McCallum, said. A campaign has been launched to educate government workers about the threat. The effort -- Think Before You Link -- warns foreign spies are targeting those with access to sensitive information. One concern is the victims' colleagues, in turn, become more willing to accept follow-up requests - because it looks as if they share a mutual acquaintance.
MI5 did not specifically name LinkedIn but BBC News has learned the Microsoft-owned service is indeed the platform involved. The 10,000-plus figure includes staff in virtually every government departments as well as key industries, who might be offered speaking or business and travel opportunities that could lead to attempts to recruit them to provide confidential information. And it is thought a large number of those approached engaged initially with the profiles that contacted them online.
MI5 did not specifically name LinkedIn but BBC News has learned the Microsoft-owned service is indeed the platform involved. The 10,000-plus figure includes staff in virtually every government departments as well as key industries, who might be offered speaking or business and travel opportunities that could lead to attempts to recruit them to provide confidential information. And it is thought a large number of those approached engaged initially with the profiles that contacted them online.
Only linkedin, never slashdot (Score:3)
I mean, it's not like I've literally seen with my own eyes comments soliciting details about opsec in the US defense industry in slashdot comments under a story about IT security policies in the DoD.
And I've totally never idiots outing themselves as working in information security in the defense industry.
And we definitely won't see any of that in the comments under this story. Nope. Not a chance.
Re: (Score:3)
/. is what we in the industry call a low-quality intel target.
That happened to me... (Score:2, Interesting)
Re: That happened to me... (Score:1)
2 minutes. Impressive. Moron.
Re: (Score:1)
Holy shit. Do you realize how obvious you are? You know nothing about psychology, that is clear. You're wearing your heart on your sleeve here for all of us to see though.
Better git rid of 00 double click (Score:2)
Better git rid of 00 double click
LinkedIn's own staff is complicit in this. (Score:2)
Probably not even the scummiest thing they're up to. For years they were telling other people that I had signed up there even though I had not.
nothing new! (Score:2)
Wait, LinkedIn is supposed to be legit? (Score:3)
Agent .00000000007 will protect us (Score:1)
MI5 warns of old MI6 technique, news at 10 (Score:4, Interesting)
I wish I got some of those (Score:2)
But there are no real secrets . . . (Score:3)
These stories always bang on about industrial secrets as if there was some sort of "secret manual" that would tell spies exactly how to build a better nuclear power station.
The reality is that most secrets involve embarrassing things the company should not be doing in the first place.
Re: (Score:2)
I'm crushed (Score:3)
So that paid speaking engagement from a new linkedin profile with the glam shot of a woman from a stock photo site isn't genuine? She said we'd be soulmates and that I would really enjoy living in Shenyang.
Sigh.
And people are surprised by this ?? (Score:3)
. . .people have given up passwords to corporate and other networks for a bar of chocolate [bbc.co.uk]. . .
Getting duped by a come-on on LinkedIn is nothing new. I recall an attempt to dupe me, a Link request from a particularly attractive 20-something redhead calling herself "Selina Kyle". The request made no sense, so I looked at her profile. Fake company, fake university (neither existed). Resume was fairly obvious fiction.
And then it clicked. I recognized the name. Someone was being too clever by far: they chose the given name of one of the Batman's nemeses, the Catwoman. . . (grin)
Re: (Score:1)
Re: (Score:3)
You don't even need to go to that much trouble, just post a few jobs that require an active security clearance and wait for the CVs to roll in. Even if you don't use LinkedIn, there are other job boards dedicated to these kinds of jobs, with little to no vetting of the company posting. For my case, I leave past clearances off of my CV entirely and just provide general information with "more information available upon request" stubbed in for the sensitive parts. I would expect anyone that's not an idiot to d
Re: (Score:2)
For my case, I leave past clearances off of my CV entirely and just provide general information with "more information available upon request" stubbed in for the sensitive parts.
My clearance expired years ago. My LinkedIn profile clearly says so. It is its own honeypot for lazy AF recruiters who invariably message me with "Active Top Secret clearance required" jobs. People don't even try to read their search results. They just spam.