Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Social Networks The Internet United Kingdom

MI5 Warns of Spies Using LinkedIn To Trick Staff Into Spilling Secrets (bbc.com) 35

According to the United Kingdom's Security Service, known as MI5, hostile states are creating fake LinkedIn profiles to trick users into spilling secrets. The BBC reports: At least 10,000 UK nationals have been approached by fake profiles linked to hostile states, on the professional social network LinkedIn, over the past five years, according to MI5. "Malicious profiles" are being used on "an industrial scale," the security agency's chief, Ken McCallum, said. A campaign has been launched to educate government workers about the threat. The effort -- Think Before You Link -- warns foreign spies are targeting those with access to sensitive information. One concern is the victims' colleagues, in turn, become more willing to accept follow-up requests - because it looks as if they share a mutual acquaintance.

MI5 did not specifically name LinkedIn but BBC News has learned the Microsoft-owned service is indeed the platform involved. The 10,000-plus figure includes staff in virtually every government departments as well as key industries, who might be offered speaking or business and travel opportunities that could lead to attempts to recruit them to provide confidential information. And it is thought a large number of those approached engaged initially with the profiles that contacted them online.

This discussion has been archived. No new comments can be posted.

MI5 Warns of Spies Using LinkedIn To Trick Staff Into Spilling Secrets

Comments Filter:
  • by RightwingNutjob ( 1302813 ) on Tuesday April 20, 2021 @07:53PM (#61295858)

    I mean, it's not like I've literally seen with my own eyes comments soliciting details about opsec in the US defense industry in slashdot comments under a story about IT security policies in the DoD.

    And I've totally never idiots outing themselves as working in information security in the defense industry.

    And we definitely won't see any of that in the comments under this story. Nope. Not a chance.

  • A month after I updated my LinkedIn profile for my government IT job at a three-letter agency, I got contacted by a well known whistle blower. I reported the incident to security. Since I was still twiddling my thumbs for my national security clearance, I couldn't spill the beans about anything. Security told me to scrub my LinkedIn profile. That was seven years ago.
  • Better git rid of 00 double click

  • Probably not even the scummiest thing they're up to. For years they were telling other people that I had signed up there even though I had not.

  • Nothing new here, warnings about this are standard in security clearance briefings and the security pack you receive. All governments do it (yes including the US)
  • by Fly Swatter ( 30498 ) on Tuesday April 20, 2021 @09:08PM (#61295996) Homepage
    I have never been on linkedin - yet for years I was getting email spam to like/link/join (can't remember the wording now) other linkedin profiles for people I have never heard of, supposedly direct from linkedin. I figured it was some scam. Looks like it still is.
  • Don't worry about a thing guys. Chrissie Steele, Agent 00000000007, will protect us all. You can be sure of that.
  • by kot-begemot-uk ( 6104030 ) on Wednesday April 21, 2021 @01:16AM (#61296386) Homepage
    Well, who would have thunked it. MI5 warning us against WHAT MI6 USED TO HACK BELGACOM. Though it looks like they are doing only after their colleagues have had a what? EIGHT F*CKING YEARS [theintercept.com] of using it.
  • I'd love a nice speaking trip and a honey trap. Instead of being compromised I'd probably just turn it into a cool anecdote.
  • by Aliks ( 530618 ) on Wednesday April 21, 2021 @02:56AM (#61296512)

    These stories always bang on about industrial secrets as if there was some sort of "secret manual" that would tell spies exactly how to build a better nuclear power station.

    The reality is that most secrets involve embarrassing things the company should not be doing in the first place.

    • No, I found out 'Trial and Error' was used on stealth plane radar coatings, and listed the usual magnetic computer tape ingredients, and that the guy sat in the same seat, and 21 company M&A later still doing it - and making laminated surfboards on the side. What a dream job! And the Prime Ministers personal photographer called 'weed' who got special Polaroid film stock for the best would leader photographs. I guess computer simulation has eliminated hard work and hands on expertise.
  • by Ritz_Just_Ritz ( 883997 ) on Wednesday April 21, 2021 @04:47AM (#61296618)

    So that paid speaking engagement from a new linkedin profile with the glam shot of a woman from a stock photo site isn't genuine? She said we'd be soulmates and that I would really enjoy living in Shenyang.

    Sigh.

  • . . .people have given up passwords to corporate and other networks for a bar of chocolate [bbc.co.uk]. . .

    Getting duped by a come-on on LinkedIn is nothing new. I recall an attempt to dupe me, a Link request from a particularly attractive 20-something redhead calling herself "Selina Kyle". The request made no sense, so I looked at her profile. Fake company, fake university (neither existed). Resume was fairly obvious fiction.

    And then it clicked. I recognized the name. Someone was being too clever by far: they chose the given name of one of the Batman's nemeses, the Catwoman. . . (grin)

Beware of Programmers who carry screwdrivers. -- Leonard Brandwein

Working...