Some 10,000 U.K. nationals have been lured on LinkedIn over the past five years by fake profiles tied to hostile nation-state threat actors
The story was first reported by BBC, which attributed the news to MI5, the British spy agency made popular in James Bond movies. MI5 stated that “these malicious profiles are being used on an industrial scale.”
The 10,000 figure includes staff in virtually every government department, as well as important industries where industry players were offered speaking or business and travel opportunities that could lead to attempts to recruit them to provide confidential information.
The British launched a public relations campaign for government employees that features a video – Think Before You Link – which warns staff that foreign spies have targeted workers who handle sensitive information.
Humans remain the weak link in any cyber and data security strategy, said John Morgan, CEO at Confluera. Morgan said attackers are more sophisticated today, but good old-fashioned lying and social engineering remain effective as many people are driven by relationships and engagement.
“The latest focus on LinkedIn by attackers was inevitable,” Morgan said. “Although the lack of user verification is well known, it’s hard not to believe someone’s background when presented in a professional manner. The fact that the platform is widely used by professionals makes it a much more enticing target due to the large size of the reward."
Successfully recruiting inside personnel as agents can be among the most effective espionage methods that an intelligence service can employ, said Chris Clements, vice president of solutions architecture, Cerberus Sentinel. Insiders can potentially siphon off sensitive information using their existing access without fear of detection, and they can also influence the direction or decision-making at the targeted organization.
“History has several examples of insiders in both government and private institutions that were recruited by foreign intelligence agencies that did tremendous damage leveraging the trust they had developed,” Clements said. “Sometimes personnel were recruited on ideological grounds, but interestingly those who were enticed by financial means did so for sums that seem shockingly low given the apparent risk they were assuming.”
Wade Lance, field CTO at Illusive added that traditionally people think of insider threats as an unhappy employee or someone seeking personal gain. This latest report offers further evidence that we need to broaden our definition of an insider.
“In cases of manipulation by an external party, in this case nation-states, it’s really another way for the adversary to establish a presence in the environment and/or collect information helpful in future activities,” Lance said. “It’s important to evolve our threat definition and detection controls for this more broad definition of the insider threat.”