LinkedIn Harvesting: Is your social media compromising UK security?

• by Olivia Lawlor-Blackburn
• General

The Times recently released a story that was picked up and spread widely through other news outlets and social media. The story exposed a Chinese national using Linkedin to hunt for UK state secrets in return for cash, holidays and false speaker engagements. The intelligence officer sought out British security officials, civil servants, scientists and academics who had direct or indirect access to classified or commercially sensitive technology and information that would be of benefit to Chinese interests.

Read the full story via The Times.

On the face of it, the story that the Times has published about a Chinese national offering cash and lucrative deals in exchange for access to state secrets might seem alarming, but actually, it is nothing new. Espionage is nothing new.

“Albeit business orientated, LinkedIn is nevertheless a social media platform and a rich source of intelligence.  As such, it must be assumed that it will be utilised for malicious as well as legitimate purposes.  The advice should always be for the user to not include any information that should not be released to the public or published on the open internet and to be wary of any requests/approaches for information from unknown/untrusted sources.  Specifying the roles or details of the business that you are involved in could also highlight you as a target of significant interest” said Mick Hayes, Senior Security Consultant, Advent IM

All that happens is that espionage expands to use the tools that are available to it. Those of us who work in the security industry have known for many years that nationals from many enemy states have been using social media, including LinkedIn as a way of harvesting contacts, grooming individuals using social engineering to build a profile of those individuals and then looking at ways in which they can find weaknesses, familial, employment, financial and others in which they can exploit for their own gain in order to gain secrets from the UK state.

Is it alarming? Well of course it is alarming because it has been happening. Is it new? No, it is not new and it is definitely not something we should be suddenly afraid of. What’s more important is that all users of social media, including business platforms such as LinkedIn, are aware that things are not always as they might seem, and people are not always who they might seem.

“HMG have issued guidance for a long time about not putting things like your vetting status on your profile. Soon after I joined Advent IM , although I was aware, we were issued with a reminder to double check that there was no vetting status associated with our profiles and to advise that it was not so much us personally becoming a target but more around who our clients/sectors are and using us/ the company we work for (Advent IM) as a possible way to get to them i.e.  Government/Police/Education/Nuclear. Be extra vigilant on any social media channel – anyone pinging you – check their credentials before engaging – it isn’t rocket science!” added Karene Ambler, Security Consultant, Advent IM.

The most important thing here is to be on our guard at all times.

Last updated in 2021, the National Protective Security Authority published a campaign to raise awareness to ‘Think before you Link’. Find out more about the NPAS initiative here; 

https://www.npsa.gov.uk/security-campaigns/think-you-link-tbyl-0