LinkedIn is becoming China's go-to platform for recruiting foreign spies
02 May 2019
Buried in the 41-page felony complaint charging a former U.S. intelligence operative of spying for the Chinese, FBI investigators declare that the suspect, Ron Rockwell Hansen, had been printing information from his colleagues’ LinkedIn pages.
Hansen, a former Defense Intelligence Agency case officer who pleaded guilty on March 15 to attempted espionage against the U.S., took information from the professional networking site related to several former and current DIA case officers before a 2015 trip to China.
The complaint does not state how that information was used, if at all, but it’s enough to raise the notion Hansen may have been passing LinkedIn data to Chinese handlers in addition to other secret DIA materials files.
“I solicited from an intelligence case officer working for the Defense Intelligence Agency national defense information that I knew Chinese Intelligence services would find valuable, and I agreed to act as a conduit to sell that information to the Chinese” in exchange for hundreds of thousands of dollars, Hansen said as part of his plea deal.
The Hansen case provides the latest details into how Chinese intelligence agencies research and recruit Americans who can provide U.S. secrets that could benefit Beijing. It’s a vast, years-long effort that includes everything from cyber-espionage to coercing U.S. companies into turning over their intellectual property. But a string of recent cases demonstrate how suspected Chinese spies are exploiting LinkedIn, a networking site inherently meant to facilitate professional communications, to gather information about potential sources.
“They may pose as a job recruiter or someone with a shared interest to make a connection to a target and lure them into a relationship,” Dean Boyd, a spokesman for the National Counterintelligence and Security Center, said in a statement. “Concealing their role in Chinese intelligence, they often attempt to elicit personal and professional information from their targets to gauge their value. With their most promising targets, they may offer all-expense-paid trips to China for an interview, a speech, or an exchange of research.”
By casting a wide net that may include thousands of messages, Boyd said, foreign spies need only one response from someone with access to secrets to show an interest. By flattering the right person, or offering tens of thousands of dollars, operatives can exploit targets who are feeling undervalued at work, or frustrated with their financial situation.
In August, U.S. counter-intelligence chief William Evanina told Reuters Chinese intelligence agencies had embarked on a “super aggressive” campaign to recruit Americans on LinkedIn, an effort in which LinkedIn has been “a victim.”
In October, French intelligence agencies presented their government with a report outlining how Chinese intelligence agents had contacted nearly 4,000 French government workers, corporate executives and scientists via LinkedIn, according to French media outlets.
Up to 10,000 German citizens also were contacted by Chinese spies via social media, particularly LinkedIn, last year, according to German press accounts.
“You have a new invitation”
The case of Yanjun Xu provides insight on how China leverages LinkedIn. Xu allegedly worked as a regional deputy director of an agency controlled by China’s Ministry of State Security until October, when he became the first Chinese spy extradited to the U.S. Xu was arrested as part of a case in which Chinese operatives used LinkedIn to message a GE Aviation engineer in 2017.
The sender claimed to be from the Nanjing University of Aeronautics and Astronautics, and asked the engineer to travel to China. There, he would be asked to share ideas about the “latest developments in the applications of composite materials in aeroengine.” It took just a few months to convince the engineer to take home $3,500 in exchange for embarking on an all-expenses paid trip to the conference.
Xu and other MSS officers “would communicate about the best ways to protect and conceal the true nature of the information they were seeking from aviation companies and employees, including the use of codes and series of letters” to conceal the type of technical details they sought, according to the indictment.
“They know where you go to school, and whether you’ve traveled to places like China or Taiwan,” said John McClurg, a former supervisory special agent at the FBI who worked on cybersecurity and counterespionage. “That’s where they recruit you and slowly co-opt you into a contractor or third party agreement. They leverage those details to further bring you in to pitch and recruit you.”
McClurg said the law school where he worked as an adjunct professor last year received an open invitation for an all-expenses paid trip to participate in a legal conference at the Shanghai Academy of Social Sciences.
When members of the full-time faculty were unable to make the trip, the school asked McClurg to go in their place. But the invitation was rescinded when McClurg, now a vice president at Blackberry Cylance, sent the Shanghai Academy his employment history.
“They said it would be a ‘chilling effect’ for me to be there, and there was almost a guilelessness like they were admitting I’d chill their recruiting activity,” McClurg said. “Why else would they use that phraseology?”
The former FBI agent says now that he’s still mystified as to why the offer for a former U.S. counterintelligence official was called off, rather than welcomed. Perhaps it was that his presence would have compromised an intelligence-gathering mission, or that the Shanghai Academy of Social Sciences was seeking a professor with a specific background McClurg didn’t have.
“To recruit somebody who was a teacher, and a trainer in counterespionage, that would seem to be to be a nice catch for them,” he said. “I’m a little puzzled today by this response.”
Either way, the offer arrived in McClurg’s inbox just weeks before the Justice Department announced the arrest of Kevin Mallory, a former CIA clandestine officer and private consultant. A Chinese headhunter going by the name Michael Yang contacted Mallory on LinkedIn in 2017. Mallory was receptive, and Yang eventually would introduce the American, who was $30,000 in debt, to someone who worked for the Shanghai Academy of Social Sciences, a think tank founded in 1958.
Those interactions were the beginning of a long series of events that would result in Mallory passing classified information to Chinese intelligence, U.S. officials said, and ultimately being convicted on espionage charges in June of last year.
A different kind of state-sponsored activity
For LinkedIn, human-to-human recruitment appears to be a more difficult problem to solve than identifying and removing automated accounts, which typically engage in behavior that’s easier to detect.
“We utilize a variety of automated techniques, coupled with human reviews and member reporting, to keep out members safe from all types of bad actors and abuse,” said Paul Rockwell, head of trust and safety at LinkedIn, adding that the company removes abusive content and profiles using data provided by the government and other sources. “Our members can help tell us when something isn’t right, including a suspicious message they receive or profile they’re concerned about, by reporting it directly to us.”
Social media recruitment, of course, is only one aspect of Chinese espionage efforts. The country has more than 30,000 hackers, and some 150,000 private sector experts “whose mission is to steal American military and technological secrets,” former head of U.S. counterintelligence Michelle Van Cleave told Congress in 2016.
“Current and former U.S. government officials are not the only ones at risk,” said Boyd, the NCSC spokesman. “Individuals in the U.S. private sector and academia are also being targeted by foreign spies through social media platforms.”
The FBI has for years warned U.S. students traveling abroad that they could be identified as potential sources for the Chinese government. After the conviction of Glenn Duffie Shriver, a Virginia man recruited by the Chinese after writing a paper about American-Chinese relations over Taiwan, the bureau published a 28-minute video called “Don’t Be A Pawn: A Warning to Students Abroad.” Chinese spies paid Shriver a total of $70,000 to take the Foreign Service exam twice and to apply for employment at the CIA.
Beijing typically does not distinguish espionage directed against governments from espionage directed against commercial targets, according to research published in 2018 by the Foundation for Defense of Democracies, a nonpartisan think tank. Areas of interest include artificial intelligence, robotics, virtual reality and financial technology, all sectors where China aims to achieve technological dominance, according to FDD.
“You’d have a hard time actually verifying the number of intrusions or their severity because companies want to keep it quiet, and the government is keeping a lot of this classified,” said Zack Cooper, the Georgetown University professor who authored the FDD report. “It would damage share prices if companies put this out there, and it might also expose the tradecraft that would let hackers know if they’ve been effective or not effective. But it’s clear we don’t have a good solution to this.”
Source: Cyber Scoop
Share this link: