Chinese intelligence agents using fake LinkedIn accounts have managed to ensnare thousands of senior French business executives and civil servants. According to a joint report by the DGSE and DGSI, the French versions of the CIA and FBI, over 4,000 French financial and government ‘high-value targets’ have been pursued by Chinese intelligence. The report states that 48 percent were private companies and 52 percent were government entities. Targeted individuals worked in the health, computer, nuclear, and telecommunications sectors.
A French intelligence officer highlighted the lack of cybersecurity awareness and training in the French population, singling out top French executives, government employees, and politicians. He emphasised that since 2017 there has been an attempt to address this problem. And from now on, the French intelligence services will be more aggressive against Chinese — and other actors’ — espionage attempts.
“We will respond to attacks blow for blow, whatever the consequences,” he said.
LinkedIn — popular professional networking website — has been trying to counter the negative publicity. Paul Rockwell, LinkedIn’s head of trust and safety, recently said, “We’ve never waited for requests to act and actively identify bad actors and remove bad accounts using information we uncover and intelligence from a variety of sources including government agencies.”
But how did they fall into the trap? Over the promise of job offers, professional collaborations, and networking. Among other things, Chinese agents pretended to be head-hunters, high-end consultants, or recruiters from think tanks to befriend and connect with their French targets. Once that was achieved, the Chinese agents were able to lure them to confide sensitive or classified information. For instance, according to the DGSE, in exchange of payment, a senior civil servant wrote brief reports containing confidential intelligence.
The French appear to have been slow to react to the threat. British, German, and American intelligence and counterintelligence services have been aware of the Chinese attempts to hijack LinkedIn since 2015. Three years ago, MI5 issued an espionage alert that stated that “hostile foreign intelligence services are increasingly using LinkedIn to find, connect with and begin cultivation and recruitment of current and former HMG (Her Majesty’s Government) employees.”
In late 2017, the German Intelligence Service (BND) stated that over 10,000 high ranking German business and government targets had been approached by Chinese spies. Last August, the FBI issued a similar warning. It warned that the Chinese government is pursuing a “super aggressive” espionage and recruiting campaign via LinkedIn.
Nicole Leverich, a company spokesperson, said that LinkedIn’s policy is clear “the creation of a false account or fraudulent activity is a violation of our rules.”
Unlike Russian cyberwarfare and intelligence gathering operations, which focus on political and military targets, Beijing’s intelligence operations are multifaceted. Targets range from technological giants, such as the attempt to hack Amazon, HP, and Apple hardware with miniature chips, to financial companies to militaries.
It’s easy, however, to counter the threat: just decline friend invitations from unknown or suspicious accounts on LinkedIn and social media.