Scott StewartVP of Tactical Analysis, Stratfor
9 MIN READJul 2, 2019 | 09:00 GMT
- Intelligence agencies have always used open source intelligence to spot people with access to the programs or information they are attempting to collect.
- The internet provides such agencies with more open source information than ever; some sites, such as LinkedIn, are particularly useful for spotting people with access to desired information or technologies.
- By understanding how intelligence agencies use LinkedIn and other social media platforms, one can take steps to avoid or mitigate the threat.
The risk that hostile intelligence services will use LinkedIn as a recruitment tool has been widely reported. One such report, by Mika Aaltola at the Finnish Institute of International Affairs published in June 2019, focused on Chinese activity on LinkedIn. The phenomenon, however, is neither confined to Chinese intelligence operations nor limited to that particular social media platform. All intelligence agencies use similar exploits, as illustrated by the Iranian-linked hack of Deloitte in which a LinkedIn connection was used to gain an employee’s trust. Even so, the number of reported cases attributed to the Chinese — including those of former intelligence officers such as Kevin Mallory and corporate espionage cases such as one involving an engineer at GE Aviation — suggest their intelligence services are among the most active and aggressive users of LinkedIn as a recruitment tool.
How Hostile Intelligence Agencies Use LinkedIn
Countering the threat coming through LinkedIn requires an understanding of how intelligence services use it in recruitment operations. This is best achieved by viewing the platform through the lens of the human intelligence recruitment cycle.
The recruitment process consists of three basic phases: spotting, developing and pitching. Each can be broken down into smaller steps, and there can be a great deal of variation in the process depending on the target and circumstances. But for our purposes, focusing on these three will suffice.
Read the rest: