National Insider Threat Awareness Month came to a close at the end of September, and Cybersecurity Awareness Month began the 1st of October.
The FBI, in conjunction with the National Counterintelligence and Security Center (NCSC), released to the public at the end of last month a 30-minute movie, called “The Nevernight Connection,” detailing a fictional decription of a former U.S. Intelligence Community official targeted by a foreign intelligence service via a fake profile on a professional networking site and recruited to turn over classified information. NCSC disseminated this movie and other resources to the U.S. Intelligence Community to help employees recognize fake online profiles, realize the threat they pose, report these suspicious approaches to appropriate authorities, and take steps to avoid being targeted in the first place.
Current and former government clearance holders who believe they have been targeted in this way are asked to contact their local FBI office.
Recent examples: Singaporean national Dickson Yeo, and former CIA officer Kevin Mallory.
Dickson Yeo: On July 24, 2020, Singaporean national Dickson Yeo pleaded guilty to acting within the U.S. as an illegal agent of China without first notifying the Attorney General. Posing as a consultant, Yeo used a professional networking site to target and recruit U.S. officials at the direction of Chinese intelligence. According to court documents, after Yeo contacted potential targets online, “the professional networking website began to suggest additional potential targets.” According to Yeo, “the website’s algorithm was relentless” and “it felt almost like an addiction.” Among those who provided Yeo with information was a clearance holder working with the U.S. Air Force on the F-35B military aircraft program and a State Department employee who confided to Yeo he was dissatisfied at work and having financial troubles, and later wrote a report for Yeo about a then-serving U.S. Cabinet Member for money.
Former CIA officer Kevin Mallory: On May 17, 2019, former CIA officer Kevin Mallory was sentenced to 20 years in prison for conspiracy to transmit national defense information to China. Mallory was first approached by Chinese intelligence via a fake profile on a professional networking site. Fluent in Mandarin, Mallory worked for CIA, DIA, Department of State, and the U.S. Army. After leaving CIA in 2012, Mallory launched a consulting business, resulting in little success and mounting financial debt. In 2017, Chinese intelligence officers initiated contact with Mallory by having an operative posing online as a corporate headhunter send him a message on a professional networking site. Mallory traveled twice to China, where he was met by a Chinese intelligence officer and paid $25,000. On his second trip, he was provided with a covert communications device to transmit classified information to Chinese intelligence. A subsequent search of Mallory’s covert communications device by the FBI revealed classified document remnants.
"To reduce the risk, people should never accept an invitation to connect from someone you do not know, even if they are a friend of a friend. If possible, validate invitation requests through other means before accepting them. Report suspicious online approaches to appropriate authorities. And most importantly, be careful what you post on social media platforms about yourself and your job, as it could draw unwanted attention from adversaries and criminals." Government guidance
Working hand in hand with International Partners to Counter the foreign intelligence threat:
The NCSC and FBI are working with international partners to raise awareness of this threat. Earlier this year, the United Kingdom’s (U.K) Centre for the Protection of National Infrastructure (CPNI) released to the public a set of “Think before you link” videos and awareness materials to help U.K. government and industry sectors address this threat. CPNI’s “Think before you link” materials can be found here. A direct link to CPNI’s two-minute video “Glitch” can be found here.
In a 2020 National Security Threat Assessment, the Lithuanian Ministry of National Defence and the State Security Department noted that “hostile foreign intelligence services increasingly use online social networks to find and recruit sources abroad. Chinese intelligence services are particularly aggressive in this area and they mainly use the opportunities provided by the social network LinkedIn.”
In 2019, the Australian Security Intelligence Organization noted that it had warned business and government partners about “how hostile intelligence services use LinkedIn and other social media platforms to target people in positions that could fulfill a wide range of intelligence objectives.”
In 2017, Germany’s domestic intelligence agency, Bundesamt fur Verfassungsschutz (BfV) issued a public report accusing China’s intelligence services of using fake profiles on social media platforms to target more than 10,000 German citizens, including members of parliament, ministries, and government agencies, over a nine-month period. The BfV report includes screen shots of some the fake profiles used for recruitment purposes, which have since been closed down.
Source: FBI and NCSC press release.