MI5 warns of spy threat from professional networking sites

Over 10,000 British nationals have been targeted online in the past five years by hostile states such as China, as foreign spies increasingly manipulate professional networking sites to recruit new agents and steal secrets.

In a campaign being launched this week, UK security agencies will warn 450,000 civil servants and partners in industry and academia that Britain’s adversaries are creating fake online accounts to ensnare people who are privy to classified information. Posing as recruiters, foreign spies lure their targets to meetings in person where they may be subjected to bribery or blackmail in order to obtain intelligence.

The campaign, titled “think before you link”, is being co-ordinated by the Centre for the Protection of National Infrastructure (CPNI) — the arm of UK intelligence agency MI5 that advises government and business on protective security. While officials would not give details about which countries or social media platforms were of most concern, there is a long history of China using the networking site LinkedIn to ensnare espionage targets.

Last year a US court heard that Dickson Yeo, an academic at George Washington University, had used LinkedIn to target US military and government personnel on behalf of Chinese intelligence. He formed online connections with state department officials, former military commanders, Pentagon employees and think-tank experts with the aim of passing information from them to Beijing.

In 2019, former CIA officer Kevin Mallory was sentenced by the US to 20 years in prison for delivering military secrets to Chinese intelligence after first being approached on LinkedIn.

The UK government has been wary of calling out Chinese spying activity for fear of provoking retribution. Britain’s landmark defence and security review, published last month, made clear that the UK would continue to pursue a balancing act in its relations with Beijing. The review highlighted China as the “biggest state-based threat” to the UK’s economic security, but also emphasised Britain would continue to pursue “deeper trade links and more Chinese investment”.

Describing the scale of the online espionage threat, the UK’s CPNI said its assessment that 10,000 UK nationals had been approached by foreign spies in the last five years was a “conservative estimate”. It also admitted that “a considerable volume of these individuals” had initially engaged with the espionage attempts. 

Targets are typically government employees with high-level security clearance, as well as retired civil servants and those in the private sector who have access to classified or commercially sensitive technology, such as defence equipment. The campaign advises people to be wary of new contacts making job offers that sound too good to be true, and urges them to report suspicious approaches to their employer.

Ken McCallum, director-general of MI5, said malicious profiles on professional networking sites were being used on an “industrial scale”. “This campaign, which harnesses the insight derived from our intelligence, behavioural science experts and co-operation of Five Eyes partners, will strengthen the UK’s collective defences against this activity,” McCallum said.

Dominic Fortescue, the government’s chief security officer, added that the increase in remote working during the coronavirus pandemic had made civil servants and others more vulnerable to spies’ approaches online.

The campaign was tested out in the UK three years ago but is only now being launched publicly. All Britain’s Five Eyes intelligence-sharing partners — the US, Canada, Australia and New Zealand — have adopted versions of “think before you link” using materials from CPNI.

Announcing the start of Canberra’s campaign in November Mike Burgess, director-general of Australia’s intelligence service, said: “The approaches are often sophisticated, with spies pretending to be headhunters, or offering enticing business opportunities, but their real intent is to learn your secrets and potentially recruit you as a source.”

Commenting on the co-ordinated approach, Alan Kohler, assistant director of the FBI’s counter-intelligence division, said foreign spies “must now contend with the efforts of five united countries working in partnership to combat their hostile actions”.

Paul Rockwell, head of trust and security at LinkedIn, said his staff actively sought signs of “state-sponsored activity” and removed fake accounts using intelligence from a variety of sources, including government agencies. 

Between January and June last year, LinkedIn removed 33.7m fake accounts at registration.