Rick Klepper: 678.588.1622 | Doug Wilson: 205.903.3272 | Kerry Gossett: 205.281.5681 | Doug Hughes: 205.527.0876 staff@counterthreatgrp.com

Social networking is everywhere. There’s simply no getting around it. As smart phones have become commonplace, social networks have become even more pervasive. Society practically demands that people have a Facebook account to remain socially aware, and job seekers and professionals from many industries are expected to have a LinkedIn profile. And understandably so, considering the effective hiring rate these platforms now facilitate. According to an Aberdeen Group study, “approximately 73% of Millennials (ages 18-34) found their last position via a social media platform,” and platforms such as LinkedIn are used more widely by all ages groups to seek employment and career advancement. But there are certain pitfalls that come with putting all your personal information out there, particularly detailed career information. One such pitfall is the fact that adversarial nations utilize social networking sites as tools to conduct cyber espionage across the globe. Countries like China, Russia, and Iran have been known to use social networking sites, especially LinkedIn, to gather career details on business professionals and government employees to aid in their larger information warfare campaigns as well as to coerce and recruit individuals. Sounds scary, right? Unfortunately, this is something social networking site users will only see more of as the battlespace of modern warfare increasingly includes the cyber world and the social media sites contained therein.

Russian Cyber Espionage

Russia, in particular, is infamous for using social networking sites to manipulate and spy on users throughout the world. More specifically, it is now understood that Russia uses fake LinkedIn profiles to gather information on users in certain career fields. Once information is gathered on a person, Russian spies have even gone so far as to confront the victim in person, as was the case with former U.S. national security official Giles Raymond DeMourot who was attacked while shopping at a supermarket. The UK’s government agencies have also had employees targeted by Russian cyber spies based on the information they put on their social networking profiles. Investigations conducted by MI5, one of the country’s intelligence agencies, revealed that many government employees were unwittingly “connected to known hostile foreign intelligence service cover profiles.” Russia’s cyber espionage campaign also heavily relies on Facebook to gather information on users. During the 2017 French presidential race, Russia used Facebook to spy on current President Emmanuel Macron’s election campaign officials using fake profiles.

Chinese Cyber Espionage

But Russia is certainly not the only country using social networking as a means of spying on its enemies. China is another major exploiter of social networking sites and their users. In fact, this past December, China was accused of spying on thousands of German citizens using fake LinkedIn profiles including supposed business consultants and academic scholars. In 2012, China utilized fake Facebook accounts to gather information on senior-ranking NATO officials through friend requests. Further still, China has been known to spy on other countries using LinkedIn, including the UK, and is known to monitor its own citizens via social networking sites.

Iranian Cyber Espionage

Alongside these two major world powers, many other countries conduct cyber espionage via social networking sites. Iran, for instance, is characterized by a government that exploits social networking sites not only to restrict its own population, but also to spy on individuals across the globe. One such example includes when Iran was caught using fake LinkedIn profiles portraying recruiters from well-known international companies like Northrop Grumman and General Motors. Once a connection with targeted victims was formed, the Iranian hackers would send malicious software, like those contained in fake resume applications, that would infiltrate the victim’s sensitive information.

Why Social Networking?

So is all hope lost for those who want to balance career advancement and social networking with privacy and the right to not be preyed upon by foreign governments? Unfortunately, the fake profiles used by these countries were well-crafted and seemingly indistinguishable from real profiles. It seems these state-sponsored cyber spies go to great lengths to get the information they are after, even making secondary fake profiles to support the information presented in the first fake profile. LinkedIn is especially vulnerable to this cyber espionage because many users are white-collar professionals who may possess valuable government or corporate information. Moreover, people tend to emphasize accomplishments and provide specific details about their work history in an effort to attract potential employers, however, this information can end up being ripe for the picking for foreign governments. LinkedIn also hosts groups where members of a profession can discuss topics relevant to their industry, but this too can be an easy target for spies looking to gain information.

Alternatives

That being said, there is still no substitute for genuine human interaction, which significantly reduces the likelihood of cyber espionage occurring. Statistics show that employers still prefer face-to-face interaction to social media as it allows people to gauge sincerity and pick up on nonverbal cues. Professional organizations often provide industry-specific conferences members can attend as well as discussions, both of which can offer greater exposure to your industry’s network. Job fairs are another great way to meet potential employers face to face.

Although cyber espionage is a very real threat, it is still possible to balance the need to secure private information with the power of connectivity that social media provides.