Asia Pacific

Top U.S. spy catcher says China is using LinkedIn to recruit Americans

Reuters

The United States’ top spy catcher says Chinese spy agencies are using fake LinkedIn accounts to try to recruit Americans with access to government and commercial secrets, and the company should shut them down.

William Evanina, who heads the U.S. National Counter-Intelligence and Security Center, said in an interview that intelligence and law enforcement officials have told LinkedIn, owned by Microsoft Corp., about China’s “superaggressive” efforts on the site.

He said the Chinese campaign includes contacting thousands of LinkedIn members at a time. He declined to say how many fake accounts U.S. intelligence has discovered, how many Americans may have been contacted and how much success China has had in the recruitment drive.

German and British authorities have warned their citizens that Beijing is using LinkedIn to try to recruit them as spies, but this is the first time a U.S. official has publicly discussed the challenge in the United States and indicated it is a bigger problem than previously known.

Evanina said LinkedIn should look at copying the response of Twitter, Google and Facebook, which have all purged fake accounts allegedly linked to Iranian and Russian intelligence agencies.

It is highly unusual for a senior U.S. intelligence official to single out an American-owned company by name and publicly recommend it take action.

LinkedIn says it has 575 million users in more than 200 counties and territories, including more than 150 million U.S. members.

LinkedIn’s head of trust and safety, Paul Rockwell, confirmed the company has been talking to U.S. law enforcement agencies about Chinese espionage. In August, LinkedIn said it had taken down “less than 40” fake accounts whose users were attempting to contact LinkedIn members associated with unidentified political organizations. Rockwell did not say whether those were Chinese accounts.

“We are doing everything we can to identify and stop this activity,” Rockwell said. “We’ve never waited for requests to act, and actively identify bad actors and remove bad accounts using information we uncover and intelligence from a variety of sources, including government agencies.”

Rockwell declined to provide numbers of fake accounts associated with Chinese intelligence agencies.

LinkedIn “is a victim here,” Evanina said. “I think the cautionary tale … is, ‘You are going to be like Facebook. Do you want to be where Facebook was this past spring, with congressional testimony?'” he said, referring to lawmakers’ questioning of Facebook CEO Mark Zuckerberg on Russia’s use of the social media network to meddle in the 2016 U.S. elections.

Sen. Mark Warner, the top Democrat on the Senate Intelligence Committee, said Beijing’s exploitation of LinkedIn “demonstrates the length to which Chinese intelligence will go, and the 21st-century counterintelligence challenges facing us in a world where everybody’s got an online footprint.”

Evanina said he was speaking out in part because of the case of Kevin Mallory, a retired CIA officer convicted in June of conspiring to commit espionage for China.

A fluent Mandarin speaker, Mallory was struggling financially when he was contacted via a LinkedIn message in February 2017 by a Chinese national posing as a headhunter, according to court records and trial evidence.

The individual, using the name Richard Yang, arranged a telephone call between Mallory and a man claiming to work at a Shanghai think tank.

During two subsequent trips to Shanghai, Mallory agreed to sell U.S. defense secrets — sent over a special cellular device he was given — even though he assessed his Chinese contacts to be intelligence officers, according to the U.S. government. He is due to be sentenced in September and could face life in prison.

While Russia, Iran, North Korea and other nations also use LinkedIn and other platforms to identify recruitment targets, the U.S. intelligence officials said China is the most prolific and poses the biggest threat.

U.S. officials said China’s Ministry of State Security has “co-optees” — individuals who are not employed by intelligence agencies but work with them — set up fake accounts to approach potential recruits.

They said the targets include experts in fields such as supercomputing, nuclear energy, nanotechnology, semiconductors, stealth technology, health care, hybrid grains, seeds and green energy.

Chinese intelligence uses bribery or phony business propositions in its recruitment efforts. Academics and scientists, for example, are offered payment for scholarly or professional papers and, in some cases, are later asked or pressured to pass on U.S. government or commercial secrets.

Some of those who set up fake accounts have been linked to IP addresses associated with Chinese intelligence agencies. Other accounts have been set up by bogus companies, including some that purport to be in the executive recruiting business, said a senior U.S. intelligence official.

The official said “some correlation” has been found between Americans targeted through LinkedIn and data hacked from the Office of Personnel Management, a U.S. government agency, in 2014 and 2015.

The hackers stole sensitive private information, such as addresses, financial and medical records, employment history and fingerprints, of more than 22 million Americans who had undergone background checks for security clearances.

The United States identified China as the leading suspect in the massive hacking.

About 70 percent of China’s overall espionage is aimed at the U.S. private sector, said Joshua Skule, the head of the FBI’s intelligence branch, whose responsibilities include ensuring the flow of intelligence to the bureau’s counter-espionage operations.

“They are conducting economic espionage at a rate that is unparalleled in our history,” he said.

Evanina said five current and former U.S. officials — including Mallory — have been charged with or convicted of spying for China in the past 2½ years.

He indicated that additional cases of suspected espionage for China by U.S. citizens are being investigated.

U.S. intelligence services are alerting current and former officials to the threat and telling them what security measures they can take to protect themselves.

Some current and former officials post significant details about their government work history online — even sometimes naming classified intelligence units that the government does not publicly acknowledge.

LinkedIn “is a very good site,” Evanina said. “But it makes for a great venue for foreign adversaries to target not only individuals in the government, formers, former CIA folks, but academics, scientists, engineers, anything they want. It’s the ultimate playground for collection.”