LinkedIn to Espionage: The Growing Chinese Threat

Rivalry between the East and West is nothing new, but the last several decades have seen increasing conflict between China on the one hand and the U.S. and its allies on the other. In its bid to restore itself to its ancient glory as the “Middle Kingdom” of Asia and perhaps one day of the world, China has relentlessly sought to improve its technological prowess. In many cases, China has been accused of stealing Western technology by misappropriating trade secrets in business relationships, violating copyright and other intellectual property rights, and hacking into corporate and military networks to swipe anything that could help China catch up or gain an advantage.

Now it seems that China is borrowing a page from Russia’s playbook by exploiting social media invented in the U.S. In the same way that Russia used Twitter and other social media platforms to stir up political passions and influence the 2016 presidential race, China is using social media in an attempt to recruit spies to boost its espionage efforts. Just as the U.S. cannot afford to turn a blind eye to Russian manipulation of its electoral process, it cannot ignore China’s efforts to carry out espionage through social media. The government and the private sector must work together in order to effectively counter this threat.

Evidence suggests that Chinese agents are increasingly turning to social media, such as LinkedIn, as hunting grounds for new intelligence assets are piling up. For example, White House official and diplomat Brett Bruen, who worked in the Obama administration, was befriended on LinkedIn by an individual purporting to be Donna Alexander from the California Institute of Technology, who supposedly had connections to other White House officials—many of whom were involved with the U.S. government’s foreign policy infrastructure. “Donna” proceeded to offer to fly him to China for a “well-paid” opportunity, but he decided to decline the offer. The offer immediately set off a sea of alerts: first, the profile picture was of actress Sarah Roemer, and second, a spokeswoman from the Institute had no such record of a “Donna Alexander.” If the situation wasn’t handled as carefully as it had been, Bruen could have ended up leaking confidential, crucial information about the U.S. government, which could have led to cybernetic onslaughts, especially during the ongoing U.S.-China trade war.

While the U.S. has been the prime target of such fake social media efforts by China, China has also gone after the Western allies of the U.S. using similar methods. Jonas Parello-Plesner, a Danish Foreign Ministry official, faced recruitment efforts on LinkedIn from a user under the alias of Grace Woo in 2011. After a series of exchanges, in which “Grace” learned that Parello-Plesner was going to visit Beijing soon, she suggested that he stop by Hangzhou to meet with the DRHR, a headhunting company that she supposedly worked for; they agreed on meeting in the St. Regis Hotel. When Parello-Plesner arrived in China, he was guided by a young man from the DRHR to a conference room where three middle-aged men—and no Grace Woo—greeted him.

Immediately, he saw a red flag: the men claimed to have come from a government research organization but did not have any business cards. The men then promised Parello-Plesner that if he’d work with them, they’d fund his research and provide him “really great access to the Chinese system.” Parello-Plesner concluded that they were Chinese intelligence officials and reported the incident to Danish officials. Apparently, this scheme was only the tip of the iceberg: the DRHR and a few other companies have implemented efforts to contact approximately 10,000 German and 4,000 French individuals through LinkedIn, according to German and French intelligence, which shows a rising threat, to say the least. While LinkedIn has a policy of shutting down accounts used to deceive other LinkedIn users, LinkedIn cannot shut down all such accounts by itself; in many cases, someone has to alert LinkedIn of the problem.

The problem Chinese exploitation of LinkedIn or other social media poses is one of social engineering—not an issue of hacking; all of the cybersecurity technology in the world wouldn’t make any real difference. The key to solving the problem is to bring as many human resources as possible to counter the threat. There needs to be greater concerted efforts between the government and private sector; they must use all of the resources at their disposal to shut down these illegitimate efforts. This means that government intelligence agencies, government entities, privately-owned companies whose employees may be the target of Chinese spies, and social media companies need to come together to share whatever information they have so that fake accounts used by Chinese spies are shut down expeditiously.

Organizations like the DRHR should not be allowed free rein, and once a few suspicious incidents have been identified, the offending account should be shut down immediately. Perhaps Chinese spies can engage in a game of whack-a-mole by setting up new organizations and accounts as soon as an old one is identified, but concerted, sustained efforts in sharing information by all of the targets should make responding to such games easier. The right balance needs to be struck so that the governments and companies can achieve their goals without unduly restricting civil liberties or giving the spies too much leeway.

With this balance in mind, the communication between governments and companies is crucial in order to curtail misuse of social media platforms for espionage. The practical implication of this is that the government should share what it knows with companies so they can take action, but not to the point where it might compromise its methods and sources to gather intelligence. Conversely, social media companies should encourage users who have been the targets of espionage to share what they know with the government. However, sharing information with the government should be voluntary to preserve privacy and civil liberties. This way, social media can be used how it was intended to without benefiting the spies or fostering Big Brother.