Chinese spies used fake Facebook profile to friend NATO officials

Summary:Chinese spies created a fake Facebook profile of U.S. Navy admiral James Stavridis, friended various NATO officials, and gained access to their personal data. The fake profile has since been taken down.

Late last year, senior British military officers, Defense Ministry officials, and other government officials were tricked into becoming Facebook friends with someone masquerading as United States Navy admiral James Stavridis. By doing so, they exposed their own personal information (such as private e-mail addresses, phone numbers, pictures, the names of family members, and possibly even the details of their movements), to unknown spies.

If you feel like the name is familiar, it should be. Stavridis happens to be the current Commander, U.S. European Command (USEUCOM), and NATO's Supreme Allied Commander Europe (SACEUR). It's really no coincidence he was chosen as the one to fake a Facebook profile of.

Stavridis uses Facebook quite a bit. For example, in October 2011 he used his Facebook account to tell the world of his intent to end the organization's mission in Libya.

NATO officials are reluctant to publicly state who was behind the attack, but The Telegraph says China is to blame. The publication quotes classified briefings in which military officers and diplomats were told the evidence pointed to "state-sponsored individuals in China." The Guardian agrees, quoting a security source who says "the belief is that China is behind this."

By the way, the screenshot above is of the NATO official's legitimate Facebook Page: James Stavridis. The bogus Facebook profile page has since been taken down. Such fake Facebook profiles are usually deleted within 24 to 28 hours of being discovered, but it's difficult to find the people who create them. NATO has since warned its staff about such kind of activity, but I doubt this is the last time it will happen.

Last month, Facebook started pushing out verified accounts for prominent public figures, but the system still hasn't been adopted by many, and in any case the feature became available months after this particular social engineering attack took place. That being said, news of the incident only came to light this weekend.

Supreme Headquarters Allied Powers Europe (SHAPE) officials confirmed their commander had been targeted. "This type of compromising attempts are called 'Social Engineering' and has nothing to do with 'hacking' or 'espionage', a SHAPE spokesperson said in a statement. "Discussions/chats/postings on Facebook are of course only about unclassified topics."

"There have been several fake supreme allied commander pages," a NATO spokesperson said in a statement. "Facebook has cooperated in taking them down. We are not aware that they are Chinese. The most important thing is for Facebook to get rid of them. First and foremost we want to make sure that the public is not being misinformed. Social media played a crucial role in the Libya campaign last year. It reflected the groundswell of public opposition, but also we received a huge amount of information from social media in terms of locating Libyan regime forces. It was a real eye-opener. That is why it is important the public has trust in our social media."

"We recognise that there are vulnerabilities in infrastructure," Shawn Henry, an executive assistant director at the FBI, said in a statement. "That's why we see breaches by the thousand every single month. There are thousands of breaches every month across industry and retail infrastructure. We know that the capabilities of foreign states are substantial and we know the type of information they are targeting."

"After the profile was reported to us, it was taken down as soon as we were notified and investigated the issue," a Facebook spokesperson said in a statement.

Neither Facebook nor NATO is disclosing how many people fell for the scam. I have contacted Facebook for further information and will update you if I hear back.

Update at 2:15 AM PST: "After the profile was reported to us, it was taken down as soon as wewere notified and investigated the issue," a Facebook spokesperson said in a statement.

See also:

Topics: Social Enterprise

About

Emil is a freelance journalist writing for CNET and ZDNet. Over the years, he has covered the tech industry for multiple publications, including Ars Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.