Chinese spies used fake Facebook profile to friend NATO officials

Chinese spies used fake Facebook profile to friend NATO officials

Summary: Chinese spies created a fake Facebook profile of U.S. Navy admiral James Stavridis, friended various NATO officials, and gained access to their personal data. The fake profile has since been taken down.


Late last year, senior British military officers, Defense Ministry officials, and other government officials were tricked into becoming Facebook friends with someone masquerading as United States Navy admiral James Stavridis. By doing so, they exposed their own personal information (such as private e-mail addresses, phone numbers, pictures, the names of family members, and possibly even the details of their movements), to unknown spies.

If you feel like the name is familiar, it should be. Stavridis happens to be the current Commander, U.S. European Command (USEUCOM), and NATO's Supreme Allied Commander Europe (SACEUR). It's really no coincidence he was chosen as the one to fake a Facebook profile of.

Stavridis uses Facebook quite a bit. For example, in October 2011 he used his Facebook account to tell the world of his intent to end the organization's mission in Libya.

NATO officials are reluctant to publicly state who was behind the attack, but The Telegraph says China is to blame. The publication quotes classified briefings in which military officers and diplomats were told the evidence pointed to "state-sponsored individuals in China." The Guardian agrees, quoting a security source who says "the belief is that China is behind this."

By the way, the screenshot above is of the NATO official's legitimate Facebook Page: James Stavridis. The bogus Facebook profile page has since been taken down. Such fake Facebook profiles are usually deleted within 24 to 28 hours of being discovered, but it's difficult to find the people who create them. NATO has since warned its staff about such kind of activity, but I doubt this is the last time it will happen.

Last month, Facebook started pushing out verified accounts for prominent public figures, but the system still hasn't been adopted by many, and in any case the feature became available months after this particular social engineering attack took place. That being said, news of the incident only came to light this weekend.

Supreme Headquarters Allied Powers Europe (SHAPE) officials confirmed their commander had been targeted. "This type of compromising attempts are called 'Social Engineering' and has nothing to do with 'hacking' or 'espionage', a SHAPE spokesperson said in a statement. "Discussions/chats/postings on Facebook are of course only about unclassified topics."

"There have been several fake supreme allied commander pages," a NATO spokesperson said in a statement. "Facebook has cooperated in taking them down. We are not aware that they are Chinese. The most important thing is for Facebook to get rid of them. First and foremost we want to make sure that the public is not being misinformed. Social media played a crucial role in the Libya campaign last year. It reflected the groundswell of public opposition, but also we received a huge amount of information from social media in terms of locating Libyan regime forces. It was a real eye-opener. That is why it is important the public has trust in our social media."

"We recognise that there are vulnerabilities in infrastructure," Shawn Henry, an executive assistant director at the FBI, said in a statement. "That's why we see breaches by the thousand every single month. There are thousands of breaches every month across industry and retail infrastructure. We know that the capabilities of foreign states are substantial and we know the type of information they are targeting."

"After the profile was reported to us, it was taken down as soon as we were notified and investigated the issue," a Facebook spokesperson said in a statement.

Neither Facebook nor NATO is disclosing how many people fell for the scam. I have contacted Facebook for further information and will update you if I hear back.

Update at 2:15 AM PST: "After the profile was reported to us, it was taken down as soon as wewere notified and investigated the issue," a Facebook spokesperson said in a statement.

See also:

Topic: Social Enterprise

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • LOL!

    Rabid Howler Monkey
  • Useless information no doubt; If this story has teeth.

    Just another failed CIA fallout. We will never know what is in the "rabbit hole".
  • Government "Intelligence"

    If you expect government officials to have any common sense about the internet, think again. Most online privacy issues can be prevented by common sense. Particularly problematic for many people is seeing how they post personal information on social media, neglect to use privacy settings, and are surprised when their personal information is stolen weeks later. While you can be careful about what you post about yourself, you can't prevent other people from posting about you. Also problematic for people is how there are sites like where people post personal information about each that can't be removed. With Google making all of this information widely available, being vigilant about seeing what people can find out you is critical to maintaining your online reputation. Facebook can do a bit more to prevent people from accidentally messing up their own lives by encouraging more sensible defaults, but in the end people have to be smart about what they post about themselves online, and this doesn't solve all potential problems.
  • The social Media needs to go to the next level

    That's the problem with all social media channels and that's why there is a need for all of them to be on first
  • false flag

    sounds to make like the nsa made the profile, and blamed the Chinese for it. i would not be surprised if the nsa was getting ready to do a false flag cyber attack, and blame it on the Chinese. it's sad to see what desprate lengths these war mongers will go to, to get us into war
    marc van hoff
    • Speaking of false profiles...

      ... this post screams it.
    • that's possible. this article is just another irresponsible reporting

      just another reporter that make his every effort to gain the public attraction with the old "cyber attach from Chinese" story. He even don't bother to make the article logically make sense.
  • facebook

    facebook = spam
    preferred user
  • So BYOD is a portal for fraudsters and spies.

    If ever there was a reason why social networking should not mix-it with enterprise environments, this is it. Every attached "social" user's device could be pwned by literally anyone. And we're now hearing that the portable devices are especially easy to hack - not as robust as desktop OS's and that ain't saying much.
  • This article is missleading

    The title obviously sure that it is Chinese, but anything said to prove this inside the article?
    Again, an old prototype artical. If you want to make news, connect the topic to Chinese. A question here is, it is a tech place, why reporters here speak for the stupidness of the gov officials who are leading the country but have no common sense for the using of internent.
  • Fake Profile Scam

    Unfortunately, there are still tons of facebook scams out there???There is a new iPhone app recently released, called Scam Detector, which exposes like 500 scams. It is worth checking it out, if you have an iPhone. The app is also online - they have a free web version, if interested. Google it, it's kinda cool, actually.