The US Federal Bureau of Investigations has sent a warning to private sector partners about foreign intelligence services using social media accounts to target and recruit employees with US government clearance.
"FIS [foreign intelligence services] officers will use popular US-based platforms and their respective countries' social media platforms for personal and intelligence gathering/operations purposes," the FBI said in a security alert the agency sent out in April.
The warning, authored by the FBI's Washington Field Office, in coordination with the FBI's Office of Private Sector (OPS), was sent to government contractors whose employees hold various levels of security clearances.
The FBI warning comes as the US has seen a rash of former government employees defecting or helping foreign intelligence services over the past few years. These incidents started with the now-infamous Snowden case, to the most recent one, involving a former US Air Force service member who defected to Iran and then helped its newly adopted country hack her former Air Force colleagues.
The FBI alert includes links to government resources where contractors can educate their employees on how to handle themselves online. The optimum scenario would be if clearance holders would avoid disclosing that they have a government clearance online, in the first place.
Further, the alert also includes four cases the FBI presented as examples of different scenarios of how foreign operatives used social media and online portals to rope in government contractors into committing treason.
We cite in full the four cases from the report [Italic text added by ZDNet]:
FIS Primary Targets: Former/ActiveUSG Clearance Holders
In 2017, an FIS used a popular professional networking website to contact a former USG [US Government] employee who held an expired Top Secret level clearance. The employee listed their intelligence/national security background on their website profile. Aseparatedbut recruited individual later acted as the "middle person" who introduced the employee to the FIS. In February 2017, the employee traveled overseas to meet the FIS and established a covert communication channel. That communication channel served as a mean to pass Secret and Top Secret information to a US adversary. In mid-2017, the USG arrested and charged the employee for conducting espionage against the United States.
Here, the FBI might be referring to the case of Kevin Patrick Mallory, a 62-year-old from Leesburg, Virginia, who was recently sentenced to 20 years in prison for selling government secrets to China.
FIS Private Sector Targets: USG Contractor Clearance Holders
A known FIS front company used a publicly available employment website to target USG defense contractors who posted their resume online. The FIS used the website to target, assess, and recruit employees of US-based defense contracting companies supporting the USG who have specialized skills in the aviation technology.
Here, the FBI is referring to the use of LinkedIn as a recruitment platform by foreign intelligence agents, a now common practice and well-known about practice.
Social EngineeringMethod: FIS use Fictitious Social Media Accounts to Obtain Access to Sensitive and Classified Data from USG and Corporate Employee
An FIS created a fictitious US military social media profile on several platforms. The FIS used the profile to establish online relationships/social network with a wide range of USG, US military personnel, and multiple US-based cleared defense contractors. The FIS used the social network to develop and assess a targeted pool of profiles.
Here, the FBI is referring to the use of platforms such as Twitter, Facebook, and other social networks for targeting employees during their free time, and then moving conversations to sensitive topics.
Bridging the Physical and Online Introductions Gap: FIS Used Physical Events and Online Research for Social Media Usage to Establish Relationships
In early 2018, a US-based cleared defense contractor with a Top Secret level clearance attended a technical trade show conference in the United States. An FIS who operated a vendor booth at the conference approached the contractor several times and offered sales of products/services. As a means to deter the aggressive sales pitches, the contractor indicated to the FIShis/her affiliation with the USG and offered the FIS a business card. A week after the conference, the FIS located the contractor on a popular professional linking website. The FIS sent an online request to the contractor via the website. The FIS is likely associated with an identified US adversarial military unit.
Here, the US is referring to the tactic of scouting contractor employees' social media accounts for info that can be used to get conversations and relationships going in the real physical world.
Related government coverage:
- Chinese military to replace Windows OS amid fears of US hacking
- CBP says hackers stole license plate and travelers' photos
- Russian military moves closer to replacing Windows with Astra Linux
- SEC security alert warns about misconfigured NAS, DBs, and cloud servers
- Equifax breach impacted the online verification process at many US govt agencies
- Even the NSA is urging Windows users to patch BlueKeep
- How Estonia became an e-government powerhouse TechRepublic
- Sri Lanka blocks social media after deadly Easter explosions CNET