Special Feature
Part of a ZDNet Special Feature: Cyberwar and the Future of Cybersecurity

FBI warning: Foreign spies using social media to target government contractors

FBI warns security clearance holders to be careful when disclosing work information on social media profiles.

fbi-hacked-tormail-users.jpg

The US Federal Bureau of Investigations has sent a warning to private sector partners about foreign intelligence services using social media accounts to target and recruit employees with US government clearance.

"FIS [foreign intelligence services] officers will use popular US-based platforms and their respective countries' social media platforms for personal and intelligence gathering/operations purposes," the FBI said in a security alert the agency sent out in April.

The warning, authored by the FBI's Washington Field Office, in coordination with the FBI's Office of Private Sector (OPS), was sent to government contractors whose employees hold various levels of security clearances.

The FBI warning comes as the US has seen a rash of former government employees defecting or helping foreign intelligence services over the past few years. These incidents started with the now-infamous Snowden case, to the most recent one, involving a former US Air Force service member who defected to Iran and then helped its newly adopted country hack her former Air Force colleagues.

The FBI alert includes links to government resources where contractors can educate their employees on how to handle themselves online. The optimum scenario would be if clearance holders would avoid disclosing that they have a government clearance online, in the first place.

Further, the alert also includes four cases the FBI presented as examples of different scenarios of how foreign operatives used social media and online portals to rope in government contractors into committing treason.

We cite in full the four cases from the report [Italic text added by ZDNet]:

FIS Primary Targets: Former/ActiveUSG Clearance Holders

In 2017, an FIS used a popular professional networking website to contact a former USG [US Government] employee who held an expired Top Secret level clearance. The employee listed their intelligence/national security background on their website profile. Aseparatedbut recruited individual later acted as the "middle person" who introduced the employee to the FIS. In February 2017, the employee traveled overseas to meet the FIS and established a covert communication channel. That communication channel served as a mean to pass Secret and Top Secret information to a US adversary. In mid-2017, the USG arrested and charged the employee for conducting espionage against the United States.

Here, the FBI might be referring to the case of Kevin Patrick Mallory, a 62-year-old from Leesburg, Virginia, who was recently sentenced to 20 years in prison for selling government secrets to China.

FIS Private Sector Targets: USG Contractor Clearance Holders

A known FIS front company used a publicly available employment website to target USG defense contractors who posted their resume online. The FIS used the website to target, assess, and recruit employees of US-based defense contracting companies supporting the USG who have specialized skills in the aviation technology.

Here, the FBI is referring to the use of LinkedIn as a recruitment platform by foreign intelligence agents, a now common practice and well-known about practice.

Social EngineeringMethod: FIS use Fictitious Social Media Accounts to Obtain Access to Sensitive and Classified Data from USG and Corporate Employee

An FIS created a fictitious US military social media profile on several platforms. The FIS used the profile to establish online relationships/social network with a wide range of USG, US military personnel, and multiple US-based cleared defense contractors. The FIS used the social network to develop and assess a targeted pool of profiles.

Here, the FBI is referring to the use of platforms such as Twitter, Facebook, and other social networks for targeting employees during their free time, and then moving conversations to sensitive topics.

Bridging the Physical and Online Introductions Gap: FIS Used Physical Events and Online Research for Social Media Usage to Establish Relationships

In early 2018, a US-based cleared defense contractor with a Top Secret level clearance attended a technical trade show conference in the United States. An FIS who operated a vendor booth at the conference approached the contractor several times and offered sales of products/services. As a means to deter the aggressive sales pitches, the contractor indicated to the FIShis/her affiliation with the USG and offered the FIS a business card. A week after the conference, the FIS located the contractor on a popular professional linking website. The FIS sent an online request to the contractor via the website. The FIS is likely associated with an identified US adversarial military unit.

Here, the US is referring to the tactic of scouting contractor employees' social media accounts for info that can be used to get conversations and relationships going in the real physical world.

Related government coverage: