MI5 have warned that ‘hostile intelligence services’ are clandestinely targeting Government employees through the popular online CV website.
Secret agents working for malign foreign powers, including Russia and China, have created fake profiles on the social networking service to lure unsuspecting victims.
In the elaborate scam – that wouldn’t be out of place in a James Bond novel – enemy spies are using bogus accounts on the website, described as like Facebook but for business professionals, to try and ‘find, connect with, cultivate and recruit’ current and former Government employees.
The Daily Mail doesn’t need to clickbait, that is an extraordinarily windy title, and I’m wondering if it’s legitimate British English to use the verb malign as an adjective. Editorial warts aside, this is a serious issue, and exploiting social media leaks is something I do on a weekly basis.
As an example of what an exploitation might look like, here are some sanitized versions of a real world engagements I’ve had over the last year.
A fortune 500 executive was receiving a steady flow of messages with sexual content. The source knew things about her work day, her children, and details on a recent decorating choice in her home. Police had been working on the assumption that her home might have been surveilled or intruded. We examined her social media which did include some personal details, but not enough to cover all knowledge the stalker displayed. Access to her private office was a requirement and a ‘barium meal’ placed in her trash can yielded criminal charges for a janitor.
A Bitcoin related fraud case involved a limited liability company represented by a couple of individuals who were also codefendants. The LLC was incorporated in Delaware, making its members essentially unassailable. Starting with a pair of Twitter accounts for the promoters, we identified a pool of a dozen common associates there, and from that starting point a parent company with both assets and ongoing revenue was identified.
A fraud case resulting in a RICO suit involved multiple entities in several U.S. states and one offshore haven. The domains were examined for commonalities using Maltego, historic domain information was retrieved with Domain Tools, and the fingerprints of a single technical staff member was found. Manual examination of the LinkedIn networks for the named defendants yielded a candidate for the technical staff member, who was successfully subpoenaed.
A defamation domain concealed behind Cloudflare was strongly suspected to be the effort of a competitor to the company being smeared. A direct approach involving Maltego and manual methods yielded no usable information. The social networks of the leadership of the competitor were examined with an eye on other business entities, yielding a collection of domains to inspect. The defamation domain was colocated on the same virtual private server as one of those businesses.
Limited liability companies protect businesses from direct litigation approach, just as Cloudflare protects web sites. No such facility exists for protecting one’s social network footprint and Cloudflare only protects web services, not the entire network attack surface.
An initial hardened front on a company’s incorporation isn’t the end of the road. If their web presence is hardened that makes things much tougher, but if any social network data is available there is usually some avenue that can be pursued.
I am available for defensive and offensive engagements in this area. I can pursue an individual or company for the sake of discovery, or I can turn a would-be intruder’s eye on your presence. You can start the process by contacting me, Neal Rauhauser, on LinkedIn.