U.S. officials are increasingly sounding the alarm about LinkedIn as a tool of foreign influence in American affairs.
Officials say the online professional networking platform owned by Microsoft poses a threat for foreign influence and intelligence collection efforts, particularly by China.
William R. Evanina, director of U.S. counterintelligence, singled out LinkedIn last week, saying the networking platform could be weaponized by the members of the Chinese military whom the U.S. indicted on charges of hacking credit reporting giant Equifax and stealing data of more than 145 million Americans in 2017.
“They have more than just your credit score; they have all of your data,” Mr. Evanina said. That includes Social Security numbers and other personally identifiable information such as bank account numbers. He said the data can be used as leverage to target vulnerable Americans inside and outside of government who have access to sensitive information and who can be reached through LinkedIn.
“When they get a LinkedIn from someone in China, they already know everything about that person,” Mr. Evanina said.
Use of LinkedIn by foreign adversaries is not a hypothetical concern. In a June 2018 felony complaint accusing former Defense Intelligence Agency case officer Ron Rockwell Hansen of spying on behalf of the Chinese, the FBI noted that Hansen “printed information from LinkedIn related to several former and current DIA case officers” ahead of a trip to China in 2015. Hansen was arrested in 2018 at a Seattle airport as he prepared to board a flight to China with secret U.S. military information, according to the Justice Department. Last year, Hansen pleaded guilty and was sentenced to 10 years in federal prison.
In November, a Justice Department official told CNBC that the Chinese had flipped U.S. intelligence officers after recruiting them off LinkedIn.
Mr. Evanina labeled such efforts “super aggressive” in an interview with Reuters. He said LinkedIn should look to delete fake users in a way similar to Twitter’s purge of fake accounts.
LinkedIn reported blocking 19.5 million fake accounts from registering in the first six months of 2019, and it reported restricting the use of 2 million more fake accounts via human reviews, artificial intelligence and machine learning during the same period.
Paul Rockwell, head of trust and safety at LinkedIn, said the company takes a proactive approach to state-sponsored activity affecting its users.
“We actively seek out signs of state-sponsored activity on the platform and quickly take action against bad actors in order to protect our members,” Mr. Rockwell said in a statement. “We don’t wait on requests, our threat intelligence team removes fake accounts using information we uncover and intelligence from a variety of sources including government agencies. We enforce our policies, which are very clear: the creation of a fake account or fraudulent activity with an intent to mislead or lie to our members is a violation of our terms of service.”
The threat is not limited to the government. Businesses also are at risk, as is anyone with access to sensitive information including corporate secrets.
Foreign adversaries frequently use LinkedIn to better understand how a government entity or company works and is staffed. Ron Aledo, former CIA and DIA senior intelligence analyst, said adversaries in China, Iran, North Korea and Russia may try to build databases of employees working within government, at a federal contractor or at other companies including media.
“The common sense is obviously never put anything in LinkedIn, or anything in your resume, or anything in your profile that might be sensitive, that might give confidential or classified information to the foes,” Mr. Aledo said. “Try to be cautious when … you can see that it is a fake profile, perhaps on LinkedIn, somebody with very few contacts.”
Mr. Aledo said LinkedIn users should avoid making themselves targets for hostile powers by not oversharing their work histories. Mr. Aledo said “VIPs” on LinkedIn are perhaps the biggest targets, including vice presidents at major technology companies, pharmaceutical companies or global security corporations.
Ronnie Obenhaus, an official with the Department of Defense’s Cyber Crime Center, warned a gathering of cybersecurity professionals this month not to “blindly accept” LinkedIn requests from users they do not know because they could be tied to a hostile foreign adversary.
“They propagate malware through [LinkedIn] a lot,” Mr. Obenhaus said at a meeting of the Institute for Critical Infrastructure Technology.
China is more active on LinkedIn than other adversaries because of its commercially focused efforts, said Jamil Jaffer, founder and executive director of the National Security Institute at George Mason University’s Antonin Scalia Law School.
“Back in the old days, if you were a Soviet spy, you had to figure out the person you have to hit up. … Today, we put a lot of information out there,” Mr. Jaffer said. “There’s a lot of these things that [people] are putting out there that’s making it easier for intelligence officers to do their jobs.”
Mr. Jaffer, a vice president at IronNet Cybersecurity, the technology firm of former National Security Agency Director Keith Alexander, said the person on offense always has the advantage.
LinkedIn notes on its website that it took action against 21.6 million fake accounts in the first six months of 2019. The company’s most recent transparency report for those six months shows that the U.S. government made nearly 87% of all requests for users’ data by governments in 2019. The report said China made one request, or less than 1% of all requests.
LinkedIn’s website has a statement on “nation-state activity” on its platform that says the company is working with the FBI and Congress.
“We’re committed to keeping LinkedIn safe and will continue to invest in new methods to prevent, detect and mitigate fake profiles,” LinkedIn’s website says. “We also encourage members to report any content they encounter that makes them uncomfortable. We take these reports seriously, and take action on content that violates our Terms of Service or Professional Community Policies.”