Tag Archives: MI5

News

Tech News: New Spy-Spotting App From MI5

The UK government’s MI5-run ‘Centre for the Protection of National Infrastructure’ has launched a new app to help people spot approaches from foreign spies and organised criminals seeking sensitive information.

Really? How Big Is The Problem? 

According to MI5, it spotted 10,000 UK nationals across society being approached last year via fake social media profiles, e.g. on LinkedIn and Facebook.

Who Are The Targets? 

Although the new ‘Think Before You Link’ app can be downloaded by anybody, it is really aimed at people working in sensitive industries, those working in government (e.g. civil servants) plus those in high-tech business and in academia.

How?

According to the CPNI, hostile actors and criminals usually contact the target by posing as an interested ‘employer’ or recruitment consultant presenting a unique business opportunity. They then ask for further details about the target’s background, try to “sell” the business opportunity, insisting on discussing it privately, away from the initial website.

The CPNI says that this kind of engagement is an attempt to understand the level of access the individual has to sensitive information by drawing it out from them and then build a longer-term relationship. The idea is, of course, that the target remains unaware of the real purpose of the approach and, in some instances, they believe they are providing information to develop a legitimate business opportunity.

The Signs 

The CPNI says that some of the signs of an approach by hostile actors include offers that are ‘too good to be true’, a lack of any visible or checkable company information available online, the use of flattery, attempts to introduce urgency, selling an idea/opportunity as being scarce/ one-off or exclusive, and the imbalance of a disproportionate focus on the target’s company, rather than validating the target as a candidate.

How Can The App Stop This From Happening? 

The ‘Think Before You Link’ app, designed with the help of behavioural scientists, uses the following features to help protect the users from approaches by spies and scammers:

– Interactive learning to provide the user with the knowledge of how to spot malicious approaches. This includes tailored content and case studies with more relevance to the user’s sector and role.

– A social media profile reviewer which includes a built-in reverse image search to identify profile pictures which may be re-used from other sites and includes self-answer questions.

– A reporting mechanism to help the user to report a profile that might be malicious.

What Does This Mean For Your Business? 

With threats such as economic espionage, worries about how states such as China and Russia using social media to influence opinion, a proliferation of online scams (e.g. recent ones using the situation in Ukraine), and news of Pegasus spyware at 10 Downing Street, fears are running high. This app may be a useful way to educate, alert and remind those in sensitive professions of today’s threats as well as providing a fast and handy way for reporting which could help provide a more accurate picture of the type and range of security threats and help enable faster and better responses. Although most of us are unlikely to be targeted by spies, at least this app may stop and flag-up some of the many security compromises via fake social media profiles. It may also provide a way for the government to gather evidence that may be used to put more pressure on the major social media companies to do more to tackle the problem of fake profiles.

News

Tech News : MI5 ‘Think before You Link’ Campaign Warning To Staff

MI5 is using a ‘Think before You Link’ campaign to warn its workers about the growing threat of being targeted for information by actors for hostile states using fake profiles on platforms such as LinkedIn.

Think before You Link

It has been reported that MI5 believes that more than 10,000 British nationals have been targeted online in the past five years by hostile states.  With this in mind, the UK’s Centre for the Protection of National Infrastructure (CPNI), an offshoot of MI5, has launched a ‘Think before You Link’ campaign. The idea of the campaign is to provide practical advice on how to identify, respond to, and minimise the risk of being targeted by criminals and hostile actors who may act anonymously or dishonestly online in an attempt to connect with people who have access to valuable and sensitive information.  

LinkedIn?

Although LinkedIn has not been explicitly named as a platform that is being used/could be used, LinkedIn has said in a statement published on its news page that “We welcome the online safety efforts of the Centre for the Protection of National Infrastructure and its work to expand their Think Before You Link campaign in the United Kingdom”. The statement goes on to say that “We actively seek out signs of state-sponsored activity on the platform and quickly take action against bad actors in order to protect our members” highlighting how it has a “Threat Intelligence team” to remove fake accounts.

Who?

The campaign is aimed at those who “Identify as an employee or member of HMG or Civil Service” or “Identify as working in the private sector or academia with access to classified or commercially sensitive technology or research”.  These could include (among others) retired civil servants with access to technology relating to defence/defence equipment.

What?

CPNI (MI5) suggests that once links are made online with fake profiles (e.g. with LinkedIn), social manipulation could occur as business proposals/propositions could be made that require information to be given that could be of use to criminal actors/hostile states. For example, this could take the form of an invitation (paid) to speak at a conference/event as an expert, which could involve linking online with relevant people, submitting a CV and background information. This could also lead to bribery or blackmail.

Damage

According to CPNI, the risk of engaging with such profiles is ‘damage’ to individual careers, damage to the interests of the person’s organisation, and damage to the interests of UK national security and prosperity. This appears to be a way of warning those with national security-related work roles not to unwittingly put themselves in a position where they may give away secrets of valuable (to other states) information online.

Campaign Materials

The ‘Think before You Link’ campaign is using guidance for staff and organisations, flyers, poster sets, and videos to explain and illustrate the risks and what to do to minimise them.

What Does This Mean For Your Business?

With current difficult relations between the UK, the U.S. (and all the Five Eyes) and what are now seen as hostile or potentially hostile states (e.g. Russia and China), trade wars (US and China), cyberattacks on state agencies and big businesses as well as to get vaccine secrets, online interference in elections, and chemical weapon usage (poisonings) have all contributed to the apparent need to warn of approaches by hostile actors via social media. Remote working and physical separation during the pandemic have also made the need for this warning more urgent as the numbers of targeted social manipulation attempts have grown over the last year. Businesses with access to classified or commercially sensitive technology or research, or who have working relationships with academia, or with experts in certain fields (e.g. defence), may need to be particularly cautious when it comes to approaches by new or little-known friends and connections on social media.