Espionage: Germany unmasks fake Chinese LinkedIn profiles

Germany's BfV identified eight profiles and three companies involved in China's social engineering efforts.

Germany unmasks fake Chinese LinkedIn profiles
TheDigitalArtist (CC0)

In a rare move, the German Ministry of Interior (Bundesamt für Verfassungsschutz (BfV) ) made public the results of a nine-month counterintelligence study into the use of social networks, including LinkedIn, by the Chinese intelligence services.

The head of the BfV, Hans-Georg Maaßen, noted, “Chinese intelligence services are active on networks like LinkedIn and have been trying for a while to extract information and find intelligence sources in this way,” including seeking data on users’ habits, hobbies and political interests, according to Reuters.

Furthermore, the BfV says the intent is to compromise individuals' computers and their corporate or government access to ultimately penetrate organizations of interest. In other words, they want to exploit the trusted insider's access.

This revelation, unique in only providing the identity of the fake profiles, is one of many that governments around the world have warned — social networks are prime hunting grounds for all ilk of social engineers. Indeed the rise of fraud on social networks, specifically LinkedIn, has been growing for years.

The targeting of over 10,000 German citizens has been confirmed by the BfV, Spiegel Online tells us, via the Chinese intelligence service's fake social profiles.

“Chinese intelligence services are active on networks like LinkedIn and have been trying for a while to extract information and find intelligence sources in this way,” it says.

China denies the accusations.

According to a New York Times article, "Lu Kang, a spokesman for the Ministry of Foreign Affairs, called the investigation 'complete hearsay and groundless.'"

Fake LinkedIn profiles

The many profiles that the BfV study uncovered show that the Chinese leaned toward young professional men and women. The BfV noted that the Chinese blended in and that the social network (LinkedIn) doesn’t find their presence suspicious. The Bfv cautions that these identified profiles may be the tip of the proverbial iceberg.

LinkedIn has removed the profiles of these individuals, but Austrian Kleinezeitung captured at least one prior to the removal, that of Laeticia Chen.

The LinkedIn profiles removed:

  • Laeticia Chen – Manager at “China Center of International Politics and Economy”
  • Jason Wang – Representative of AFEC in Beijing
  • Allen Liu – Personnel department of a consulting company in Hangzhou
  • Rachel Li – headhunter for RiseHr
  • Alex Li – Project Manager at “Center for Sino-Europe Development Studies”
  • Eva Han – An HR Specialist
  • Luo Jana - Manager
  • Lily Wu – Assistant to the secretary general of the Center for Chinese-European Development Studies.

The BfV also identified three organizations that it claims are involved in the Chinese social engineering efforts.

  • Global View
  • DRHR
  • Move HR

Reuters reviewed some of the individual profiles prior to their removal and confirmed they were connected to “senior diplomats and politicians from several European countries.”

Catfishing goes Nation State

We are accustomed to hearing of catfishing schemes targeting our elderly and duping the unsuspecting senior citizen into funding medical procedures or an education for their online love interest and then once their bank account is drained, the individual ( located in Malaysia, Nigeria or the next town over) evaporates and disappears.

Therefore, it should come as no surprise that this same methodology has morphed into the use of Chinese intelligence services (and other nations as well) to socially engineer secrets from those who have access to information of interest. 

Our advice: Trust but verify every contact with whom you share any information — do your due diligence. Don’t accept their presence in a trusted colleague’s “list of professional contacts” as evidence. Ask that colleague straight out: “Do you know this individual? How well?”

Copyright © 2017 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)