Germany Accuses Chinese Intelligence Services Of Using Fake LinkedIn Profiles To Recruit Informants And Extract Sensitive Information
from the well,-of-course-it's-not-just-Russia dept
Over the last year, the scale of Russia's disinformation activities has become clearer. Its Internet Research Agency has deployed an astonishing range of sophisticated techniques, included accounts on Twitter and Facebook, and hiring activists within the US without the latter being aware they were working for the Russian government. We also now know that the same organization has been buying Facebook ads on a large scale that were seen by over a hundred million US citizens. But it would be naïve to think that Russia is the only foreign power engaged in this kind of activity. In fact, it would be surprising if any intelligence agency worth its salt were not carrying out similar activities around the globe. The first detailed information about China's use of fake social media accounts to recruit informants and extract sensitive information has just been published by the Bundesamt für Verfassungsschutz (BfV), Germany's domestic intelligence service. As Reuters reports:
Nine months of research had found that more than 10,000 German citizens had been contacted on the LinkedIn professional networking site by fake profiles disguised as headhunters, consultants, think-tankers or scholars, the BfV said.
Quartz quotes the BfV's president, Hans-Georg Maaßen, as saying:
"We are dealing with a broad attempt to infiltrate parliaments, ministries and administrations," said Maaßen. “Chinese intelligence services are using new strategies of attack in the digital space."
An interim report on the analysis that appeared on the BfV site in July (original in German) explains how the Chinese operated. The supposed headhunters, scholars and Chinese officials claimed that there were interested in the specialism of the person being approached. They inquired about a possible exchange of professional views on the topic, and spoke of an "important customer" in China:
the Chinese contact persons ask those involved for a curriculum vitae and offered to pay for a trial project. If this was completed satisfactorily, an invitation is made to go to China to meet with the "important customer", with the costs of the stay being covered by the Chinese side. In fact, however, the "important customer" never appears and is not explicitly named. In due course, the persons involved are usually asked regularly to write reports in return for appropriate remuneration, or to pass on internal, sensitive information from the respective work area.
As part of its report, the BfV published a selection of the fake profies. Reuters explains:
Many of the profile pictures show stylish and visually appealing young men and women. The picture of "Laeticia Chen", a manager at the "China Center of International Politics and Economy" was nicked from an online fashion catalogue, an official said.
The Chinese Foreign Ministry spokesman Lu Kang was, of course shocked by the accusations, which he called "baseless":
"We hope the relevant German organizations, particularly government departments, can speak and act more responsibly, and not do things that are not beneficial to the development of bilateral relations," Lu said.
The implicit threat there chimes with two other stories about China that Techdirt published last month. In one of them, the Chinese authorities put pressure on the academic publisher Springer Nature to censor thousands of papers that dealt with topics that showed China in a less than flattering light. Similarly, Allen & Unwin was "persuaded" by the Chinese authorities not to publish a book about China's growing but covert influence in Australia. The row between Australia and China has since escalated further. The latter denounced remarks by Australian politicians as being "full of prejudices against China", and lodged a formal protest. Taken with the latest news of China's attempts to recruit informants using social media, these recent events are evidence of a newly aggressive China on the world scene -- and of what The Economist calls China's "sharp power".
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: china, espionage, fake profiles, germany, surveillance
Companies: linkedin
Reader Comments
Subscribe: RSS
View by: Time | Thread
Are you saying that NSA is "not worth its salt"?
Your first paragraph is warmed-over clumsy assertions. Netwit's #1 tactic of The Big Repeat.
I bet you can't bring yourself to state flatly that "it's-not-just-Russia, it's the US, UK, and Israel TOO". Betcha can't even admit that!
If US, UK and Israeli "intelligence agencies" are doing this TOO, what exactly justifies your outrage at Russia / China -- except that you're a jingoist who believes anything "your" side does is an exception to all rules, and so you never even mention directly?
[ link to this | view in thread ]
Re: Are you saying that NSA is "not worth its salt"?
[ link to this | view in thread ]
If you already started using their storage devices and you want to stop... tough luck, you must destroy all your data that's stored on devices made by them, because it's a component part of the device by now. (section 15 in the EULA)
https://www.synology.com/en-us/company/legal/terms_EULA
quotes:
Section 7. Audit.Synology will have the right to audit your compliance with the terms of this EULA. You agree to grant Synology a right to access to your facilities, equipment, books, records and documents and to otherwise reasonably cooperate with Synology in order to facilitate any such audit by Synology or its agent authorized by Synology.
[...]
Section 15. Termination. Without prejudice to any other rights, Synology may terminate this EULA if you do not abide by the terms and conditions contained herein. In such event, you must cease use of the Software and destroy all copies of the Software and all of its component parts.
/quote
[ link to this | view in thread ]
"But mom, they're doing it too!"
Ah the good old, 'They're doing it too, so how dare you bring it up when someone I like does it!' attempt to deflect attention elsewhere.
(Of course if your intent is not to defend the chinese spies who got caught with their hands in the cookie jar the question becomes why exactly are you pulling the 'Yes, but what about...' card?)
China's intel agency/agencies got caught in their attempts to bribe/create informants. That other countries likewise engage in intel gathering schemes(whether they are doing something similar to this is unknown, but certainly possible) does not magically make china's actions anything other than what it is.
[ link to this | view in thread ]
This is only the tip of the iceberg
There is also circumstantial evidence that "private" data stored on LinkedIn has been systematically leaked or otherwise furnished to various governments. That seems pretty much settled; all the remains is to figure out whether it's getting out via security breaches, via insiders, or whether LinkedIn itself is selling it.
[ link to this | view in thread ]
Humans are a cancer in this planet...
[ link to this | view in thread ]
Re: Are you saying that NSA is "not worth its salt"?
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
Those look like pretty standard enterprise agreements to me.
I work for a large enterprise, we use IBM software, and as part of the license agreement we must install on all servers - whether they use IBM software or not - an IBM piece of auditing software that periodically scans the server for copies of IBM software - and the hardware configuration of the server since most IBM software is licensed per CPU - which is then reported back to IBM so that IBM can charge license fees.
They also have clauses that let them come in and audit us to ensure we are in compliance with their license conditions.
And WRT to section 15, again that is pretty standard. As soon as your licensing rights are terminated, you no longer have the right to use their software. You don't have to delete your data, but you do have to delete the software. E.g. if Oracle terminates your rights to use their DBMS, you must delete all copies of their DBMS, not the data files themselves. There are utilities that allow you to export the data directly from the Oracle-formatted files to other formats (even just straight data exports).
[ link to this | view in thread ]
Re: Re:
First of all, once they've granted authorization for a copy to be made, they have zero say in the use of that copy. As far as I'm aware, "permission to use" is not a right reserved to the copyright holder; at the very least, the "copies necessary for use" (e.g., copying into RAM) are explicitly not covered by copyright under (US) copyright law.
Second, once they've granted authorization for a copy to be made, and that copy has been made, I don't see why the withdrawal of their permission should require the deletion of that copy. The copy was made with duly legitimate permission; as long as no further copies are made, no further permission from the holder of the copyright should be needed.
The inclusion of clauses like this in license agreements looks to me like an attempt by copyright holders to grab power which is not given to them by law, and which they should not necessarily actually have. If such clauses have become "standard", that just means that that attempt has been largely successful.
[ link to this | view in thread ]
Can you say "Vacuum?"
It's been said for a long time now that if America drops its global leadership China will fill the vacuum as the next superpower.
Free-market fundies, this is on you. Who cheered when American (and EU countries) jobs were offshored because it meant goods would be cheaper?
Those jobs fueled China's economy, thereby providing the money required to build it up to where it is now. Remember, we won the Cold War by running Russia out of funds; in the end it was too costly for them to continue it.
Enjoy the Chinese hegemony, people. Times are going to be very... interesting.
[ link to this | view in thread ]
Re: Re: Re:
How well that will stand up in court is a different matter tho.
[ link to this | view in thread ]
Re: Re: Re: Re:
That doesn't make sense to me, though - because by continuing to possess and use the software, you are not creating new copies, except for the transitory copy-into-RAM ones which are explicitly not covered under US copyright law.
It seems to me that as long as you do not create an unauthorized copy (or derivative work, et cetera), it should not be possible for you to be in breach of copyright law, because what copyright law limits to those authorized by the rightsholder is specifically the right to create copies - not the right to possess a copy, or to use a copy, or any other such thing.
Once the copy has been created, the right to create it is no longer relevant, and only control over the copy itself matters.
Once they have transferred the copy into your control, they (should) no longer have any say under copyright law in what you do with it.
They might have a claim under breach of contract, true enough, although the whole thing about the ongoing war against the doctrine of first sale comes in there. But at that point, copyright law has - or should have - nothing to do with it.
[ link to this | view in thread ]