back to article Do you expect me to talk? Yes, Mr Bond, I expect you to reply: 10k Brits targeted on LinkedIn by Chinese, Russian spies

Ten thousand Britons have been targeted on LinkedIn by recruiters for the Chinese and Russian intelligence services, according to an awareness campaign launched by domestic spy agency MI5 this morning. Details were previewed in this morning's Times newspaper, which warned specifically of people with "access to classified or …

  1. Paul Crawford Silver badge

    Well it seems Linkedin has some use after all.

  2. Claptrap314 Silver badge

    But I thought

    We needed to "Stop Asian Hate". Does MI5 not understand the critical nature of this cause?

    1. A random security guy

      Re: But I thought

      Geographically, 77% of Russia is in Asia. So you may be partially correct in blaming Asians. I wonder, though, if the Japanese, Thai, Indians, etc. are included in the collection. After all, they all live in Asia.

      1. Claptrap314 Silver badge

        Re: But I thought

        <sigh> Do I really have to spell this out?

        The "Stop Asian Hate" campaign is a soft-power play by the CCP/PLA.

        1. Cliffwilliams44 Silver badge

          Re: But I thought

          There was no concern for Asians being targeted in the Us when those doing the targeting were black! One white knucklehead with a prostitute addiction and some mental health problems shoots up a few "massage parlors" and now it's "white supremacists' who hate Asians. More like the Western "baizaos" trying to play a situation to their advantage.

          The real interesting thing was how they played one of the victims who was without a doubt a practitioner of human trafficking (you really think those young Chinese girls are free to leave the "brothels when they chose?) as some kind of Saint!

  3. gr00001000

    Recruitment/eCrime 'businesses'

    Ties in nicely to the Combi/FIN7 incident.

    Notorious FIN7 gang Cybercrime gang posed as penetration testing firm to recruit hackers

    35-year-old Ukrainian national Fedir Hladyr worked as the sysadmin for the FIN7 gang, realised it was actually an eCrime unit after joining.

    Beware those startups!! Its all starting to fall in place, gangs such as PYSA leave notes about 'better security' and improving posture after payment.

    The attackers have sys admin skills as well as pen-testing skills, they are converted IT workers some of them. They are operating as business units, with targeted BUs, organised reconnaissance, front end correspondence helpdesks.

  4. Version 1.0 Silver badge

    10,000 compromise attempts over five years was conservative

    Nothing to worry about - just checked the mail-server, only 15,000 login attempts today.

    1. Stuart Castle Silver badge

      Re: 10,000 compromise attempts over five years was conservative

      Depends. If you have over 15,000 users, 15,000 login attempts was probably light usage. If you have a few thousand, it's a bit more of a problem. If you only have a few hundred (or less), it could be a major problem.

  5. Pascal Monett Silver badge
    Trollface

    Bah

    If they're on LinkedIn they're doing nothing of importance anyway.

  6. Danny Boyd

    How stupid we are they think?

    Intelligence service recruiters approaching you on LinkedIn, of all places? Yeah, pull another one.

    1. Antron Argaiv Silver badge
      WTF?

      Re: How stupid we are they think?

      This must explain the random emails I get from people I don't know, whose only content is "Please add me to your contact list". (Trolling headhunters, most likely)

      Not a chance, mate. You do know that you can edit the canned message LinkedIn sends, don't you? Tell me who you are and why you're contacting me, and maybe I'll reply.

  7. Lunatic Looking For Asylum
    WTF?

    At least in the olden days, some beautiful Russian woman (or young man...)

    would try sleeping with you - now it's just a spotty nerd in a run down office block clicking 'Like' icons :-(

    Never done LinkedIn, or any other social media platform for that matter.

    I was working at <I'd rather not say> defence contractor in a security role (it may or may not have been patroling the perimter and issuing car park passes but it was still security) a few years ago and the missive came round telling staff to remove their clearance status from LinkedIn.

    Personally, if you are stupid enough to put your clearance status on LinkedIn then you should be fired and have no place in a security role. The only exception I can think of is if you are phishing for foreign agents to contatct you.

    I _REALLY_ don't get social media.

  8. Danny 2

    operating with unefarious intent

    Less than twenty years ago otherwise intelligent engineers would post their full CVs on publicly searchable websites, or their recruitment agents would. They'd list their military projects in detail that they'd worked on - many of which were unknown otherwise - their contact details, and of course hobbies and interests.

    As apolitical pacifists we couldn't do anything useful with that information, but we'd send them the odd anonymous email letting them know they'd let their guard down to a dangerous degree. We never threatened anyone but presumably scared them into better IT security. Real life equivalent of a bug tester, or how the SAS try to break into nuclear sites to test their defences while stupid amateurs actually do fairly easily.

    I labelled the tactic 'tag terrorism', as in if I was a terrorist then you or maybe a lot of people would be dead. Just so they knew. Tag, you are shit. Tag is a graffiti term for signing your nom de plume, and we'd do that in supposedly highly secure places.

    It amazes me that Banksy "works of art" sell for millions when anyone could just copy them, yet apart from his Palestinian work mine were far more dangerous. I don't grudge him it, he is mocking and exploiting the amazingly stupid art market,

  9. Robin Bradshaw

    Dont let the Russians steal your shitposts

    I presume the "figure of 10,000 compromise attempts over five years was a conservative one" as they didnt count all the UK's operations or the ones were we were merely tampering with a linkedin profile in transit as that doesnt count.

    https://www.theregister.com/2013/11/11/gchq_used_fake_linkedin_profiles_to_access_belgian_telco/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like