By Louis Fourie
JOHANNESBURG - On July 24, Yeo Yun Wei, also called Dickson Yeo, pleaded guilty in a federal court in Washington, DC, to acting as a foreign agent under the direction of the Chinese intelligence service.
While posing as a visiting PhD student at George Washington University, the Singaporean citizen collected sensitive information from Americans.
This admission to the court made me realise that in the cyber era the gun wielding action type of spies of the calibre of James Bond 007, have to a large extent been replaced by laptop-wielding hacking reconnoitres.
Foreign spies are increasingly using false profiles on professional networking sites to gain access to commercial or government secrets, as well as academic research.
Spies often masquerade online as head-hunters, or people offering appealing career opportunities, in order to connect with individuals that could potentially be exploited for sensitive information.
LinkedIn and spying
Yeo liked to boast about his US-Asia connection and states on his LinkedIn profile that he is a political risk analyst with connections to hundreds of policymakers and that he endeavours to bridge North America with Beijing, Tokyo and south-east Asia.
But in fact, he was more than just geographical bridging. He used LinkedIn to target high ranking people in the American military and government with security clearances to garner information from them.
He focused on military commanders, China specialists at the Pentagon, and think-tank experts, who accepted his LinkedIn connection requests without thinking.
Although Yeo was, according to his testimony, driven by LinkedIn’s “relentless” algorithm of potential connections, he had been recruited by Chinese intelligence five years earlier when he travelled to Beijing as a student.
In 2018 he established a fake consulting company in order to post job listings that resulted in more than 400 applications with very useful information about applicants’ experience in certain areas of interest. He eventually recruited three US government workers. Yeo also corresponded via LinkedIn and phone calls for five years with a “security specialist” assigned to a US Air Force base.
From the court case it became evident that Yeo focused his recruitment on people with professional or financial grievances or people who were ingenuously willing to provide “harmless” information. These people were often asked to write a report for clients in Asia and when they were paid by the front company of the Chinese intelligence, they were captured as an asset and were exposed to potential blackmail into providing more valuable or confidential information.
Some cyber experts believe that China is building a database of people vulnerable to blackmail, cross-referencing information from past hacks of western companies that secured personal details of millions of people.
In 2019 a LinkedIn account from a certain “Katie Jones,” claiming to be a Russian expert at the very prestigious Centre for Strategic and International Studies, eventually proved to be false. Even her picture was generated by artificial intelligence and, therefore, fake.
Roughly the same time, Kevin Mallory, a former CIA officer, was sent to prison for 20 years due to conspiracy to deliver classified information to the Chinese Intelligence Service after being approached on LinkedIn.
LinkedIn closed the account of Yeo after his guilty plea since his fraudulent and misleading activities violated its terms of service.
They also banned all computer or artificial generated images. Unfortunately, fake identities and accounts are very difficult to detect.
Stealing of intellectual property
According the CNBC Global CFO Council (representing some of the largest public and private companies in the world), seven out of 23, or 30.4 percent, of surveyed North American-based corporations claim that Chinese companies have stolen intellectual property (IP) from them over the last decade.
Recently the US charged two Chinese hackers, working with the China Ministry of State Security (intelligence service), since they targeted American companies conducting coronavirus research with the intention to steal their research and potential vaccines. They also stole confidential data relating to military satellite programmes and other sensitive military projects, as well as the source code for computer games.
Earlier this year the US accused the Chinese company Huawei of stealing technology form six US companies. This is partly the reason why countries such as the US and Germany are reluctant to use Huawei’s 5G wireless technology.
A world of cyber spying
Although China remains the world’s leader in IP theft, they are not alone. In July the US, UK and Canada accused hackers linked to Russia of trying to steal coronavirus research.
China, Russia, Iran and North Korea are known safe havens for cyber criminals as long as these criminals and hackers are willing to assist the respective governments in their illegal and spying endeavours.
Recently Australia has been recruiting 500 additional cyber spies after a breakdown in diplomatic relations with China and after Australia’s government, businesses, and educational institutions have been under unrelenting attack from a sophisticated state actor according to Scott Morrison, the prime minister of Australia. In similar fashion, US intelligence agencies pride themselves on their ability to “steal” secrets.
Even Indian recruiting companies requires a large amount of personal information. Most of them go to the extent that if someone does not have a LinkedIn profile, they cannot get a job.
Online risks and cyber hygiene
Social media and networks have changed our world and enabled networking, but they have also complicated our world. Facebook, Twitter, LinkedIn and other services have given governmental and industrial spies enormous amounts of valuable information about people of interest around the world and thereby created new vulnerabilities, threats and risks.
These vulnerabilities are further exacerbated by the “digital dust” or electronic trails left by people as a result of credit card transactions, car rentals, Internet searches, tweets, online purchases, geotags, likes and dislikes.
People, especially those in senior positions or working with sensitive information, should therefore be trained in the risks involved in the use of LinkedIn or any other social network programme. Social network users should carefully weigh all personal information displayed on social media sites.
The government and companies with sensitive information should also seriously consider using robust processes to conduct background investigations, to detect insider threats and to flag early indicators of potential penetration into their workforce.
It is important to practice basic cyber hygiene when contacted online. Validate the person’s identity and limit the amount of personal information that is shared online or on social media. Or even better – link only to people you have met in person or really know quite well. Care also needs to be exercised when pursuing job offers, endorsing people’s skills or recommending contacts for their work. Before providing personal details to a recruiter, validate the recruiter or ask for references of satisfied customers.
Be careful of the so-called “relentless” algorithm of LinkedIn (according to Yeo) and other social media networks that are constantly suggesting appropriate connections you do not recognise or know. Usually the algorithm points out mutual connections to encourage people to click “Accept” even if they do not recognise the person. Once connected, contacts can initiate private messages to start a discussion, with good or evil intentions. It is better to link only to someone if you know them and really want to connect to them.
Due to the recent spying events, we are currently waking up to the real risks related to data privacy and how personal or company information can be misused across the globe. Just like in the case of personal relationships we will have to treat digital connections with much greater care in future. LinkedIn will never be the same…
This article will self-destruct in 3 minutes!
Professor Louis C H Fourie is a futurist and technology strategist.
BUSINESS REPORT