MI5 is using a ‘Think before You Link’ campaign to warn its workers about the growing threat of being targeted for information by actors for hostile states using fake profiles on platforms such as LinkedIn.
Think before You Link
It has been reported that MI5 believes that more than 10,000 British nationals have been targeted online in the past five years by hostile states. With this in mind, the UK’s Centre for the Protection of National Infrastructure (CPNI), an offshoot of MI5, has launched a ‘Think before You Link’ campaign. The idea of the campaign is to provide practical advice on how to identify, respond to, and minimise the risk of being targeted by criminals and hostile actors who may act anonymously or dishonestly online in an attempt to connect with people who have access to valuable and sensitive information.
Although LinkedIn has not been explicitly named as a platform that is being used/could be used, LinkedIn has said in a statement published on its news page that “We welcome the online safety efforts of the Centre for the Protection of National Infrastructure and its work to expand their Think Before You Link campaign in the United Kingdom”. The statement goes on to say that “We actively seek out signs of state-sponsored activity on the platform and quickly take action against bad actors in order to protect our members” highlighting how it has a “Threat Intelligence team” to remove fake accounts.
The campaign is aimed at those who “Identify as an employee or member of HMG or Civil Service” or “Identify as working in the private sector or academia with access to classified or commercially sensitive technology or research”. These could include (among others) retired civil servants with access to technology relating to defence/defence equipment.
CPNI (MI5) suggests that once links are made online with fake profiles (e.g. with LinkedIn), social manipulation could occur as business proposals/propositions could be made that require information to be given that could be of use to criminal actors/hostile states. For example, this could take the form of an invitation (paid) to speak at a conference/event as an expert, which could involve linking online with relevant people, submitting a CV and background information. This could also lead to bribery or blackmail.
According to CPNI, the risk of engaging with such profiles is ‘damage’ to individual careers, damage to the interests of the person’s organisation, and damage to the interests of UK national security and prosperity. This appears to be a way of warning those with national security-related work roles not to unwittingly put themselves in a position where they may give away secrets of valuable (to other states) information online.
The ‘Think before You Link’ campaign is using guidance for staff and organisations, flyers, poster sets, and videos to explain and illustrate the risks and what to do to minimise them.
What Does This Mean For Your Business?
With current difficult relations between the UK, the U.S. (and all the Five Eyes) and what are now seen as hostile or potentially hostile states (e.g. Russia and China), trade wars (US and China), cyberattacks on state agencies and big businesses as well as to get vaccine secrets, online interference in elections, and chemical weapon usage (poisonings) have all contributed to the apparent need to warn of approaches by hostile actors via social media. Remote working and physical separation during the pandemic have also made the need for this warning more urgent as the numbers of targeted social manipulation attempts have grown over the last year. Businesses with access to classified or commercially sensitive technology or research, or who have working relationships with academia, or with experts in certain fields (e.g. defence), may need to be particularly cautious when it comes to approaches by new or little-known friends and connections on social media.