How a Chinese Agent Used LinkedIn to 'Lure' American Targets (bbc.com) 61
Today the BBC told the story of Jun Wei Yeo, "an ambitious and freshly enrolled Singaporean PhD student" who was gradually recruited by Chinese intelligence.
Yeo "would end up using the professional networking website LinkedIn, a fake consulting company and cover as a curious academic to lure in American targets." Some of the targets that Yeo found by trawling through LinkedIn were commissioned to write reports for his "consultancy", which had the same name as an already prominent firm. These were then sent to his Chinese contacts. One of the individuals he contacted worked on the U.S. Air Force's F-35 fighter jet programme and admitted he had money problems. Another was a U.S. army officer assigned to the Pentagon, who was paid at least $2,000 (£1,500) to write a report on how the withdrawal of US forces from Afghanistan would impact China... According to the court documents, his handlers advised him to ask targets if they "were dissatisfied with work" or "were having financial troubles"...
In 2018, Yeo also posted fake online job ads for his consulting company. He told investigators he received more than 400 CVs with 90% of them coming from "US military and government personnel with security clearances". Some were passed to his Chinese handlers... Dickson Yeo does not appear to have got as far with his contacts as his handlers would have liked. But in November 2019, he travelled to the U.S. with instructions to turn the army officer into a "permanent conduit of information", his signed statement says.
He was arrested before he could ask.
The 39-year-old now faces up to 10 years in prison for being an "illegal agent of a foreign power" — but the article notes he was "aided by an invisible ally — the LinkedIn algorithm.
"Each time Yeo looked at someone's profile it would suggest a new slate of contacts with similar experience that he might be interested in..."
Yeo "would end up using the professional networking website LinkedIn, a fake consulting company and cover as a curious academic to lure in American targets." Some of the targets that Yeo found by trawling through LinkedIn were commissioned to write reports for his "consultancy", which had the same name as an already prominent firm. These were then sent to his Chinese contacts. One of the individuals he contacted worked on the U.S. Air Force's F-35 fighter jet programme and admitted he had money problems. Another was a U.S. army officer assigned to the Pentagon, who was paid at least $2,000 (£1,500) to write a report on how the withdrawal of US forces from Afghanistan would impact China... According to the court documents, his handlers advised him to ask targets if they "were dissatisfied with work" or "were having financial troubles"...
In 2018, Yeo also posted fake online job ads for his consulting company. He told investigators he received more than 400 CVs with 90% of them coming from "US military and government personnel with security clearances". Some were passed to his Chinese handlers... Dickson Yeo does not appear to have got as far with his contacts as his handlers would have liked. But in November 2019, he travelled to the U.S. with instructions to turn the army officer into a "permanent conduit of information", his signed statement says.
He was arrested before he could ask.
The 39-year-old now faces up to 10 years in prison for being an "illegal agent of a foreign power" — but the article notes he was "aided by an invisible ally — the LinkedIn algorithm.
"Each time Yeo looked at someone's profile it would suggest a new slate of contacts with similar experience that he might be interested in..."
Part of being in Fight Club.... (Score:1)
....is that you don't TELL PEOPLE ABOUT BEING IN FIGHT CLUB ! (paraphrased).
What's going on over there ? Your Opsec is awful.
They make you do stupid nonsense like polygraph for a TS, yet you're fine with posting all your shit up on LinkedIn ?
Security theater.
Re: (Score:2)
No, it's just past tense, a pretty common structure when narrating events. "would en up ..." or "would go on to ...".
That's when it's bad FOR US (Score:4, Insightful)
> Don't you know it's only bad when other countries do it?
It's bad FOR US when China spies on us.
It's good for us when we spy on North Korea.
The isn't a moral issue of techniques, this is they are trying to defeat us, and preferably over the next 100 years exterminate or rule us. This is survival, not goodness.
Yes, it's a cold war (but not as cold) (Score:5, Interesting)
Yes, it's a cold war. Just like the USSR vs USA. The US won that one. Now it's China that wants to be the dominant power in the world, by getting rid of the US.
A difference this time is that daily China is actively attacking the infrastructure that the US relies on - our computer and information systems.
There seems to be a thought that goes something like this
The US is also fighting for our existence, so we should surrender and let China win.
That doesn't quite make sense to me.
Re: (Score:2)
> A difference this time is that daily USA / Trump is actively attacking the infrastructure that the China relies on - free trade and commerce.
Are you having trouble distinguishing between somebody saying "no thanks, I don't want to buy from you at that price" and somebody launching cryptolocker attacks on hospitals?
Really? You can't tell the difference between declining to make a purchase vs launching constant attacks? Seriously?
Re: That's when it's bad FOR US (Score:2)
Re: (Score:1)
The more things change the more they stay the same [wikipedia.org].
Re: (Score:2)
Are there any cultures/societies that didn't have slaves at some point in their history?
Comment removed (Score:5, Insightful)
Re: (Score:3, Informative)
> It wasn't China who went around blowing countries up, enslaving, colonizing them,
How do you think China was crates in the first place?
And they are STILL enslaving the Uyghurs to this day.
There are approximately 2.9 million people enslaved in China (WFF, 2013).
Re: (Score:1)
> exterminate or rule us
I can't profess to know the true intentions of world leaders, but I seriously doubt anyone actually wants either of these outcomes. What they want is to disadvantage you, whilst at the same time, ideally, advantage themselves. They do this to placate their people, who are (even in dictatorships) the ultimate source of their power. They do this so that their country can thrive a little more than it currently does - and for whatever reason, they don't feel that they can do that with
Looks like US Gov wasn't doing its job (Score:3)
Generally for these kinds of secrets the individuals involved are consistently monitored for things like "financial trouble", an agency is slipping somewhere if these kinds of things are happening in the first place.
All kinds of recruiters and seekers use LinkedIn (Score:4)
One target had been in the army, with some desk job at the Pentagon. People who have been in the army, need jobs and gigs too, and LinkedIn is where the recruiters are.
The other target mentioned had done something related to the F-35. Recruiters for Lockheed Martin jobs use LinkedIn too, including for some pretty sensitive jobs. Unfortunately Lockheed is on the other side of Dallas from me, so rush hour traffic would be a bitch. :)
I'm not at all surprised that someone who used to work for Lockheed is on LinkedIn. Heck, most of the white-collar workers currently at Lockheed are probably on LinkedIn.
Actually, when I need to contact a counterpart at another company, LinkedIn is a good place to find their name if I don't already know someone at that company through a professional organization. The specific details of our work we keep quiet, our resume we flaunt just like you would if you had impressive experience.
Heck, come to think of it, several of the people I know from the professional organizations don't state what company they work for because we want to be able to share techniques, ideas, and experiences without obviously associating those with particular companies. (Though I can normally guess - for example the team that red-team hacks cars - there is only ine major car company in town). Because we do tend to be hush-hush, it wouldn't be that unusual for someone in a hush-hush field to be somebody you haven't heard about. A spy could very easily come to our meetings and get useful information. We try to be aware of that, balancing that with sharing information with fellow good guys.
Re: (Score:2)
But you can be sure the intelligence agencies are also looking out for suspicious activity related to LinkedIn, which is where this kid got unstuck. He probably fine-tuned his fake job adverts based on the data he was getting as feedback, but data analysis could also be used by the opposing intelligence agencies to detect suspicious listings like his.
Re: (Score:2)
It's like the amateur hour way of doing things. What you do is recruit criminals in the target country and use them to target the desired sources of actual information. You use the criminals to corrupt the targeted sources of information, generally making their acquaintance by attending venues of entertainment and intoxication. It creates a layer a, buffer between international contact sources and the most likely targets of information. In establishing a relationship, they can gauge the corruptibility of th
Don't trust criminals (Score:2)
> What you do is recruit criminals in the target country
Putting your trust in criminals often turns out to be a bad idea.
Better to convince a reliable person that your team is the good guys, or simply buy someone who is trusted.
Re: (Score:2)
> It's like the amateur hour way of doing things.
Yes, that is why this one got caught. You do not read about the others.
You do not use criminals. Just people that are a bit pissed off with the world. Would not be any of those at Slashdot.
Re: (Score:2)
But they caught him, before he could get anywhere.
One of the flaws in the logic here and something that should make this less scary is that this kid was merely using LinkedIn to automatically suggest contacts to him. The good news is that the counter-intelligence people can run analysis on the same data and look for suspicious contacts. In this case I'm guessing the fake job advert was a dead giveaway. This amateur thought he struck it rich with the number of people who applied to it, but that's all data th
Uh obvious spying is obvious (Score:4, Insightful)
Havent heard the details of the case, but it sounds like they should have known better in these instances. Somebody asks you to write a detailed report on your experiences in the military, that doesn't seem weird?
That said I hope the CIA is doing the same thing. It's probably even easier.
Re: (Score:3)
Re: (Score:2)
I sometimes wonder if forced pledges of allegiance actually make people less loyal to that thing.
In the UK we would find reciting a pledge at school quite weird, and in Germany I think it would actually be illegal due to this history of that kind of thing. So we should be able to compare allegiance levels with relatively similar demographics with a bit of effort.
Re: (Score:2)
Why use LinkedIn at all? (Score:3)
Other than being a lazy way to curate your work history, what use does it have? It's just another take on a social media site that's designed to profit from the personal information that you voluntarily give it. If you look at the ever growing number of political comments, pet videos, lame memes, etc, it's clear that the S/N is continuing to drop. Surely, you can think of better ways to spend your cycles if you're bored. And if people in the secret squirrel business are fool enough to participate, then I suspect they may need to find another line of work.
Re:Why use LinkedIn at all? (Score:4, Interesting)
Other than being a lazy way to curate your work history, what use does it have?
The value of not having to enter your resume over and over and over and over and over... ahem, excuse me. The value of that is pretty high. When you're applying for twenty jobs in a day, not having to enter your resume data into twenty webforms is fairly important. I stopped even applying to jobs that wouldn't take my data from some other site. Too lazy to read my resume, and too incompetent to support a resume-absorbing API? Too shit a place to work.
Is there any point to Linkedin anymore? (Score:3)
Does anyone actually use Linkedin for business networking / job hunting these days? It seems like every time they are in the news it's for something bad. Lots of people exploiting data and nation state actors gleefully vacuuming up information they can use to infiltrate other countries' industrial and government sectors.
I deleted my account after a string of issues like this a few years ago. It wasn't very useful to me as what I do is fairly esoteric at this point and I'm happily self employed. I've had a round of job interviews only once in my life, the rest has come from word of mouth and actual personal networking from close contacts.
Re: (Score:3)
Re: (Score:2)
Recruiters love it, so if recruiters are useful in your field/area, it can be useful. For software engineering in the UK, last time I was looking for a new position, I tried directly applying to some companies and did not hear anything back - which I found quite odd given my CV. Giving in to a recruiter on LinkedIn, got me two great competing offers in less than a week. So YMMV, I don't like social networks, but if I have to use one for something specific I am not too bothered.
Re: (Score:2)
I'll second that.
I do not have any links other than recruiters, and I'm happy to add new recruiters to my network. I haven't got a job via Linkedin, but I always want to keep my options open. I do get a larger number of inquiries - some of them are even in the correct field!
I don't have any friends, if a friend wants me to add them, I tell them that I'm protecting their privacy and mine.
Re: (Score:2)
Funny part about this statement is that it has a decent chance of being true. Theirs is a very old civilization, so chances are they were among the first peoples to have organisational and bureaucratic structures in place to make spying both possible and worthwhile.
Re: (Score:2)
AI consulting (Score:1)
Catch them with honey pots.... (Score:2)
We used to be good at this, code breaking against Germany and Japan, double agents in French Resistance, fake army to mislead German airborne reconnaissance ....
Re: (Score:2)
Re: (Score:3)
So, you get a Chinese agent. You turn them with the threat of jail time and use them to feed disinformation back. When the Chinese figure out that their agent has been turned, then you make an example of them. And you quietly tell all your turned agents that the only reason he's being prosecuted is that he leaked that he had been turned.
Re: (Score:2)
False info... (Score:2)
Surely anyone who really does work in a sensitive government role should know better than not to give away information like this...
Of course, as someone who doesn't work for government and doesn't have access to any classified information i would quite happily create a fake profile and make up some fake information if i could convince someone to pay me for it.
Re: (Score:2)
Surely anyone who really does work in a sensitive government role should know better than not to give away information like this...
You're overestimating the intelligence of some government workers.
We already knew that LinkedIn is a PoS (Score:3)