Chinese spies fooled ‘hundreds’ of civil servants and executives, France reveals

Chinese spies using fake LinkedIn profiles have fooled "hundreds" of France’s top civil servants and executives, whose awareness of the threat is “totally insufficient” compared to Britain, the country’s intelligence agencies have warned. 

The alert over an “unprecedented threat to national interests” follows similar warnings that hostile foreign powers were using the popular online CV website to tap sensitive information from America, Germany and Britain.

According to a note leaked to Le Figaro newspaper by the DGSI and DGSE, the Gallic equivalent of MI5 and MI6, French businesses and state administration have been guilty of “culpable naivety” over the foreign spy threat via the popular online CV website despite clear warnings from UK intelligence as early as 2015.

Some 4,000 individuals have been targetted in recent months and “hundreds” have been bamboozled by offers of jobs or collaboration from fake LinkedIn accounts run by Chinese spies masquerading as “head hunters, consultants or think tanks”.

One cited by Le Figaro as agreeing to a free diving holiday in Southeast Asia while another agreed to write up short reports based on confidential information in exchange for payment.

“Contrary to what one can see notably among our English neighbours, (French awareness of online espionage) is indeed totally insufficient both among our top executives and political elites,” one agent told Le Figaro, adding that the threat had “changed paradigm since 2017” and from now on “we will respond to attacks blow for blow, whatever the consequences”.

In 2015, MI5 issued a “Security Service Espionage Alert” warning that “hostile foreign intelligence services are increasingly using LinkedIn to find, connect with and begin cultivation and recruitment of current and former HMG [Her Majesty’s Government] employees.”

It said it had already identified a “large number of HMG employees connected to known hostile foreign intelligence service cover profiles.”

At a glance | Six types of cybercriminals

In August, American counterintelligence warned that LinkedIn was being used to recruit American spies for the Chinese government in a “super aggressive” espionage campaign to contact individuals with access to confidential material.

The German intelligence agency said late last year that Chinese spies had targeted 10,000 German LinkedIn users.

The French intelligence report said 48 per cent of those targeted were in businesses and 52 per cent in the state sector with key areas including health, computing, nuclear energy, nanotechnology and telecommunications.

To contain the threat, it has issued a set guidelines on how to spot and evade attempts to lure agents, who it says are “easily recognisable”.

Attractive, presentable "avatars" usually send “standardised messages” offering “generously-paid collaboration opportunities” and an invitation to a free trip abroad to participate in a seminar, give conferences, meet a potential client or negotiate the terms of a contract”.

Once hooked, targetted individuals then receive requests for regular “analysis using confidential information”. Foreign agents were generally easy to detect as they offer only “abnormally vague information” on their company and the cooperation required and quickly ask to correspond via “encrypted messaging applications” to avoid detection.

French intelligence then listed and named 15 “screen companies” it believes are being run by Chinese intelligence, such as China Center of International Politics and Economy (CCIPE). It warned the list was “not exhaustive” as new ones were being created all the time. 

By way of advice, it simply advised civil servants to “refuse all connection requests from unknown people on social media”, adding that linking with a Chinese spy helped that agent boost his or her credibility and made it easier to fool others.

LinkedIn is one of the only major US tech platforms to operate in China, where it has a joint venture. Nicole Leverich, spokeswoman for LinkedIn, told Le Figaro: “Our policy is clear: the creation of a false account or fraudulent activity is a violation of our rules.”

In August, Paul Rockwell, the company’s head of trust and safety, said it has a threat intelligence team that focuses on the prevention, detection and mitigation of “bad activity”.  

“We’ve never waited for requests to act and actively identify bad actors and remove bad accounts using information we uncover and intelligence from a variety of sources including government agencies,” he said.

Leave a Reply