The FBI’s Washington Field Office, in coordination with the FBI’s Office of Private Sector (OPS), is informing private sector partners regarding foreign intelligence services’ (FIS) exploitation of social media platforms and data to target corporate and US government (USG) clearance holders. FIS and US adversary intelligence officers are using popular US-based social media platforms to identify, recruit, and conduct operations against USG clearance holders, to include private sector employees or contractors supporting the USG. FIS officers will use popular US-based platforms and their respective countries’ social media platforms for personal and intelligence gathering/operations purposes.
FIS Primary Targets: Former/Active USG Clearance Holders
In 2017, an FIS used a popular professional networking website to contact a former USG employee who held an expired Top Secret level clearance. The employee listed their intelligence/national security background on their website profile. A separated but recruited individual later acted as the “middleperson” who introduced the employee to the FIS. In February 2017, the employee traveled overseas to meet the FIS and established a covert communication channel. That communication channel served as a mean to pass Secret and Top Secret information to a US adversary. In mid-2017, the USG arrested and charged the employee for conducting espionage against the United States.
FIS Private Sector Targets: USG Contractor Clearance Holders
A known FIS front company used a publicaly available employment website to target USG defense contractors who posted their resume online. The FIS used the website to target, assess, and recruit employees of US-based defense contracting companies supporting the USG who have specialized skills in the aviation technology.
Social Engineering Method: FIS use Fictitious Social Media Accounts to Obtain Access to Sensitive and Classified Data from USG and Corporate Employee
An FIS created a fictitious US military social media profile on several platforms. The FIS used the profile to establish online relationships/social network with a wide range of USG, US military personnel, and multiple US-based cleared defense contractors. The FIS used the social network to develop and assess a targeted pool of profiles.
Bridging the Physical and Online Introductions Gap: FIS Used Physical Events and Online Research for Social Media Usage to Establish Relationships
In early 2018, a US-based cleared defense contractor with a Top Secret level clearance attended a technical trade show conference in the United States. An FIS who operated a vender booth at the conference approached the contractor several times and offered sales of products/services. As a means to deter the aggressive sales pitches, the contractor indicated to the FIS his/her affiliation with the USG and offered the FIS a business card. A week after the conference, the FIS located the contractor on a popular professional linking website. The FIS sent an online request to the contractor via the website. The FIS is likely associated with an identified US adversarial military unit.