FBI Private Sector Report: US Adversaries Exploit Social Media Information to Target US Individuals and Government Clearance Holders

The following report from the FBI's Office of Private Sector on social media targeting of government clearance holders appears to reference the case of Kevin Mallory, who was convicted in 2018 and sentenced to 20 years in prison for selling classified U.S. defense information to Chinese intelligence officers.  The report also describes what seems to be a previously unreported incident in 2018 in which a current defense contractor with a Top Secret clearance was approached by a foreign intelligence service (FIS) at a technical conference and then contacted via a "professional linking website" believed to be LinkedIn.

US Adversaries Exploit Social Media Information to Target US Individuals and Government Clearance Holders

Page Count: 3 pages
Date: April 1, 2019
Restriction: TLP: GREEN
Originating Organization: Federal Bureau of Investigation, Office of Private Sector
File Type: pdf
File Size: 252,619 bytes
File Hash (SHA-256): 675C05CB4DAF3C9343D7E1343CFE2A838A30E2EF7E8DA1563303A507157D7308

Download File

The FBI’s Washington Field Office, in coordination with the FBI’s Office of Private Sector (OPS), is informing private sector partners regarding foreign intelligence services’ (FIS) exploitation of social media platforms and data to target corporate and US government (USG) clearance holders. FIS and US adversary intelligence officers are using popular US-based social media platforms to identify, recruit, and conduct operations against USG clearance holders, to include private sector employees or contractors supporting the USG. FIS officers will use popular US-based platforms and their respective countries’ social media platforms for personal and intelligence gathering/operations purposes.

FIS Primary Targets: Former/Active USG Clearance Holders

In 2017, an FIS used a popular professional networking website to contact a former USG employee who held an expired Top Secret level clearance. The employee listed their intelligence/national security background on their website profile. A separated but recruited individual later acted as the “middleperson” who introduced the employee to the FIS. In February 2017, the employee traveled overseas to meet the FIS and established a covert communication channel. That communication channel served as a mean to pass Secret and Top Secret information to a US adversary. In mid-2017, the USG arrested and charged the employee for conducting espionage against the United States.

FIS Private Sector Targets: USG Contractor Clearance Holders

A known FIS front company used a publicaly available employment website to target USG defense contractors who posted their resume online. The FIS used the website to target, assess, and recruit employees of US-based defense contracting companies supporting the USG who have specialized skills in the aviation technology.

Social Engineering Method: FIS use Fictitious Social Media Accounts to Obtain Access to Sensitive and Classified Data from USG and Corporate Employee

An FIS created a fictitious US military social media profile on several platforms. The FIS used the profile to establish online relationships/social network with a wide range of USG, US military personnel, and multiple US-based cleared defense contractors. The FIS used the social network to develop and assess a targeted pool of profiles.

Bridging the Physical and Online Introductions Gap: FIS Used Physical Events and Online Research for Social Media Usage to Establish Relationships

In early 2018, a US-based cleared defense contractor with a Top Secret level clearance attended a technical trade show conference in the United States. An FIS who operated a vender booth at the conference approached the contractor several times and offered sales of products/services. As a means to deter the aggressive sales pitches, the contractor indicated to the FIS his/her affiliation with the USG and offered the FIS a business card. A week after the conference, the FIS located the contractor on a popular professional linking website. The FIS sent an online request to the contractor via the website. The FIS is likely associated with an identified US adversarial military unit.

Share this: