
Western officials say Chinese agents contact foreign citizens using LinkedIn - t23
https://www.nytimes.com/2019/08/27/world/asia/china-linkedin-spies.html
======
rdtsc
Or they could recruit directly from the OPM database
[https://en.wikipedia.org/wiki/Office_of_Personnel_Management...](https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach).

Even more interesting is that a Chinese company owns most of Grindr. Think of
all the possible blackmail opportunities if they could cross reference those.
At some point there were security and privacy "concerns" and US, i.e.
[https://en.wikipedia.org/wiki/Committee_on_Foreign_Investmen...](https://en.wikipedia.org/wiki/Committee_on_Foreign_Investment_in_the_United_States)
ruled that the Chinese company had to sell Grindr by 2020.

~~~
thrwayxyz
Being gay in the US is about as blackmail worthy as being left handed.

~~~
kache_
There is a large amount of stigma associated with homosexuality. You are
incorrectly assuming that the rest of the population has the same world view
as you do. For example, being outwardly homosexual is a great way to lose the
muslim vote - a sizeable portion of the Canadian population.

------
killjoywashere
This article is not a hot news story. It is meant to get the word out to
politically connected folks, possibly with emphasis on those on the West
Coast, and possibly low-key focused on the relatively large contingent of
Democratic policy folks sitting in non-governmental jobs right now (it is the
New York Times after all).

I suspect the government sources in the article would appreciate it if the
politicos above keep themselves relatively clean of unnecessary foreign
contacts for the next year as the remaining few folks still in government are
probably giving at least 50% odds that the Democrats win again in 2020, and
are thus anticipating the possibility of large backlog of background
investigations checking in about 1 nano-second after the election.

~~~
mc32
There’s a difference between “contacts” and being a witting or unwitting spy.

Having foreign contacts, despite current furore, is not a crime, or improper.
Now if you’re doing bad things, that’s obviously a crime and will result in
disqualification, but simply “contacts”? No, that’s no reason for DQ.

~~~
PaulHoule
I was using LinkedIn to get leads for a sales campaign years ago and wound up
talking to all sorts of people who told us things that they probably shouldn't
have.

At the time I thought it would be the bee's knees for espionage.

------
palisade
I figured they already knew since they're watching all social media and
communications anyways. In addition, foreign adversaries also hide messages in
seemingly random but innocuous comments on forums and blogs made to look like
real user communication but makes no sense to anyone but their intended
target.

~~~
imglorp
I've been contacted once.

We had an intrusion on some dev boxes. The vector was an open management
service on some public facing Tomcats, deployed open by accident. The intruder
installed a custom Tomcat container that apparently sent some 443 traffic to a
.cn domain. We figured they got some class files, not much use to anyone
without the rest of our products. We never got to see their actual payload. So
we killed the instances and that was that.

A week or two later, a few of us at $work got recruit pings on LI from a
Chinese company to work abroad. None before or since. We figured either it was
a coincidence, or whoever got our class files wanted some help learning how
our product worked.

------
yorwba
Related discussion 2 months ago:
[https://news.ycombinator.com/item?id=20222547](https://news.ycombinator.com/item?id=20222547)

------
9nGQluzmnq3M
The original paper previously discussed on HN:

[https://news.ycombinator.com/item?id=20222547](https://news.ycombinator.com/item?id=20222547)

------
randogogogo
This didn't really strike me as a very profound story. I'm sure in a bygone
era newspaper classifieds would have been used instead.

~~~
sailfast
Maybe, but when people working in sensitive positions post their entire
history, clearances, and build their own network and all you need to do is pay
a nominal fee to become a LinkedIn "Pro" to get access, it makes fishing for
the right targets quite a bit easier than classifieds.

Recruiting agents abroad is one thing - I'd think this would also be useful /
more useful for social engineering attacks and other deeper attacks on
sensitive networks. "Hey I was with you at university - want to grab coffee?
Friend me!" > Now has access to the entire network of cleared professionals
working at [place X]

------
novaRom
It's naive thinking that organizations like CIA and their analogies in other
countries do not track as much people as possible. And there are not so many,
right? Population of the Earth is close to 8 billion, so at least a detailed
global social connections graph is what they already have.

------
jessaustin
A) Obviously.

B) It might be better spycraft to use this obvious entry to Chinese
intelligence in the other direction. Of course TFA may just be cover for
that... are there any details that seem plausible but perhaps misleading?

C) These people ain't playin'. No one wants to end up like Shane Todd.

------
geodel
Chinese should be aware of self styled thought leaders and experts pop-up
based on current demand on linkedin. I am sure someone would be updating CVs
claiming a 10 years of deep experience in suppressing protests worldwide.

------
vectorEQ
im 100% sure western agents don't contact chinese citizens on chinese social
networks. that would NEVER happen. no way.

------
microcolonel
Yeah, be careful with these people. I'm a virtual nobody and I've had some
_very_ weird experiences with Chinese state actors.

~~~
whitepoplar
Care to share your experiences? I'm interested!

~~~
microcolonel
The one that particularly stuck with me is phonecalls from embassy numbers to
people I know in Canada, claiming that I'm trying to enter China and that they
would need to confirm details for me to gain entry. AFAIK this is an actual
thing that they do for some entrants.

Since most people don't record phonecalls, it's easy to deny this sort of
thing; and since it's similar to an official activity of the government there,
I suspect for a lot of people it goes unnoticed, if it is more common.

I've never visited the PRC, and I have no intention of ever visiting it as
long as it is run by the party.

Chinese students here are under watch as well, and it's not all that subtle.
You should read some of the things that go on in North American schools.

~~~
nomnomray
It's a simple scam. There is one about DHL as well you don't have to read so
much into every little thing.

~~~
microcolonel
I've received the "DHL" one before, where they read you off a tracking code in
Mandarin hoping you'll call back and tell them you don't speak it, this is not
that.

You can think what you want, but this is not that.

------
crb002
And the US uses DICE owned ClearanceJobs.com. So?

------
Gusmann
Quiet hypocritical considering all social media is banned in China for usual
citizens

~~~
bigiain
From TFA:

"LinkedIn is also the only major American social media platform not blocked in
China because the company has agreed to censor posts containing delicate
material."

~~~
fouric
Is LinkedIn really "social media", though? From the perspective of a non-user,
everything I've heard about it suggests that it's purely work-focused.

~~~
chelmzy
You would think so but it looks more and more like Facebook everyday.

