
GCHQ Used Fake LinkedIn Pages to Target Engineers (2013) - NonEUCitizen
http://www.spiegel.de/international/world/ghcq-targets-engineers-with-fake-linkedin-pages-a-932821.html
======
DominikR
And we all know that they are using this data only to fight terrorism.

They would never use it to give their own industry insider information.

</sarcasm>

~~~
motters
As outlined in the NSA recruitment audio, the term "adversary" includes
everyone - not just terrorists. There is nobody who is not considered to be an
"adversary", so that includes commercial rivals too.

~~~
bitsteak
NSA collects intelligence from people so that US policymakers make informed
decisions (like about Russia invading Crimea or how badly Malaysia is lying to
the world), same as every other intel agency does for their home country. Big
difference is that NSA won't give their analysis to private companies. In many
countries, things like State-Owned Enterprises blur the things and economic
espionage is widespread.

~~~
ptaffs
according to Snowden, some of the NSA documents suggest the NSA did give their
analysis to private companies.
[http://news.cnet.com/8301-13578_3-57617823-38/snowden-
accuse...](http://news.cnet.com/8301-13578_3-57617823-38/snowden-accuses-nsa-
of-conducting-industrial-espionage/)

------
digitalengineer
So you have targets (basically employees of said company) browsing popular
sites and becoming infected. You can't deny access to all popular sites. Would
it be possible to build a 'scraper' that copies content and places it on your
local network for your employees? Perhaps also allowing comments to be placed
back on your behalf? You'd give the employees access to things they want to
read, but stop attacks correct?

~~~
spindritf
I don't think the filtering approach is feasible. You need separation.

Maybe run separate VMs for casual browsing, work, entertainment, etc? Like
Qubes does [http://qubes-os.org/trac](http://qubes-os.org/trac)

~~~
motters
It soon begins to become infeasible. Unless you can identify when these
quantum attacks are occurring and block them this is really more of a
political problem than a technical one.

~~~
lvs
I disagree. This is also a technical problem. Good engineers need to keep
working to minimize the possibility of MITMs in their purview. It's a
technical arms race.

Also, even if you solve the political problem in one country, you still need
to worry about external and criminal threats that operate with the same
tradecraft.

------
jjjeffrey
> "[LinkedIn] does not sanction the creation or use of fake LinkedIn profiles
> or the exploitation of its platform for the purposes alleged in this
> report."

If I understand things correctly, it's not claimed that GHCQ made fake
profiles or exploited their platform. It's possible that whoever made the
statement didn't really understand MITM, but this kind of reads like another
one of the usual carefully worded non-denials.

Full paragraph in the article:

When contacted, LinkedIn stated that the company takes the privacy and
security of its members "very seriously" and "does not sanction the creation
or use of fake LinkedIn profiles or the exploitation of its platform for the
purposes alleged in this report." "To be clear," the company continued,
"LinkedIn would not authorize such activity for any purpose." The company
stated it "was not notified of the alleged activity."

------
jstanley
But LinkedIn uses SSL. There's no mention of how GCHQ got around this. Does
anyone know?

EDIT: Because the ability to MITM SSL sessions is a lot more scary to me than
the willingness to MITM non-SSL sessions.

~~~
metachris
Well since the GCHQ is part of the government, and the government has a root
cert in the browsers, they can basically create all the SSL certificates they
want.

Governments can MITM without any problems.

~~~
__alexs
I don't believe the UK gov have a TLS CA in any standard browser deployments
do they? I'm not even sure we have a CA HQd here for them to compel into
giving them certs for mitm?

~~~
arethuza
Out of curiosity I had a quick scan through the "Trusted Root Certification
Authorities" on this Windows 7 box and it's quite a surprising list - I have
no idea who a lot of these organizations are...

Also, one thing I'm pretty confident about, is that if GCHQ is behind any of
these certs they wouldn't go labeling it as "UK Government - GCHQ". So
presumably I'm just trusting Microsoft that when these certs get pushed out as
part of Windows they are who they say they are...

~~~
Maxious
CA's can issue or lose intermediate certificates that they shouldn't. These
have been detected at least 3 times when these technically valid but never
before seen certificate chains are used for google.com/yahoo.com/microsoft.com
etc.

[http://googleonlinesecurity.blogspot.com.au/2013/01/enhancin...](http://googleonlinesecurity.blogspot.com.au/2013/01/enhancing-
digital-certificate-security.html)
[https://blog.torproject.org/blog/detecting-certificate-
autho...](https://blog.torproject.org/blog/detecting-certificate-authority-
compromises-and-web-browser-collusion) [http://www.chromium.org/Home/chromium-
security/root-ca-polic...](http://www.chromium.org/Home/chromium-
security/root-ca-policy)

------
glitchdout
Why do the NSA and GCHQ want this much access? Everyone's location in real
time? This is ludicrous. Terrorists don't use mobile phones anyway.

I'm still waiting for the blackmail revelations. Though I doubt NSA & friends
would be that stupid to make slides about that little objective.

~~~
AimHere
>Terrorists don't use mobile phones anyway.

There you go! Track all the phone users, and anyone who doesn't have one, and
is therefore untracked, is probably a terrorist!

Actually that's not far-fetched. I do recall, vaguely, some old indymedia
article about a European political activist being arrested, with the fact they
left their phone at home before turning up at a meeting being part of the
grounds for suspicion. Indymedia stories tend to be rather ephemeral and hard
to search so providing actual details is somewhat troublesome...

~~~
dan_bk
> There you go! Track all the phone users, and anyone who doesn't have one,
> and is therefore untracked, is probably a terrorist!

This is how I would scare people if I were paid by the NSA.

------
digitalengineer
>Then they determined which of the potential targets used LinkedIn or
Slashdot.org, a popular news website in the IT community.

So is HN. And it's ancient. Any ideas of possible vectors to attack HN-loving
engineers?

~~~
SideburnsOfDoom
MITM on a connection to hackernews probably doesn't differ in any significant
detail from MITM to facebook, linkedin, slashdot, etc.

~~~
SideburnsOfDoom
Update, this sibling post claims that HN is at least a _well-configured_
website; and so MITM attacks will be on the upper end of the normal difficulty
range:
[https://news.ycombinator.com/item?id=7421558](https://news.ycombinator.com/item?id=7421558)

------
Eye_of_Mordor
What does this have to do with saving us from terrorism?

~~~
bananas
Absolutely nothing.

It's Totalitarianism, nothing more or less.

~~~
wreegab
I just can't understand how the people who work in there do not see it.

~~~
bananas
I worked in the defense industry for a few years (1998-2002). I didn't see it
at the time. Everyone works in isolation, no one talks about work and everyone
is micromanaged to bits and separately motivated. It's heavily draped in
propaganda as well, most of which is horse shit. It's all much like the
promoted status of imperialist armies.

Obviously september 11th 2001 happened and to see your colleagues actually see
that as job security and a way to sell more weapons and celebrate that turned
it for me. I started to question the ethics of what I was doing and decided it
was best that I left. I bailed one afternoon, gave no notice and spent three
months selling Sun kit on ebay before taking a job at a web agency selling
whiskey and houses instead.

Most people didn't get that "moment" and are still prisoners of the inane
propaganda. The same is true of those at GCHQ.

My children are doing GCHQ sponsored mathematics work (cryptography
challenges) at the age of 10 probably in the vain hope that they will
eventually see this as normal and be recruited before they have a chance to
question the ethics of it all.

~~~
neuralk
>My children are doing GCHQ sponsored mathematics work (cryptography
challenges) at the age of 10 probably in the vain hope that they will
eventually see this as normal and be recruited before they have a chance to
question the ethics of it all.

What? Care to elaborate? (I'm American if that explains why I have no idea
what you are referring to)

~~~
bananas
Well it goes like this....

There was a lot of publicity and propaganda and hype around Alan Turing and
_cyber-security_ over the last few years in the UK media. This drove a whole
codebreaking fascination thing with mathematics.

So not wishing to miss out on all the action, a project was started called The
Enigma Project which features basic codebreaking challenges (basic
substitution ciphers, OTP etc) aimed at primary school children. This was
started by Simon Singh / Cambridge University after good old Si released a
book called The Code Book after which he wanted to drum up publicity rapidly.
No other reason.

So after a year or so of neglect these sheets work their way into "photocopy
circulation" amongst schools in the UK as part of the typical "teachers don't
give a shit and just want to hand out worksheets" culture that appeared.

Obviously any other material that could be assembled cheaply was chucked on
the back. Turns out there's a couple of sheets plainly marked from GCHQ in
there as well as "additional exercises". Rather interesting as they are above
what you'd consider appropriate for that age (prime factorisation and rapid
factorisation techniques etc). Very odd!

Now this in itself is pretty null and void but it leads into the culture which
I experienced where we were asked in secondary school mathematics to enter
various "challenges" to play off against other schools. I was pretty good at
mathematics (at GCSE and A-level) and did well on these challenges but was
approached after this by people recruiting for SIGINT rather than go to
university. Other people who did well were similarly propositioned. I
impolitely declined and relaxed into a life of electrical engineering, pizza
and beer which I thoroughly don't regret.

I'm worried my children will be similarly filtered out and recruited to be
honest.

~~~
glitchdout
Really interesting (if a bit disturbing, to be honest). Thanks for sharing.

------
altero
Who needs enemies with such friends...

~~~
JabavuAdams
With friends like these, who needs enemas?

------
mikkohypponen
Please add [2013] in the title.

