MI5: Spies are using LinkedIn to steal secrets from UK nationals

As many as 10,000 Brits have been targeted, including security and military officials, civil servants, defence contractors and pharmaceutical industry experts

Security agency MI5 has warned that foreign spies are using LinkedIn to contact British officials and steal classified information from them.

The agency said that people using fake profiles LinkedIn had approached at least 10,000 Brits with access to sensitive information, across government departments and key industries, over the past five years.

China and Russia are thought to be among the hostile states using professional networking and social media sites to trick staff into revealing classified secrets.

The targets include security and military officials, civil servants, defence contractors and experts in the pharmaceutical industry.

The Centre for the Protection of National Infrastructure (CPNI), an MI5 unit, said that its figure of 10,000 compromise attempts was a conservative one, with MI5 chief Ken McCallum stating that threat actors were using this tactic on "an industrial scale".

Dominic Fortescue, the government's chief security officer, noted that civil servants have become more vulnerable to malicious tactics from hostile spy agencies since the start of the pandemic, as many of them are working remotely and using personal devices.

CPNI has launched an awareness campaign, dubbed 'Think Before You Link,' with the Five Eyes Intelligence alliance, to alert government and public sector employees about the scale of the cyber-espionage activities from adversaries.

As part of the campaign, British citizens are being urged to learn how to report suspicious activity on their accounts, recognise fake profiles and remove them from their networks.

'The consequences of engaging with these profiles can damage individual careers, as well as the interests of your organisation, and the interests of UK national security and prosperity,' states the campaign website.

'This guidance provides practical advice on how to identify them, how to respond, and how to minimise the risk of being targeted in the first instance.'

CPNI said it was not asking people to stop using social networking sites, but rather trying to raise 'awareness that some individuals may be operating with nefarious intent'.

The warning about LinkedIn has come days after the alleged leak of personal details of millions of LinkedIn users' on a popular hacking forum.

Experts warned that hackers could use the leaked LinkedIn data to create detailed profiles of potential victims and conduct targeted phishing or social engineering attacks. They also said the criminals could also use the information to spam emails and phone numbers, or brute-force the passwords of LinkedIn profiles and associated email addresses.

LinkedIn users were advised to take precautionary measures to protect their accounts and data.

'We welcome the online safety efforts of the Centre for the Protection of National Infrastructure and its work to expand their Think Before You Link campaign in the United Kingdom,' LinkedIn said in a statement on its website.

'Teams at LinkedIn work to keep LinkedIn a safe place where real people can connect with professionals they know and trust. We actively seek out signs of state sponsored activity on the platform and quickly take action against bad actors in order to protect our members.'

'Our Threat Intelligence team removes fake accounts using information we uncover and intelligence from a variety of sources, including government agencies. Our teams utilize multiple automated techniques, coupled with human reviews and member reporting to maintain LinkedIn as a safe and trusted platform. And we enforce our policies, which are very clear: fraudulent activity with an intent to mislead or lie to our members is a violation of our terms of service.'

Update: The story was updated to include the statement from LinkedIn.