In my recent post, ‘Russian’s Increasing Intelligence Activities’, I listed 14 countries in western and eastern Europe where Russia’s intelligence services are making a concerted effort to obtain information. The official threat assessments from these countries clearly shows Russian intelligence officers working under diplomatic cover, illegals or NCO’s (non-official cover) and sleepers continue to operate at a level not seen since the height of the Cold War. Other well-placed commentators also suggest the number of Russian intelligence operations and the resources used to support of these operations far exceed the Soviet Union’s Cold War activities.

According to John Schindler, a retired intelligence analyst with the National Security Agency, the recent FBI success in arresting a Russian spy ring based in New York, “… is the tip of the iceberg…Since the demise of the Soviet Union Russian intelligence services have rebuilt {their} overseas networks, partly to wage economic war against the west…” (CNN Politics, 28 January 2015

The Russian Federation, even more so under President Putin, aspires to be a great power, not only through its possession of nuclear arms, but also being among the largest economies in the world. Recognition as a leading scientific nation also supports the claim of great power status.

Apart from those countries listed in my previous post (“Russia’s increasing Intelligence Activities”), in 2007 the British government announced that Russian and Chinese intelligence activities in Great Britain was forcing intelligence resources to be diverted away from fighting terrorism.

During the Cold War era the Soviet Union’s intelligence services supported large-scale efforts to obtain scientific, technological know-how through overseas operations, and this continues to this day. In order to compete with the west this search for technology is equally matched by Russia’s use of extensive intelligence sources and tools for long-term industrial espionage. Anything providing a military, scientific, political, technological or economic advantage over the western nations is firmly in the sights of Russia’s three main intelligence agencies which often work collectively to achieve this aim.

Russia’s attempt to win the information war by dominating the internet and controlling their domestic news corporations; their army of trolls who work 24/7 (See my post ‘Puppet and Puppeteers’) and various reports describing Russia’s aggressive intelligence initiatives,  further support claims of an unprecedented level of Russian intelligence activities throughout the world.

After examining official reports and statements from various security services who have identified hostile Russian activities, which have greatly increased since Russia invaded Ukraine, we can clearly identify what information Moscow is seeking to obtain. For instance, all fourteen countries have reported attempts to target information on companies and research institutions that deal with energy, finance, media, dual-use technology and defence.  There have also been accounts of Russian intelligence attempting to obtain information on military formations, military-civil infrastructures, and other information which may be used to undermine a countries political stability, defence and security; and other prime targets for sabotage in the event of hostilities.

Apart from career agents from the SVR (overseas intelligence), FSB (Security service) and GRU (military intelligence) directing operations and acting as agent handlers, success depends on the calibre and large numbers of willing, unwilling and often unaware participants for their operations. The recruitment of ‘clean skins’, individuals who are native to the target country; have no criminal record and are unknown to the authorities, continue to be a priority simply because they are extremely difficult for counter-intelligence officers to detect.

From what we know about those responsible for recruiting overseas assets and agent handlers, they are intelligent, sociable, extrovert, find it easy to build relationships and winning trust before turning their targets into informants.  If using ‘natural charm’ is unsuccessful they revert to a more aggressive approach- blackmail, financial arm-twisting, threats and false promises. As we have seen in the case of Anna Chapman the ‘honey trap’ is still an effective tool!  Although the procedures and resources are in place to recruit and ‘persuade’ suitable individuals, they first have to identify potential agents and then establish what can be used to make them spy against their country. The internet, and in particular social media, has made this easier than it was during the Cold War era.

Anna Chapman – SVR agent. 

LinkedIn

Have you ever wondered who those anonymous viewers of your profile are? The majority may be quite innocent: legitimate recruitment agencies or other members who just want to see if you have the required skills and experience before sending an invitation to connect. Others may have more sinister intentions, ranging from troll activities to recruiting intelligence assets.  For instance, over two year ago a LinkedIn member openly looked at my profile on several occasions.  This was at a time when Russia ‘was not’ invading Ukraine and I was posting real-time information and breaking news on LinkedIn. This information was originating from Twitter contacts inside eastern Ukraine at the time.  The profile of this member claimed he was an IT specialist based in Moscow and he spoke fluent English.

During this period, when I was relatively new to LinkedIn and my network security was not as effective as it is now, my malware software detected an attempted attack which had been blocked.  According to the report generated by this software the attack was from an IP address in Saint Petersburg! It would appear the IRS (internet Research Centre) were not using or had inadequate proxy servers. Several months later, whilst researching the internet for information on current Spetsnaz operations, I came across the photograph of a FSB officer who looked very familiar. According to the accompanying news reports he was a communications specialist who had recently been killed whilst operating with a small group of Spetsnaz troops in eastern Ukraine. Although still inconclusive, I immediately saw a resemblance to the profile picture of the Moscow based LinkedIn member who had looked at my profile several times.

Another example of ‘questionable’ LinkedIn activity occurred whilst writing this post. I was emailed by a contact in the USA who is known for their extensive activities against Russian trolls.  This ‘troll slayer’ expressed concerns regarding the profile of someone who claimed to be living in England and was not sure whether to accept their connection request. After agreeing to look at this profile it became immediately apparent they had failed to do their research: this individual claims to be serving in the Royal Air force (RAF) but their profile picture is the cap badge of the British army’s Royal Engineers! Apart from having no military connections there are also several inconsistencies in his/her profile. Due to some of the expressions and terminology used, there is also the strong possibility this person is not British.

Due to LinkedIn being an extremely diverse professional network which spans almost every country, profiles and other open data relating to the usefulness and activities of members can be examined and, if considered relevant, may be recorded or acted upon. For example, what appears to be an innocent request to link to you may result in you pressing the accept button. Once connected, this new contact is in a position to poach your useful contacts, thus increasing their number of contacts which also results in increased credibility and influence across your network.

According to Bob O’Neill of ZDNet (6 May 2015) an organisation which claims to be actively investigating ‘surveillance and human rights Issues’ have developed a piece of software called ‘Transparency Tool kit’ which mines LinkedIn by searching for useful information contained within profiles. According to O’Neill, “people post all sorts of interesting information in their resumes on LinkedIn… This LinkedIn crawler automatically collects public profiles which are matched to various search requirements… It also collects information from ‘people also viewed lists’.”

Also, according to his article, “Over 27,000 people working in the US intelligence community… are listed within a database which has been created simply through ‘mining LinkedIn’.”  O’Neill also claims this database, using open data, includes the resumes of people working for intelligence contractors, the military and intelligence agencies.  It’s a sure bet this database also contains information about individuals from other countries.  Although he does not suggest any Russian involvement, these allegations are interesting because they support many earlier claims that Moscow uses similar software tools to examine Facebook. Consequently, it appears extremely unlikely that Moscow has not recognised the plethora of useful information available on LinkedIn.

Apart from potential targets working for government and private industries, there are also undergraduates studying various disciples ranging from history to the sciences, who may be identified as potential long-term assets (see Russia’s Increasing Intelligence Activities).

As Russia continues to devote massive resources to support their information war and their army of trolls, it is also likely the FSB are interested in the LinkedIn ‘troll slayers’ in order to see how they may counter their comments and activities. Unlike Facebook and other social media platforms, the trolls using LinkedIn continue to fight a losing battle.

‘Illegals’ arrested in the United States (Anna Chapman- top row third from the left)

Profiles

Many of us now recognise the tell-tale signs of the many bogus profiles appearing on LinkedIn and a quick internet search often confirms our suspicions.  This is particularly true when it comes to identifying Russian propagandists.

The problems starts when you come across profiles which pass close scrutiny and that individual wishes to connect to you and your network. For instance, I don’t see anything wrong with the following profile. He has locked his contacts so we can’t see his connections, that’s fair enough. He does not have a profile picture of himself, again that’s not a problem; many members, including myself don’t have a personal profile picture and I don’t consider this to be a problem.

If you work in banking or an industry associated with this member’s skills and experience, would you accept his connection request?