Spies Use AI-Generated Faces To Connect With Targets

When you make a new connection with someone there is your implied endorsement that they are a real person. Katie Jones seemed very real and she seemed very plugged into Washington’s political scene. 

The 30-something redhead boasted a job at a top think tank and a who’s-who network of pundits and experts, from the Brookings InstitutionShe was connected to a deputy assistant secretary of state, a senior aide to a senator and the economist Paul Winfree, who is being considered for a seat on the Federal Reserve. But Katie Jones doesn't exist, The Associated Press has established. 

Instead, the persona was part of a vast army of phantom profiles lurking on the professional networking site LinkedIn. And several experts contacted by the AP said Jones' profile picture appeared to have been created by a computer program.

"I'm convinced that it's a fake face," said Mario Klingemann, a German artist who has been experimenting for years with artificially generated portraits and says he has reviewed tens of thousands of such images. "It has all the hallmarks."

Experts who reviewed the Jones profile's LinkedIn activity say it's typical of espionage efforts on the professional networking site, whose role as a global Rolodex has made it a powerful magnet for spies.

"It smells a lot like some sort of state-run operation," said Jonas Parello-Plesner, who serves as program director at the Denmark-based think tank Alliance of Democracies Foundation and was the target several years ago of an espionage operation that began over LinkedIn.

William Evanina, director of the US National Counterintelligence and Security Center, said foreign spies routinely use fake social media profiles to home in on American targets, and accused China in particular of waging "mass scale" spying on LinkedIn.

"Instead of dispatching spies to some parking garage in the U.S to recruit a target, it's more efficient to sit behind a computer in Shanghai and send out friend requests to 30,000 targets," he said in a written statement.

Last month, retired CIA officer Kevin Mallory was sentenced to 20 years in prison for passing details of top secret operations to Beijing, a relationship that began when a Chinese agent posing as a recruiter contacted him on LinkedIn. Unlike Facebook's friends-and-family focus, LinkedIn is oriented toward job seekers and headhunters, people who routinely fire out resumes, build vast webs of contacts and pitch projects to strangers. That connect-them-all approach helps fill the millions of job openings advertised on the site, but it also provides a rich hunting ground for spies. And that has Western intelligence agencies worried.

British, French and German officials have all issued warnings over the past few years detailing how thousands of people had been contacted by foreign spies over LinkedIn. In a statement, LinkedIn said it routinely took action against fake accounts, yanking thousands of them in the first three months of 2019. It also said "we recommend you connect with people you know and trust, not just anyone."

The Katie Jones profile was modest in scale, with 52 connections. But those connections had enough influence that they imbued the profile with credibility to some who accepted Jones' invites. 

The AP spoke to about 40 other people who connected with Jones between early March and early April of this year, many of whom said they routinely accept invitations from people they don't recognise.

C4ISRNet

You Might Also Read:

You Should Read LinkedIn's New Privacy Policy Carefully:

 

« Turning Amsterdam Into A Smart City
Cyber Criminals Have Created An Invisible Internet »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TWNCERT

TWNCERT

TWNCERT is the National Computer Emergency Response Team of Taiwan.

Magal Security Systems (Magal S3)

Magal Security Systems (Magal S3)

Magal Security Systems is a leading international provider of integrated solutions and products for physical and cyber security, safety and site management.

Merlin Cyber

Merlin Cyber

Merlin is a premier cybersecurity platform that leverages security technologies, trusted relationships, and capital to develop and deliver groundbreaking security solutions.

Bio-Morphis

Bio-Morphis

Bio-Morphis Reflex solution is a paradigm shift in the approach to information systems security.

Sixgill

Sixgill

Sixgill, an IoT sensor platform company, builds the universal data service and smart process automation software allowing any organization to effectively govern its IoE assets.

GV

GV

GV provides venture capital funding to bold new companies in the fields of life science, healthcare, artificial intelligence, robotics, transportation, cyber security and agriculture.

Keyless Technologies

Keyless Technologies

Simple, secure, and interoperable authentication. Keyless offers unmatched security, privacy and usability, while reducing risk and infrastructure costs.

TierPoint

TierPoint

TierPoint delivers secure, reliable, and connected infrastructure solutions at the internet’s edge. We meet you where you are in your journey to solve for data storage, compute, and recovery.

Hold Security

Hold Security

Hold Security works with companies of all sizes to provide unparalleled Threat Intelligence services that actually make a difference.

Visible Statement

Visible Statement

Visible Statement is a computer-based delivery system designed to insure the retention and recall of your most important security training messages.

Telefonica Global Solutions (TGS)

Telefonica Global Solutions (TGS)

Telefonica Global Solutions is the technological partner of wholesalers and enterprises, helping them to achieve the digitalization they need.

Tactic Labs

Tactic Labs

Tactic Labs (part of the Avnon Group) delivers a holistic Cyber-Security Management Platform which provides military-grade protection, safeguarding critical infrastructures and mission-critical data.

SpeQtral

SpeQtral

SpeQtral offers commercial space-based Quantum Key Distribution (QKD) founded on technology developed at the National University of Singapore.

Prescient Solutions

Prescient Solutions

Prescient Solutions is a managed services provider, using a cloud-based model to provide IT solutions to small, mid-sized, global organizations and government entities.

Mutare

Mutare

For three decades, Mutare has been empowering organizations to re-imagine a better way to connect through our transformative voice security, digital voice and text messaging solutions.

Fusion5

Fusion5

Fusion5 is a leading ANZ Business Services and IT Solutions provider. Our customers trust us to make their potential reality by providing advisory, IT project deployment, and managed services.