New app to help identify potential espionage

In light of recent case studies and information released by MI5 stating that last year 10,000 UK nationals were targeted by fake social media profiles on sites such as LinkedIn and Facebook, a new app called “Think Before You Link” has been developed to help individuals in the UK to identify malicious approaches.

Think Before You Link

On Tuesday 17th May 2022, the “Think Before You Link” app was officially launched as part of the Centre for the Protection of National Infrastructure’s (CPNI) campaign, via a press release from the UK Cabinet Office.

The app has been designed with input from behavioural scientists, and offers the following features:

• Interactive Learning—Knowledge modules to educate users of the hallmarks of fake profiles. Users can gain trophies and certificates upon completion, which can be shared professionally.

• Profile Reviewer—Ability to upload a screenshot of a suspicious profile. Profile images will be auto-matically reverse-searched to establish whether they have been re-used from elsewhere (a hallmark of fake IDs) and the user will also be prompted to answer a set of questions. Depending on the responses, the profile will be given a result of high, medium or low risk.

• Reporting Mechanism—Profiles ranked as medium or high risk are recommended to be reported.

The app is aimed mainly at individuals in sensitive professional industries and government roles, however the app is now free to download for everyone, from the Google Play or Apple store.

"Foreign spies are actively working to build re-lationships with those working in government, in high-tech business and in academia...The Think Before You Link app supports those who may be receiving disguised approaches, helping them to conduct their own digital due diligence before accepting unknown contacts online."

Ken McCallum, director general of MI5

Threat Awareness

Research released by the University of Portsmouth indicates that approximately 16.8 million LinkedIn users in the UK could have accepted unknown contact requests, and that general awareness of the threat of online espionage, is lower than other potential online threats. LinkedIn and Facebook users ascribed the majori-ty of online threats to trolling and fraud (80%) or fake news (79%) rather than economic espionage, where only 64% of users surveyed were aware or concerned about it.

Case Studies

A number of case studies have been released by the govern-ment to illustrate how UK individuals have been approached by spies seeking to obtain sensitive information.

In one instance, an anonymous civil servant with full security clearance had been approached via a professional network-ing site. Over the course of 6 months, the individual was pro-vided with a “covert communications system” and was asked to provide sensitive government information and to travel to foreign countries for meetings.

Another example was provided of an anonymous civil servant with security clearances who was approached by someone claiming to be from a think-tank. The civil servant saw that the profile shared a mutual contact with them and therefore believed that it was genuine. A series of messages from the profile were received, offering business consultancy as a guise to obtain sensitive information.

Civil servants (whether currently serving or no longer in post) are attractive targets due to their access to information and their professional experience.

“The online threat via social media is in-creasing, with fake profiles on sites such as LinkedIn and Facebook being created on an industrial scale. It is therefore crucial that we do all we can to protect ourselves and our information, ensuring those who we connect with online are who they say they are.”

- Steve Barclay, Lead Minister for Cyber Security