For the past several weeks an intelligence-gathering campaign has been using fake LinkedIn recruiter profiles to map out the professional networks of IT security experts, researchers from F-Secure have discovered.
LinkedIn can be a great tool to establish new professional relationships and discover job opportunities. However, accepting connection requests from unknown people is a double-edged sword that can put both employees and the companies they work for at risk.
There are multiple cases where attackers have used fake LinkedIn profiles to gather sensitive information about organizations and their employees. Knowing who is the manager of a particular department in a company or who is a member of the organization's IT staff can be very useful in planning targeted attacks.
In 2012, a team of security experts created a LinkedIn profile for a fake new female hire at a U.S. government agency as part of a sanctioned test. By befriending multiple employees and establishing relationships, the team raised the credibility of their fake identity and eventually gained enough information to launch a successful attack against the organization's IT security manager, who did not even have a LinkedIn or other social media account.
People tend to expose a lot of information on LinkedIn about their work environments, colleagues, the company's infrastructure and even internal projects.
An organization called the Transparency Toolkit used LinkedIn to collect over 27,000 resumes from people working in the U.S. intelligence community. By analyzing them, it uncovered new surveillance programs, secret code words, companies that help with surveillance and, of course, personal information about signals intelligence analysts.
The suspicious LinkedIn recruiting campaign that targets security researchers was first mentioned on Twitter on Aug. 18 by Yonathan Klijnsma, a threat intelligence analyst at Dutch security firm Fox-IT.
Researchers from Finnish antivirus firm F-Secure decided to look into it after some of the company's own staff were targeted. They published their findings in a blog post Thursday.
The F-Secure researchers found multiple LinkedIn accounts of people claiming to work for a company called Talent Src, or Talent Sources. The accounts, most of which were for female identities, appeared to belong to recruiters for particular security industry specialties like malware analysis, embedded security, mobile security, cryptography, automotive security or digital forensics. Two accounts were specifically hunting security executives.
Reverse image searches revealed that the logo used by Talent Src had been copied from a different organization and had the company name added to it.
The profile pictures used by the fake recruiters were also copied from Instagram or legitimate LinkedIn profiles, but had been horizontally flipped to make reverse image searching harder, the F-Secure researchers said.
Sign up for Computerworld eNewsletters.