In this blog, our experienced Fivecast Tradecraft Team draws on their expertise in the Government Intelligence sector to discuss the emerging threats of foreign interference and espionage and the role of OSINT in addressing the challenges.
During the 2023 Australian Security Intelligence Organisation (ASIO) annual threat assessment address, Director General (DG) Mike Burgess indicated Australia was facing an unprecedented challenge from espionage and foreign interference (EFI), now ASIO’s principal security concern. EFI activities are criminal offences in Australia defined by legislation. This is not unique to Australia – many other countries across the globe are targeted by EFI activities. While the descriptions or labels are slightly different, these harmful activities can have grave consequences for the government and private sectors alike.
The harm from espionage and foreign interference
- The harm from EFI can be catastrophic.
- It could undermine a country’s sovereignty and democracy.
- It can impact trade and revenue and destabilise a countries’ way of life.
WHAT IS ESPIONAGE & FOREIGN INTERFERENCE?
Within Australia, espionage is defined as someone intending to provide information (classified, sensitive or privileged) concerning national security to a foreign power, or the theft of similar information on behalf of a foreign power which is seeking advantage over Australia.
In Australia, foreign interference is described as activities that are covertly or clandestinely used to shape decision making to the advantage of a foreign power.
EFI activities are typically conducted in the shadows, are difficult to detect or measure, and can persist over many years. When EFI is discussed in the public domain, it is usually done so at a very high level, to protect the long-term clandestine work needed to uncover threats like the “nest of spies” described by DG Burgess in the ASIO report. Discussion often focusses on damage to the Government itself through access to classified data or the influence of public officials.
However, what is not discussed as often is the damaging effects of EFI in the private sector—at a company or organisational level. Common examples can be the loss of intellectual property or commercial in-confidence information, loss of DISP accreditation and the ability to host security clearances, loss of confidence in an organisation/product, or reputational damage through investigative outcomes and inquiries leading to negative press.
ESPIONAGE IN THE US
A US example demonstrates how easy espionage can occur through a human intelligence (HUMINT) approach using unsophisticated open-source intelligence (OSINT). In 2019, former US Central Intelligence Agency officer Kevin Mallory was convicted and sentenced on espionage charges after he was recruited by a People’s Republic of China intelligence officer via LinkedIn and conspired to pass sensitive national defence information. Mallory was approached in 2017 by a think tank representative looking for a foreign policy expert. Mallory was offered a paid consultant position with a Chinese think-tank, then flew to Shanghai to meet his new bosses in a hotel room who gave him instructions and a covert communication device. Once back in the US, Mallory provided his handlers with classified information. In the end, all Mallory received from his Chinese intelligence handlers, apart from his 20-year prison sentence, was $25,000 US dollars.
Another example also occurred in 2019 when spies, reportedly linked to a North Korean state-sponsored group, used social media to target companies in Europe to engage in espionage activities. These spies posed as recruiters on LinkedIn who worked for US defence and aerospace companies—Collins Aerospace and General Dynamics. LinkedIn was used as the initial compromise to conduct research and target employees. The spies posed as human resource representatives and messaged employees with attractive fake job offers. Once a target showed interest, the spies sent documentation containing salary information and job positions. However, these decoy documents contained malware which allowed the spies a backdoor into the company’s IT infrastructure.
The private sector is long considered the soft target for spies engaged in EFI, who are looking to recruit and escalate their access and control inside attractive companies—be that access to classified information, commercial IP, political influence, the list goes on. While it’s heartening to see authorities discovering and disrupting EFI activities, it does make you think; how many current and ongoing EFI activities have not been identified in your company?
Espionage and foreign interference using OSINT
Australia’s like-minded partner countries are ramping-up public awareness around the dangers of foreign intelligence agencies using social media to identify and target individuals to facilitate their EFI activities. LinkedIn has been highlighted by national security agencies (such as the video below) as a gold mine of information for foreign intelligence officers.
People often overshare sensitive information on their LinkedIn profile, as they want to appeal to their next boss, corporate recruiters or within their professional networks. When people post they have a security clearance, list current or previous roles in sensitive areas, or overshare company or organisation information, it makes them an attractive target.
What’s worse, is most people think a HUMINT approach over social media is going to be overt and ongoing, and they will be able to ‘see it coming.’ However, OSINT is only one tool in a foreign intelligence services toolkit. When OSINT is used in conjunction to enrich other forms of intelligence reporting and activities, it can be a powerful tool. An approach on social media may only be a friend request to get access to your connections, as you could be a stepping-stone to better targets. Or an approach could be a vector to deliver a malicious malware link to get access to your company’s IT infrastructure (as demonstrated in the above example).
Using OSINT to Counter espionage and foreign interference
Fivecast can help. Our investigations and vetting solutions can be used to identify and protect staff posting sensitive or privileged information online that could be appealing to foreign intelligence officers. Fivecast ONYX Vetting enables analysts to conduct assessments at scale, with automatic identity resolution, collection, risk assessment and scoring that allows analysts to focus on the few targets that require human review. The solution also enables continuous evaluation that will periodically check information and identify new risks.
OSINT is a valuable tool in your organisation’s toolkit, with a capability to enrich data and collection activities to assist with overall assessments. OSINT can help identify if a staff member is posing an attractive target for foreign intelligence EFI activities. Fivecast ONYX can identify risky relationships and provide critical early warning and time to intervene, possibly through educating staff on proper OSINT hygiene when posting personal or company information online.
