MOSCOW (Sputnik) — The German Federal Office for the Protection of the Constitution (BfV) released a statement on Sunday in which it stated that members of the Chinese intelligence services had contacted a large number of German and European officials, as well as other citizens, through fake profiles on the social media platform LinkedIn.
EU Could Do More to Tackle Cybercrime
The BfV has yet to propose steps for dealing with this cyberattack, beyond publishing the names of the fake profiles and exposing other details pertaining to these fake identities. However the European Commission already has a pan-European Agency proposed, which will aid EU governments in handling any cybersecurity attacks.
Matthias C. Kettemann, an Internet law researcher at Goethe-University Frankfurt, stated however that it will have a noticeable impact on how individual attacks are addressed.
"The proposed EU Cybersecurity Agency is a useful step towards more coordination and cooperation, and its certification framework (harmonizing existing certification schemes) will lead to more user trust, especially in the Internet of Things. It will not, however, dramatically impact the likelihood and success of individual attacks, just as new international police cooperation does not stop international criminal networks," Kettemann said.
On September 13, during his annual State of the Union Address, the European Commission President, Jean-Claude Juncker stated that the Commission would create a new European Cybersecurity Agency to help the European Union defend against cyberattacks. According to the European Commission, this agency will build on the existing European Agency for Network and Information Security (ENISA), and will assist Member States in preventing and responding to cyberattacks.
"The European Commission can only do so much to prevent sophisticated cyberattacks. They could of course increase budgets for cyber security research and police forces. We are witnessing an increasing number of clever attacks taking place… Cybercrime will continue to grow into a highly lucrative and well organized enterprise, seeking competitive advantage with the aid of sophisticated cyber operations," Curran said.
Ketteman added that the answer could lie in wider international cooperation on cybercrime between the EU and other partners.
"Countries need to cooperate closely in all cybersecurity matters and exchange best practices. This is best done on an international level, and not only on an EU level, as questions of cybersecurity are definitely cannot find a satisfying answer regionally. Regional organizations, such as the Council of Europe, the OSCE, and the Shanghai Cooperation Council should cooperate more meaningfully within and amongst each other, including by setting standards," Ketteman said.
Also on September 13, the European Commission and the European External Action Service released a joint communication in which they outlined measures for increased international cybersecurity cooperation. Apart from the general upkeep of bilateral cooperation on cybersecurity matters, the European Union proposed strengthening its cooperation with NATO.
LinkedIn Should Do More to Protect Users
However, experts think that the European Union is not solely responsible for the cybercrimes uncovered by the Bvf.
Although LinkedIn has yet to reply to the report produced by German intelligence, experts are convinced that the Microsoft-owned platform could be doing more to prevent such cyberattacks, especially when it has around 250 million active users per month, as calculated by Apptopia.
"Social network platforms such as LinkedIn may have to raise the barrier to entry (which is none at present) so that perhaps each profile is verified against a legitimate national ID. This is common with high secure sites such as Bitcoin exchanges. Such a move would eradicate large herds of bot accounts," Curran said.
He added that a barrier to entry would eliminate the creators of fake profiles’ ability to use disposable email addresses when signing up for their accounts on the platform.
David S. Wall, Professor of Criminology at the Centre for Criminal Justice Studies in the School of Law at Leeds University said that the problem may not be with LinkedIn altogether, as these cyberattacks could occur through more unnoticeable methods.
"Their stance to involvement has always been rather stand-offish, but I think that they could identify particularly vulnerable recipients and inform them where there is an apparent attempt. The trouble, however, is that some of the attempts to contact individuals through linked in and other social media are quite subtle," Wall said.
As of the middle of this year, LinkedIn has claimed 500 million users from more than 200 countries currently use their platform. They list more than 10 million active job posts and have data on more than nine million companies.
China Intelligence Services Not Sole Perpetrator
The BfV has warned that there could still be a large number of target individuals and fake profiles that have yet to be identified.
Wall is convinced that Chinese intelligence has not only targeted Germans on LinkedIn, as exposed by the BfV, but they have also targeted other EU countries.
"I think [they have targeted other EU countries], and not just Chinese intelligence, many, many others are also probably doing similar. Their business is intelligence, so they all want information about other countries and the demand will just grow," Wall said.
Chinese Foreign Ministry spokesperson Lu Kang, has denied any accusations that the country used fake LinkedIn profiles to gather sensitive information from German politicians and pointed to the fact that this accusation by the BfV was not beneficial to bilateral relations.
"It is quite possible we see Chinese intelligence services target other countries. It must be said in the interest of fairness that we expect many other nation states to already be adopting similar tactics. Time and time again, when we discover new attack vectors such as this, we find out later that other countries had also mirrored the same tactic," Curran said.
In February, the BfV warned of the increasing level of Chinese espionage all the way up to the German chancellery. The recent report from the agency showed that Chinese hackers use not only LinkedIn, but also other social media platforms, such as Facebook and business networking website Xing, to recruit informants. China has also been believed to be behind the Office of Personnel Management hack in 2015. The BfV has further stated that foreign influence amounts to billions of dollars in costs to the German economy each year.