Dickson Yeo, a visiting scholar at George Washington University, liked to tout his US-Asia connections. “Bridging North America with Beijing, Tokyo and south-east Asia,” the Singaporean doctoral candidate wrote on his LinkedIn profile, where he advertised his credentials as a political risk analyst with connections to hundreds of policymakers in the US capital.
But last week Mr Yeo admitted in court that he had been working for the Chinese intelligence service. He used the LinkedIn social media network to target Americans in the military and government and harvest information from them.
The case underscores growing fears among intelligence agencies around the world that they are unable to parry China’s increasingly astute online espionage efforts aimed at officials with high-level security clearances.
“Foreign spies continue to aggressively use fake profiles on professional networking sites to target Americans who have access to government or commercial secrets,” said Bill Evanina, director of the National Counterintelligence and Security Center, the federal government body that leads US counter-intelligence efforts.
Spies are known to pose as headhunters or people with enticing career opportunities in order to connect with individuals viewed as potential sources who could be tapped for information, he explained, noting that thousands of people were targeted on networking websites traditionally used to brandish professional credentials or secure a new job.
Ryan Kalember at Proofpoint, a cyber security group, said recent events had created a “perfect storm” for China’s cyber espionage campaign. The coronavirus lockdown meant many more people were spending large amounts of time at home and online while rising US-China tensions created an incentive to step up espionage efforts, he said.
Chinese and Russian intelligence agencies have in recent years conducted astute online campaigns targeting influential players in the US, UK, France, Australia and Germany, among others. US intelligence agencies also pride themselves on their ability to “steal” secrets.
Last year a LinkedIn account claiming to belong to a Russia expert at the prestigious Center for Strategic and International Studies called “Katie Jones” turned out to be a fake persona — down to her artificial intelligence-generated photograph. About the same time a former CIA officer, Kevin Mallory, was sent to prison for 20 years for conspiracy to deliver classified information to Chinese intelligence after being approached on LinkedIn.
Mr Yeo’s statement of offence described an “addiction” to recruiting that was driven by LinkedIn’s “relentless” algorithm. Now 39, he had been recruited by Chinese intelligence in 2015 when as a student at the National University of Singapore he travelled to Beijing for a presentation.
“I was about to finish my doctorate in philosophy, which is all in political science . . . This entire episode stems from that,” he told the judge overseeing his case.
Armed with his LinkedIn account, he “connected” with state department officials, former military commanders, China specialists at the Pentagon and think-tank experts, several of whom recalled to the Financial Times accepting his connection requests without thinking.
Cyber experts believe China may be building a database of people vulnerable to blackmail, cross-referencing information from past hacks of western companies that secured personal details of millions of people.
In 2018 Mr Yeo set up a fake consulting company to post job listings that garnered more than 400 applications, and recruited three US government workers, according to his admissions in court.
“It’s a low-cost, low-risk proposition for them and all they need is one person to fall for the pitch,” said Mr Evanina, who urged people to practise “basic cyber hygiene” when contacted online by validating a person’s identity and limiting personal information shared over the internet.
One man — who the US Air Force confirmed was a “security specialist” assigned to an American base — began a five-year correspondence with Mr Yeo over LinkedIn and via phone calls.
“He said he was doing consulting work, primarily in Asia, dealing with the Japanese and to some degree with clients in China,” a person with knowledge of the matter said of Mr Yeo, adding: “He was looking for help.”
Although they never met, the security specialist — who on LinkedIn claims to have had “secret” security clearance — was struck by Mr Yeo’s academic aspirations, vulnerability and struggles with family pressures in Singapore, the person said. The security specialist agreed to write a report about soft power for Mr Yeo, but never delivered it.
The person with knowledge of the matter said the security specialist did not accept money or divulge classified information. But he “recommended” Mr Yeo on LinkedIn in at least eight categories, including “diplomacy”, “government relations” and “proposal writing”.
In another case, described in court filings, Mr Yeo sent payment for a report to the bank account of the wife of an army officer assigned to the Pentagon who said he had been traumatised by his tour in Afghanistan.
Some of those recruited may have nursed professional or financial grievances. Others may have naively intended only to help out or provide what they saw as harmless information. US intelligence officials say accepting payment often marked a point of no return. Once someone had received money — perhaps from a front company from Chinese intelligence services — for a piece of even rudimentary analysis, they were effectively captured as an asset and could be blackmailed into doing more.
GWU confirmed Mr Yeo was a visiting scholar in 2019. He travelled later that year, and when he returned to the US in November, it was with the intention of recruiting the army officer to spy explicitly for China, Mr Yeo admitted. Instead, he was questioned and arrested on arrival.
Mr Yeo’s LinkedIn account was taken down after reports of his guilty plea. LinkedIn said fraudulent activity with intent to lie or mislead violated its terms of service. It has banned computer-generated images among its 706m members but said these and fake accounts were difficult to detect.
The Pentagon said defence department workers were not banned from using LinkedIn but were “trained in the risks associated with exposing personal information on social media sites, and obliged to protect any information pertaining to the operations” of the government.
It also had a “robust process” for conducting background investigations and an “insider threat” programme to flag up early indicators of potential foreign intelligence penetration into the workforce.
China’s foreign affairs ministry said it was “not aware” of Mr Yeo’s case but continued: “US law enforcement agencies have been hyping up the so-called ‘Chinese infiltration’ and ‘Chinese espionage issue’ to a point of paranoia. It is open knowledge that the US runs an aggressive espionage and theft programme all across the globe, sparing not even its allies.”
Mr Yeo remains in custody awaiting sentencing for acting as an illegal foreign government agent, which carries a 10-year maximum sentence.
Greg Levesque, chief executive at Strider Technologies, which helps companies prevent economic espionage, said: “This has been going on for decades. But Beijing has become more brazen because this is seen as a shrinking window of opportunity.”
He added: “Rising tensions between the US and China is making operatives more brazen to go in and steal intellectual property while they can.”
Get alerts on Cyber warfare when a new story is published