119 comments

[ 1.0 ms ] story [ 195 ms ] thread
New InMail

“Hi I saw your profile and it looked really interesting, have you considered a new oppprtinity in espionage and treason? Can we setup a phone call to discuss?”

Keeps resending the message 3 days later because you ignored the first email.
"alaing, you have 3 invitations, 8 job changes and 1 new dead drop at the Cuban consulate"
Your colleagues have endorsed your skills in "Java", "Spring framework", "proposal writing", and "violent overthrow of the United States government".
I always fail the whiteboard interviews for those. I keep answering the "would you destroy your country" question wrong.
I’ve been saying this for years: Linked In is a spies dream. A data gold mine.
Pretty much any social network is a dictator's wet dream. Dictatorships in the past hired entire departments to identify who was linked to who. Nowadays is seems that all it takes to access the same info is sending a legal letter to someone managing a database somewhere.
Have you been saying similar things about any other companies for years?
Yes. Google scanning your gmail for targeted advertising. Seems Yahoo has at least fessed up to it.
And at the end of the day it's just an HR department circle jerk. I am still getting aggressively daily emails from them even though I burned my account a year and a half ago. Report spam is my favorite feature.
I found it interesting that the espionage is largely aimed at the private sector and not the government:

> About 70 percent of China’s overall espionage is aimed at the U.S. private sector, rather than the government, said Joshua Skule, the head of the FBI’s intelligence division, which is charged with countering foreign espionage in the United States.

> “They are conducting economic espionage at a rate that is unparalleled in our history,” he said.

They do target the government workers as well. (Well I guess I should say other people do) People target those on linked in who have listed security clearances.
> People target those on linked in who have listed security clearances.

Maybe, but I think they have a much better source: I suspect OPM data taken has been sold and lent out so they do not need to trust linked in; they can go directly to the source ( https://www.opm.gov/cybersecurity/cybersecurity-incidents/ ). I wonder if it also contains "concerns" that can indicate weak points for recruiting for a true one-stop shopping?

> I wonder if it also contains "concerns" that can indicate weak points for recruiting for a true one-stop shopping?

It does. IIRC, it contained security clearance investigation files, so they could probably identify people who had issues but just squeaked by the process.

But that's not the only use. The OPM data could be used for counterintelligence, to identify US agents in the field.

> I found it interesting that the espionage is largely aimed at the private sector and not the government

It's not that surprising though. One of their main focuses seems to be acquiring technology to catch up and eventually surpass Western liberal democracies. See their "Made in China 2025" effort: https://www.cfr.org/blog/why-does-everyone-hate-made-china-2....

Why? That's the proven strategy to leapfrog yourself into a developed economy. It's what the US, Germany, and Japan all did.
The US, Germany, and Japan are all technology leaders. None of those nations leapfrogged into a developed nation by copying others.
Being familiar with a machine, and taking that knowledge elsewhere seems qualitatively different from wholesale copying of documents and blueprints.
> He learned of the American interest in developing similar machines, and he was also aware of British laws against exporting the designs. He therefore memorized as much as he could and departed for New York in 1789.

Textile mills at the time were the modern day equivalent of semiconductor foundries. I dare you to try something like that today and see what happens to you.

You're allowed to walk away from a job and retain the knowledge you learned in that job.
Not if what you know is a trade secret, that you have signed an NDA on.
Not when "he was also aware of British laws against exporting the designs".

And semiconductor technology is generally considered a national secret.

This is really nothing different from Anthony Lewandowski and friends.
It would be more like if Uber hired levandowski and he didn't (allegedly) walk away with gigabytes of info and only walked with what was in his own head
Things have changed since then. It's the same data. Your means of recording it has just changed.
Ah yeah, I remember reading about that in my American History textbook! We started the industrial revolution right after we signed the declaration of independence, it was the British who copied us.
(comment deleted)
In addition to what others have said, the Merchandise Marks of Act 1887 was passed in Britain to require all foreign made items to have a country of origin listed. This was mainly so that British consumers could see that something was a cheap German knockoff.
Can't wait for the 2060 version: "Unlike Brazil or India, China is a technology leader. It didn't copy others."
Really? I remembered when the Americans accused the Japanese of copying.
uh...

Japan was practically given a lot of American Technology right after WWII under Robert Demings. In fact, Toyota is partially the way it is today, thanks to the Ford Assembly Line, but they still paved there own means of success.

Germany arguably the same as well, around the same time frame. Can't recall the exact history of what US gave to Germany though, but it was most likely part of the Marshall Plan.

US is copying a lot of methodologies and philosophies from Japan. Any deriative of the Toyota way is in many management philosophies, from scrum, agile development, etc. Germany, much technology is still being shared between both our countries today. Japan is copying a lot of software innovations from America, and vice versa.

The US and Japan most certainly did industrialize by copying from Europe. Ignoring IP whenever it was inconvenient.
This is patently false. Industrial espionage, or just plain-old gifts (To keep the commies out) kickstarted the manufacturing economies of all three of those countries.

Of course, once you become a manufacturing leader, you want to pull the ladder up from under you, in the form of strong IP laws.

A counterexample: In WW1 German patents were declared invalid in the U.S. The U.S chemical industry basically then copied everything they could from them with the government's blessing.
There's a difference between copying and outright theft.
Think of a scenario where certain government employees have accounts on some Private sector service: Maybe a Grindr or Tinder -- if they can work to obtain any sort of compromising information from those services - they can then use it to manipulate government employees ("Do what I say, or i'll out you")... In fact, pretty sure a Chinese co. recently obtained controlling interest of Grindr.

https://www.nytimes.com/2016/01/12/technology/grindr-sells-s...

We can inoculate ourselves to this threat by not caring about what politicians, government workers, and other people in general do in their private romantic lives.
(comment deleted)
Well, a think a spouse might justifiably care in the case of cheating.
Now we will also get a few posts normalising cheating.
At which point that's just the cycle of karma closing the loop, no?
It is not karma if the country ends up paying, though.
> At which point that's just the cycle of karma closing the loop, no?

You misunderstand. No one cares about Alice's personal life, karma, or happiness. All they care about is manipulating Alice and what a manipulated Alice might do. Alice's desire to hide her cheating from her spouse could lead Bob's trade secrets to getting stolen. Bob did nothing wrong here to have his "cycle of karma closing the loop."

Never give Alice your passwords and always have a lock code on your cell phone. Anything else is a moral hazard in my opinion. Bob is complicit in this case IMO.

If my spouse were to attempt to extract data from my work laptop she would run smack-dab into my password. If on the other hand Bob has extracted highly confidential data onto a freely available machine, then Bob is not only complicit, Bob is culpable. Don't be Bob.

If we take this further and Bob's employer made it that easy to extract highly confidential data then they are their own worst enemy.

For example, if a foolish Google employee attempts to stalk an ex-partners confidential data from within Google, they will be terminated and escorted out of the building within 60 minutes. Be like Google here.

i read the example as alice being an employee of bob, not a spouse
You misunderstand again. Bob isn't Alice's spouse, he's Alice's employer. Bob legitimately gave Alice access to confidential information in order to do her job. But, unknown to him (unless he intrusively investigated her personal life), Alice could be blackmailed into abusing that access because she cheated on her spouse.

Bob isn't "complicit" or "culpable" he's a victim.

I think you're overconfident in simple security measures and have a poor understanding of human security threats.

I don't think the general public can.
Just the reverse. Because a target can be compromised by what they do in their private lives, we, (meaning our intelligence people), have to care about what they are doing in their private lives.

I'd imagine that in the game of compromising targets, it doesn't really matter what the general public thinks of the target's behaviors or actions. The only thing that matters is that the target have a psychological profile consistent with wanting to keep their behavior or actions secret. As long as the target has the requisite characteristics with respect to ego, that target can probably be compromised if you can find something on them.

"Do what I say or your wife finds out you're cheating on her" is still leverage even if the public doesn't care that you did it.
Even if I buy your idea that human nature can change that way (and I don’t) you only tackled the ‘C’ in MICE. How do you solve Money, Ideology and Ego?
Hopefully the agencies have already thought of this, but it would be pretty easy to set up a honeypot with a veteran TS or higher clearance employee and tell him to set up fake accounts and see who comes knocking.
It would be humorous if they recruited employees of startups, the philosophy of moving fast and break things along with spends as much money as possible as fast as you can will have China using sub-par software and bankrupt within months, countries can't pivot and looking for exit through acquisition would be nigh impossible!
Some people would argue that this has already happened.
What's an anti-startup dude even doing on HN? Makes no sense.
China has a large enough population that they could literally assign a dedicated spy for every single American and still have a billion people left over.
I think that in China, the separation between government and private business activities is quite fuzzy and the Chinese are ok with treating their intel resources in the same fuzzy manner.
(comment deleted)
Seems reasonable that the Chinese feel like they have more to gain through economic espionage against the US than they do through political espionage.

I would guess there are countries against whom the Chinese would do the opposite, where economic espionage isn't worthwhile but compromising the government is.

The US, on the other hand, probably has more to gain through political espionage against the Chinese than through economic espionage.

All depends on what you think you need?

> I would guess there are countries against whom the Chinese would do the opposite, where economic espionage isn't worthwhile but compromising the government is.

Yep, in Africa, and probably along their "New Silk Road".

Isn't it sort of sad that they are stealing technology rather than making use of their own talents? Individuals don't feel good when they steal, so it must have some sort of effect on a society.
Is it sad, as a society? I don't know.

For me, personally, yeah, it's very dishonorable to my worldview. I would prefer alliances and collaboration and the betterment of all people rather than protectionism and distrust and zero-sum attitudes and behaviors.

Hypothetically, what if their talents were indeed to steal stuff and get ahead by appropriating the work of others? Would it then be sad if they didn't put those talents to good use?

I have no idea if all people do or don't feel good when they steal, but I would have guessed that some people do in fact feel good when they steal. Perhaps the badness that the people-who-do-the-stealing-for-their-society feel is outweighed by the overall goodness that the rest of society feels because of their advancement in (stolen) technology and the economic and societal benefits that come with that?

But, yes, in the end, I personally would rather not have some technology than to acquire it by means contrary to my values. I know an awful lot of people whom I believe, or even know, would either say the opposite or would be indifferent.

Or perhaps it isn't seen through the lens of intellectual property. It could seen as gaining knowledge that would allow one to build things they would otherwise not. From what I understand the Chinese culture treats IP very differently than the US. It isn't treated as being owned but people share documentation and the like with people they like. Westerners have a much more legalistic framework for how we treat our ideas. The notion that someone should be able to use the force of the government to prevent others from using their idea isn't necessarily a given but instead the result of certain traditions and institutions. I know the US corporations would like to push these ideas into being part of a binding framework of world trade but this primarily benefits the large corporations that have invested in research, accumulated patents and want to control the world so that they can profit.

A lot of the espionage is probably also about gaining knowledge about firms for the purpose of understanding their weaknesses and the lay of the land vs. simply figuring out their secret sauce. I remember reading this was a common practice for Russian intelligence agents who didn't trust the official numbers and so wanted to gain proprietary knowledge from industry insiders.

Yes, I agree it’s cultural norms and so on but stealing IP is stealing the product of a lot of hard work. Imagine if you had an idea stored in a document and someone just stole it. There’s a certain universality about theft being wrong at a gut level.

Also, much of this theft involves breaking into other peoples computers. It’s wilfull violation of someone else in multiple ways. Breaking into a computer is as low as robbing a liquor store and I suspect thst everyone, even the perpetrators, feels that at a vicersl level.

Interesting talking point, but they must be lumping a number of companies with government contracts into the private sector as well.

Still, curious to see some sort of hierarchy around motivations/emphasis for:

- top secret private info (defense or otherwise)

- regular private sector info

- public sector info related to government contracts

- public sector info related to IP or tech

- public or private sector info on important people

Because private sector is incredibly easy to steal from. At least the government actually cares about it.
> At least the government actually cares about it.

Unless you're OPM and you can't be bothered to follow NSA guidelines. Or you're the military and think having sensitive documents on a loosely secured SharePoint server is a great idea.

One company I worked for, we hired a Chinese DBA contractor. His initial move while onboarding was an attempt to burn an export of the entire customer database to a DVD. He got caught in the act and fired.
(comment deleted)
China is not a market. It is a very large vendor and customer with many departments. This isn't good or evil, but it may be depending on who you are and what you're willing to stand for.

In a traditional market, the organizers set rules for vendors and customers. The same rules apply to anyone should they decide to become a vendor or customer, but organizers usually avoid becoming a vendor because of obvious conflicts of interest.

If you are a vendor then your customers in China are basically some subsidiary of the very large organization that is China. If you are a customer then you are basically buying from a subsidiary. Since you are dealing with subsidiaries, you have to understand that all the subsidiaries are encouraged to share information with each other to build a stronger China.

Building deeper relationships with a subsidiary means building deeper relations with the whole organization and that means satisfying deeper requirements (taxes, knowledge sharing, local factory, IP sharing, equity sharing). All this is normal if you are say, just two companies doing business with each other. But you aren't. You are a company doing business with an organization who you may be misunderstanding for a market.

Finally, theres the case where two companies merge and share all resources to become a stronger, better organization. Unlike many other countries, the Chinese identity is very much an ethnic and a lingual one. This means that if you are not Chinese, you will never be Chinese. If you aren't already Chinese, then the chances that you will be able to move to China should China become a prosperous society are slim to none.

Econ theft seems to be their main goal. It's a shame they they feel they have to lower themslves to stealing secrets when they have their own capabilities that they should have enough confidence in to not have to steal.
I'm sure the OPM hack through which they got all sorts of private blackmail-worthy info on federal employees helped.
Honestly, I’d do anything to die in the hellish fury of a nuclear blast, as it destroys an entire city. I was really disappointed in Kim Jong Un caving on his threats.

I’ll do anything to ratchet up tensions and provoke a nuclear exchange. Where do I sign up?

So much edge I cut myself
HN may hate novelty accounts, but I vote we keep this one around for the grins.
A company I worked for in a $hot_field had some dev servers breached from some IPs in China; they got some of our app's buggy class files and not much more. It's the kind of app you need a bunch of corporate culture to use effectively, so the jars aren't much use.

Anyway, a few days later, a bunch of us in our R+D group got LI invites from Chinese recruiters out of the blue. Because of the timing and supposed motivation, we assumed we'd been approached for industrial espionage purposes, but there's not much you can do aside from decline the invite.

You could troll them.
Which would put you in the position of being a rank amateur playing against a top pro.
Well you don't get to become a 'top pro' by doing nothing. Seriously though, I doubt the recruiters are 'pro' by any stretch of the imagination.
Adobe had a Photoshop version that got pirated pretty heavily. They used it as an opportunity to identify forum members requesting support..."there is no photoshop 3.5"
There are so many unintended consequences of the internet as we know it today. This, fake news, forums that close because their moderators don't want to cope with the terrible stuff, and on and on.

When it was just computer science departments and a few tech companies, it was mostly OK. With a good portion of humanity online... wow.

It definitely feels like a deal with the devil sometimes.
I remember the internet in 90s being full of spam, popups that would crash your computer and viruses everywhere. Even before mass adoption it was still a cesspool. I am envious of anyone who got to experience the internet in its infancy
Eh, until the very late 90s it wasn't that bad. After the dot com bust things got especially bad.
The more things change, the more they stay the same. It starts to feel 1984-esque when you see these same opinions from 100 years ago or more.
Anyone contacted by China and considering an offer of money under the table for a small "harmless" disclosure should remember that they killed at least 12 CIA sources between 2010 and 2012 [0]

State craft is not for amateurs and sources on both sides routinely get hung out to dry. Think of your family. Do not play this game.

0: https://www.nytimes.com/2017/05/20/world/asia/china-cia-spie...

they killed at least 12 CIA sources between 2010 and 2012

Here and elsewhere in the comments, it's interesting that those stats are always presented one-sided.

That’s an odd thing to say in reply to someone who said, State craft is not for amateurs and sources on both sides routinely get hung out to dry.
> "I recently saw that Twitter is cancelling, I don’t know, millions of fake accounts, and our request would be maybe LinkedIn could go ahead and be part of that"

Wow. Strong language from the head of the U.S. National Counter-Intelligence and Security Center

There is absolutely no reason why anyone from areas like China need to see the linked in profile of people working in special jobs for the us. They should be taken out of the social graph. Its so silly.
Wow, the US security apparatus is truly pathetic and outdated. No wonder China has pilfered trillions of dollars of IP from us and Russia is successfully destabilizing our society. It reminds me of how big complacent corporations from another era get overtaken by hungry young startups who are fluent in the tools of today.
This reminds of a story I read a while back about India's spy agency (RAW) allegedly kidnapping a retired Lt. Colonel from Pakistan's spy agency (ISI) in Nepal using his LinkedIn information as a 'job bait'. From [1]:

> The complainant alleges that some months ago a person called Mark Thomas called his father on his phone number 033434443 from a number in the UK 0044-7451722 and offered him a job at the Strategic Solutions Consultancy firm.

> It now transpires that Lt Col Zahir had put up his bio-data on LinkedIn and some other websites seeking a job opportunity three years after he retired from the Pakistan army.

In short, LinkedIn's data is very, very valuable.

[1] - https://www.indiatoday.in/mail-today/story/pakistan-media-ra...

New jobs program: you pretend to have all kinds of heavy duty intel, let the Chinese government hire you and then milk the new position for all it is worth.

Could be a thriller, but I would pitch this one as a comedy.

All you need to make it happen is Seth Rogen and Roger Stone to collaborate.
"WE got a good news bad news situation. The good news is, I convinced them that we are working on a nano-AI-solar-blockchain-social-drone"

"And the bad news?"

"They gave me some funding. I have to hire people. What's your cousin doing these days?"

Sounds like a great way to get on the bad side of both the Chinese and American governments. Plus you're in a foreign country with fewer people to watch out for you.
Interesting. From most Chinese prospect, American are stereotyped as naive, simple, and most time they are easy to be cheated.
(comment deleted)
The issue is that China has blurred lines between government and industry, and industry often uses government resources to accomplish "private" goals. Private defense companies use Chinese intelligence assets to gain access to IP as part of a strategic technological transfer.

The US has no such system. Private companies are left to their own devices and in some ways hostile to government help. On the government side, they are not well equipped to understand or handle the needs of individual businesses.

If we want to combat this, we need to seriously change the way we approach the problem. The reality is that private companies have immense long term strategic value for the US and we need to protect that.

this might sound really awkward but a few weeks ago two chinese linkedin accounts approached me and asked me to attend a career fair based in nyc and boston but i declined and said I don't understand/ can read Chinese. sorry. And now this news comes out.
I think the bigger thing going on is Chinese companies setting up "AI labs" in Silicon Valley to juice their valuation. I'm looking right at you JD.com...
If you really want to lose sleep at night .... consider the fact that foreign intelligence agencies likely have EMPLOYEES at top tech companies....
American intelligence agencies likely have EMPLOYEES at top Chinese tech companies.

Spies are going to spy. I'm far more concerned about my government spying on me, then China spying on me.

That's because you have no patriotism. You'd derive pleasure from seeing Americans get hurt or killed so long as they were ones that you disagree with.

Foreign spies on American companies is an extremely serious issue. What happens when a Chinese spy takes over a power plant? What happens when integrity tests at water treatment facilities are fraudulent? What happens when the wrong reaction happens in a big pharmaceutical processing plant?

Millions could die.

You're more worried about the government finding out what type of porn you prefer.

I lose way more sleep thinking about the dirty deeds committed against us by our domestic intelligence agencies. I don't give 2 fucks if China gets blueprints for a defective, overpriced fighter jet that kills it's own pilots.
Im kind of concerned they have iPhone X's with headphone jacks though.
Definitely adds motivation to the user-friendly end-to-end encryption imperative.
I wonder what is US using? I know CIA places ads for recruitment online.
hello everyone. am Anderson i was frustrated and disturbed when i suspect my partner was cheating on me.i couldn't confront him because he'll always lie about it.i went for counseling and a came in contact with a private investigator/hacker,i never buy the idea after a few process,he did a data dive into my partner mobile and he did it,he provide me with all the evidence i need,starting from the emails,calls,what apps chat and lot more. it was a shocking moment,i was not happy about what i saw. it wasn't easy to move on,but am now free from all his lies.you can contact this great hacker via whats app (+16282037169) text him on (13175616706 )or via murphy.c8990@gmail.com is services is cheap and affordable. i never believed this until i saw the evidence..we all need to be free and live happily.
Are they also requiring 5 years of experience for an entry level corporate espionage gig?