FORT LEONARD WOOD, Mo. — According to a U.S. Department of Justice press release, dated Jan. 8, 2024, U.S. Navy petty officer, Thomas Zhao, was sentenced to 27 months in prison for transmitting sensitive U.S. military data to a Chinese intelligence officer in exchange for bribery payments. Zhao was first approached by an individual in a social media chat group that focused on stock trades. As the online relationship grew, the individual began asking Zhao for sensitive U.S. military data, which Zhao agreed to collect and send to the individual.
Current and former U.S. government employees may be targeted for recruitment by foreign intelligence entities posing as consulting firms, corporate headhunters, think tanks, and other entities on social and professional networking sites. Their deceptive online job offers, and other virtual approaches, have become more sophisticated in targeting unwitting individuals with USG backgrounds seeking new employment. It’s important to be aware of these approaches and understand the potential consequences of engaging.
You will likely notice some red flags associated with potential online targeting by malicious actors. Online targeting may occur on social media, professional networking sites, and online job boards, as well as through direct contact via email and various messaging platforms. Recruiters may appear to be affiliated with a legitimate firm.
These are some red flags:
Too good to be true: Be suspicious of jobs offering remote or flexible work and a disproportionately high salary for the role advertised.
Flattery: The recruiter may overly shower you with praise or refer to you as a top candidate, especially if your U.S. government affiliation is known.
Scarcity: There may be an emphasis on so-called limited, one-off, or exclusive online job opportunities for quick payment.
Urgency: The recruiter may be overly responsive to your messages and try to rush you off the networking platform to a more secure communication method.
Requests: The recruiter may initially request you provide written reports on innocuous topics for the job, followed by demands for reports containing non-public or sensitive information.
Expedited Timelines: The job hiring and payment cycle may take only a few weeks, rather than several months.
Here are some things you can do:
- Practice good cyber hygiene when using social and professional networking sites and other platforms.
- Make yourself a harder target. Be careful what you post online about your work (particularly security clearances), as it could draw unwanted attention from threat actors. Review your online account settings to control data about you that is publicly available. Current/former clearance holders must also follow their agency’s prepublication review requirements.
- Don’t accept online invitations to connect with strangers unless you can validate them first through other means.
- Conduct rigorous due diligence on the individual and/or entity offering the job opportunity.
- Familiarize yourself with the outside employment requirements of your department or agency if you are a current USG employee. Declare and obtain advanced permission for all outside employment, including gig work. Protect yourself by ensuring a security officer reviews and approves any outside employment offer.
- Train employees on cyber hygiene and the deceptive online recruitment tactics used by foreign intelligence entities.
- Ensure employees know which information related to their jobs is sensitive and must be protected. Do not leave gray areas.
- Communicate well and often with employees to minimize confusion or frustration. Be transparent and respond to concerns with patience and empathy.
- Coordinate with human resources, information technology, labor and employee relations, and personnel/physical security offices to make organized, comprehensive departure plans.
- Ensure employees are briefed out of any sensitive programs and remind them of their duties to protect information in perpetuity.
- Provide easy access to support services — mental, financial, career — for both current and departing employees.
- Ensure employees understand any prepublication review requirements.
If you believe that you or your personnel have been targeted, contact the nearest FBI office at: www.fbi.gov/contact-us/field-offices, submit a tip online at: tips.fbi.gov/home, or call 800.CALL.FBI.
For more information, contact the installation OPSEC office at 573.563.2402.
(Editor’s note: Content for this article provided by the National Counterintelligence and Security Center NCSC.)
Social Sharing