Just because a federal employee or public sector worker doesn’t have a security clearance doesn’t make them less of a foreign intelligence target.
In the latest video installment of the “Know the Risk — Raise Your Shield” campaign, which is backed by the National Counterintelligence and Security Center [under the Office of the Director of National Intelligence] ODNI makes clear that no job is too low-level for someone looking to obtain government or personal information.
“You don’t have to work for the CIA or have access to the most prized information for you to be a target,” said Bill Evanina, director of the National Counterintelligence and Security Center, in a statement on the video’s release. “Oftentimes they go for people with access to information that is more germane to their nation’s needs.”
The 5-minute video entitled “Human Targeting,” depicts an economic analyst named James who attends a conference and bumps into a man named “Peter.” The two find they have much in common and strike up a friendship.
Several weeks later, the two men are chatting online when “Peter” asks James for information related to a trade agreement the latter mentioned, to get “some perspective” between analysts.
Alarmed at the question, James tells security officials at his workplace, who tell him that “Peter” is likely not an economic analyst, but rather a foreign intelligence officer or someone who works for one. And his name probably isn’t “Peter.”
Surprised, James says he has no security clearance or access to confidential information, and asks the officials why someone would be interested in targeting him, to which they reply that hundreds of thousands of government and corporate employees have access to information that’s important to foreign governments. This includes information about technology, communication and breakthrough research — intelligence that isn’t necessarily classified.
“You may say it’s not important information, that may not be something you need to make a determination about,” said David Parker, director of the Center for the Study of Fraud and Corruption at Saint Xavier University. “If this is work-related, you need to be cautious. I’d say this is no different than how you’d protect yourself from identity theft and other information hacks. If it doesn’t feel right, if it’s an email or friend request, just ignore it, delete it. If it’s something from someone you don’t know, before you open an attachment or click on a hyperlink, verify it.”
What is so dangerous about human targeting is the “affinity fraud” that goes along with it, Parker said.
Affinity fraud happens when someone takes advantage of a relationship based on something like religion, or similarities between individuals like graduating from the same college.
“A foundation of trust,” Parker said. “I think a lot of people are trusting and all of a sudden you have similarities [with someone] and you feel more comfortable” sharing information with them.
Anyone could find themselves a victim of affinity fraud, or an unknowing accomplice to it, Parker said. Perhaps you meet a person looking to steal information, and they go and introduce themselves to someone else, using your name and information to gain their trust.
The video is the third in a five-part video series launched in September to help counter the impact of the Office of Personnel Management data breach.
When it comes to the nearly 22 million victims of the OPM data breach, Parker said, hackers are not after everybody, which can lead to some letting their guard down and ultimately becoming victims.
“They’re not after half of those people, they’re after just one or two,” Parker said. “They want to get just a little piece of the puzzle, a little bit of information. Every little bit helps. It’s a numbers game with them.”
The other two videos tackle spear phishing and social media, while the final two videos are scheduled for release in February and March.