UK's enemies spotted on IT recruitment drive
A wide range of UK-based IT workers are being targeted in a recruitment drive by foreign intelligence agencies hoping to net sensitive data on British companies, it emerged yesterday.
Junior staff with network privileges right up to systems admins were cited by the Financial Times as the corporate techies of value to the drive, which M15 was said to be aware of.
But the security service’s reported talks with UK bosses about the hostile IT staffing initiative may have come too late, as the paper understands that some techies have already been taken on.
In particular, unnamed UK security officials reportedly fear that IT department “employees” have agreed to help foreign spies gain sensitive data, and steal corporate or national secrets.
The techies’ workload on behalf of the foreign agencies was also said to extend to uploading malware to compromise the network of the UK company (or companies) employing them.
Such Computer Network Exploitation activity is a scourge to UK plc, as it “can be done with relatively little risk to a hostile actor’s intelligence officers or agents overseas,” says M15.
In a recent update, M15 also told firms that IT alone is no longer sufficient protection: “Good cyber security depends on a combination of both technical measures and human behaviour.”
Similar wording in a memo from the Ministry of Defence came in February, when security-cleared IT contractors were warned about social media groups, especially on LinkedIn.
The memo warns that it is “vital to consider the more ‘novel’ forms of threat in order, not only to protect information assets but in particular a company’s most valuable asset, its people.”
Addressing the threat posed by hostile special interest groups, the MoD document adds: “The identification of individuals involved in certain areas of research may also be of interest to some single issue pressure groups and could lead to active targeting of the individual and/or their families.”