Spy used AI-generated face to connect with targets, says expert

This image captured on June 11, 2019 shows part of a LinkedIn profile for someone who identified themselves as Katie Jones. The Associated Press has found it is one of many phantom profiles that lurk on the social media platform. (AP Photo)
Updated 13 June 2019

Spy used AI-generated face to connect with targets, says expert

  • US counterintelligence official says foreign spies routinely use fake social media profiles to home in on American targets
  • Accused China in particular of waging “mass scale” spying on LinkedIn

LONDON: Katie Jones sure seemed plugged into the Washington’s political scene. The 30-something redhead boasted a job at a top think tank and a who’s-who network of pundits and experts, from the centrist Brookings Institution to the right-wing Heritage Foundation. She was connected to a deputy assistant secretary of state, a senior aide to a senator and the economist Paul Winfree, who is being considered for a seat on the Federal Reserve.
But Katie Jones doesn’t exist, The Associated Press has determined. Instead, the persona was part of a vast army of phantom profiles lurking on the professional networking site LinkedIn.
Experts who reviewed the Jones profile’s LinkedIn activity say it’s typical of espionage efforts on the professional networking site, whose role as a global Rolodex has made it a powerful magnet for spies.
“It smells a lot like some sort of state-run operation,” said Jonas Parello-Plesner, who serves as program director at the Denmark-based think tank Alliance of Democracies Foundation and was the target several years ago of an espionage operation that began over LinkedIn .
William Evanina, director of the US National Counterintelligence and Security Center, said foreign spies routinely use fake social media profiles to home in on American targets — and accused China in particular of waging “mass scale” spying on LinkedIn.
“Instead of dispatching spies to some parking garage in the USto recruit a target, it’s more efficient to sit behind a computer in Shanghai and send out friend requests to 30,000 targets,” he said in a written statement.
Last month, retired CIA officer Kevin Mallory was sentenced to 20 years in prison for passing details of top secret operations to Beijing, a relationship that began when a Chinese agent posing as a recruiter contacted him on LinkedIn.
Unlike Facebook’s friends-and-family focus, LinkedIn is oriented toward job seekers and headhunters, people who routinely fire out resumes, build vast webs of contacts and pitch projects to strangers. That connect-them-all approach helps fill the millions of job openings advertised on the site, but it also provides a rich hunting ground for spies. And that has Western intelligence agencies worried.
British , French and German officials have all issued warnings over the past few years detailing how thousands of people had been contacted by foreign spies over LinkedIn.
In a statement, LinkedIn said it routinely took action against fake accounts, yanking thousands of them in the first three months of 2019. It also said “we recommend you connect with people you know and trust, not just anyone.”
The Katie Jones profile was modest in scale, with 52 connections. But those connections had enough influence that they imbued the profile with credibility to some who accepted Jones’ invites. The AP spoke to about 40 other people who connected with Jones between early March and early April of this year, many of whom said they routinely accept invitations from people they don’t recognize.
“I’m probably the worst LinkedIn user in the history of LinkedIn,” said Winfree, the former deputy director of President Donald Trump’s domestic policy council, who confirmed connection with Jones on March 28.
Winfree, whose name came up last month in relation to one of the vacancies on the Federal Reserve Board of Governors, said he rarely logs on to LinkedIn and tends to just approve all the piled-up invites when he does.
“I literally accept every friend request that I get,” he said.
Lionel Fatton, who teaches East Asian affairs at Webster University in Geneva, said the fact that he didn’t know Jones did prompt a brief pause when he connected with her back in March.
“I remember hesitating,” he said. “And then I thought, ‘What’s the harm?’“
Parello-Plesner noted that the potential harm can be subtle: Connecting to a profile like Jones’ invites whoever is behind it to strike up a one-on-one conversation, and other users on the site can view the connection as a kind of endorsement.
“You lower your guard and you get others to lower their guard,” he said.
The Jones profile was first flagged by Keir Giles, a Russia specialist with London’s Chatham House think tank. Giles was recently caught up in an entirely separate espionage operation targeting critics of the Russian antivirus firm Kasperky Lab. So when he received an invitation from Katie Jones on LinkedIn he was suspicious.
She claimed to have been working for years as a “Russia and Eurasia fellow” at the Center for Strategic and International Studies in Washington, but Giles said that, if that were true, “I ought to have heard of her.”
CSIS spokesman Andrew Schwartz told the AP that “no one named Katie Jones works for us.”
Jones also claimed to have earned degrees in Russian studies from the University of Michigan, but the school said it was “unable to find anyone by this name earning these degrees from the university.”
The Jones account vanished from LinkedIn shortly after the AP contacted the network seeking comment. Messages sent to Jones herself, via LinkedIn and an associated AOL email account, went unreturned.
Several experts contacted by the AP said Jones’ profile picture appeared to have been created by a computer program.
“I’m convinced that it’s a fake face,” said Mario Klingemann, a German artist who has been experimenting for years with artificially generated portraits and says he has reviewed tens of thousands of such images. “It has all the hallmarks.”
Klingemann and other experts said the photo — a closely cropped portrait of a woman with blue-green eyes, copper-colored hair and an enigmatic smile — appeared to have been created using a family of dueling computer programs called generative adversarial networks, or GANs, that can create realistic-looking faces of entirely imaginary people. GANs, sometimes described as a form of artificial intelligence, have been the cause of increasing concern for policymakers already struggling to get a handle on digital disinformation. On Thursday, US lawmakers are due to hold their first hearing devoted primarily to the threat of artificially generated imagery .
Hao Li, who directs the Vision of Graphics Lab at the University of Southern California’s Institute for Creative Technologies, reeled off a list of digital tells that he believes show the Jones photo was created by a computer program, including inconsistencies around Jones’ eyes, the ethereal glow around her hair and smudge marks on her left cheek.
“This is a typical GAN,” he said. “I’ll bet money on it.”
__
Online:
Test your ability to tell a real face from a fake one at: http://www.whichfaceisreal.com/
Generate your own deepfake faces at: https://thispersondoesnotexist.com


US media questions Bezos hacking claims

Updated 25 January 2020

US media questions Bezos hacking claims

  • Experts said while hack “likely” occurred, investigation leaves too many “unanswered questions”
  • Specialists on Thursday said evidence was not strong enough to confirm

LONDON: An investigation into claims that the phone of Amazon CEO Jeff Bezos was hacked has been called into question by cybersecurity experts and several major US media outlets, including the Wall Street Journal, New York Times and the Associated Press (AP).

Specialists on Thursday said evidence from the privately commissioned probe by FTI Consulting is not strong enough for a definitive conclusion, nor does it confirm with certainty that his phone was actually compromised.

The Wall Street Journal reported, late on Friday: “Manhattan federal prosecutors have evidence indicating Jeff Bezos’ girlfriend provided text messages to her brother that he then sold to the National Enquirer for its article about the Amazon.com Inc. founder’s affair, according to people familiar with the matter.”

Experts said while a hack “likely” occurred, the investigation leaves too many “unanswered questions,” including how a hack happened or which spyware program was used, the Associated Press (AP) reported.

Steve Morgan, founder and editor-in-chief of New York-based Cybersecurity Ventures, said the probe makes “reasonable assumptions and speculations,” but does not claim 100 percent certainty or proof.

UK-based cybersecurity consultant Robert Pritchard said: “In some ways, the investigation is very incomplete … The conclusions they’ve drawn, I don’t think, are supported by the evidence. They veered off into conjecture.”

Alex Stamos, former chief security officer at Facebook, wrote that the FTI probe is filled with “circumstantial evidence but no smoking gun.”

Matt Suiche, a Dubai-based French entrepreneur and founder of cybersecurity firm Comae Technologies, told AP that the malicious file is presumably still on the hacked phone because the investigation shows a screenshot of it.

If the file had been deleted, he said the probe should have stated this or explained why it was not possible to retrieve it. “They’re not doing that. It shows poor quality of the investigation,” Suiche added.

Reports on Wednesday suggested that Saudi Arabia was involved in the phone of Bezos being hacked after he received a WhatsApp message sent from the personal account of Crown Prince Mohammed bin Salman.

The Saudi Embassy in the US denied the allegations, describing them as “absurd.” Saudi Foreign Minister Prince Faisal bin Farhan called the accusations “purely conjecture” and “absolutely silly,” saying if there was real evidence the Kingdom looked forward to seeing it.

A Wall Street Journal report quoted forensics specialists as saying the FTI investigation’s claims that Saudi Arabia was behind any possible hacking of the phone “appeared to forgo investigatory steps.”

CNN reported that critics of the probe highlighted a “lack of sophistication” in it, quoting Sarah Edwards, an instructor at the SANS Institute, as saying: “It does seem like (FTI) gave it a good try, but it seems they’re just not as knowledgeable in the mobile forensics realm as they could have been.”

The New York Times said the probe tried to find links between the possible hacking of the phone and an article in the National Enquirer about the Amazon CEO’s extramarital affair with Lauren Sanchez, but any link remains “elusive.”

National Enquirer owner American Media said in a statement regarding the source of the leak on Sanchez’s involvement with Bezos: “The single source of our reporting has been well documented, in September 2018 Michael Sanchez began providing all materials and information to our reporters. Any suggestion that a third party was involved in or in any way influenced our reporting is false.”