Networks of spies using bribery and fake identities may seem the stuff of high politics, but techniques devised by hostile foreign intelligence services to tap into state secrets are being adapted by those seeking industrial secrets for commercial gain.
The warning comes after investigators claim to have uncovered a series of high-profile infiltrations by Chinese state spies. In one case with ramifications for all organisations, an intelligence officer for China’s Ministry of State Security used the professional social media platform LinkedIn as a route to connect with British officials, academics and those in sensitive positions in security, science, and technology. Presenting himself as a legitimate connection, via a string of aliases and fake companies, he is said to have lured individuals into sharing secrets in exchange for money or lucrative business deals, including requests for specialist articles to be authored.
“It’s a form of social engineering, by which fraudsters use psychological manipulation to trick users into making security mistakes or giving away sensitive information,” explained Simon Bean, commercial dispute resolution lawyer here at Wollens. “In this case, it seems that connecting via a public platform led to many of those contacted simply assuming that the connection was genuine without carrying out background checks.”
Targets on LinkedIn involved government officials, but the tactics were also applied to those with privileged research or commercial knowledge in academia and industry.
“It’s easy to see how this approach can be adapted from the arena of state-sponsored spying into the commercial arena, and is a real wake-up call for organisations, of all sizes and sectors. They need to be sure they have up-to-date processes in place to protect their intellectual property and confidential organisational information. It’s also important that staff are regularly updated on new techniques being used by fraudsters.”
The burden is on business to prove they have protected their corporate intelligence under the Trade Secrets (Enforcement, etc) Regulations 2018, which sets out that reasonable steps must be taken to protect trade secrets.
Commercial law expert Simon said: “Legislation introduced in 2018 means that companies need to prove the inherently secret nature of information and demonstrate how it has been protected, if they wish to challenge any sharing of it.
“A regular review of the processes you have in place with employees, suppliers and customers is essential, including non-disclosure agreements and confidentiality provisions in both supplier and client contracts.
“Restricting access to information internally is also important; ideally trade secrets should be stored using encryption and password protection, with clear protocols on access. And sometimes taking simple steps such as using ‘confidential’ as a watermark on documents can help reinforce the culture by demonstrating the value of information that may seem everyday.”
How a solicitor can help
Tips for combatting online fraud and how to validate individuals are set out in MI5’s Think Before You Link campaign, which suggests using reverse image searching of pictures and being aware that someone with mutual LinkedIn connections does not mean they have valid credentials. LinkedIn also publishes regular updates on how they are combating fraud, together with guidance for users.
Our solicitors have many years of experience in dispute resolution, contact us as soon as you are aware of a potential problem. The sooner we are aware of the issues, the sooner we can help, and your business can get back to doing what it does best.
For further information, please contact Simon Bean, Partner in the Dispute Resolution team on 01803 225123 or email [email protected]
Simon Bean, Partner and Head of Dispute Resolution team