Federal authorities on Wednesday shut down 13 internet domains said to be used by China for operations to obtain classified and sensitive U.S. government information, the Justice Department said.
The internet sites were used by Chinese actors to recruit Americans and others with access to secret information while posing as fraudulent professional consulting services, according to a department statement.
“The fake consulting company domains seized by the FBI illustrate the lengths the Chinese government’s intelligence services will go to as they try to use AI-generated content to trick, recruit, or coerce current and former U.S. security clearance holders into sharing sensitive information,” said Roman Rozhavsky, assistant FBI director for counterintelligence and espionage.
“The FBI and our partners have observed China’s intelligence services resort to using AI, professional networking sites, and online payment platforms to target Americans, and we have taken actions to defend the homeland and our national security.”
An FBI affidavit made public in the case states that the websites were uncovered by an investigation into unlawful activities by China.
The websites were based in Arizona, New York, Germany and Britain and were linked to fake consulting companies that targeted secret information, the affidavit said.
Unidentified conspirators paid recruited agents in the U.S. for information as part of the scheme by using aliases, fictitious personas, and stolen identities of people and used artificial intelligence-generated photographs to build credibility.
The spying efforts made large online payments for research reports that were transmitted via Telegram and other encrypted applications.
The goal was to obtain “exclusive” or “insider” information through job postings on LinkedIn and other job search sites including Upwork, Expertia AI, Hubstaff Talent, Wellfound, and Post Job Free.
All the information sought was data sought by China.
“The conspirators have targeted U.S. persons, including current and former security clearance holders with access to classified and sensitive U.S. government information…,” the affidavit said. “They have recruited these individuals for phony positions such as Senior Analyst and International Affairs Consultant and pressured them to share confidential information and reports from ’insider’ sources.”
Those involved in the alleged conspiracy used contracts and confidentiality agreements to hide the illegitimacy of the activities and denied involvement with foreign governments.
Two of the suspects in the case are located overseas, the court papers stated.
“These domain seizures offer a glimpse at how foreign actors can use promises of easy money to lure Americans into revealing sensitive or classified information that they are duty‑bound to protect,” said Assistant Attorney General for National Security John A. Eisenberg.
Special Agent in Charge Daniel Wierzbicki at the FBI’s Washington Field Office Counterintelligence and Cyber Division said the domain shutdowns will prevent the targeting of Americans with access to secrets.
“For too long, the Chinese government has tried to exploit U.S. government employees behind the cover of fake companies and phony job postings,” he said.
Dominique Evans, FBI special agent in charge of Norfolk, said the Chinese government continues to seek U.S. innovation, research and sensitive data through a variety of deceptive techniques, including online recruitment.
“By seizing these domains and exposing these tactics, we are working to protect national security, safeguard American ingenuity, and help the public recognize and defend against these threats,” she said.
The following domains were shuttered based on accusations of conspiracy to commit bribery, identity theft and international money-laundering: Centrik Global Consulting, centrikglobalconsulting.com; Rightinfo Consulting, rightinfoconsult.com; Finnacle-Vesper Consulting, finnaclevesperconsulting.com; CYDF Consulting, cydfconsulting.com; Pulse Wave Global, pulsewaveglobal.com; Catalyst Global Solutions, catalystglobalsolutions.com; Horizzen, thehorizzen.com; GeoIndopacific, geoindopacific.com; Global Peace Foundation – Indonesia, gpf-ina.org; SafeSec Group, safesec-group.com; The TruthInfo, thetruthinfo.com; Vandercons.com; and Gulf Peace Foundation, gulfpeace.org.
Navigating to the websites produces a notice stating that “This website has been seized as part of a coordinated law enforcement operation.”
Action against the websites follows a report from the FBI and Britain’s MI5 spy agency made public last week warning that Chinese military intelligence services are using LinkedIn and other professional networking services to obtain secrets from security clearance holders.
“These actors use an aggressive online recruitment strategy whereby intelligence officers or their affiliates pose as employees of private consultancies, think tanks or human resources firms, and place online job advertisements for foreign policy and defense analysts (or similar),” the warning notice stated.
Contact the author
Please read our comment policy before commenting.