Social networking sites used by foreign intelligence services
Most people join social networking websites such as Facebook and Twitter to get to know others better.
But the Dutch secret services are warning that some use the very same sites for more sinister ends.
They say people should be careful when placing information on their personal sites as foreign intelligence agencies often use social networking sites to gather information. And this Friday, the Dutch intelligence agencies began a campaign to warn of the dangers of digital espionage.
Brochures have been published to inform potential target groups about the dangers. One on 'digital espionage' describes the dangers of infected emails, visiting infected websites and how infected USB sticks are sometimes handed out as promotional gifts at conferences.
The information has been published by the AIVD (General Intelligence and Security Service) and MIVD (Military Intelligence and Security Service). They point specifically to social networking sites such as Facebook.
The AIVD’s Director of National Security, Wil van Gemert, says the campaign against digital espionage is not meant for IT professionals or the general public. Its primary goal is to educate people who deal with confidential information.
In an interview with Radio Netherlands Worldwide, Van Gemert says the campaign is meant for:
"People travelling abroad who are employed in sensitive positions by large international companies and scientific institutions or policy-making officials. We focus on the users. Of course it is important to use a firewall, but one must also be aware of the dangers inherent in the way one deals with emails and storage devices."
The AIVD warns about USB sticks handed out as promotional gifts. According to Van Gemert "It has happened that USB sticks have been distributed as gifts and although they appeared to be empty it was discovered that they contained a virus or a spyware programme. There are also emails that appear reliable, but as soon as you open them you download a Trojan horse that allows hackers to gain access to your data."
In 'classical' espionage charming ladies or gentlemen have been known to approach public servants or senior officials on a trip abroad in order to get hold of information.
Van Gemert explains that such information can be obtained by different methods in the digital world:
"Because people can be traced so easily using the internet, via Facebook or other sites, it can sometimes be extremely easy to see who might have access to interesting information. If you can then send the user an email which he or she does not suspect – for instance via feeds [mailing lists] then it can happen that information can be obtained from your computer that way."
Still a danger
The AIVD does not suggest that people who have access to confidential information should avoid social networking sites. They should just be aware of the risks, says Van Gemert:
“You do not have to avoid using Facebook, Hyves [a Dutch social networking site] and other similar sites, but you should keep in mind that they are available to third parties. Espionage is not something from thirty years ago. It is something which exists today in many different forms, and especially in the digital world.”
Friendly countries also spy
In its recent annual report, the AIVD pointed to the roles that China and Russia play when it comes to spying in the Netherlands. “This does not mean that the intelligence services of more or less friendly countries are not active here. That is why we point out that while one should be aware of potential dangers from certain countries, espionage is international, and also includes neighbouring and friendly countries.”
The AIVD and its military counterpart the MIVD also collect information abroad. The ‘targets’ are chosen by the prime minister on an annual basis. The AIVD does not discuss the details for obvious reasons. But Van Gemert says: “I do not exclude any means, including digital.”
The AIVD as target
The AIVD has obviously taken the necessary measures to secure itself and its employees from digital burglary, as Mr Van Gemert explains:
“There are people who are also interested in what we know, and we take this into account. We attempt to ensure that our communications and contacts are as secure as possible.”
Van Gemert refuses to say if attempts have been made to gain information digitally from the AIVD.
Hans de Vreij