Skip to content
Naked Security Naked Security

I’d like to add you to my professional network of people to spy on

A deepfake was reportedly spotted in the wild: LinkedIn's well-connected, young, attractive Eurasia/Russia expert "Katie Jones."

We’re sorry to inform you that if you were looking for some insight into Russian and Eurasian politics in the Washington political scene, or if you were sniffing around for a job with, say, the Brookings Institution, you won’t have 30-year-old Katie Jones to cozy up to anymore.

She’s disappeared off of LinkedIn. Actually, “she” – as in, a corporeal being, as opposed to a deepfake created by artificial intelligence (AI) –  was never there to begin with, according to an investigation by the Associated Press.

This is what her LinkedIn profile looked like before Katie Jones, an extremely well-connected redhead and purportedly a Russia and Eurasia Fellow at the top think-tank Center for Strategic and International Studies (CSIS), blinked out of existence:

AP reporter Raphael Satter says that the profile was removed from LinkedIn about 36 hours after he contacted the networking platform about it.

Most people, upon seeing a connection request from such a highly placed and accomplished young woman, would likely accept. After all, there’s a strong element of self-promotion with LinkedIn networking, as pointed out by many of the 40 or so people whom the Jones profile managed to connect with and whom Satter interviewed.

This is what one of Jones’ UK connections told Satter:

Easy for experts to spot

Many of us wouldn’t think twice about accepting an invitation from Jones to connect, but experts in AI generated images said her phony profile picture was easy to spot.

The experts believe that Jones’ photo was created with a family of dueling computer programs called generative adversarial networks (GANs): machine learning systems that pit neural networks against each other in order to generate convincing photos of people who don’t exist.

Munira Mustaffa (previously tweeting as Intel Mercenary), one of the experts on GANs, tweeted out a series of clues that she said reveal if an image has been computer-generated. In all, she said, she spotted 15 markers in the Jones photo:

… Clues that Satter stitched together into this:

A spy’s playground

Mustaffa called LinkedIn “an open playing field for malicious actors who can impersonate senior figures at major US think-tanks with impunity.”

If Jones was indeed a deepfake, she’s not the first fake femme fatale we’ve seen on LinkedIn. We saw it with one whose LinkedIn profile was patently fake (a 28-year-old MIT grad with 10 years of experience?) yet who still duped IT guys at a US government agency that specializes in offensive cybersecurity.

Then too, there was that fake hot babe who speared businessmen on LinkedIn back in 2017.

LinkedIn is, after all, a perfect tool for espionage. Why spend your time trying to score interviews with targets whom you have to ask to speak louder and to lean into your lapel, when you can sit back and virtually network with people in government/military/trade secret-rich private industry who are eager to do some career ladder climbing and/or to meet a hot young thing?

We’ve known for years that LinkedIn is a spy’s playground. A few years back, Germany’s spy agency – Bundesamt für Verfassungsschutz (BfV) – published eight of the most active profiles it says were being used on LinkedIn to contact and lure German officials for espionage purposes.

It’s yet another important reminder that we don’t know the real identities of the people who reach out to us online.

5 Comments

Anyone that adds people they don’t know, to their “personal” friends (trusted to access your data) group, has made trust/judgment mistake. Doesn’t matter the platform. (No, bad kitty, that’s my data dump pii)
Exceptions being, if you have a business/band/group account and want the head count, and not handing our your pii.

Of course, given Linkedin’s history of poor security and spamming the snot out of the world, anyone with any sense will avoid poking the site with someone else’s ten foot bargepole.

That means that being on it is is already a good indication of being overly credulous and lacking sense – ie, good target material.

Mind telling that to my (computer science) techers? They pretty much made everyone get one.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?