This story has been updated with new information from the Defense Department.
New government-sponsored YouTube videos caution feds and contractors to be wary of connecting with an individual on social media who they have never met in person, but seems to know a lot about them. Foreign spies abound on social media, the public service announcements say.
The impetus for the warning about undercover operatives in cyberspace is recent large data breaches, the narrators of the video say.
But alleged foreign cyberspies may be taking a page out of the Pentagon’s own playbook on targeting adversaries online.
Newly declassified 2013 guidance, "Human Intelligence (HUMINT) Activities in Cyberspace," establishes policies and responsibilities for Defense Department components and contractors. On Thursday, Pentagon spokeswoman Cdr. Linda Rojas told Nextgov "the policy is still in effect."
Most of the directions for this sly approach to cozying up with the enemy for information extraction are redacted, but the glossary offers some understanding of the tactics in play.
For example, "cyber persona" is defined as "an identity used in cyberspace to obtain information or influence others, while dissociating the actor's true identity or affiliation."
Then, there is the term "digital tradecraft," which refers to "digital or cyber tactics techniques, and procedures designed to obscure or frustrate observation by hostile or unfriendly entities."
The undersecretary of defense for intelligence oversees such HUMINT operations in cyberspace, according to the 12-page document, which was obtained by the nonprofit National Security Archive through a Freedom of Information Act request and posted online Wednesday.
Michael Vickers, then-undersecretary of intelligence, signed the policy and barred contractors from playing lead roles as cyberspies. Industry personnel can play a major supporting role as technicians, "report writers," and interpreters, as well as perform other "appropriate support functions," as long as government employees are supervising their actions, he said.
"The direction and control of HUMINT activities in cyberspace, including the approval, supervision and oversight of such activities, are inherently governmental," Vickers said. The current undersecretary of intelligence is Marcel Lettre.
The cyberspy policy took effect June 6, 2013.
On Tuesday, the Office of the Director of National Intelligence posted the latest in a series of videos as part of a campaign titled, "Know the Risk - Raise Your Shield," which features a handful of short segments on how to defend against foreign intelligence cyberstalkers.
The risks of Chinese undercover operatives targeting U.S. government personnel and contractors online came into focus after revelations last year of a gargantuan Office of Personnel Management hack.
The attackers, believed to be Chinese-funded, grabbed background check records on 21.5 million past, present and prospective national security employees, along with their relatives.
The professional histories, social circles and other guarded details contained in the documents all could be used to feign a relationship and gain the trust -- and information -- of people with access to U.S. secrets, intelligence community professionals say.
Two of the YouTube episodes feature foreigners who have created cyber personas on a professional network similar to LinkedIn.
One narrator points out that social media is a ready-made platform for deception. A foreign spy could pose as a former coworker or classmate -- or a headhunter, the video shows. In the video, a contractor receives a message from a purported recruiter who says she was referred by the networker's friend Bill, and adds she is interested in hiring him.
She asks seemingly mundane questions -- Do you have a security clearance? What contracts does your company support? -- but, as the video notes, the answers could provide valuable insights to a foreign government.