LinkedIn: What Is the Flavor Profile of Poisoned Data?
October 6, 2022
I gave a lecture to some law enforcement professionals focused on cyber crime. In that talk, I referenced three OSINT blind spots; specifically:
- Machine generated weaponized information
- Numeric strings which cause actions within a content processing system
- Poisoned data.
This free and public blog is not the place for the examples I presented in my lecture. I can, however, point to the article “Glut of Fake LinkedIn Profiles Pits HR Against the Bots.”
The write up states:
A recent proliferation of phony executive profiles on LinkedIn is creating something of an identity crisis for the business networking site, and for companies that rely on it to hire and screen prospective employees. The fabricated LinkedIn identities — which pair AI-generated profile photos with text lifted from legitimate accounts — are creating major headaches for corporate HR departments and for those managing invite-only LinkedIn groups.
LinkedIn is a Microsoft property, and it — like other Microsoft “solutions” — finds itself unable to cope with certain problems. In this case, I am less interested in “human resources”, chief people officers, or talent manager issues than the issue of poisoning a data set.
LinkedIn is supposed to provide professionals with a service to provide biographies, links to articles, and a semi-blog function with a dash of TikTok. For some, whom I shall not name, it has become a way to preen, promote, and pitch.
But are those outputting the allegedly “real” information operating like good little sixth grade students in a 1950s private school?
Nope.
The article suggests three things to me:
- Obviously Microsoft LinkedIn is unable to cope with this data poisoning
- Humanoid professionals (and probably the smart software scraping LinkedIn for “intelligence”) have no way to discern what’s square and what’s oval
- The notion that this is a new problem is interesting because many individuals are pretty tough to track down. Perhaps these folks don’t exist and never did?
Does this matter? Sure, Microsoft / LinkedIn has to do some actual verification work. Wow. Imagine that. Recruiters / solicitors will have to do more than send a LinkedIn message and set up a Zoom call. (Yeah, Teams is a possibility for some I suppose.) What about analysts who use LinkedIn as a source information?
Interesting question.
Stephen E Arnold, October 6, 2022