Every so often, Commsrisk needs to step back from the issues faced by comms providers to analyze how technology is changing the way information and misinformation about those issues is spread. This is one of those articles.
The following might look like the profile of a typical LinkedIn user who just wants to draw attention to their knowledge of cybersecurity.

This user also claims to have an impressive CV that involves working with several of Portugal’s leading businesses, and latterly with Europol.

As might be consistent with this profile, Alexandre Santos writes a lot about cybersecurity. And therein lies the problem. This account writes more than any human being could write. It writes more than any human being could read. On the day this Commsrisk article was written, the Santos account published 17 long posts about recent cybersecurity news within the space of a single minute. It published a batch of four more long posts about cybersecurity just 20 minutes later. Four other long posts had been published earlier in the day. 97 long posts had been published the day before, mostly in large batches.
The opening line of these posts follows a pattern. Here are some examples:
- 🚨 Alert: The Evolution of North Korean Cyber Threats 🚨
- 💻 Breaking News 🚨
- 🚨 Cyber Alert 🚨
- 🚨 Security Alert! 🚨
- 🚨 🛡️ Cryptocurrency Security Alert 🛡️ 🚨
- 💻🚨 New Attack Campaign Targeting Cloud-Native Platforms 🚨💻
Upon reading a sample of these posts, it soon became obvious how so many could be produced so rapidly. AI was used to re-word content scraped from the web. The output from the AI follows the same template every time. Some of the content is copied from genuine alerts issued by reputable authorities, some is taken from press releases promoting the products of cybersecurity vendors, and some is from miscellaneous tech and security news websites.
I was alerted to this account when LinkedIn’s algorithms recommended a post about IMSI-catchers, presumably because my account posts about IMSI-catchers on a fairly frequent basis. The recommended post was strewn with errors about how IMSI-catchers work and who makes them. Amusingly, it was evidently a poor re-write of an Electronic Frontier Foundation blog post that I had actually read the day before. Hence I was acutely aware of the anomalous use of American terminology for a post supposedly written by a European expert in cybersecurity. Furthermore, police forces around Europe use IMSI-catchers, as should be appreciated by any security analyst working for Europol, but the post was written from the perspective of American privacy activists who accuse the police of repeatedly breaking the law when using IMSI-catchers for surveillance.
If Alexandre Santos is a real person employed by Europol then it follows that he should be fired. This account is not only recklessly spreading misinformation about cybersecurity, but it also attacked the work done by police. However, I think it is highly unlikely that there is any real person matching this profile who works as a security analyst for Europol. If nothing else, the actual user behind this account must be spending most of their time nursemaiding AI bots that flood social media with crap instead of doing any actual job.
It goes without saying that I alerted LinkedIn to the creation of spam by this account, and they ignored my warning because they identified no issues. Social media companies talk a lot about battling misinformation, but they have very little interest in removing content unless the topic is a politically sensitive issue such as racism or terrorism or vaccines. A simple high usage control is all that LinkedIn would need to identify this account as problematic, but evidently they have no such monitoring control in place.
This account has followers who are genuine cybersecurity professionals. You might hope that professionals with an interest in cybersecurity will be better at spotting automated spam than other members of the public. They will need to be, because LinkedIn is not going to do anything about it.



