美軍揭外國勢力利用社群平台招募士兵　台灣防範機制亟需升級

照片

美國陸軍反情報司令部（U.S. Army Counterintelligence Command, ACC）警告，外國勢力正透過 LinkedIn、Indeed、Reddit 等社群平台 主動招募美軍現役士兵，試圖取得敏感軍事技術與情報資料。

在本週於華盛頓舉行的 美國陸軍協會（AUSA）年會 中，ACC 人員指出，隨著 2025 年的新一代士兵愈加依賴數位平台與副業收入，他們也成為外國情報單位滲透的主要目標。

ACC 東北區特別探員 Scott Grovatt 表示：「LinkedIn、Indeed、Reddit──這些平台每天都在被外國敵對勢力用來鎖定我們的士兵。」他強調，許多士兵在副業申請或學術寫作中，可能在不知情的情況下，替外國企業撰寫涉密內容。

他呼籲各級單位領導者主動關心屬下的副業與線上活動，若發現異常情況，應立即通報反情報部門。「若聽到有人提到替某家公司寫技術報告，就應該介入詢問、並聯絡反情報單位。」

據指出，ACC 已多次介入調查涉案人員，其中包括：

• 22歲士兵 Taylor Adam Lee（駐地 Fort Bliss）於 2025 年 8 月遭逮捕，涉嫌試圖向俄羅斯國防部傳送國防情報資料；
• 情報分析官 Korbein Schultz 於 2025 年 4 月被判刑 84 個月，因出售美軍敏感能力資訊給自稱屬於中國政府的人士。

美軍反情報部門表示，隨著 AI 與遠端工作型態普及，「社群間諜滲透」將成為21世紀國防安全的主要威脅之一。

🔍 三大觀察重點

1️⃣ 社群平台成國安新戰場：外國勢力利用求職與社交網站滲透軍方，顯示資訊安全防線必須擴大到 個人數位行為層面，對台灣軍方與政府單位具警示作用。

2️⃣ 副業與外包風險升高：士兵與公務員在副業或遠端合作中可能成為外國情報目標，台灣應強化 副業審查與數據外洩防範機制。

3️⃣ 防情報教育急需制度化：美軍透過單位幹部層層監督模式強化預防，台灣可參考建立 跨單位資安與反滲透通報系統。

延伸分析建議：

🧩 1️⃣ 把防滲透「隱形化」整合到既有流程

不額外新增表單或程序，而是優化原有制度。

• ✅ 副業審查：不新增項目，只在現有表單中多一個自動關鍵字提示（例如「若包含技術撰寫、顧問、外語訪問請自動提醒資安單位」）。
• ✅ 教育訓練：不額外開課，而是在每年資安或職安教育中嵌入5分鐘社群安全模組。
• ✅ 通報流程：讓「疑似外部邀請」可直接用現有公文系統、或匿名內網報案功能，一鍵完成，不需額外手續。

🧠 2️⃣ 用「輕教育」取代「硬訓練」

公務員與軍人不喜歡被「上課」，但樂於看「案例」。

• 可製作一系列「真實案例卡」或短影片（例如：「假LinkedIn邀請事件」、「假科技訪談案例」），在單位晨會或Line群組中每週分享一則。
• 每個案例只需30秒閱讀，但長期建立防範意識。
• 政府不出面講，讓「同仁之間」分享，降低排斥感。

⚙️ 3️⃣ 用「科技輔助」降低負擔

與其靠人工審查副業、查外部信件，不如讓系統自動幫忙：

• 在公務信箱或軍方郵件系統中，內建「外部網域提醒」，一旦來自海外可疑信件（如 .ru、.cn、.hk）出現，就會自動跳出「注意：請確認對方身分」。
• LinkedIn 或社群登入公司電腦時，自動彈出「提醒：請勿公開軍職細節或敏感專案」。
  這些提醒可由資訊單位集中設定，不增加人員工作量。

在這個資訊氾濫、假帳號滿天飛的時代，防範滲透不是要限制誰說話，而是保護我們不要被利用。有時一個看似普通的連結、問卷或邀請，都可能被人拿來蒐集資料或操弄輿論。社群自由要靠自己守，不靠封鎖，而靠判斷力。懂得辨識假資訊與假邀請，不只是保護個資，更是現代公民的基本能力。

U.S. Army Warns of Foreign Recruitment via Social Media — Taiwan Urged to Upgrade Counter-Infiltration Measures

The U.S. Army Counterintelligence Command (ACC) has warned that foreign adversaries are using LinkedIn, Indeed, and Reddit to actively recruit American service members, seeking to obtain sensitive military technologies and intelligence.

At this week’s Association of the United States Army (AUSA) conference in Washington, ACC officials noted that as the 2025 generation of soldiers becomes increasingly reliant on digital platforms and supplemental income, they have also become key targets for foreign intelligence agencies.

Scott Grovatt, Special Agent in Charge of the ACC’s Northeast Region, stated:

“LinkedIn, Indeed, Reddit — these are the platforms where our soldiers are being targeted every single day.”

He emphasized that many soldiers, while applying for side jobs or engaging in academic work, may unwittingly produce classified or sensitive material for foreign entities. Grovatt urged leaders at all levels to take an active interest in their subordinates’ side employment and online activities, and to contact counterintelligence officers immediately if suspicious circumstances arise.

“If you hear someone mention writing a technical report for an outside company, you should intervene, ask questions, and call counterintelligence,” he said.

According to ACC, multiple investigations have been conducted into personnel involved in espionage-related activities, including:

• Spc. Taylor Adam Lee (stationed at Fort Bliss), arrested in August 2025 for attempting to transmit defense information to Russia’s Ministry of Defense.
• Sgt. Korbein Schultz, sentenced to 84 months in prison in April 2025 for selling sensitive U.S. military data to individuals posing as members of the Chinese government.

ACC officials warned that with the rise of AI tools and remote work models, “social-media espionage” will become one of the most significant national-security threats of the 21st century.

🔍 Three Key Insights

1️⃣ Social media as a new national-security battlefield —

Foreign powers exploiting job and social-network platforms to infiltrate the military shows that cybersecurity defenses must now extend to personal digital behavior. Taiwan’s defense and government agencies should take this as a serious warning.

2️⃣ Higher risks from side jobs and outsourcing —

Service members and public servants engaging in remote or secondary work can become targets of foreign intelligence. Taiwan should enhance side-employment screening and data-leak prevention mechanisms.

3️⃣ Institutionalizing counterintelligence education —

The U.S. Army’s layered leadership-based prevention model offers a reference point for Taiwan, which could establish a cross-agency cyber and counter-infiltration reporting system to improve early detection.

🧩 Extended Analysis & Recommendations

1️⃣ Integrate counter-infiltration measures invisibly into existing systems

No new bureaucracy — just smarter use of what already exists:

• Add automatic keyword alerts (e.g., “technical writing,” “consulting,” “foreign collaboration”) to current side-employment forms to notify cybersecurity units.
• Include a five-minute social-media safety module in annual cybersecurity or occupational training.
• Enable one-click reporting for suspicious foreign contact through existing intranet or document systems.

2️⃣ Replace “heavy training” with “light education”

People dislike formal lectures but engage with real-life stories.

• Create short “case cards” or mini-videos (e.g., “Fake LinkedIn Invitation,” “False Academic Interview”) shared in unit chat groups or weekly briefings.
• Each case takes only 30 seconds to read but builds long-term awareness.
• Let peers share examples organically, reducing resistance.

3️⃣ Use technology to ease the burden

• Integrate automatic foreign-domain alerts (.ru, .cn, .hk) in official email systems.
• When logging in to LinkedIn or similar platforms on government computers, display reminders such as “Avoid posting details about sensitive projects.”
• All features can be centrally configured by IT departments, without adding manual workload.

💬 Closing Note

In today’s information-saturated world, where fake accounts and phishing links abound, counter-espionage isn’t about restricting speech — it’s about protecting people from manipulation.

A single innocent-looking link, survey, or “research invitation” can be used to collect data or shape opinions.

True social-media freedom is safeguarded not by censorship, but by discernment.

Recognizing fake information and deceptive outreach is not just about data security — it’s part of being a capable, self-aware citizen in the digital age.