News

LinkedIn files lawsuit to identify hackers

Warwick Ashford

LinkedIn has filed a lawsuit aimed at identifying hackers who used Amazon's cloud computing service to bypass security measures and copy data from hundreds of thousands of member profiles.

According to court documents, ten unidentified hackers set up faked LinkedIn accounts and ran automated bots on virtual computers rented from Amazon to harvest details from members’ profiles.

hacker-security-istock-thinkstock-290px.jpg

“This practice, known as 'scraping,' is explicitly barred by LinkedIn's User Agreement,” which also prohibits access to LinkedIn through any “technology or software” without the “express written consent of LinkedIn or its Members,” the complaint said.

Lawyers for LinkedIn, which claims that dealing with the hackers cost them $5,000, filed a complaint with the Northern District of California Court after the fake accounts were discovered, the Telegraph reports.

With more than 259 million professional members, LinkedIn holds a wealth of personal data that can be used by cyber criminals to carry out phishing attacks, identity theft, and similar scams.

By setting up a large number of fake accounts, the hackers were able to circumvent controls that limit the activity any single account can perform, enabling the bots to access thousands of profiles a day.

The hackers bypassed a security measure that is supposed to require users to complete bot-defeating CAPTCHA dialogues when potentially abusive activities are detected, reports Ars Technica.

They also bypassed restrictions that LinkedIn intended to impose through a robots.txt file, which indicate content may be indexed by automated web-crawling programs used by Google and other sites.

LinkedIn has disabled the fake accounts and implemented more technological safeguards to prevent further scraping.

Investigators found that the hackers accessed LinkedIn using a highly scalable cloud computing platform offered by Amazon Web Services called Amazon EC2.

This enabled the hackers to rent potentially hundreds of thousands of virtual computers to run their automated data-scraping software.

The goal of LinkedIn's lawsuit is to give lawyers the legal means to carry out "expedited discovery” to learn the identity of the hackers.

Security experts said the success of this will depend on whether the hackers who subscribed to the Amazon service used payment methods or IP addresses that can be traced.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy