01-08-2014 04:10 PM
LinkedIn is suing a gang of hackers who used Amazon's cloud computing service to circumvent security measures and copy data from hundreds of thousands of member profiles each day.
"Since May 2013, unknown persons and/or entities employing various automated software programs (often referred to as 'bots') have registered thousands of fake LinkedIn member accounts and have extracted and copied data from many member profile pages," company attorneys alleged in a complaint filed this week in US District Court in Northern California. "This practice, known as 'scraping,' is explicitly barred by LinkedIn's User Agreement, which prohibits access to LinkedIn 'through scraping, spidering, crawling, or other technology or software used to access data without the express written consent of LinkedIn or its Members.'"
With more than 259 million members—many who are highly paid professionals in technology, finance, and medical industries—LinkedIn holds a wealth of personal data that can prove highly valuable to people conducting phishing attacks, identity theft, and similar scams. The allegations in the lawsuit highlight the unending tug-of-war between hackers who work to obtain that data and the defenders who use technical measures to prevent the data from falling into the wrong hands.
The unnamed "Doe" hackers employed a raft of techniques designed to bypass anti-scraping measures built in to the business network. Chief among them was the creation of huge numbers of fake accounts. That made it possible to circumvent restrictions dubbed FUSE, which limit the activity any single account can perform.
"In May and June 2013, the Doe defendants circumvented FUSE—which limits the volume of activity for each individual account—by creating thousands of different new member accounts through the use of various automated technologies," the complaint stated. "Registering so many unique new accounts allowed the Doe defendants to view hundreds of thousands of member profiles per day."