January 9, 2014 - 21:26 AMT
PanARMENIAN.Net - LinkedIn has filed a lawsuit to identify anonymous hackers who created thousands of fake accounts to "scrape" profile data, Daily Telegraph reports.
According to court documents, the defendants ran automated bots on virtual computers rented from Amazon to harvest details on the social networking site for professionals.
Lawyers for the company - which claims that dealing with the hackers cost them $5,000 (£3,000) - filed a complaint with the Northern District of California Court after the fake accounts were discovered.
In its court submission, LinkedIn said: "Since May 2013, unknown persons and/or entities employing various automated software programs (often referred to as "bots") have registered thousands of fake LinkedIn member accounts and have extracted and copied data from many member profile pages.
"This practice, known as data 'scraping,' is explicitly barred by LinkedIn's User Agreement, which prohibits access to LinkedIn through scraping, spidering, crawling or other technology or software used to access data without the express written consent of LinkedIn or its Members."
Although the identity of the hackers is currently unknown, LinkedIn says that because they used Amazon's Elastic Compute Cloud it "expects to be able to identify the Doe Defendants by serving third-party discovery on AWS".
While it is not clear what the hackers plan to do with the data, the company says that "ongoing and irreparable harm" has been caused. According to LinkedIn's complaint, having thousands of fake profiles reduces the "accuracy and integrity" of information on the site, potentially causing legitimate users to be "confused or misled".
LinkedIn, which says that its "mission is to connect the world's professionals to make them more productive and successful", hosts the CVs of 259 million members, many of them high-level executives.
Recruiters at 90 of the Fortune 100 companies use the website to search for prospective candidates.
Mike Small, a security analyst at Kuppinger Cole, said: “Cloud services are cheap to set up, easy to use and potentially very powerful. They usually need only a credit card to get access. They are likely to be as attractive to hackers and cyber criminals as they are to legitimate users. Cloud services usually have extensive controls in place to prevent their use for illegitimate or illegal purposes and the cloud service contracts normally specifically forbid this. Cyber criminals would need to find a way to cloak their identity when using a public cloud service in this way. This incident illustrates the difficulties faced in a world where the law and law enforcement is geographically organized but criminal activities using the internet cut across these boundaries.”
Richard George, LinkedIn spokesman, said: “We’re a members-first organization and we feel we have a responsibility to protect the control that our members have over the information they put on LinkedIn.”