Hackers were able to use the Amazon cloud in order to scrape data from LinkedIn profiles.
According to Arstechnica, the hackers employed a raft of techniques designed to bypass anti-scraping measures built into the network, including the creation of huge numbers of fake accounts. They also circumvented security measures that are supposed to require end-users to complete bot-defeating CAPTCHA dialogues when potentially abusive activities are detected.
Because of this, LinkedIn is suing the attackers over the scraping of information. This, LinkedIn’s attorneys alleged in a complaint filed this week, is “explicitly barred by LinkedIn’s User Agreement, which prohibits access to LinkedIn ‘through scraping, spidering, crawling, or other technology or software used to access data without the express written consent of LinkedIn or its Members”.
The complaint also said that registering so many unique new accounts allowed the defendants to view hundreds of thousands of member profiles per day. Now it is implementing additional technological safeguards to prevent further scraping and conducted an extensive investigation into the bot-powered methods employed by the hackers.
LinkedIn also determined that attackers accessed LinkedIn using Amazon Web Services to rent virtual computers on which to run their own computer programs and applications. “The defendants used Amazon EC2 to create virtual machines to run automated bots to scrape data from LinkedIn’s website,” the complaint said.
Mike Small, a member of the ISACA Security Advisory Group, said that this was made possible as cloud services are cheap to set up, easy to use and potentially very powerful. “They usually need only a credit card to get access. They are likely to be as attractive to hackers and cyber criminals as they are to legitimate users,” he said.
“Cloud services usually have extensive controls in place to prevent their use for illegitimate or illegal purposes and the cloud service contracts normally specifically forbid this. Cyber criminals would need to find a way to cloak their identity when using a public cloud service in this way.”
According to research by Imperva from December 2013, attackers were using hosted service-based models to host command and control (C&C) servers to allow easier access to data, from both inside and outside the service, and to do botnet management and as an infrastructure for both infection and data exfiltration.