By John P. Mello Jr. E-Commerce Times
08/22/07 4:00 AM PT
Resumes are highly prized in the identity theft community, according to Pam Dixon, executive director of the World Privacy Forum. "Resumes are gold in the hands of identity thieves, especially if it's a more organized kind of theft ring, because you can take the identities and match it up with geographical information and then just buy the SSNs [Social Security Numbers] and make a whole lot more cash."
eMarketer Whitepaper: Optimizing the E-Commerce Experience
From the Web to the Contact Center, are you prepared to proactively engage and keep your savvy customers? Read how e-commerce leaders are optimizing their sites with ratings, reviews, live help, Web analytics, mobile and more.
A data theft revealed over the weekend of some 1.6 million records from Monster.com does not raise issues of identity theft, the employment Web site asserted.
"[T]here have been reports of this as an issue of 'identify theft,'" Monster Vice President of Compliance and Fraud Prevention Patrick W. Manzo said. "We are not aware of any cases of identity theft. In fact, the information that is gathered from Monster is not different than that displayed in a phone book -- i.e. generic contact information."
The record theft, Manzo maintained, was not a breach of the company's security systems.
"To the best of our knowledge, this is not a 'hack' of Monster's security -- rather, legitimate customer credentials are being used to log into the database," Manzo said.
"We are investigating the reports related to this Trojan and will take all necessary steps to mitigate the issue, including terminating any account used for illegitimate purposes," he added.
Info Stealing Monsters
The data theft at Monster came to light last Friday in a blog entry at the Web site of security software maker Symantec (Nasdaq: SYMC), of Cupertino, Calif.
"Yesterday, we analyzed a sample of a new Trojan, called 'Infostealer.Monstres,' which was attempting to access the online recruitment Web site, Monster.com," Symantec researcher Amado Hidalgo wrote in the blog.
"It was also uploading data to a remote server," he continued. "When we accessed this remote server, we found over 1.6 million entries with personal information belonging to several hundred thousand people.
"Upon further investigation, the Trojan appears to be using the (probably stolen) credentials of a number of recruiters to log in to the Web site and perform searches for resumes of candidates located in certain countries or working in certain fields."
'Spammer's Fantasy Land'
"It's a spammer's fantasy land of information," Symantec product manager Mimi Hoang told the E-Commerce Times.
"By stealing the information from Monster and customizing it, they can target it and send out convincing phishing e-mails that will install other malicious malware to get more personal information," she added.
Resumes are highly prized in the identity theft community, according to Pam Dixon, executive director of the World Privacy Forum in San Diego, Calif.
"Resumes are gold in the hands of identity thieves, especially if it's a more organized kind of theft ring, because you can take the identities and match it up with geographical information and then just buy the SSNs [Social Security Numbers] and make a whole lot more cash," she told the E-Commerce Times.
Car Group
There is evidence that such an organized effort may be involved in the Monster data theft.
As Symantec was reporting on Infostealer.Monstres, SecureWorks, of Atlanta, reported in a blog at its Web site that it had discovered a cache of data stolen by a Trojan called "Prg."
"The data, which includes bank and credit card account information, SSNs, online payment account user names and passwords and other personal information, is from 46,000 victims who were all individually infected," wrote SecurityWorks researcher Don Jackson.
"The infection began in early May," he continued. "The victims are being infected and reinfected by ads on various online job sites. The hackers behind this scam are running ads on job sites and are injecting those ads with the Trojan."
Reportedly, the server caching the data stolen by the Trojan is one of 20 worldwide doing so. Twelve of those servers, including the one discovered by Jackson, are being operated by a single group of hackers known as the "Car Group," for their penchant for naming their malware after auto makers.
Familiar Modus Operandi
The attack on Monster is following an M.O. all too familiar to malware fighters.
"Monster has a high-profile name, but it's not unlike any other database that becomes compromised by someone with legitimate credentials who loses those credentials or makes them available to someone else," Ron O'Brien, a senior security analyst with security software maker Sophos, of Burlington, Mass., told the E-Commerce Times.
"What we're seeing today are very targeted attacks that use a combination of techniques," Symantec's Hoang added. "The end result is getting into people's personal and financial information for financial gain."
Loose-Lipped Facebookers Tell All to ID Thieves August 14, 2007
Security research firm Sophos has reported great amounts of personal information that could be useful to identity thieves is often freely available on Facebook. The report singled out Facebook due to its policy of requiring certain personal information before allowing a user to create a profile, though Sophos did note it was the users, not the site itself, that usually act as the weakest link.
Related Stories
Zero-Day Browser Exploits, Part 2: The Continuing Debate August 21, 2007
Much of the discussion over whether open or closed source browsers are more secure resembles a religious argument, suggested Steven R. Gordon, professor of Information Technology Management at Babson College. Regardless of which browser type users choose to believe is safer, they should consider several key mitigating factors.
Open Source Security, Part 2: 10 Great Apps August 20, 2007
Having many more eyes watching the code and a community of developers backing up users, open source security applications provide a wide range of options and made-to-order uses. Here's a list of 10 serious open source security applications, gathered via the word-of-mouth of the CSOs who use them.
The Woes of WiFi, Part 2: Digital Defense August 18, 2007
Many wireless users think running the same antivirus and firewall programs on a laptop will provide security when they connect to a WiFi point. That thinking, however, is very wrong. Device security is no longer related to just mobile computers. All mobile equipment with Internet and WiFi access -- iPhones, PDAs, smartphones, etc. -- are part of the security risk.
Related News Alerts
More by John P. Mello Jr.
VMware Fuses Performance With Convenience November 16, 2009
Fusion 3.0, the latest virtualization app from VMware that lets Mac users run Windows alongside OS X, puts an emphasis on performance. VMware built it specifically to leverage the 64-bit capabilities of Snow Leopard with a new 64-bit native engine. Its Migration Assistant for Windows lets Mac switchers recreate their old Windows PC inside a Mac, file by file.
Mouse Meets Multi-Touch November 09, 2009
Apple's latest peripheral, the Magic Mouse, takes the concept of multi-touch that the iPhone and iPod touch popularized and merges it with a button-free mouse. As one's mouse is a direct point of contact between human and machine, any changes made to it can be a divisive issue. Some users love the new abilities Magic Mouse brings to the table; others just can't stand the thing.
Samsung Intrepid: Sleek Hardware Makes Up For Uncomfy OS November 09, 2009
Samsung has built its Intrepid smartphone with a solid set of hardware. Its physical keyboard is comfortable for thumb-typing, and its camera sports a number of advanced features for a phone cam. The Windows Mobile 6.5 OS it's saddled with can be uncomfortable and unintuitive at times, but it may be at least a familiar interface for the business users the Intrepid targets.
Headline Feeds
credentials are being used to log into the database," Manzo said.
Talkback: 
