US government website hit by Monster breach

About 146,000 users of a US government jobs website had their personal information stolen by cybercriminals who hacked into computers at Monster, according to a government spokesman.

The theft on the USAjobs.gov site, which has about 2 million users, was part of a hacking operation apparently run out of Ukraine that Monster disclosed last week, said Peter Graves, a spokesman for the US Office of Personnel Management.

Monster runs the site on behalf of the government.

On Wednesday, the government temporarily restricted recruiters from accessing the database until Monster completes efforts to ensure its computer system is secure, Graves said.

"We disabled it yesterday as an extra precaution on our part to best protect our users," he said by telephone late on Thursday.

He said the government expected to restore that access by Friday.

The information stolen from the USAjobs.gov database included names, mailing addresses, phone numbers and email addresses. Social security numbers, which are encrypted in the database, were not compromised, Graves said.

The government found out the site had been compromised on 20 July, when a subscriber submitted what appeared to be a fraudulent email, Graves said.

Officials with the US agency immediately passed the information on to Monster, the government spokesman said.

That appeared to differ from an earlier statement from Monster Worldwide. Chief Executive Sal Iannuzzi said on Wednesday that the company only learned that its systems might have been compromised on 18 August, when researchers with security company Symantec notified it of the matter.

Officials with Monster could not be reached for comment on Thursday.

A Symantec response team in Austin, Texas, had found that the hackers had managed to get unsuspecting PC users to download malicious software on to their computers so that the culprits could gain control of their PCs.

Such software is generally distributed via spam email attachments and by compromised websites. When users open those attachments or click on links on those sites, their PCs become infected.

From a command and control centre hosted on a server at a web hosting company in Ukraine, the thieves took control of those PCs and used them to access Monster's site using stolen credentials of job recruiters. The malicious software then sent the information to a second server in Ukraine, which Monster said was shut down on about 23 August.

The hackers' ultimate goal was to launch so-called phishing attacks on the job seekers whose data was taken, according to Monster and Symantec. In such schemes, hackers use the stolen data to persuade their targets to provide financial information or download malicious software.

In the case of the Monster theft, these fraudulent emails were sent by people purporting to be job recruiters.

What makes phishing schemes particularly damaging, compared with other scams over the centuries, is that, through the internet, criminals have quick access to millions of targets and an easier time evading justice.

It was not till Wednesday that Monster notified the US jobs agency how much data had been stolen from the USAjobs database, Graves said. "We didn't know the extent," he said. "We learned the extent yesterday."

The government followed up by posting a notice on the jobs site warning users that they might be victims of phishing attempts, and also contacted users individually via email, Graves said.

ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.