Hackers use Amazon cloud to scrape data from LinkedIn profiles

Amazon faces some stormy accusations

LinkedIn, the business social network, is suing a gang of hackers who used Amazon's cloud computing service to circumvent security measures on their site.

As a result of the breach, data from hundreds of thousands of profiles on LinkenIn were being copied and saved per day.

"Since May 2013, unknown persons and/or entities employing various automated software have registered thousands of fake LinkedIn member accounts and have extracted and copied data from many member profile pages," company attorneys alleged in a complaint filed this week.

LinkenIn has more than 259 million members, many of whom are highly paid professionals in technology, finance and business. The website holds a wealth of personal data that can prove highly valuable to those who would attempt phishing attacks, identity theft and similar scams.

Avoiding CAPTCHA

The unnamed "Doe" hackers used a number of techniques designed to bypass the anti-data scraping measures in place on the network. Their main method, however, was the creation of fake accounts, making it possible to circumvent restrictions placed on singular members.

"Registering so many unique new accounts allowed the Doe defendants to view hundreds of thousands of member profiles per day," read the complaint.

The hackers also managed to bypass the CAPTCHA dialogue system, through which abusive attempts to register with the site are usually detected. Amazon Elastic Compute Cloud (EC2) is taking most of flak for allowing the hackers to make the attacks they did. The feature allows users to rent virtual computers which can run applications and programs.

EC2 has been used by hackers before. In 2011 the Amazon service was used to control a bank fraud trojan and has been a tool used by password crackers.

The goal of LinkedIn's lawsuit is to give lawyers the legal means to learn the identity of the hackers.