14 DAY TRIAL // It would seem that in order to make a few bucks the Russian hackers are not satisfied with the traditional means anymore and are turning to recruitment sites. A nice profit can be made by harvesting all that information and then selling it to interested parties on the black market.
The group of hackers responsible for this data harvesting is known as Phreak. Their Trojan is designed to scour the Internet, recruitment sites in particular, and gather as many CVs as possible. The list of sites that have fallen victim to the Russian attack is quite long and it includes the following: Monster.com, AOL Jobs, Ajcjobs.com, Careerbuilder.com, Careermag.com, Computerjobs.com, Hotjobs.com, Jobcontrolcenter.com, Jobvertise.com and Militaryhire.com. The CVs along with the data included in them was supposed to be kept private and used only for recruitment purposes.
"This is way beyond email harvesting tools. The utility is quite sophisticated and attempts to make sense of the data format found in CVs, extracting only useful information. Phreak is selling its services to people running higher-end [targeted] spear phishing attacks," says Jacques Erasmus, director of research at PrevX.
How does the loss of this data affect the user? Anyone with malicious intent, such as ID theft, phishing, or fraud can employ Phreak to steal your private data for as little as $600. The group also boasts about the fact that the data will be received customized to your needs by filtering the results.
This is not the first time that Monster.com is targeted by Trojans. In September last year the same thing happened and representatives from the company said preventive measures would be enforced. Sal Iannuzzi, chairman and CEO of Monster Worldwide commented at the time: "Protecting the job seekers who use our website is a top priority at Monster." The only difference is that this time more sites were targeted. Even though the program used is not malware but a harvesting engine, there are still methods of enforcing security such as CAPTCHAs.
Other Russian hackers have also made the news by initiating an attack on Lithuania.