Job seekers may fake their credentials. But the recruiter on the phone with you could be lying, too.
IntelCrawler, a Sherman Oaks, California,security firm, said it has uncovered a database of user names and passwords from a government jobs website that is being sold in the underground. The company has alerted U.S. authorities, who are investigating the matter.
The breach affected as many as 5,000 accounts at GovJobs.com, according to IntelCrawler. Not a huge number, but in files reviewed by Bloomberg News, many of the user names, e-mail addresses and passwords IntelCrawler says were stolen correspond to recruiters for top defense contractors and a range of government departments including the National Security Agency and each branch of the U.S. military.
Hackers with such information could impersonate recruiters and tap job seekers who have knowledge of sensitive government projects, or seek damaging information about applicants to blackmail them into spying for them, said Dan Clements, IntelCrawler's president. They could cross-reference job-hunter lists with information, stolen in earlier hacks of commercial firms, on applicants' use of drugs, alcohol and pornography or their financial transactions. Like many Internet users, some recruiters reuse their passwords, which can put their contacts at other sites at risk as well.
IntelCrawler said it alerted law enforcement agencies and the U.S. Computer Emergency Readiness Team (US-CERT) about the breach, which the company said occurred on Aug. 13. US-CERT, an arm of the Department of Homeland Security that coordinates the sharing of cyber-security threat information, said it is aware of the report and is investigating. NSA spokeswoman Vanee Vines declined to comment. Pentagon representatives didn't return messages.
Peter Osapay, operations manager for ProGovJobs, which operates GovJobs.com, said that the company wasn't aware of any data breach, that it works closely with U.S. law enforcement officials to investigate attacks, and that it hadn't heard from authorities about any such attack. The Laguna Hills, California, company stores limited data about job seekers, reducing its usefulness to attackers, he said.
"Even without a hack, if an employer went through our resume database and resold it, it is mostly old data with not much use really, as it lacks many personal details acquired later at interviews," Osapay said in an e-mailed statement.
The site states that it attracts almost three million job seekers a month and has more than 50,000 resumes for recruiters to browse. Resumes can be accessed through recruiters' accounts, Clements said.
IntelCrawler said it knows the stolen passwords are real because it validated them against the GovJobs site as well as other government-jobs websites where the recruiters had accounts and where they reused their log-in credentials. Bloomberg News reviewed some of the files related to those efforts. The information leaked because of a common website vulnerability that is still present on GovJobs, according to IntelCrawler.
"If they have the full resume or CV of that person, if they have a classified clearance, they could be severely compromised," Clements said.
IntelCrawler said the attack may have been state-sponsored, as it has been tracking the group it believes was behind it, and has documented its interest in cyber-espionage attacks against people with secret clearances. It declined to be more specific, saying it didn't want to compromise its methods.
Hackers are always looking for weak links in the protection of sensitive information, said Reece Hirsch, a partner with the law firm Morgan, Lewis & Bockius who is focused on privacy and cyber-security. "It seems that they may have identified a new one – sites that recruit for sensitive government, military and other security-clearance positions," Hirsch said.
As networks with sensitive information harden their defenses against hackers, online intruders seem to have found a side door to companies' computer systems in employment services. Last month, the Washington Post reported that US Investigations Services, the largest provider of job-applicant background checks for the federal government, was hacked and information on employees of the Department of Homeland Security stolen. DHS and USIS acknowledged the breach, and USIS said the break-in had "all the markings of a state-sponsored attack."
Also in August, a hacking group that was behind attacks on the Wall Street Journal, the BBC and other news organizations boasted on Twitter that it had breached a jobs portal for G4S, a U.K. security company with more than 600,000 employees. Piers Zangana, a G4S spokesman, declined to comment.
Source:
http://www.bloomberg.com/news/2014-09-16/does-that-headhunter-want-your-head-or-your-secrets-.html
Fri Jul 19, 2024 10:30 am by faithhharris
» CCS.N0000 ( Ceylon Cold Stores)
Wed Mar 20, 2024 11:31 am by Hawk Eye
» Sri Lanka plans to allow tourists from August, no mandatory quarantine
Wed Sep 13, 2023 12:16 pm by lauryfriese
» When Will It Be Safe To Invest In The Stock Market Again?
Wed Apr 19, 2023 6:41 am by කිත්සිරි ද සිල්වා
» Dividend Announcements
Wed Apr 12, 2023 5:41 pm by කිත්සිරි ද සිල්වා
» MAINTENANCE NOTICE / නඩත්තු දැනුම්දීම
Thu Apr 06, 2023 3:18 pm by කිත්සිරි ද සිල්වා
» ඩොලර් මිලියනයක මුදල් සම්මානයක් සහ “ෆීල්ඩ්ස් පදක්කම” පිළිගැනීම ප්රතික්ෂේප කළ ගණිතඥයා
Sun Apr 02, 2023 7:28 am by කිත්සිරි ද සිල්වා
» SEYB.N0000 (Seylan Bank PLC)
Thu Mar 30, 2023 9:25 am by yellow knife
» Here's what blind prophet Baba Vanga predicted for 2016 and beyond: It's not good
Thu Mar 30, 2023 9:25 am by HaeroMaero
» The Korean Way !
Wed Mar 29, 2023 7:09 am by කිත්සිරි ද සිල්වා
» In the Meantime Within Our Shores!
Mon Mar 27, 2023 5:51 pm by කිත්සිරි ද සිල්වා
» What is Known as Dementia?
Fri Mar 24, 2023 10:09 am by කිත්සිරි ද සිල්වා
» SRI LANKA TELECOM PLC (SLTL.N0000)
Mon Mar 20, 2023 5:18 pm by කිත්සිරි ද සිල්වා
» THE LANKA HOSPITALS CORPORATION PLC (LHCL.N0000)
Mon Mar 20, 2023 5:10 pm by කිත්සිරි ද සිල්වා
» Equinox ( වසන්ත විෂුවය ) !
Mon Mar 20, 2023 4:28 pm by කිත්සිරි ද සිල්වා
» COMB.N0000 (Commercial Bank of Ceylon PLC)
Sun Mar 19, 2023 4:11 pm by කිත්සිරි ද සිල්වා
» REXP.N0000 (Richard Pieris Exports PLC)
Sun Mar 19, 2023 4:02 pm by කිත්සිරි ද සිල්වා
» RICH.N0000 (Richard Pieris and Company PLC)
Sun Mar 19, 2023 3:53 pm by කිත්සිරි ද සිල්වා
» Do You Have Computer Vision Syndrome?
Sat Mar 18, 2023 7:36 am by කිත්සිරි ද සිල්වා
» LAXAPANA BATTERIES PLC (LITE.N0000)
Thu Mar 16, 2023 11:23 am by කිත්සිරි ද සිල්වා
» What a Bank Run ?
Wed Mar 15, 2023 5:33 pm by කිත්සිරි ද සිල්වා
» 104 Technical trading experiments by HUNTER
Wed Mar 15, 2023 4:27 pm by katesmith1304
» GLAS.N0000 (Piramal Glass Ceylon PLC)
Wed Mar 15, 2023 7:45 am by කිත්සිරි ද සිල්වා
» Cboe Volatility Index
Tue Mar 14, 2023 5:32 pm by කිත්සිරි ද සිල්වා
» AHPL.N0000
Sun Mar 12, 2023 4:46 pm by කිත්සිරි ද සිල්වා
» TJL.N0000 (Tee Jey Lanka PLC.)
Sun Mar 12, 2023 4:43 pm by කිත්සිරි ද සිල්වා
» CTBL.N0000 ( CEYLON TEA BROKERS PLC)
Sun Mar 12, 2023 4:41 pm by කිත්සිරි ද සිල්වා
» COMMERCIAL DEVELOPMENT COMPANY PLC (COMD. N.0000))
Fri Mar 10, 2023 4:43 pm by yellow knife
» Bitcoin and Cryptocurrency
Fri Mar 10, 2023 1:47 pm by කිත්සිරි ද සිල්වා
» CSD.N0000 (Seylan Developments PLC)
Fri Mar 10, 2023 10:38 am by yellow knife
» PLC.N0000 (People's Leasing and Finance PLC)
Thu Mar 09, 2023 8:02 am by කිත්සිරි ද සිල්වා
» Bakery Products ?
Wed Mar 08, 2023 5:30 pm by කිත්සිරි ද සිල්වා
» NTB.N0000 (Nations Trust Bank PLC)
Sun Mar 05, 2023 7:24 am by කිත්සිරි ද සිල්වා
» Going South
Sat Mar 04, 2023 10:47 am by කිත්සිරි ද සිල්වා
» When Seagulls Follow the Trawler
Thu Mar 02, 2023 10:22 am by කිත්සිරි ද සිල්වා
» Re-activating
Sat Feb 25, 2023 5:12 pm by කිත්සිරි ද සිල්වා
» අපි තමයි හොඳටම කරේ !
Tue Feb 14, 2023 3:54 pm by ruwan326
» මේ අර් බුධය කිසිසේත්ම මා විසින් නිර්මාණය කල එකක් නොවේ
Tue Jan 03, 2023 6:43 pm by ruwan326
» SAMP.N0000 (Sampath Bank PLC)
Wed Nov 30, 2022 8:24 am by කිත්සිරි ද සිල්වා
» APLA.N0000 (ACL Plastics PLC)
Fri Nov 18, 2022 7:49 am by කිත්සිරි ද සිල්වා
» AVOID FALLING INTO ALLURING WEEKEND FAMILY PACKAGES.
Wed Nov 16, 2022 9:28 pm by කිත්සිරි ද සිල්වා
» Banks, Finance & Insurance Sector Chart
Tue Nov 15, 2022 5:26 pm by කිත්සිරි ද සිල්වා
» VPEL.N0000 (Vallibel Power Erathna PLC)
Sun Nov 13, 2022 12:15 pm by කිත්සිරි ද සිල්වා
» DEADLY COCKTAIL OF ISLAND MENTALITY AND PARANOID PERSONALITY DISORDER MIX.
Mon Nov 07, 2022 6:36 pm by කිත්සිරි ද සිල්වා
» WATA - Watawala
Sat Nov 05, 2022 8:44 am by කිත්සිරි ද සිල්වා
» KFP.N0000(Keels Food Products PLC)
Sat Nov 05, 2022 8:42 am by කිත්සිරි ද සිල්වා
» Capital Trust Broker in difficulty?
Fri Oct 21, 2022 5:25 pm by කිත්සිරි ද සිල්වා
» IS PIRATING INTELLECTUAL PROPERTY A BOON OR BANE?
Thu Oct 20, 2022 10:13 am by කිත්සිරි ද සිල්වා
» What Industry Would You Choose to Focus?
Tue Oct 11, 2022 6:39 pm by කිත්සිරි ද සිල්වා
» Should I Stick Around, or Should I Follow Others' Lead?
Tue Oct 11, 2022 9:07 am by කිත්සිරි ද සිල්වා