Does That Headhunter Want Your Head, or Your Secrets?

Does That Headhunter Want Your Head, or Your Secrets?


Job seekers may fake their credentials. But the recruiter on the phone with you could be lying, too.

IntelCrawler, a Sherman Oaks, California,security firm, said it has uncovered a database of user names and passwords from a government jobs website that is being sold in the underground. The company has alerted U.S. authorities, who are investigating the matter.

The breach affected as many as 5,000 accounts at, according to IntelCrawler. Not a huge number, but in files reviewed by Bloomberg News, many of the user names, e-mail addresses and passwords IntelCrawler says were stolen correspond to recruiters for top defense contractors and a range of government departments including the National Security Agency and each branch of the U.S. military.

Hackers with such information could impersonate recruiters and tap job seekers who have knowledge of sensitive government projects, or seek damaging information about applicants to blackmail them into spying for them, said Dan Clements, IntelCrawler’s president. They could cross-reference job-hunter lists with information, stolen in earlier hacks of commercial firms, on applicants’ use of drugs, alcohol and pornography or their financial transactions. Like many Internet users, some recruiters reuse their passwords, which can put their contacts at other sites at risk as well.

IntelCrawler said it alerted law enforcement agencies and the U.S. Computer Emergency Readiness Team (US-CERT) about the breach, which the company said occurred on Aug. 13. US-CERT, an arm of the Department of Homeland Security that coordinates the sharing of cyber-security threat information, said it is aware of the report and is investigating. NSA spokeswoman Vanee Vines declined to comment. Pentagon representatives didn’t return messages.

Peter Osapay, operations manager for ProGovJobs, which operates, said that the company wasn’t aware of any data breach, that it works closely with U.S. law enforcement officials to investigate attacks, and that it hadn’t heard from authorities about any such attack. The Laguna Hills, California, company stores limited data about job seekers, reducing its usefulness to attackers, he said.

“Even without a hack, if an employer went through our resume database and resold it, it is mostly old data with not much use really, as it lacks many personal details acquired later at interviews,” Osapay said in an e-mailed statement.

The site states that it attracts almost three million job seekers a month and has more than 50,000 resumes for recruiters to browse. Resumes can be accessed through recruiters’ accounts, Clements said.

IntelCrawler said it knows the stolen passwords are real because it validated them against the GovJobs site as well as other government-jobs websites where the recruiters had accounts and where they reused their log-in credentials. Bloomberg News reviewed some of the files related to those efforts. The information leaked because of a common website vulnerability that is still present on GovJobs, according to IntelCrawler.

“If they have the full resume or CV of that person, if they have a classified clearance, they could be severely compromised,” Clements said.

IntelCrawler said the attack may have been state-sponsored, as it has been tracking the group it believes was behind it, and has documented its interest in cyber-espionage attacks against people with secret clearances. It declined to be more specific, saying it didn’t want to compromise its methods.

Hackers are always looking for weak links in the protection of sensitive information, said Reece Hirsch, a partner with the law firm Morgan, Lewis & Bockius who is focused on privacy and cyber-security. “It seems that they may have identified a new one – sites that recruit for sensitive government, military and other security-clearance positions,” Hirsch said.

As networks with sensitive information harden their defenses against hackers, online intruders seem to have found a side door to companies’ computer systems in employment services. Last month, the Washington Post reported that US Investigations Services, the largest provider of job-applicant background checks for the federal government, was hacked and information on employees of the Department of Homeland Security stolen. DHS and USIS acknowledged the breach, and USIS said the break-in had “all the markings of a state-sponsored attack.”

Also in August, a hacking group that was behind attacks on the Wall Street Journal, the BBC and other news organizations boasted on Twitter that it had breached a jobs portal for G4S, a U.K. security company with more than 600,000 employees. Piers Zangana, a G4S spokesman, said that a server hosting publicly available job vacancies was affected, but no confidential information was compromised.


Source :