U.S. Government Jobs Site Hit by Data Theft

About 146,000 people using a U.S. government jobs Web site had their personal information stolen by hackers who broke into computers at Monster Worldwide, a government spokesman said Thursday.

The theft on the USAjobs.gov site, which has about 2 million users, was part of a hacking operation apparently run out of Ukraine that Monster disclosed last week, said Peter Graves, a spokesman for the U.S. Office of Personnel Management.

Monster runs the site on behalf of the government.

On Wednesday, the government temporarily restricted recruiters from accessing the database until Monster completes efforts to ensure its computer system is secure, Graves said.

"We disabled it yesterday as an extra precaution on our part to best protect our users," he said by telephone late on Thursday.

He said the government expected to restore that access by Friday.

The information stolen from the USAjobs.gov database included names, mailing addresses, phone numbers and e-mail addresses. Social security numbers, which are encrypted in the database, were not compromised, Graves said.

The government found out the site had been compromised on July 20, when a subscriber submitted what appeared to be a fraudulent e-mail, Graves said.

Officials with the U.S. agency immediately passed the information on to Monster, the government spokesman said.

That appeared to differ from an earlier statement from Monster Worldwide. Chief Executive Sal Iannuzzi said on Wednesday that the company only learned that its systems might have been compromised on Aug. 18, when researchers with security company Symantec notified it of the matter.

Officials with Monster could not be reached for comment on Thursday.

Malicious Software

A Symantec response team in Austin, Texas, had found that the hackers had managed to get unsuspecting PC users to download malicious software on to their computers so that the culprits could gain control of their PCs.

Such software is generally distributed via spam e-mail attachments and by compromised Web sites. When users open those attachments or click on links on those sites, their PCs become infected.

From a command and control center hosted on a server at a Web hosting company in Ukraine, the thieves took control of those PCs and used them to access Monster's site using stolen credentials of job recruiters. The malicious software then sent the information to a second server in Ukraine, which Monster said was shut down on about Aug. 23.

The hackers' ultimate goal was to launch so-called phishing attacks on the job seekers whose data was taken, according to Monster and Symantec. In such schemes, hackers use the stolen data to persuade their targets to provide financial information or download malicious software.

In the case of the Monster theft, these fraudulent e-mails were sent by people purporting to be job recruiters.

What makes phishing schemes particularly damaging, compared with other scams over the centuries, is that, through the Internet, criminals have quick access to millions of targets and an easier time evading justice.

It was not till Wednesday that Monster notified the U.S. jobs agency how much data had been stolen from the USAjobs database, Graves said. "We didn't know the extent," he said.

"We learned the extent yesterday."

The government followed up by posting a notice on the jobs site warning users that they might be victims of phishing attempts, and also contacted users individually via e-mail, Graves said.