Botnet scraped LinkedIn for eight months

Users of the LinkedIn professional network have had their profiles unlawfully copied by a botnet since December last year, a court filing has revealed. 

LinkedIn owner Microsoft does not currently know who the botnet operators are or where they are located. 

The company is hoping to identify them by searching their fake LinkedIn profiles as well as the internet providers they used, according to the complaint filed at a California district court.

This is the second time LinkedIn has gone to court to battle automated site-scrapers. The professional network filed a similar complaint in January 2014 to identify who had created a rash of fake member profiles throughout 2013 in order to copy data from real people's listings on the site.

But finding the "John Doe" defendants could be difficult for LinkedIn and Microsoft.

The court document states the scrapers created and used a "highly coordinated and automated network of computers" spread across a dozen ISPs and networks in the United States and other countries.

The botnet also used thousands of IP addresses through which it created fake member profiles.

LinkedIn said the scraping activity started in December 2015 and continued until August this year.

The site-scraping botnet was able to bypass a range of LinkedIn's technical countermeasures, including the FUSE system - which limits the amount of activity any LinkedIn member can do on the site - and Quicksand, which monitors patterns of webpage requests from site users.

The botnet also got around LinkedIn's Sentinel system, which "scans, throttles and at times blocks suspicious activity associated with particular IP addresses". 

LinkedIn's IP address blocking lists were bypassed by the scrapers using a whitelisted third-party provider, Microsoft said in the court complaint.

The Member and Guest Request Scoring systems that are supposed to stop bots if high levels of activity are detected also failed to stop the botnet from scraping LinkedIn site content, as did a UCV system that uses a CAPTCHA field to prevent the creation of masses of fake accounts.

"The Doe defendants have caused, and if not halted will continue to cause, ongoing and irrepairable harm to LinkedIn," Microsoft complained.

It put the monetary value of the damage at US$5000.