August 24, 2015

Ripples of Ashley Madison Hack Include Blackmail Risk

Categories:
News, Scenario 1

Citing the “fraud, deceit, and stupidity” of its target, the self-described “Impact Team” posted 10 gigabytes worth of personal data—including names, passwords, and credit card numbers—for 37 million customers of Toronto-based Ashley Madison, a website set up to facilitate extramarital affairs.

The Guardian reported on one of the many ripples of this event: the potential for the data to be used to blackmail individuals who could be exposed for having affairs. Demands could be made not for payments, but for classified or other private information from individuals’ respective organizations, such as government or financial institutions.

Stephen Coty, from Alert Logic, an IT security firm, advised that companies should “modify their email filters to start monitoring any emails coming through that reference Ashley Madison, so that they can find if somebody is trying to coerce an employee to go ahead and release company secrets.”

Coty noted that the access to private corporate information would likely be more valuable than a direct cash-based blackmail scheme: “I can sell that on an underground market, I can sell it to a competitor, to a startup overseas, and make a lot more money than blackmailing a guy for a few thousand dollars.”

Meanwhile, the members of “Impact Team” may themselves have unwittingly revealed more information about themselves than they intended. Ars Technica reported that, when the hacker group uploaded a large file of the e-mails from an executive at Avid Life Media (which owns the Ashley Madison site), “the BitTorrent server was left exposed to the Internet without a password, making it possible for outsiders to access. A few hours after the BitTorrent went live, the server went dark after an outsider accessed the wide-open interface and began making changes to the server configuration.”

Writing for the International Business Times, John McAfee speculates that, based upon his own analysis of this incident, the “Impact Team” does not in fact exist but rather is a woman with an inside connection at Avid Life Media. “A hacker is someone who uses a combination of high-tech cybertools and social engineering to gain illicit access to someone else’s data,” McAfee writes. “But this job was done by someone who already had the keys to the Kingdom. It was an inside job.”

As another ripple: Gizmodo has reported on Ashley Madison’s use of artificial intelligence, or “bots,” to lure men into thinking they were having conversations with actual women. Some of the tell-tale signs that caught the attention of at least a few of the site’s users: they often used the same pick-up lines (e.g. “are you online?”) and “many of the women…would log in at roughly the same time of the morning every day, and stay online until after 5 PM. Even on Christmas and New Year’s Day.”

Photo: A statement posted by the “Impact Team” on August 18