Busted – How the Ashley Madison hack shows the importance of your online presence
Quick, close your eyes. Think of what you would do if you found out your significant other cheated on you. How would you feel? Wait, actually, open your eyes. This doesn’t work with written media too well.
Alright, imagine that your partner was secretly living another life on the internet. Imagine if there was a website that made finding a potential adulterer easier than ever. NOW imagine that this website was hacked, and your partners name and personal information, along with the information of thousands of other cheaters, was published by a group of anonymous hackers. This was the reality back in 2015 when Avid Life Media (now known as Ruby Corp.), a Toronto based online media company specialising in the virtually taboo. Most famous for Ashley Madison, an affair arranging website between married men and women, ALM was caught with their figurative pants down when they were subject to an attack by the Impact Team, a group of anonymous hackers with a flair for the theatrical.
On the 12th of July, 2015, employees of Ashley Madison were greeted by their computers that morning with AC/DC’s Thunderstruck blaring from their speakers, and a threatening message displayed talking about the attack that happened. What followed was a nail biting next few days as more information began coming out about the leak, making the late night headlines, as well as raising the discussion about how online activity can have real world consequences.
Once the demands were ignored, the hackers dumped the information on The Pirate Bay and other torrent sites, available for anyone to download. Once the .xls file was available to scan through, there were (now defunct) websites created for the sole purpose of searching the database for your spouse’s email.
“Politicians, Youtube stars, and activists have already been shamed for having emails on the site.” says a business insider post, specifying that many of them have either confessed to signing up for their service. Reports soon came out that many people were going through the steps of separation and divorce due to the outstanding number of users on Ashley Madison.
The scariest thing about this is that it all stemmed from a single flaw in their network security. According to the statement by the self proclaimed “hacktivist team”, “Nobody was watching. No security. Only thing was segmented network. You could use Pass1234 from the internet to VPN to root on all servers.” While the ultimate method used to hack into it wasn’t revealed, it was noted that their security wasn’t up to snuff, leading to a loss of tenier for their CEO after the dust settled.
What is there to learn from all this? Well, first off, don’t cheat on your spouse. Second, invest in security, especially if you are the target of real world anger and activists. Now if you need me, I’ll be calling my girlfriend to tell how much I love her.
Sources:
https://www.troyhunt.com/heres-what-ashley-madison-members-have/
https://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/
https://www.forbes.com/sites/ericbasu/2015/10/26/cybersecurity-lessons-learned-from-the-ashley-madison-hack/
Haveibeenpwned.com
https://krebsonsecurity.com/tag/impact-team/