I’ve had a lot of time to think about the Ashely Madison hack, and I have some thoughts on this whole thing. Starting with the most important question:
Who Did This, And Why?
I can’t tell you the name of the person, yes I said person and not people and I will have more on that in a moment, but I do know this. First, this person is an insider to Avid Life Media, the company that owns Ashley Madison as well as Established Men, with full access to their entire IT environment. This person is either a employee or a contractor with a personal “beef” with Avid Life Media in general, and with Avid Life Media CTO Trevor Sykes specifically. Not only that, this person got a whole lot of inside info such as seating plans, org charts, and source code. Most of that would not be of interest to hackers, except for maybe the source code to perhaps further exploit the site. But other than that, there’s no reason why any hacker would want this data. But an insider would want it out there as it is valuable to them to have that info made public.
Now, how did I come to these conclusions? The manifestos that the so called “Impact Team” put out there are the big clue. If you take known hacking groups such as Anonymous, they put out manifestos that say a lot without giving info about themselves away. The manifestos by the “Impact Team” say a lot and give away a whole lot of hints about the potential identity of the person responsible for this. Simply reading the manifestos will give investigators a whole lot of clues as to who this person is. The manifesto reads like someone has been deeply hurt or wounded by Avid Life Media and or Trevor Sykes. Hacking groups don’t typically have “beefs” to anywhere near this degree. On top of that, I would not be surprised if the person responsible is female. Though, I will not (yet) put money on it despite being somewhat confident about this. Here’s why I feel that way. First, this person hates cheating men and the “human trafficking” that according to the author of the manifesto takes place on Ashely Madison and Established Men respectively. But the interesting thing is that Avid Life Media also owns Cougar Life which matches up “mature” women with younger men. This site isn’t referenced at all in the manifestos and no data from this site was leaked. If the hacker were male, I would have expected them to have dumped data from that site too because they would have had access to that data. But that at the moment seems not to be the case. All of that is on top of the fact that the manifestos that have been attached to every data dump have the feel of being deeply personal as I mentioned above. My thought would be that a female may be behind this as that would be the most logical reason for these observations.
As for why? Perhaps Avid Life Media or Trevor Sykes did something to anger this person. As a result, they want revenge. We likely won’t find out why until they get arrested.
Does Avid Life Media Know Who The Person Is?
They implied that they did when the first manifesto appeared online a month ago:
ALM CEO Biderman declined to discuss specifics of the company’s investigation, which he characterized as ongoing and fast-moving. But he did suggest that the incident may have been the work of someone who at least at one time had legitimate, inside access to the company’s networks — perhaps a former employee or contractor.
“We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Biderman said. “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”
The question is, why offer up a reward when you claim to know who the person is? Why not hand that info over to the police? Perhaps they have? Or perhaps they don’t want to point the finger at the responsible party for some reason that concerns Avid Life Media? Such as some dirty laundry that they don’t want to be made public (though one would argue that it’s way too late for that to be a factor)? Or the statement was simply bravado and they have no idea who the guilty party is? I suspect that over time we will find out which one of these is the right answer.
Will This Person Get Caught?
The short answer is yes. The long answer goes something like this. First of all, they’ve made enough minor mistakes in the form of what’s in the manifestos that the authorities should be able to zoom in on the responsible party eventually. Speaking of the authorities, here’s what this person is up against:
- The Metropolitan Toronto Police
- The Ontario Provincial Police
- The Royal Canadian Mounted Police
- The Federal Bureau Of Investigation
- The US Department Of Homeland Security
This is the first time that I can think of that so many law enforcement groups across the Canada/US border have teamed up to investigate a hack. That shows this isn’t being treated as just another hack. With that sort of lineup at the table, one has to believe that the responsible party is living on borrowed time.
Why Is This Hack Different?
Previous hacks such as the ones of Home Depot or Target simply exposed credit card data and a limited amount of personal info. Get a new credit card, continue on with your life. Done. They were not really that big of a deal. The recent hack of the US Government exposed personal data that could prove to be dangerously useful in the wrong hands. But while bad, it’s not anywhere the scale of what has happened to Ashely Madison. That’s because this hack exposed truly personal information. As in the secret sexual preferences of your friends and neighbors. That’s a different sort of personal info that typically isn’t openly floating around the Internet. It’s also the sort of info that can be acted upon by blackmailers, employers, even national governments. Another reason why this is different is that it has forced people to accept that there is nothing that is private on the Internet and that your personal data is never safe can be accessed by anyone at any time. Those two things make this event a game changer.
Will Avid Life Media Survive This?
Assuming that they don’t get sued out of existence, it is possible that they could survive this. That does sound strange given what’s gone on, but let me explain. This site is getting a ton of exposure and apparently traffic as evidenced by a huge traffic spike after the first data dump took place. Now that could be just the curious, or it could be people wanting to get rid of whatever data the site had about them (even though it was already in the public domain), but I don’t think either of those is the case. I think that some people may have considered signing up for the site, or they actually have signed up for the site after this hack became public.
That doesn’t seem logical does it? But it isn’t unless you accept the fact that cheating has been going on for as long as humans have been on this planet. And this site apparently makes cheating easy to do. Thus even with this hack, some will want to still use this site for the purposes it was intended for. And the cost for Avid Life Media to acquire those new customers is $0 because this hack is essentially free advertising for Avid Life Media. All of this does nothing but validate what P.T. Barnum said, which is there’s no such thing as bad publicity.
Of course they have to survive the lawsuit first. (UPDATE: This should now read lawsuits as four lawsuits have been filed in the US that seek class action status and the dollar figure could make Avid Life Media’s survival difficult if not impossible)
Aren’t The Cheaters The Real Problem Here?
No. What these people do in their personal lives is none of my business. It shouldn’t be yours either. The real problems here are Avid Life Media for having such craptastic IT security and the hacker who leaked this data. The users of this site, though perhaps showing some poor judgement, are victims. Plain and simple. Remember that each one of the people who have had data leaked may lose jobs, spouses, families, or their lives in some cases as there have been suicides or threats of death. There is a massive personal cost here that cannot be ignored because despite what you may think about cheating and they in no way deserve this treatment. Thus I say capture the hacker and put them in jail forever. Then when that’s done, punish Avid Life Media for the the poor way they handled customer data. Leave their customers out of this mess as they have suffered enough.
Agree? Disagree? Did I miss something? Please leave a comment and share your thoughts.
My Thoughts On The Ashely Madison Hack [UPDATED]
Posted in Commentary with tags Ashely Madison on August 25, 2015 by itnerdI’ve had a lot of time to think about the Ashely Madison hack, and I have some thoughts on this whole thing. Starting with the most important question:
Who Did This, And Why?
I can’t tell you the name of the person, yes I said person and not people and I will have more on that in a moment, but I do know this. First, this person is an insider to Avid Life Media, the company that owns Ashley Madison as well as Established Men, with full access to their entire IT environment. This person is either a employee or a contractor with a personal “beef” with Avid Life Media in general, and with Avid Life Media CTO Trevor Sykes specifically. Not only that, this person got a whole lot of inside info such as seating plans, org charts, and source code. Most of that would not be of interest to hackers, except for maybe the source code to perhaps further exploit the site. But other than that, there’s no reason why any hacker would want this data. But an insider would want it out there as it is valuable to them to have that info made public.
Now, how did I come to these conclusions? The manifestos that the so called “Impact Team” put out there are the big clue. If you take known hacking groups such as Anonymous, they put out manifestos that say a lot without giving info about themselves away. The manifestos by the “Impact Team” say a lot and give away a whole lot of hints about the potential identity of the person responsible for this. Simply reading the manifestos will give investigators a whole lot of clues as to who this person is. The manifesto reads like someone has been deeply hurt or wounded by Avid Life Media and or Trevor Sykes. Hacking groups don’t typically have “beefs” to anywhere near this degree. On top of that, I would not be surprised if the person responsible is female. Though, I will not (yet) put money on it despite being somewhat confident about this. Here’s why I feel that way. First, this person hates cheating men and the “human trafficking” that according to the author of the manifesto takes place on Ashely Madison and Established Men respectively. But the interesting thing is that Avid Life Media also owns Cougar Life which matches up “mature” women with younger men. This site isn’t referenced at all in the manifestos and no data from this site was leaked. If the hacker were male, I would have expected them to have dumped data from that site too because they would have had access to that data. But that at the moment seems not to be the case. All of that is on top of the fact that the manifestos that have been attached to every data dump have the feel of being deeply personal as I mentioned above. My thought would be that a female may be behind this as that would be the most logical reason for these observations.
As for why? Perhaps Avid Life Media or Trevor Sykes did something to anger this person. As a result, they want revenge. We likely won’t find out why until they get arrested.
Does Avid Life Media Know Who The Person Is?
They implied that they did when the first manifesto appeared online a month ago:
ALM CEO Biderman declined to discuss specifics of the company’s investigation, which he characterized as ongoing and fast-moving. But he did suggest that the incident may have been the work of someone who at least at one time had legitimate, inside access to the company’s networks — perhaps a former employee or contractor.
“We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Biderman said. “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”
The question is, why offer up a reward when you claim to know who the person is? Why not hand that info over to the police? Perhaps they have? Or perhaps they don’t want to point the finger at the responsible party for some reason that concerns Avid Life Media? Such as some dirty laundry that they don’t want to be made public (though one would argue that it’s way too late for that to be a factor)? Or the statement was simply bravado and they have no idea who the guilty party is? I suspect that over time we will find out which one of these is the right answer.
Will This Person Get Caught?
The short answer is yes. The long answer goes something like this. First of all, they’ve made enough minor mistakes in the form of what’s in the manifestos that the authorities should be able to zoom in on the responsible party eventually. Speaking of the authorities, here’s what this person is up against:
This is the first time that I can think of that so many law enforcement groups across the Canada/US border have teamed up to investigate a hack. That shows this isn’t being treated as just another hack. With that sort of lineup at the table, one has to believe that the responsible party is living on borrowed time.
Why Is This Hack Different?
Previous hacks such as the ones of Home Depot or Target simply exposed credit card data and a limited amount of personal info. Get a new credit card, continue on with your life. Done. They were not really that big of a deal. The recent hack of the US Government exposed personal data that could prove to be dangerously useful in the wrong hands. But while bad, it’s not anywhere the scale of what has happened to Ashely Madison. That’s because this hack exposed truly personal information. As in the secret sexual preferences of your friends and neighbors. That’s a different sort of personal info that typically isn’t openly floating around the Internet. It’s also the sort of info that can be acted upon by blackmailers, employers, even national governments. Another reason why this is different is that it has forced people to accept that there is nothing that is private on the Internet and that your personal data is never safe can be accessed by anyone at any time. Those two things make this event a game changer.
Will Avid Life Media Survive This?
Assuming that they don’t get sued out of existence, it is possible that they could survive this. That does sound strange given what’s gone on, but let me explain. This site is getting a ton of exposure and apparently traffic as evidenced by a huge traffic spike after the first data dump took place. Now that could be just the curious, or it could be people wanting to get rid of whatever data the site had about them (even though it was already in the public domain), but I don’t think either of those is the case. I think that some people may have considered signing up for the site, or they actually have signed up for the site after this hack became public.
That doesn’t seem logical does it? But it isn’t unless you accept the fact that cheating has been going on for as long as humans have been on this planet. And this site apparently makes cheating easy to do. Thus even with this hack, some will want to still use this site for the purposes it was intended for. And the cost for Avid Life Media to acquire those new customers is $0 because this hack is essentially free advertising for Avid Life Media. All of this does nothing but validate what P.T. Barnum said, which is there’s no such thing as bad publicity.
Of course they have to survive the lawsuit first. (UPDATE: This should now read lawsuits as four lawsuits have been filed in the US that seek class action status and the dollar figure could make Avid Life Media’s survival difficult if not impossible)
Aren’t The Cheaters The Real Problem Here?
No. What these people do in their personal lives is none of my business. It shouldn’t be yours either. The real problems here are Avid Life Media for having such craptastic IT security and the hacker who leaked this data. The users of this site, though perhaps showing some poor judgement, are victims. Plain and simple. Remember that each one of the people who have had data leaked may lose jobs, spouses, families, or their lives in some cases as there have been suicides or threats of death. There is a massive personal cost here that cannot be ignored because despite what you may think about cheating and they in no way deserve this treatment. Thus I say capture the hacker and put them in jail forever. Then when that’s done, punish Avid Life Media for the the poor way they handled customer data. Leave their customers out of this mess as they have suffered enough.
Agree? Disagree? Did I miss something? Please leave a comment and share your thoughts.
Leave a comment »