This Ashley Madison hack story keeps getting worse and worse [u4]

Ashley Madison CEO Noel Biderman feels victimized by criminal hackers, but some observers aren't sympathetic

Ashley Madison CEO Noel Biderman
Credit: @noelbiderman

The Ashley Madison hack continues to make headlines. Naturally, that's because the news keeps getting worse and worse. And worse.

Worse for website owners Avid Media Group, sure. But worse for the real victims, more importantly -- i.e., for the millions of people named in the hacked data dump, and their families.

Prurient interest notwithstanding, there's still plenty to say about this uncomfortable event. And no shortage of intelligent commentators to say it.

In IT Blogwatch, bloggers furiously smh. Not to mention: 10 million ARM cores = Scarecrow's dream?...

curated these bloggy bits for your enlightenment.
[Developing story: Updated 10:31 am, 1:59 pm, 2:14 am and 9:30 am PT with more comment]

A previous version of this article contained a stupid Oz-related error. I am grateful to @skibum_mark for pointing it out in the comments below. I suppose someone should fire me.

As per usual, Brian Krebs cycles in to drop this frag grenade: [You're fired -Ed.]

Late last week, the Impact Team...released a 30-gigabyte archive that it said were emails lifted from AshleyMadison CEO Noel Biderman. [It alleges that] Raja Bhatia, the founding [CTO discovered a vulnerability in] another dating website, exfiltrating their entire user database. ... “I got their entire user base,” Bhatia told Biderman.

As bad as this breach has been for AshleyMadison and its millions of users, it’s likely nowhere near over: Hackers...have just released a “selected dox” archive...including a 100-page movie script co-written by Biderman called “In Bed With Ashley Madison,”...a scan of the CEO’s drivers licence, copies of personal checks, bank account numbers, home address, and his income statements. ... Leaving aside the proliferation of sites that now allow suspicious spouses to search for their significant other’s email address...some users are finding themselves on the receiving end of online extortion attacks. Worse still, [there are] two unconfirmed reports of suicides.

Neither Bhatia nor Biderman could be immediately reached for comment.  MORE

Troy Hunt hears from "hundreds" of AM members per day:

I was being inundated with email...not just asking questions, but often giving me their life stories. [They] shed a very interesting light on the incident...that doesn’t come across in the sensationalist news stories.

One of the things that struck me most about the entire incident [is] the very poor communication from Avid Life. ... There has been no direct communication with members that I’m aware. [It's] if they’ve just stuck their fingers in their ears and sung “lalalalalala.” [They] solely focussed on no financial data being compromised. Do they really think that after the most intimate, private aspect of people’s lives has been put on public display that a credit what they’re worried about?!

I want to illustrate how important it is not to immediately assume that everyone on the site is cheating on their partner. [Don't] immediately make assumptions just because someone’s email address was on the site. ... Let us not confuse that with the issue of adultery. ... Many people were indeed just curious [but] extramarital affairs tear families apart. [Nevertheless] you can’t escape the human tragedy that this data breach has brought to a head.

This incident needs to be approached with the understanding that for many people, this is the worst time of their life and for some, it feels like the end of it.  MORE

So David Kravets sounds sympathetic to Shakespeare's Dick The Butcher:

It's a safe bet that a ton of divorce lawyers and child custody lawyers have already made gobs of cash.

Now another breed of attorney is entering the scene in anticipation of capitalizing on the feeding frenzy. ... Class-action attorneys are currently following the...blood trail in hopes of winning a monetary payday for themselves and the site's millions of members.

The elephant in the room here is how much traction a lawsuit...would get. Ashley Madison site members who sought damages...would have to expose themselves as being one of the site's 39 million account holders. ... A jury might not be so sympathetic to Ashley Madison users' claims that being outed caused them humiliation.

Traditionally, data breach cases have largely ended...with big payouts to plaintiffs lawyers while the victims...get little, if anything.  MORE

And Kristen V. Brown alleges another class of people "cashing in":

Steve was desperate for a way to keep his information from spreading...and didn’t want his wife to find out. A few days after the leak, he received an e-mail from a company named Trustify...letting him know that someone had used the tool to search his e-mail address [and] offered to help him hide the exposed data [for] $67 an hour.

We reached out to Trustify for information on how exactly the company plans to help victims. ... Trustify readily admits that it can’t really help anyone hide what’s already out there. “We are in the business of helping customers find the truth, we aren’t in the business of modifying the truth.”

It seems more like cashing in. ... Trustify readily admits that because of the hack, business is booming. ... All Trustify is doing is providing people access to information that’s already public, for a fee, while advertising itself as a solution.  MORE

Meanwhile, one J. McAfee (yes, that one) alleges another allegation:

Ashley Madison was not hacked - the data was stolen by a woman operating on her own who worked for Avid Life. ... It was an inside job.

I gleaned this information from reliable sources within the Dark Web. ... Any adept social engineer would have easily seen this. ... It was clear that the perpetrator had intimate knowledge of the technology stack of the company.

It seems, without a shadow of doubt, to be an open and shut case.  MORE

But rhtimsr1970 ain't so sure:

[His] findings are based on his own personal whims for which there are many easy rebuttals.

[He] is rushing to conclusions. ... I'm not sure why I never bother reading his lunacy anymore.  MORE

And dakdestructo agrees:

Read like satire, having no knowledge of this guy beforehand. His reasoning for the perpetrator being a woman seems pretty thin.

He has to brag about himself before giving the evidence just to cover up how ****** it is. "Trust me bro I'm 100% right you don't need to know why but I guess you can read it if you need to."  MORE

Update 1: Kate Cox steers us back into the current:

Ashley Madison is doing everything they can to stem this leak, like the proverbial child with his finger against a hole in the dam. It is, of course, far too late for that; to...torture the metaphor, the dam, the kid, and everything else have already been flooded out and are swimming around in a brand new, very deep lake. Filled with sharks.

Ashley Madison is filing DMCA requests left and right, claiming that as they own copyright on the leaked materials, it is unlawful to redistribute or look at them. ... Whether they have a leg to stand on with those claims, however, is another story. ... You can copyright original works, but not lists of facts.

Sadly, in the wake of the breach multiple users of the site are reported to have committed suicide. 

Avid Life is...already facing a lawsuit on its home turf in Canada, and at least four lawsuits...have been filed in U.S. federal courts.  MORE

Update 2: It's time for an Alabaman PSA, via Leada Gore:

There have probably been some heated conversations in homes around America this week [in] couples who find a spouse's name among the Ashley Madison users. But be careful before jumping to conclusions about the data, Brad Green: 
"Before someone runs out to see a divorce lawyer they really need to think. ... It may not be evidence that someone really was using this site. ... It's hearsay. It's unverifiable.

"We've never had a hacked website before with this many people basically publicly accused of cheating. ... It's very important for people not to jump to firm conclusions."  MORE

Update 3: John Lettice's chums dress this word salad:

ALM offered a paid option in which people who created a profile could have their account scrubbed...if they coughed up $19. When the massive data dump...surfaced, it was found that while information was indeed removed...some details remained in the site's databases – and were splashed all over the web by miscreants.

It appears from the leaked databases that if you paid $19 to delete an account a number of columns in your record would be obliterated...but, crucially, your GPS coordinates would not be removed, nor would your city, state, country, weight, height, date of birth, whether you smoke and/or like a drink, your gender, your ethnicity, what turns you on, and other bits and pieces.

Presumably ALM kept these details on it could get a picture of how old its users are, where they are from, what sort of person they are, and so on.  MORE

Update 4: Prof. Evan Selinger even sells the value of moral maturity:

[It's an] example of people succumbing to their baser instincts and failing to look away. ... Until we can resist those urges, stop from clicking those articles, and trolling the databases hackers' victims, we are just encouraging other hackers...eavesdroppers and snoopers to uncover our private moments...for the world to see. And, unfortunately, it doesn't seem like we've hit that point of maturity in our collective Internet evolution.

If you don't care that illegal activity brought the names to light, do you really have any standing to seek some kind of moral justice? ... What philosopher Kate Manne calls “moral narcissism” seems to be in play. ... Some people wanted to read the Ashley Madison stories and voice strong reactions to them just to feel better about themselves.

Sadly, it’s not surprising that these are popular stories. We’ve seen ugly sensibilities on display before in cases where privacy is invaded. ... Some people enjoy the rush of power that comes from mortifying people who are accustomed to being influential and envied.

What can be done to make things better? ... The onus is on us. We need to accept responsibility for having made privacy-eviscerating stories popular. ... So, let’s flip the script. We’re powerful enough to make stories about protecting privacy the ones media can’t wait to run.  MORE

And Finally...
10 million ARM cores = Scarecrow's dream?

You have been reading IT Blogwatch by , who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies