As soon as the news of the Ashley Madison (AM) hacking scandal broke, I knew that this would be unlike any website hacking incident in the past. Normally the motive of hackers is to take down a website or extract financial information of its customers’ accounts to commit fraud.
However, the scope of the Ashley Madison Affair goes far beyond this as the ramifications, such as potential blackmail, damage to reputation, political embarrassment, hate crimes, divorce and even espionage, are considerable. It is the second largest breach of any company’s user accounts in history.
There are major lessons to be learned from this by anyone who uses the internet and social media – hence this feature.
Already people including politicians and celebrities have been identified. Unthinkably, on Australian radio channel 9 News, a caller to the show was informed by the radio host on air that indeed her husband was on the site. Just one example, but multiply this 37 million times and you can see what I mean!
Background
In July, a hacking group calling itself “The Impact Team” hacked into the notorious extramarital dating website AM and threatened to expose the identities of 37.5 million account holders. The controversial online dating agency carries the tagline: “Life Is Short. Have An Affair”.
A considerable amount of personal data has been compromised. Over the last week or so, the hackers have lived up to their threats and have published details of email addresses and telephone calls of those who are registered as account holders.
The extent of this is indeed global as the names of email addresses are listed in 48 countries. Globally, São Paulo in Brazil topped the list with 374,542 accounts, closely followed by 268,171 in New York.
Australia
Of the top 25 leading cities in terms of the number of AM account holders, Australia has four cities listed, with around 680,000 account holders. Up to 700 Australian government and police workers have been revealed as account holders on the website.
Portugal
According to Spanish company Tecnilogica, who has produced a global map of the location of AM account holders, in Portugal 85% of AM users are men.
The north of the country is highest with Porto having 7,399 users. In Braga, there are 1,421 users and in Aveiro 1,399 users. Further south in Caldas da Rainha 217 are recorded. In Greater Lisbon, Amadora leads with 1,743 records followed by Sintra and Cascais with 1,045 and 1,000 respectively. In the Algarve, there are some 3,500 AM users, the main distribution shown in the table.
USA
Two people have taken their own lives after their details were leaked by the Ashley Madison hackers; one of these is a captain who served for 25 years with the San Antonio Police Department in Texas. Canadian police confirmed a second suicide of a person also believed to have been using the extramarital affairs website.
Security experts have found that more than 15,000 of its users signed up with US government or military emails. For those in the US Navy this might breach their ethics code and lead to dismissal.
Canada
Not surprisingly things are going from bad to worse for AM, with parent company Avid Life Media now facing a $US578 million class-action lawsuit. Ontario-based law firms Charney Lawyers and Sutts, Strogsberg LLP have filed the lawsuit on August 20 on behalf of Canadians.
Meanwhile, on August 24 Toronto police asked anyone who may been victimised by publicly posted information to contact their local authorities, as there were reports of hate crimes that appeared to stem from the dump of personal information posted online.
What the experts say
Stephen Coty, a security expert at IT security firm Alert Logic who has analysed the leaked data, said that a significant problem came from employees being compromised into revealing confidential details about their employer’s activities.
Identity protection analyst Adam Levin says AM members should come clean instead of waiting to be discovered or risking becoming the victim of extortion.
According to his analysis, more than 14,000 government officials globally had been compromised, a revelation that has sparked fears some could be extorted into revealing matters of national security. But Coty said the major threat came from targeting people who had access to market-sensitive information, especially those who worked in banks and other financial institutions.
The leak revealed that more than 173 million credit cards had been used to pay for Avid Life services in 2014 – a 44% increase on the previous year. “They had every single credit card payment going all the way back to 2008,” Coty said. “You should not be holding that information.”
It’s also important to note that AM users aren’t required to verify their email addresses, meaning some found in the dump may have been hijacked by AM users seeking to keep their own email addresses off their accounts.
Avid Life Media, the parent company of Ashley Madison, is working with the FBI and other police forces, along with independent security experts, to investigate the hacker or hackers. In Canada, a $500,000 Canadian dollar reward is being offered for information leading to the identification, arrest and prosecution of the person or persons responsible for the hack.
There is an important lesson to be learned from this “affair” and that is, there is no such thing as online privacy. When you put something online assume that it will become public!
|| Ashley Madison Algarve Account Holders
Faro 1179
Albufeira 545
Loulé 359
Quarteira 207
Olhão 194
Lagos 193
Boliqueime 128
Silves 107
Algoz 62
Tavira 60
Almancil 44
São Brás 31
Vila do Bispo 25
Aljezur 25
Monchique 24
Messines 20
|| Blackmail example
According to security firms who have reviewed several emails, extortionists already see easy pickings in the leaked AM user database. An example of one email blocked by an IT security company in the US read:
“Hello,
Unfortunately, your data was leaked in the recent hacking of Ashley Madison and I now have your information.
If you would like to prevent me from finding and sharing this information with your significant other, send exactly $225 USD to the following address:
(Email address removed)
Sending the wrong amount means I won’t know it’s you who paid.
You have 7 days from receipt of this email to send the money”.
|| Warning
Some computer security analysts have now warned that no matter how curious you are, there is a good reason not to try and download the leaked Ashley Madison database of account holders, as it is potentially dangerous to do so.
The actual 9.7 gigabytes of data posted by the hackers, was posted on the Dark Web in two chunks.
But getting to them isn’t easy for the non-technical. The Dark Web is a series of networks accessible only by running specific software and, in some cases, with specific authorization. The Dark Web is often used by criminals.
Running this software to download the databases could expose your computer to spyware, viruses and theft of your personal information.
There are some sites that have been set up who claim that by entering your email address through their site you can check for the details of AM account holders, whose details may have been compromised. Although it may be tempting to do so, this could result in serious consequences such as those outlined above
By David Thomas
|| [email protected]
David Thomas is a former Assistant Commissioner of the Hong Kong Police, consultant to INTERPOL and the United Nations Office on Drugs and Crime. In October 2011 he founded Safe Communities Algarve an on-line platform www.safecommunitiesalgarve.com here in the Algarve to help the authorities and the community prevent crime. It is now registered as Associação SCP Safe Communities Portugal, the first national association of its type in Portugal, with a new website www.safecommunitiesportugal.com launched in May 2015. He can be contacted at [email protected], or on 913045093 or at www.facebook.com/scalgarve
