* Prediction: The Ashley Madison data dump will feature the names of
prominently hypocritical conservatives --
at first. In this way, the true political motive of this operation will be obscured.
*
The latest torrent is 20GB in size, which is larger than previously-released torrents. I wonder why?
* The thought popped into my head that Ashley Madison might have been designed as a blackmail operation from the get-go. While I still would not deny that possibility, my research into the history of company founder Noel Biderman hasn't turned up anything obviously spooky. Before he started Avid Life (the company behind Ashley Madison) he was a sports attorney and a real estate wheeler-dealer.
Yes, I know that the guy is Jewish. That doesn't mean he's working with Mossad. A lot of people in Israel were unhappy with him.
* On the other hand, I'm not saying that Israeli intelligence is
not involved with this. Did Biderman use ZoneAlarm (Checkpoint) to provide a firewall for his company?
Checkpoint is an offshoot of Israel's Unit 8200. Also see
here. I can easily see how Biderman might have trusted his company's security to an Israeli firm that I would have considered iffy.
* There's a good chance that we are dealing with
an inside job:
In their announcement, Impact Team offered an apology to Mark Steele (ALM Director of Security).
"You did everything you could, but nothing you could have done could have stopped this."
ALM CEO Noel Biderman told journalist Brian Krebs that it's possible the attackers worked for his company at one point and had legitimate internal access.
"We're on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication. I've got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services," Biderman said.
"Not an employee" but still somehow involved with the company? Interesting. This seems to indicate a private contractor working with Avid.
* Mark Steele has been on the job at Avid for only a brief time.
Here is his LinkedIn profile.
*
Valerie Plame (remember her?) tries to put the Ashley Madison hack into perspective:
Plame’s covert identity was blown in 2003 by journalist Robert Novak, using information leaked by aides to George W. Bush. Given that history, she’s particularly concerned about the recently disclosed breaches of the Office of Personnel Management (OPM)--even if that’s been eclipsed this week by the more salacious-sounding hacker attack on Ashley Madison, the website for people seeking extramarital affairs.
“As long as you’re not involved with it, it sounds funny,” says Plame, who started laughing when informed of the Ashley Madison attack. “The things that keep me up at night are things like [hackers] getting into the software system of a nuclear site.”
But she later added by email: “THIS will get the public’s attention--even if the OPM hack doesn’t!”
That agency's data breaches this spring exposed information on more than 21 million people, some 7 percent of Americans. Worse, the affected data is more sensitive than the by-now-routine names and emails and credit card data that most of us have come to expect will be stolen by cybercriminals at some point in time. The hacked OPM records contained background investigation information on federal employees and job applicants, including information about their family members and potentially even their mental health and financial history.
* On the other hand, the OPM hack and the Ashley Madison hack may
link up...
Patrick Skinner, a former CIA operative now with the Soufan Group, doesn’t think so. In an email, he called it “a minor issue in terms of matching names on the Madison data dump and the OPM hack. Might bring up awkward blackmail attempts perhaps. I’m sure people will try. But one can claim the emails are spoofed.”
People in the national security community are already under extra scrutiny, but that can ratchet up if you’re having an extramarital affair, or are spotted trolling for one. That makes you a blackmail risk, and therefore a potential insider threat.
* It should always be recalled that most of
the "females" on Ashley Madison were fakes, and that the correspondence was often the work of bots.
* A claimed former employee of the company has offered some amusing and revealing information:
We had WAY more men than women. The men on the site were exactly what you'd expect - horny, middle aged, sexually deprived and willing to do/pay anything for the affair of a lifetime. Poor guys, I always felt bad for them. The legitimate women on the site (we like every dating site had a huge problem with fraud/scammers/cam girls) were mostly single, looking for older married men. Lots of women looking for sugar daddies. We also got a lot of couples, looking to add a third person or another couple to their mix. As the site became more and more popular, I saw a lot more married woman making their way to us but they were far more careful than the men. The men would join, post a picture of their dick and then call two hours later screaming "why has no one messaged me?!?!?!" The delusion was off the charts. I had to explain at least five times a day that sending women pictures of your dick is literally the WORST first impression you can make. 9 times out of 10 they still didn't get it and would just go upload MORE dick pics.
In all honesty, it was one of the best companies I've ever worked for. They treated their employees very well - full benefits, salary pay for ALL positions (no matter how menial) and protection. Because of the nature of the business we received death threats daily and they took every single one seriously.
As I haven't worked for ALM in several years, it is not my place to comment on their current security practices or speculate who is behind the hack. I will say that the programmers and developers at ALM are some of the greatest people I've ever met in my life and everyone over there is worried about protecting the customers' privacy. They have dealt with FAR worse than some small time hackers in the past and this will be resolved quickly and efficiently. In MY OPINION this is the work of a bitter spouse (or group of bitter spouses) of an affair gone wrong. If it's anything else, I will gladly accept it but my gut tells me it is just someone with too much time on their hands. The ALM team are beasts and won't go down without a fight.
* Many Ashley Madison users used .gov and .mil email addresses. Should you be upset that these government employees were fooling around while working for the taxpayers? Be reasonable, and keep things in perspective:
Everyone fools around online while on the job. Speaking as a blogger, I can tell you that my stats always go up during work hours. Fewer people read blogs on weekends.