Impact Team Makes Good on Promise… Twice

Michael In the News

As if you needed anymore proof that companies do not care about your privacy- even when it is one of their main objectives- Ashley Madison has its members information stolen.

Impact Team Double Dump

Hackers that breached Ashley Madison’s records have released two massive data files.

The first of which was nearly 10GB in size. It contained about 32 million users’ credit cards, addresses, names, and amounts paid to Ashley Madison- the “most recognized and reputable extramarital affair company.” The file, released in torrent format on the dark web, caused a feeding frenzy in the media and online with people hoping to discover the juiciest details of their celebrities and neighbors’ most personal desires.

Among people already discovered in the data are Joshua Duggar– a conservative TV personality from “19 Kids and Counting,” YouTube star Sam Rader– who gained noteriety after a video of him surprising his wife with her pregnancy, and subsequent miscarriage, went viral earlier this year. Plus an unsurprising array of politicians.

Besides the unexpected (but expected) ‘religious,’ ‘conservative,’ and ‘family-oriented’ people ousted the list also included government and military members. Wired is reporting that there are 15,000 .mil and .gov email addresses associated with the data.

Two days later the hackers released an even bigger data dump– 20GB- the second oncontained the CEO, Noel Biderman’s, emails and the source code for the website.

Impact Team’s Impact

Members of the US military not only must adhere to the Constitution and laws of the public but also a separate code of behavior known as the Uniform Code of Military Justice. In it, among disrespecting superior officers and not complying with lawful orders, sodomy and adultery are also punishable offenses. I’m sure that more than a few members of our military will face some sort of disciplinary action because of this. The punishment can be as stiff as a year in confinement- military prison aka the brig- and/or a dishonorable discharge: both of which are no laughing matter.

Vice News also reports about 100 registered emails in the database are based in the Vatican. Which of course, if linked to priests could spell public humiliation and excommunication.

Even more dangerous however, is the punishment that those overseas might face in the fallout of the Ashley Madison leaks. The damages caused by the stolen data could reach much farther and be much more dyer than the hackers initially anticipated. Users of Ashley Madison are worldwide, 79 countries have anti-gay laws and many more outlaw adultery. In many of these countries the offenses are punishable by lashings, stoning, and death.

What Gives, Impact Team?

A day after their second massive data dump, the group who claimed responsibility for the hack, Impact Team, broke their silence.

They conducted a Q&A with Joseph Cox at Motherboard.com and answered questions about why and how they carried out the hack.

In the session, the hackers reaffirmed a sentiment that I shared a few weeks ago. Caring about the public’s privacy is just not high on a company’s list of things to do- even when it should be one if its top priorities.

Motherboard: How did you hack Avid Life Media? Was it hard?

We worked hard to make fully undetectable attack, then got in and found nothing to bypass.

Motherboard: What was their security like?   

Bad. Nobody was watching. No security. Only thing was segmented network. You could use Pass1234 from the internet to VPN to root on all servers.

Impact Team went on to state that they had infiltrated Ashley Madison for years, continually collecting information.

As far as their motivation for their actions Impact Team highlights bad business practices on behalf of Avid Life Media (ALM) who also owns EstablishedMen.com and CougarLife.com as well as the general immorality of the users on the websites. The respondents to Motherboard also mention human trafficking on the website- which by most accounts seems to refer to the sugar daddy type relationships and straight forward prostitution present on the site.

As far as the bad business practices go, much of the information released can be traced back to accounts that asked for the ‘full delete’ option from Ashley Madison. Ashley Madison offered to “remove all information related to a member’s profile and communications activity. The process involves a hard-delete of a requesting user’s profile, including the removal of posted pictures and all messages sent to other system users’ email boxes.” Inconspicuously left out from this list? Transactions from its payment database.

Digging slightly deeper into their business practices reveals more. Stuff that was highly suspected but unable to be confirmed. First, Ashley Madison is a sausage fest- 28 million men members to just 5 million women. That is not to say that you can’t find an affair- already plenty people have copped to their ingenuous ways.

However, this is quite a different statistic than the one that CEO, Noel Biderman, consistently touted. He’s always maintained the site was at a near 50/50 split.

To make matters worse, ALM has also been accused of making fake female profiles. In 2013 a woman sued Avid Life Media for $20 million in response to “unjust enrichment” and wrist injuries that occurred while producing 1,000 fake female profiles in preparation for the site’s launch in Brazil.

Is Impact Team for Real?

Personally, I think Impact Team is full of it. I have serious doubts that they did this for the ‘good intentions’ that they claim. For starters it is unlikely- unless they knew someone on the inside- that they could have known the full delete option offered by ALM was a sham. And if they had indeed infiltrated for years I would like to know why now? What was the catalyst that made them decide to threaten ALM and dump the data this week, as opposed to last year- or next year.

Instead I think this was a personal vendetta coming full circle (there is some evidence to support this). I feel like they caused a bunch of fuss over nothing. This site wasn’t a secret- I’ve seen commercials on TV for it- and cheating itself is certainly nothing new. It sounds to me like they more or less made up this moral foundation for the hack as a defense mechanism.

feature image courtesy of Tumisu

 

You can follow your favorite VPN service @LiquidVPN

You can follow the author @FreelanceTony

Sharing is caring