Tag Archive for: Ashley

Years later, the Ashley Madison hack remains an unsolved internet mystery

/in


a dimly lit woman making the same

a dimly lit woman making the same

It’s downright strange how little we know about the hacker or hackers who exposed the identities of over 30 million Ashley Madison users in 2015. They leaked incredibly sensitive data about millions of people, did not profit in any obvious way, turned “Ashley Madison” into a punchline throughout the English speaking world, and rode off into the sunset.

You probably remember the hack, but it’s doubtful you remember the culprit: some entity called “The Impact Team.” A reward of $500,000 was offered for information leading to their arrest and prosecution, but no such arrest has ever been made.

Noel Biderman, the CEO at the time of Ashley Madison’s parent company, claimed that he knew exactly who did it, and that they were an insider. But that turned out to have been a former employee who had died by suicide before the hack.

One possible culprit discovered by researchers at the time was an enigmatic figure calling himself Thadeus Zu. A Berkley researcher named Nicholas Weaver found the circumstantial evidence against Zu compelling enough to call upon law enforcement to get a warrant, crack open Zu’s social media accounts and find out more. That evidently never happened.

SEE ALSO: Google’s Bard AI chatbot is vulnerable to use by hackers. So is ChatGPT.

But Brian Krebs, the security researcher who initially reported the hack, and initially made the case against Thadeus Zu, uncovered an equally compelling person of interest earlier this year: Evan Bloom, a former Ashley Madison employee who was convicted in 2019 of selling hacked internet account information. In an interview with Krebs, Bloom denied involvement.

Without a guilty party able to give us the inside story on what happened, has the Ashley Madison hack been mis-shelved in the library of internet history? Have we all, in a sense, been swindled into accepting “LOL” as our collective response to something ugly and insidious?

Ashley Madison had long been an attractive target for hackers

To refresh your memory, Ashley Madison is (yep, is, not was) a paywalled dating website, founded in 2001, and marketed to people who are already in relationships — which is to say it’s ostensibly for linking…

Source…

Years later, the Ashley Madison hack remains an unsolved mystery

/in


It’s downright strange how little we know about the hacker or hackers who exposed the identities of over 30 million Ashley Madison users in 2015. They leaked incredibly sensitive data about millions of people, did not profit in any obvious way, turned “Ashley Madison” into a punchline throughout the English speaking world, and rode off into the sunset.

You probably remember the hack, but it’s doubtful you remember the culprit: some entity called “The Impact Team.” A reward of $500,000 was offered for information leading to their arrest and prosecution, but no such arrest has ever been made.

Noel Biderman, the CEO at the time of Ashley Madison’s parent company, claimed that he knew exactly who did it, and that they were an insider. But that turned out to have been a former employee who had died by suicide before the hack.

One possible culprit discovered by researchers at the time was an enigmatic figure calling himself Thadeus Zu. A Berkley researcher named Nicholas Weaver found the circumstantial evidence against Zu compelling enough to call upon law enforcement to get a warrant, crack open Zu’s social media accounts and find out more. That evidently never happened.

SEE ALSO:

Google’s Bard AI chatbot is vulnerable to use by hackers. So is ChatGPT.

But Brian Krebs, the security researcher who initially reported the hack, and initially made the case against Thadeus Zu, uncovered an equally compelling person of interest earlier this year: Evan Bloom, a former Ashley Madison employee who was convicted in 2019 of selling hacked internet account information. In an interview with Krebs, Bloom denied involvement.

Without a guilty party able to give us the inside story on what happened, has the Ashley Madison hack been mis-shelved in the library of internet history? Have we all, in a sense, been swindled into accepting “LOL” as our collective response to something ugly and insidious?

Ashley Madison had long been an attractive target for hackers

To refresh your memory, Ashley Madison is (yep, is, not was) a paywalled dating website, founded in 2001, and marketed to people who are already in relationships — which is to say it’s ostensibly for linking…

Source…

Top Suspect in 2015 Ashley Madison Hack Committed Suicide in 2014 – Krebs on Security

/in


When the marital infidelity website AshleyMadison.com learned in July 2015 that hackers were threatening to publish data stolen from 37 million users, the company’s then-CEO Noel Biderman was quick to point the finger at an unnamed former contractor. But as a new documentary series on Hulu reveals [SPOILER ALERT!], there was just one problem with that theory: Their top suspect had killed himself more than a year before the hackers began publishing stolen user data.

The new documentary, The Ashley Madison Affair, begins airing today on Hulu in the United States and on Disney+ in the United Kingdom. The series features interviews with security experts and journalists, Ashley Madison executives, victims of the breach and jilted spouses.

The series also touches on shocking new details unearthed by KrebsOnSecurity and Jeremy Bullock, a data scientist who worked with the show’s producers at the Warner Bros. production company Wall to Wall Media. Bullock had spent many hours poring over the hundreds of thousands of emails that the Ashley Madison hackers stole from Biderman and published online in 2015.

Wall to Wall reached out in July 2022 about collaborating with Bullock after KrebsOnSecurity published A Retrospective on the 2015 Ashley Madison Breach. That piece explored how Biderman — who is Jewish — had become the target of concerted harassment campaigns by anti-Semitic and far-right groups online in the months leading up to the hack.

Whoever hacked Ashley Madison had access to all employee emails, but they only released Biderman’s messages — three years worth. Apropos of my retrospective report, Bullock found that a great many messages in Biderman’s inbox were belligerent and anti-Semitic screeds from a former Ashley Madison employee named William Brewster Harrison.

William Harrison’s employment contract with Ashley Madison parent Avid Life Media.

The messages show that Harrison was hired in March 2010 to help promote Ashley Madison online, but the messages also reveal Harrison was heavily involved in helping to create and cultivate phony female accounts on the service.

There is evidence to suggest that in 2010 Harrison was directed to harass the owner…

Source…

Smashing Security #165: Cheapfakes, deepfakes, and Ashley Madison

/in

Wi-Fi hopping malware, the return of Ashley Madison extortion scams, and should social media be doing anything about cheapfakes?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.

Graham Cluley