Tag Archive for: Madison

Years later, the Ashley Madison hack remains an unsolved internet mystery

/in


a dimly lit woman making the same

a dimly lit woman making the same

It’s downright strange how little we know about the hacker or hackers who exposed the identities of over 30 million Ashley Madison users in 2015. They leaked incredibly sensitive data about millions of people, did not profit in any obvious way, turned “Ashley Madison” into a punchline throughout the English speaking world, and rode off into the sunset.

You probably remember the hack, but it’s doubtful you remember the culprit: some entity called “The Impact Team.” A reward of $500,000 was offered for information leading to their arrest and prosecution, but no such arrest has ever been made.

Noel Biderman, the CEO at the time of Ashley Madison’s parent company, claimed that he knew exactly who did it, and that they were an insider. But that turned out to have been a former employee who had died by suicide before the hack.

One possible culprit discovered by researchers at the time was an enigmatic figure calling himself Thadeus Zu. A Berkley researcher named Nicholas Weaver found the circumstantial evidence against Zu compelling enough to call upon law enforcement to get a warrant, crack open Zu’s social media accounts and find out more. That evidently never happened.

SEE ALSO: Google’s Bard AI chatbot is vulnerable to use by hackers. So is ChatGPT.

But Brian Krebs, the security researcher who initially reported the hack, and initially made the case against Thadeus Zu, uncovered an equally compelling person of interest earlier this year: Evan Bloom, a former Ashley Madison employee who was convicted in 2019 of selling hacked internet account information. In an interview with Krebs, Bloom denied involvement.

Without a guilty party able to give us the inside story on what happened, has the Ashley Madison hack been mis-shelved in the library of internet history? Have we all, in a sense, been swindled into accepting “LOL” as our collective response to something ugly and insidious?

Ashley Madison had long been an attractive target for hackers

To refresh your memory, Ashley Madison is (yep, is, not was) a paywalled dating website, founded in 2001, and marketed to people who are already in relationships — which is to say it’s ostensibly for linking…

Source…

Years later, the Ashley Madison hack remains an unsolved mystery

/in


It’s downright strange how little we know about the hacker or hackers who exposed the identities of over 30 million Ashley Madison users in 2015. They leaked incredibly sensitive data about millions of people, did not profit in any obvious way, turned “Ashley Madison” into a punchline throughout the English speaking world, and rode off into the sunset.

You probably remember the hack, but it’s doubtful you remember the culprit: some entity called “The Impact Team.” A reward of $500,000 was offered for information leading to their arrest and prosecution, but no such arrest has ever been made.

Noel Biderman, the CEO at the time of Ashley Madison’s parent company, claimed that he knew exactly who did it, and that they were an insider. But that turned out to have been a former employee who had died by suicide before the hack.

One possible culprit discovered by researchers at the time was an enigmatic figure calling himself Thadeus Zu. A Berkley researcher named Nicholas Weaver found the circumstantial evidence against Zu compelling enough to call upon law enforcement to get a warrant, crack open Zu’s social media accounts and find out more. That evidently never happened.

SEE ALSO:

Google’s Bard AI chatbot is vulnerable to use by hackers. So is ChatGPT.

But Brian Krebs, the security researcher who initially reported the hack, and initially made the case against Thadeus Zu, uncovered an equally compelling person of interest earlier this year: Evan Bloom, a former Ashley Madison employee who was convicted in 2019 of selling hacked internet account information. In an interview with Krebs, Bloom denied involvement.

Without a guilty party able to give us the inside story on what happened, has the Ashley Madison hack been mis-shelved in the library of internet history? Have we all, in a sense, been swindled into accepting “LOL” as our collective response to something ugly and insidious?

Ashley Madison had long been an attractive target for hackers

To refresh your memory, Ashley Madison is (yep, is, not was) a paywalled dating website, founded in 2001, and marketed to people who are already in relationships — which is to say it’s ostensibly for linking…

Source…

Top Suspect in 2015 Ashley Madison Hack Committed Suicide in 2014 – Krebs on Security

/in


When the marital infidelity website AshleyMadison.com learned in July 2015 that hackers were threatening to publish data stolen from 37 million users, the company’s then-CEO Noel Biderman was quick to point the finger at an unnamed former contractor. But as a new documentary series on Hulu reveals [SPOILER ALERT!], there was just one problem with that theory: Their top suspect had killed himself more than a year before the hackers began publishing stolen user data.

The new documentary, The Ashley Madison Affair, begins airing today on Hulu in the United States and on Disney+ in the United Kingdom. The series features interviews with security experts and journalists, Ashley Madison executives, victims of the breach and jilted spouses.

The series also touches on shocking new details unearthed by KrebsOnSecurity and Jeremy Bullock, a data scientist who worked with the show’s producers at the Warner Bros. production company Wall to Wall Media. Bullock had spent many hours poring over the hundreds of thousands of emails that the Ashley Madison hackers stole from Biderman and published online in 2015.

Wall to Wall reached out in July 2022 about collaborating with Bullock after KrebsOnSecurity published A Retrospective on the 2015 Ashley Madison Breach. That piece explored how Biderman — who is Jewish — had become the target of concerted harassment campaigns by anti-Semitic and far-right groups online in the months leading up to the hack.

Whoever hacked Ashley Madison had access to all employee emails, but they only released Biderman’s messages — three years worth. Apropos of my retrospective report, Bullock found that a great many messages in Biderman’s inbox were belligerent and anti-Semitic screeds from a former Ashley Madison employee named William Brewster Harrison.

William Harrison’s employment contract with Ashley Madison parent Avid Life Media.

The messages show that Harrison was hired in March 2010 to help promote Ashley Madison online, but the messages also reveal Harrison was heavily involved in helping to create and cultivate phony female accounts on the service.

There is evidence to suggest that in 2010 Harrison was directed to harass the owner…

Source…

Madison teen, accused in Memorial bomb threats, now charged in New York with hacking a sports betting website

/in


A Madison teen who still faces felony charges over bomb threats made at Memorial High School last year was arrested Thursday and charged by federal authorities in New York City with hacking an online sports betting website, which had user accounts that were then plundered.

The charges filed on Monday against Joseph H. Garrison, 18, in U.S. District Court for the Southern District of New York allege that in November — about three months after Garrison was charged and released for the Memorial threats — he launched what authorities called a “credential stuffing attack” to find username and password combinations, gleaned from sources on the “dark web,” that would work on other websites where users used the same username-password combinations.

People are also reading…

That included the fantasy sports and sports betting website, which was not identified by name in the complaint.

He then sold the working combinations to buyers on the internet, according to a criminal complaint, and provided detailed instructions on how to use them on the betting site. The buyers used them to steal about $600,000 from the site’s user accounts, the complaint states.

In todays world, its high tech versus high crime. Police work like dusting for prints is now supplemented with point and click. 


A credential stuffing attack uses a computer program to rapidly attempt to log into financial accounts using a list of known username-password combinations to search for working logins. 

Buyers took money from about 1,600 of the site’s 60,000 accounts that were accessed using the stolen credentials, the complaint states.

Intruders were able to clear out an individual user account by setting up a new payment method and depositing $5 into the account to verify it, then withdrawing the account’s balance through that new payment method, the complaint states.

Investigators identified Garrison as the person who carried out…

Source…