Ashley Madison Breach
Article written by Nik Nojed. August 25, 2015.
Protect your online business and prevent a breach with an EV SSL Certificate, the highest level of web security.

If These Firewalls Could Talk

Who is Ashley Madison?

Upon surfing the web a couple days ago, I quickly noticed a name that kept popping up throughout my daily digi-travels. These travels usually include Yahoo (by a lazy default), Verge, Wired, Mashable & HipHopDx...a solid balance of information if I may say so myself.

"Who the hell is Ashley Madison?", I wonder...and then I click.

Headline reads--'Ashley Madison. Life is short. Have an affair.' I can definitely see that on a late night infomercial. The site also boasts some pretty ironic claims like 'Ashley Madison is the world's leading married dating service for discreet encounters' & awards including the 'Trusted Security Award' & '100% Discreet Service'. Focus is on the trusted and discreet titles of course.

Ashley Madison Breach

My, my, my, what has the world come to and how is it even possible for close to 40 million married people to be signed up to this site. This has to speak to some illusory quality of monogamy and challenge its very concept. To register to a website for cheating on your spouse seems pretty absurd when you have USA pumping out the final episodes for season 1 of Mr. Robot. Somehow the cyber realm has become a safe place to run and hide, according to popular perception. The ladder statement has since been proven false as large caches of data have been stolen from the online cheating site.

Here's a quick rundown if you haven't been up to date with the latest example of the immoral state of society.

  • Hackers known as the Impact Team stole personal information from the site to use it for blackmailing the site's users and demanding the site be shutdown.
    "I'm picturing a group of super intelligent scorned wives who have come together to code and rid the world of all fornication. Evil laugh ensues!"
  • Reality TV star Josh Duggar has been exposed as a confirmed customer as well as several unidentified government workers who accessed their Ashley Madison accounts from government IP addresses. Duggar has since come out to apologize in a somewhat lame fashion necessary for public relations reasons. Gotta save face right?!
  • There is no indication that the hackers got in through a software vulnerability but rather through a former contractor or someone else who had legitimate access to the company's networks at one time.
  • With the site's source code and network blueprints already released by the hackers, however, the company is now in a race to find and close vulnerabilities before other attackers can find and exploit them.
    "Really, it's too late. Give it up."
  • The motive according to the Impact Team, was that they hacked Ashley Madison because they were morally outraged at the behavior its web sites condoned.
    "What about Pornhub? No, that would be too far right?"

40 million people signed up and yet most of you all lambasted Tiger Woods for years for his actions. Gosh I tell ya, the public can be so darn hypocritical (in my cynical voice).

How Ashley Madison became exposed?

*Aside from the fact that the company didn't adequately protect the credit card transactions of customers and other personally identifiable information, the company also recorded the IP address of paid accountholders and stored these addresses for at least five years. This made it fairly easy for the Associated Press to uncover accounts opened by government employees and, using the stored IP addresses, determine who had used their work networks to log into the cheating service on government and taxpayer time. AP was able to determine, for example, that hundreds of US government employees, some of them holding sensitive jobs in the White House, Congress and law enforcement agencies, used government web connections to acces their Ashley Madison accounts, including two assistant US attorneys, a trial attorney in the Justice Department, and a government hacker working for the Department of Homeland Security.

Although these workers would have been exposed by their credit card transactions in the Ashley Madison database, many of them had taken care to use personal email addresses instead of work ones, which would have made it harder for someone to connect them to their jobs. The fact that the site retained their IP addresses made it much easier to do so. That's a major privacy fail for a web site that insisted its customers' privacy was a top priority.

* This information was taken directly from Wired's article "Answers to Your Burning Questions on the Ashley Madison Hack". Link here.

It's Only Right

What better way to end this article with a nod to Kendrick Lamar's song and performance "These Walls", somewhat fitting...just a little.

#Ashley-Madison  #Web-Security  #Data-Protection  #Hacks
#Adultery  #Cheating  #Societal-Morals
#Kendrick-Lamar  #These-Walls