Tuesday, July 21, 2015

The End of the Affair

"Adult site hacked, and threats have followed" by Hiawatha Bray Globe staff  July 20, 2015

When 37 million people share their adulterous fantasies at the notorious dating site AshleyMadison.com, what’s the worst thing that could happen?

It just did.

An unknown team of online criminals claims to have stolen the names, addresses, credit card data, and sexual interests of every Ashley Madison client.

Meaning it was either the Jewish mafia, the U.S. government, or ISIS™.

But unlike other cyberhackers, these extortionists, who call themselves the Impact Team, aren’t looking to make money or score political points. They want the parent company, Avid Life Media Inc., to shut down Ashley Madison and another of its sites. If not, they will make all of the customer data public.

A statement released online by the hackers Sunday night included the names and addresses of two Ashley Madison clients, as well as links to several online forums where they had posted large amounts of company data. Avid Life Media contacted these sites, which deleted the data.

“We apologize for this unprovoked and criminal intrusion into our customers’ information,” the Toronto company said Monday in an e-mailed statement. “At this time, we have been able to secure our sites, and close the unauthorized access points.”

The company also said it is working with law enforcement to track down the culprits.

Ashley Madison courts married men and women looking to cheat on their spouses. The site’s motto: “Life is short. Have an affair.” The other site referenced by the hackers, Established Men, caters to rich men who want to meet “ambitious and attractive girls.”

Hmmmmm. 

All this in full view of the NSA and all. 

Face it, folks. The government allows this stuff.

Avid Life Media generated an estimated $115 million in revenue last year, according to Bloomberg News. While American investors have been put off by the company’s salacious services, Avid Life Media is expected to seek $200 million from a stock sale on the London exchange this year. It’s unclear whether the hack will force a change of plans. 

Now you $ee why.

The incident is reminiscent of last year’s devastating attack on Sony Corp.’s computer systems in the runup to Sony’s planned release of the movie “The Interview,” a farce about Americans who assassinate the leader of North Korea, Kim Jong Un. Attackers believed to be acting on behalf of the North Korean government raided Sony’s computers and leaked highly embarrassing corporate documents. They then posted messages threatening terrorist attacks against theaters that showed “The Interview.”

Sony canceled its official Christmas Day release of the film at major theater chains. But about 300 independent cinemas did show the movie.

Turns out that was a fraudulent claim against North Korea and it was raced to disgruntled former workers in the company -- as well as benefiting the buzz regarding that sorry film -- but that's all down the memory hole and all you are left with is the mind-ma$$aging propaganda narrative.

The Ashley Madison attack is a nasty new version of Internet “sextortion,” a crime that’s become all too common. Most sextortionists use deception and technical gimmicks to obtain nude photos of their victims. Then they blackmail the victims by threatening to distribute the pictures over the Internet unless the victims send still more photos.

You run a country that way and it's no problem.

Last week, former Navy pilot Daniel Chase Harris of Virginia Beach, Va., was sentenced to 50 years in federal prison for running a sextortion scheme.

Other sextortionists are driven by greed.

Banks.

In April, millions of customer records were stolen from the sex site AdultFriendFinder.com by a thief who demanded $100,000 in ransom. Apparently the money wasn’t paid; by late May, information on 3.9 million users was posted online on hacker forums, where it could be used for extortion or identity theft.

The AshleyMadison.com attackers apparently aren’t out for money, and they seem to regard the humiliation of users as collateral damage. Their stated target is the company itself.

But that’s cold comfort to subscribers whose information is in criminals’ hands.

Brian Krebs, an Internet security analyst whose Krebs On Security website revealed the Ashley Madison hack, said there’s nothing to stop the Impact Team from publishing stolen data whenever it chooses. “This thing could break wide open at any time,” Krebs said.

The Impact Team seems especially angry about Ashley Madison’s “full delete” policy, which charges customers $19 for guaranteed erasure of all of their personal data from the site. The hackers claim the service generated $1.7 million in revenue for Avid Life Media last year, but the company didn’t really erase all data.

Which client was mad?

“Their purchase details are not removed as promised, and include real name and address . . . sexual fantasies and more,” the Impact Team said.

Avid Life Media denied this claim in its e-mail. It also said the full delete service would now be free.

It’s unclear whether Avid Life Media used an encryption system to scramble sensitive data stored on its servers. Encrypted data is useless to criminals because it can’t be read. But time and again, major organizations have failed to take this step, with disastrous consequences. Following the recent breach at the federal Office of Personnel Management, in which thieves got data on at least 22 million Americans, the agency admitted that much of the information in its databases was not encrypted.

Right, so now a whole round of contracts will go out to computer security software firms, chi bono? C'mon!

Krebs, however, said that Avid Life Media’s chief executive, Noel Biderman, told him the data theft appears to have been an inside job, possibly committed by a contractor with access to the computer network. If so, the criminal could have used a legitimate password to obtain the data, giving him limitless access to unscrambled data files. 

Not only is the use of the term inside job an in-your-face insult (it's a little inside job. Government and media would never lie about the big ones. That's outrageous conspiracy talk), the scenario there is likely true. That's why it was saved for the after-thought paragraph of the article because at this stage the reader is about to move on.

--more--"

What's amazing is the mixed me$$age on all this. Hacking all over the place, but don't worry about electronic buying. 

This is World War III without the bullets and the bombs.”

If it comes to that, my relation$hip with the Globe will be over, and “most Israeli companies were going off to Silicon Valley.”