Reputation Attack: Lessons Learned from the Ashley Madison Breech
The Ashley Madison hack and subsequent release of the site’s Users information is a scary indication of things to come. Many hackers are realizing that blackmailing a site or its Users can be much more profitable that just stealing financial information. (A financial breech has a short profitability span since information can be changed as soon as the breech is discovered, blackmail can go on for years.) It is a convenient, but dangerous, fact that over the past 5 years we have moved a very large part of our identity online. Our professional records, academic achievements, social standings, and circle of friends can all be found in various social media networks. Our interpersonal communications and thoughts are within our emails, text messages and social media profiles. There is a continuing concern about cyber criminals stealing our identities or financial records, but, as you just asked, what about our reputations?
The Ashley Madison breech shows that our most embarrassing information is also fair game for hackers. Dating websites, or hookup sites, all claim secrecy, privacy and confidentiality. Trusting these sites is not based on any evidence that they are secure, but rather on the assurances that come from from these websites. Unfortunately, for many love and lust seekers, hackers are naturally attracted to dating websites for a variety of reasons, and they do not break into them to just get data on the site, they are trying to exploit it, and its users.
Primarily, hackers love to distribute spam through these sites. Dating site users are targets for this spam, whether it is weight loss, libido enhancers, hookups, or pornography. The user information these sites have give spammers a better chance of finding their targets, as they put attributes like gender, age, interests and body shape in their profiles. Spammers create targeted campaigns based on perceived needs and demographics of the users of certain sites. But, as we are seeing now, there are other ways in which they can profit from acquiring user profiles, such as romance scams, impersonating another site member to pull information out of you,or plain old blackmail.
It does not come as a surprise that a site like Ashley Madison would get compromised. In the wake of several recent company breeches, public shaming of organizations is a proven and effective way to raise awareness of the perceived issues through stolen data disclosures and blackmail. The hackers may have a goal of causing serious economic damage by embarrassing the company’s users, which would preclude other people from signing up in the future, or actually plan on blackmailing these users for money or other favors. Exposing people for their “sins”(whether actual or simply perceived) without having any context for these sins can be very unfair, but still very profitable. Most of us naturally assume the consequences are laughable because we figure the victims of this hack are deserving of the exposure. Perhaps most are, but for every handful of compromised users, one person may well be living in an emotional roller coaster and have no intention on acting upon his/her postings, or may have actually created a profile as revenge against another person. The big assumption we’re all making is that this couldn’t happen to us, we’re above it. The thing is, we’re getting to the point where it quite possibly could. If you have a kinky thought, a fetish, a deviant desire, a secret attraction, a porn habit, or any kind of sexual fantasy you think is safe, there’s every chance it could end up on the web by a thoughtless post or entry on a profile. Technology arriving in the near future is so close to magic that it doesn’t matter if you don’t tell the internet what you’re thinking, it may simply read your mind (at least, it will seem that way). Most people now understand that sharing private information on the internet can be dangerous. If you’ve used a credit card on a porn, hookup site or simply a social media site, your purchases could be revealed. If you’ve got an online dating profile, it could wind up exposed, along with all the conversations you’ve had with other members of the site. If you post, or create a profile on a fetish site, that information could easily become publicly available. If some of the Internet’s big porn sites or fetish communities were ever hacked, the potential for harm would be pretty enormous.
So, you are probably wondering if there are ways to see if you, or someone know, were compromised in the Ashley Madison breech. (Remember, these email addresses were not verified when the clients signed up, thus someone could actually signed up for an account using your email without your knowledge.) You could than take the time to enter the Dark Web, find the data, and search through all 32 million files, but that is not practical. Besides, there are two compelling reasons NOT to try and download this file. First, it is stolen property and thus the download would be illegal, and second, downloading ANYTHING from the dark web is extremely dangerous. These files are posted by hackers so you can be pretty sure that they would come with remote access Trojans or ransomware that would make your life miserable. The easiest and fastest to check the list is by doing an email search on Trustify or Have I Been Pwned. These sites will take the email address you enter and search the files posted online to see if that address is associated with an account. Note that Have I Been Pwned requires a User account and you can only search for your own email. Trustify will allow you to search for any email address. This will at least give you piece of mind that you are not affected by the breech, or warn you if your, or someone you know, did have an account on the site.
Unfortunately in today’s online world, ordinary people who live secret and sometimes complex lives have a lot more reasons to worry. It is a dangerous world for people who value their privacy, and secrets are getting harder to keep by the day. Be careful online and always consider the consequences of your actions. Especially if you are just doing something on a whim that you figure no one will ever know about, that may come back to haunt you.
For more information about this and many more cyber defense topics, plus timely alerts of cyber threats that may affect you, please subscribe to Home Cyber Defense Weekly. This weekly newsletter is designed to teach you how to recognize and prevent cyber attacks, and informs you what to do if you have been attacked. A subscription to our newsletter is very inexpensive and you can sign-up on our website at:HomeCyberDefense.net. Be safe out there!
By Michael File