Ashley Madison hack could lead down road to serious trouble for important people.
Perhaps you haven’t been following the story, but the marital infidelity website Ashley Madison suffered a security breach in July by a hacktivist group called Impact Team in which all its account records were stolen. At first Ashley Madison’s parent corporation Avid Life Media tried to claim its data remained secure, but it later emerged that Ashley Madison’s client database was completely compromised. For the uninitiated, Ashley Madison hooks up marrieds who want to have affairs, and while most sensible people would think that's a terrible idea, the site had generated millions of clients. Impact Team demanded the site be shut down or all the user records would be published, and yesterday the group made good on that threat and posted 9.7 gigs of records from as many as 32 million users in 46 countries.
Generally, we’re in favor of digital civil disobedience, but this latest raid seems a bit out of character for the various anonymous hacker collectives. At least until you dig a little deeper. Impact Team’s proclamation says in part, “Keep in mind the site is a scam with thousands of fake female profiles. See Ashley Madison fake profile lawsuit; 90-95% of actual users are male.” Exposing mass fraud seems more in line with the usual hacktivist modus operandi, but there’s more. Approximately 15,000 Ashley Madison accounts carry a .gov or .mil web address. Yes, you read that right—more than 15,000 of the accounts go directly back to U.S. military or government IPs. Some even carry a White House home address.
Thus, the moral posturing about sexual infidelity (Impact Team writes, “Find yourself in here? It was ALM that failed you and lied to you. Prosecute them and claim damages. Then move on with your life. Learn your lesson and make amends.”) feels a bit like a smokescreen. In reality, this hack has very likely put a major scare into the political class. Some of the addresses are probably fake (the White House ones are good candidates, because we doubt any White House employees are thatdumb, whereas people who hate the government would be more than willing to spend the time and effort to set up fake profiles). But then some of the addresses most definitely aren’t fake.
The account information is only available so far on the dark web, but we’re very curious to see if anyone follows up on the details of those .gov addresses. There’s no telling who’s at the other end, and we can hardly wait for the denials to start. It's just delicious to think that, after passing all sorts of intrusive laws designed to corral and track internet users, the same politicians could end up being the foxes to a bunch of curious citizens' hounds. Could it actually happen? We have no idea, but we can dream can't we? Stay tuned.