There are more qualified security experts than I who can tell you the “How, Why and the What To Do” in regards to the Ashley Madison website hack. But, as I’m constantly banging on about privacy and online safety I can’t ignore this train wreck of an online crime, which is what it is. It is actually illegal to hack into a company data base or a personal computer. For more in-depth coverage see security experts Graham Cluley Troy Hunt who paints a distressing picture of the results of this hack from 100’s of emails he is receiving every day from distraught victims of this breach. Or Brian Krebs who outlines some of the blackmail occurring as a result of this hack.
What Is This “Ashley Madison” Hack (who is she?)
If you haven’t heard, meaning you’ve been living on a remote cattle station with no internet or T.V…The Canadian based online “Dating” platform for married folks who want to cheat, named “Ashley Madison” was recently hacked, and all the emails and private details of Ashley Madison users has now been uploaded to a public server, for anyone with enough bandwidth to download and trawl though. Understanding and deciphering the millions of bits of data is not for the ordinary person though. Some I.T genius’s have already started sorting the dump out and making it easy to search to see if you, or someone you know, had their email used to set up an account. Be very careful where you go to check on an email address, no doubt there are some scams around using this facility already. If you want to check if your email is included in this hack, go to “Have I Been Pawned” operated by Troy Hunt, and sign up. You can only test an email you have access to on Troy’s site, this stops folks from “outing” other users.
It’s important to note that none of the emails to sign up for an A.M profile were ever verified. Meaning you didn’t need to receive an email back to verify you actually owned the email address used to set up your A.M profile. This meant that anyone could set up an account in your name or their name using your email address or anyones email address or could simply make one up. Making it easy to set someone up for humiliation or worse.
This lack of email verification and accountability can be seen as both good or bad. GOOD If your email is found within the hack, and you want to avoid admitting you had a legitimate account, you could actually then say that you didn’t set up the account and were framed…but only as long as other information on the profile doesn’t match, like credit card, location etc…those things make it harder to avoid being accused. BAD if your email is discovered in the dump and you didn’t actually set up an account. You may have actually been framed and now might have to defend yourself, which may or may not be believed.
Software platforms or apps that don’t require email verification help people hide. Be very wary if you aren’t asked to verify your email address when signing up for anything.
The fall out from this Hack is huge and getting worse. Every crook on the internet wants to make a buck out of it. So scams abound, particularly blackmail scams where a scammer might threaten to expose your profile on A.M to friends and family by way of Facebook or other means. Scams around A.M are going to get worse before they get better, with many people caught up who didn’t even have an email listed in this hack. Go to the police if you get caught up in a scam. Go to www.acorn.gov.au if it’s really bad.
Some companies and organisations are no doubt unscrupulously checking via various methods to see if their employees or members were on the site, and many of the users of the site are desperate for ways to avoid being discovered. Journalists are certainly hoping to find high profile users. It’s not only scammers outing A.M users, there will be others who don’t want to be caught up in a scandal who will try to pre-empt it by sacking employees or group members.
Getting Rid Of The Evidence
Security expert Troy Hunt reported that many people who contacted him hoped that he might be able to help them remove their profile from the hack or from the site, removing past profiles or anything really from the Internet is near impossible. And although there are “Online Reputation Managers” available for a price be very sceptical. Copying and storing internet history is so easy, nothing ever really goes away online, even if you live in Europe where they have the “Right To Be Forgotten” Law which doesn’t get the evidence taken down offline, it simply hides it from the upfront search results.
Is Anything Secure Online?
If you suspect that everything connected to the internet is hackable…ie computers, data bases, banks, cars, fridges….then you understand that you simply cannot be dishonest online and hope to get away with it. Anonymity really doesn’t exist. If the worlds smartest hackers can be unmasked, what hope has an ordinary user on their home computer.
Online security is like offline security. It’s best practice to do what you can to enable privacy and security settings on all your online accounts. But if someone really wants to hack into your accounts or computer they probably can. You can avoid many scams, virus’s and hacks by being careful not to click on dodgy links in fake emails and by hiding as much personal information about you online as you can without getting tied up in knots of paranoia. And key to avoiding scams or dodgy online dating websites with impossibly good looking profiles… if it looks too good to be true it probably is. Many of the profiles on A.M were fake.
Don’t These “Victims” Deserve it?
Of course I think dishonesty and hurtful behaviour is detrimental and incredibly damaging to good family life and relationships, but this hack shouldn’t be about Karma or retribution or shame. This is about millions of humans who trust the internet, and criminals taking a so called moral stand to blackmail a website to close, and then hacking it. It doesn’t seem to matter how many hacks, and how many scams people get caught up in, humans seem to trust technology and computers far more than is safe to do so. It is terrifying to think where this type of so called vigilante blackmail hacking will appear next. In Ashley Madison they had a perfect storm.
I feel terribly sorry for the partners and families of users of Ashley Madison. I feel sorry that the users of the site who wanted their membership hidden were naive enough to think that their secret was safe, or that if they paid to delete their account they would never be found out. Sadly for some of them the humiliation of being exposed may actually cause them to self harm, no one should want to be responsible for that.
Bottom Line: Everything is hackable online……and sometimes offline. (Where’s that tin foil hat…)