Wednesday, July 22, 2015

The Ashley Madison hack is a goldmine for criminals

There have been hundreds of articles written on the Ashley Madison hack this week, as I'm sure you've probably seen. If for some reason you haven't, this site offers users the opportunity to setup sexual affairs with other registered users in secret. The personal messages, profiles, email addresses and credit card numbers have been stolen and are being held for ransom, which is truly sensitive information if you're one of the millions of users, 37 million to be exact, that's looking to have an affair on line and using their services to assist with cheating. The group that stole the information is requesting that the site and their affiliates be taken down or they'll release the cache of info.

No matter how you feel about the site itself, I personally think it's a despicable way to make money, there are some major ramifications at play here that aren't part of a normal data breach. The people that are responsible aren't using the credit cards or selling them, that we know of, and are requesting that the site be taken down. This is a different response from what we normally see when large eCommerce sites have been compromised. At this point the attackers don't seem to be financially motivated, which makes them even more unpredictable.

There's also the aspect of having very personal data potentially being spewed across the internet showing these users infidelity in very public ways. Once this happens there are a few things I can forsee happening:
  • Privacy lawsuits against Ashely Madison for the users that were told their personal information would be removed after their accounts were deleted. These records are going to show up in divorce courts now for the next couple years. This data was supposed to be private and has now been made public for the world to see. The divorce lawyers are going to love this. 
  • Once this list makes its way to the internet the first thing someone's going to do is create a searchable database with credit card, name, email address, etc. for people to search and see if their partners were cheating on them. This will surely happen and relationships will suffer due to this site. Not that these people wouldn't have had affairs without the site, but offering it as a service, while being hacked, is doubly wrong. 
  • Blackmail will happen at large levels. People will be found on the data dump and be told that they'll rat to their spouse unless they pay them. This is bound to happen and could be worse if criminals start using this data to spur cyber espionage (E.G Someone in a pharmacutcial firm is found to be on the list and cyber criminals offer to tell their spouse unless they start giving out trade secrets, etc, etc, etc).
This site was about being secret and fooling around behind your partners back. It turns out that's exactly what's happening to them now (oh the irony). It also shows that if you have something private, no matter what it is, you can't trust a third party to hold your secrets. If there's sensitive information being sent up to a site that you don't manage completely, assume that it will be lost or breached. Make your digital decisions based off this risk approach.

No comments:

Post a Comment