Ashley Madison Hack

What is right? Is there right? Are you right?

Ashley Madison Hack

Post by tremor77 on Fri Aug 21, 2015 10:56 pm
([msg=89462]see Ashley Madison Hack[/msg])

I'm putting this here under Ethics... if you weren't aware then you're living under a rock... the (in)famous website AshleyMadison.com was hacked by a group calling itself Impact Team. This may be the most devastating hack in terms of real world repurcussions in the history of hacks. This dwarfs in comparison to millions of stolen credit cards that can be replaced. Families will be destroyed, jobs will be lost, people will be blackmailed and extorted, there will be suicides, and there may be murders (more about that at the end of my post).

Simply put.. discuss. There is a lot of meat here. The ethics of the site and the company itself and it's poor model, lax security and the fact that it did very little to protect it's users... the ethics of the hackers, of which rumored that perhaps a disgruntled ex-employee(s) are part.. the ethics of the hacked... which many on the web are saying they deserved it, karma is a bitch.. holier than thou yada yada...

I'd love to grab the data dump to pour through it but I don't have the bandwidth for 10GB with my current shoddy internet at home and I don't dare use work lol..... I know I'm on there... I had an account for the purposes of a doxing job... I should have thought better of it and not used my actual billing information and CC. So now I worry about when my data gets found by anyone... but I worry more for the woman I was doxing. In the end I told the private eye I was contracting to that I found nothing on her... and had determined that her husband who contracted the work was the world's biggest douchebag.. rich, powerful, cheating on her all the time.. probably looking for a reason to get rid of her without alimony... he was also obviously abusive.. i'd love for this guy to get run over by a truck.. she's a legit good person - and yes, a cheating spouse.. and I'm now afraid for her life.

My opinion on this. The operators of ashleymadison are scum, but the hackers in the case are also scum, they are only using "morality" as a smokescreen for their hack. I'm sure many users are scum too, and while I think it's ok for hackers to leverage some moral authority against Governments and Corporations... this was an attack on average people and I think it was just wrong.

You're turn.. discuss.. this topic could go all over the place, interested to see your thoughts.

Side note - anyone who can grab that data dump PM me.. I have a few names to check on to see if I can assist in damage control (I know a few people on there and I'm getting requests for my skills already).. does that make me scum now too or companies who will try to profit off helping victims?
Image
User avatar
tremor77
Addict
Addict
 
Posts: 1095
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Ashley Madison Hack

Post by pretentious on Sat Aug 22, 2015 12:11 am
([msg=89463]see Re: Ashley Madison Hack[/msg])

I wasn't really paying much attention to this until like yesterday lol
I want to know what the motive is for publishing things like this. With all the hype about data mining that FB and Google does for advertising, things like this are worth a gazillion dollars to some people. All that I can really think of is the hackers tried to blackmail these guys and it didn't pan out.

I'm biased here and don't really know the full story but from my point of view, the burden is entirely on AM. There will always be assholes trying to fuck with you. YOU have the infrastructure and YOU have peoples information that they have trusted you with.

I'm kinda all over the place here because I have a very 'it is what is is' view of ethics and morality. There are people killing rhinos for their horns and no amount of 'that's not cool, dude' or agreeing that it's objectively 'wrong' is going to change it. In the aftermath of this, stakeholders need to focus on is damage control

Oh and one last thing after adding nothing to this discussion :P I saw some figures on reddit about this. There is only like %15 of the users being women and a pretty substantial amount of fake accounts. I don't even know what to make of the people who actually used the site. Maybe it's the intent that counts :|
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1189
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: Ashley Madison Hack

Post by tremor77 on Sat Aug 22, 2015 2:35 am
([msg=89469]see Re: Ashley Madison Hack[/msg])

pretentious wrote:Oh and one last thing after adding nothing to this discussion :P I saw some figures on reddit about this. There is only like %15 of the users being women and a pretty substantial amount of fake accounts. I don't even know what to make of the people who actually used the site. Maybe it's the intent that counts :|


I'm sure it's heavily male, and the cash flow nearly all male because that's generally how all dating sites work.. women can be on for free and the men have to pay. That said, I personally know of 4 real women who were in fact on there and that's just limited to my small geographic area.

As for what to make of the people who used that site, I'm going to guess they are mostly sad and unhappy, sticking out marriages because that's what people are supposed to do, and divorce is big, scary and messy.. so a lot of people just plod along hoping maybe their spouse will (change|lose weight|stop being a douche|pay more attention|get a job|etc). Honestly I think this site prays on men/women who are stuck in bad marriages, and less on asshole cheaters.... the asshole cheaters are the ones who tell their wife to STFU, go make a pie, I'm going to the bar to fuck a hooker and you deal with it kind of guys.
Image
User avatar
tremor77
Addict
Addict
 
Posts: 1095
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Ashley Madison Hack

Post by cyberdrain on Mon Aug 24, 2015 11:55 am
([msg=89526]see Re: Ashley Madison Hack[/msg])

I will post my two cents; it sucks to be on there for the people that are, but I can't help but feel the operators get what's coming to them. Hopefully the lawsuits will put the site out of its misery. I don't feel it's an attack on ordinary people, every one of those decided to be on there on their own. That said, there is no winning side here.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Ashley Madison Hack

Post by company on Mon Aug 24, 2015 12:03 pm
([msg=89527]see Re: Ashley Madison Hack[/msg])

Like some others said above. I feel kinda "meh" about this hack. I don't really care about the site operators or users.

As for the operators: The site seems to have been run poorly with disregard for user security. This is a big no-no. Let them have whats coming for them.

As for the users: Kinda the same deal. If I was cheating, I would probably try to minimize my traces. Simple things such as signing up with a fake name or email would have been a better idea than using your COMPANY EMAIL. I mean, I don't have much sympathy for those who used their employer's email to sign up to a cheating website.

Morally I am against cheating. Therefore I don't really care about the consequences these people will suffer. It's undoubtedly making a ripple in the security community.

But that's just like, my opinion... Man.
User avatar
company
New User
New User
 
Posts: 14
Joined: Mon Aug 24, 2015 10:22 am
Blog: View Blog (0)


Re: Ashley Madison Hack

Post by tremor77 on Mon Aug 24, 2015 10:43 pm
([msg=89535]see Re: Ashley Madison Hack[/msg])

Ya the people that used a work email are just stupid, that said.. not many people have fake home addresses and credit cards without their name on it if they signed up. So if you dig beyond the emails used into the actual userdata you're going to get alot more info.

As for the security of the site, my sources say the initital breach was almost certainly an inside job. There is no amount of protection from that. Companies have put so much faith into their infosec employees that they are basically leaving them the keys to the kingdom.
Image
User avatar
tremor77
Addict
Addict
 
Posts: 1095
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Ashley Madison Hack

Post by company on Tue Aug 25, 2015 10:23 am
([msg=89537]see Re: Ashley Madison Hack[/msg])

tremor77 wrote:Ya the people that used a work email are just stupid, that said.. not many people have fake home addresses and credit cards without their name on it if they signed up. So if you dig beyond the emails used into the actual userdata you're going to get alot more info.

As for the security of the site, my sources say the initital breach was almost certainly an inside job. There is no amount of protection from that. Companies have put so much faith into their infosec employees that they are basically leaving them the keys to the kingdom.



I had not considered the CC info. I have not looked at the data leaked so I wasn't sure exactly what data was released. As far as it being an inside job that certainly makes things different. It still doesn't change my view. If your gonna cheat its a risk, and the risk didn't pay off here. Or maybe it did, I guess it depends on the individual.

the last sentence you wrote really hits home. At my job I have access to way more information than I should. I just don't need access to it. But they really do give you the keys to everything. I can imagine they will be changing that policy at AM
User avatar
company
New User
New User
 
Posts: 14
Joined: Mon Aug 24, 2015 10:22 am
Blog: View Blog (0)


Re: Ashley Madison Hack

Post by pretentious on Wed Aug 26, 2015 12:51 am
([msg=89552]see Re: Ashley Madison Hack[/msg])

company wrote:the last sentence you wrote really hits home. At my job I have access to way more information than I should.

my friend is usually really into data mining, getting a hash dump and throwing hashcat at it to see how many people used '123456' and all that jazz. Threw some perl scripts at this one, almost 37 million users. credit card transactions were in cvs format so he let perl run wild on the amount paid collumn, couldn't help himself. Less than he thought but his perl skills aren't really there so that's fine. Did a regex on the user accounts to see if there were any student emails from his university, and after seeing 10 fly past his screen, Yeah, he's not going to be a part of this. That was a few days ago and he's still not sure how he feels about it.
company wrote:I can imagine they will be changing that policy at AM

My thoughts, Cheating is all about discretion and privacy. Ashley Madison is done.
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1189
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: Ashley Madison Hack

Post by boriz666 on Wed Aug 26, 2015 2:20 am
([msg=89553]see Re: Ashley Madison Hack[/msg])

They will go out of business, if not for the breach of trust, then for the
tens of millions they have already been sued for.
boriz666
Experienced User
Experienced User
 
Posts: 99
Joined: Tue Mar 24, 2015 11:53 am
Blog: View Blog (0)


Re: Ashley Madison Hack

Post by tremor77 on Sun Aug 30, 2015 1:20 am
([msg=89605]see Re: Ashley Madison Hack[/msg])

boriz666 wrote:They will go out of business, if not for the breach of trust, then for the
tens of millions they have already been sued for.


I wonder how many people will actually sign on to the class action lawsuits lol.. when lawyers start sending out letters to people they'll be potentially outing people who've managed to not get found out yet.
Image
User avatar
tremor77
Addict
Addict
 
Posts: 1095
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Next

Return to Ethics

Who is online

Users browsing this forum: No registered users and 0 guests