Marital Infidelity Site AshleyMadison Hacked, But Claims No One Should Worry Since It DMCA'd All Leaked Copies
from the wait,-what? dept
As you my have heard by now, on Sunday, online security super reporter Brian Krebs revealed that the infamous “dating site for married people who want to cheat on their spouse,” AshleyMadison had its systems hacked, with whoever is responsible claiming to have basically everything. Apparently the site (and a few other similar sites run by the company) had 37 million registered users, many of which are probably a bit more worried about their information leaking publicly than they were a couple days ago.
But, no worry, claims the company to a reporter at Wired: it’s issued takedowns to everyone who posted the info, so problem solved:
In a followup statement to WIRED from Avid Life Media Monday morning, the company writes that it has used copyright infringement takedown requests to have ?all personally identifiable information about our users? deleted from the unnamed websites where it was published.
First off, what? Anyone who actually believes that DMCA takedown notices actually stopped this information from being available is probably also busy shipping the contents of his or her bank accounts to friendly princes-in-need across the Atlantic. Second, what? The company has no “copyright” claim in the information in question in the first place, and issuing a copyright/DMCA takedown doesn’t make any sense at all, other than in a sort of desperate “please save us!” attempt to not have the company be completely destroyed by this incredible data breach. While perhaps some sites actually took the information down, there is simply no legitimate reason to use a copyright takedown claim to do so.
Meanwhile, others are pointing out that the site already leaked information about who had accounts if you knew what to look for — and, somewhat ridiculously had bragged about its security in the past. Back in November of last year, after a bunch of celebrity nude photos leaked on the internet, AshleyMadison had a PR person reach out to me (and others) talking up AshleyMadison’s privacy and security features:
Filed Under: cheating, copyright, dmca, hacking, infedility, privacy, takedown
Companies: ashleymadison, avid life media
Comments on “Marital Infidelity Site AshleyMadison Hacked, But Claims No One Should Worry Since It DMCA'd All Leaked Copies”
Kind of bolsters the argument for online anonymity. I wonder if General Wesley Clark was a member.
Removing stolen information via DMCA takedown requests huh? I bet the NSA wishes they’d thought of that one a couple years ago.
Re: Re:
They prefer to send in their friends to destroy laptops and drives, or size people electronics as they cross borders.
Re: Re: Re:
But confiscating or destroying people’s electronics doesn’t have a 100% success rate! Sending DMCA takedown requests does! Just ask Avid Life Media.
Good to know
“Back in November of last year, after a bunch of celebrity nude photos leaked on the internet, AshleyMadison had a PR person reach out to me (and others) talking up AshleyMadison’s privacy and security features”
This raises one question (at least in my probably perverted mind): There are celebs on AM? Interesting…I guess I will open an account who lives in Cali. Or maybe we could all scan for celebs on the site… ok now I kind of hope they do not close and the information is made public, for the lulz of course! Set those scanners to senators!
Re: Good to know
This raises one question (at least in my probably perverted mind): There are celebs on AM?
Where did you get that?
“But, no worries, I’m sure the company will look to use copyright law to fix that too…”
Or they can find a way to blackmail judges, juries, prosecutors, attorneys, regulators …
A site with this kind of intel shouldn’t have that much difficulty. The NSA only wishes they had this kind of power …
Re: Re:
I’m sure intelligence services can see the possibilities available that comparatively unsecured information treasure troves like AshleyMadison present. It’s possible they’re well ahead of you on this one, and not necessarily just “friendly” domestic services.
We have a winner, Mike!
Next Sunday’s winner for the funniest comment of the week, goes to ALM CEO Noel Biderman.
The rest of you can just stop commenting, …go home. Get to know your family again. Make love to your wife. Write that novel you got kicking around in your head….
Re: We have a winner, Mike!
I don’t have children, and I’m not a writer. As to that “make love to my wife” thing, well… I’m hoping those DMCAs actually worked.
Re: We have a winner, Mike!
In light of the data shouldn’t you have said to make love to your “date”?
Re: Re: We have a winner, Mike!
In light of the data shouldn’t you have said to make love to your “date”?
Maybe “make love to your wife before she divorces you”.
Re: We have a winner, Mike!
Instructions unclear. I got to know my wife, kicked my family around and made love to a novel….
OPM database cross referenced to AM database
Interesting to see if anyone cross references info from various hacks. MMMmmmm….
The DMCA doesn’t apply outside the US. What are they going to do if it’s published outside of the country?
Re: Re:
Lets ask Kim Dotcom?
Note: “the company takes every measure possible to ensure the safety of their members’ information….” Or, maybe not.
Of course they did! Even the hacker(s) at Impact Team say so in their statement:
“Our one apology is to Mark Steele (Director of Security). You did everything you could, but nothing you could have done could have stopped this.”
Re: Re:
Can you say Zero Day Hack. Maybe from Hacking Team?
I wonder if Donald Trump’s profile will become public now: “Billionaire seeks discrete ladies for fun times and hair play. No fatties or Latinas please.”
potential culprits
1). insider, or former insider, seeking vengeance.
2). angry, vindictive, cheated upon female with mad h@xor skillz. (that may be sexist, but, according today’s AMA by a former Avid Life Media employee, it was only angry females who contacted them or showed up at the, guarded, front door in Toronto.
3). moralizing religious hacktivist.
4). opportunistic hacker doing it for the Lulz.
“Avid Life Media runs Ashley Madison, the internet’s #1 cheating site, for people who are married or in a relationship to have an affair. ALM also runs Established Men, a prostitution/human trafficking website for rich men to pay for sex, as well as cougar life, a dating website for cougars, man crunch, a site for gay dating, swappernet for swingers, and the big and the beautiful, for overweight dating.”
The moralizing, as evidenced in their statement (http://pastebin.com/Kty5xBiv), seems inconsistent. Their main goal is shutting down both the Ashley Madison and Established Men websites. However, they also publish the usertable for Swappernet with the rationale that this was the only site with cleartext passwords contained in the database. So, they are going after swingers, but only partially, and leaving the gay folk alone. The Ashley Madison site also requires females to sign up for this to work at all. The male/female ratio is heavily skewed towards males, especially after deleting the constant influx of bogus female accounts meant to drive traffic to webcam girls. However, that still means there are real females on the site looking for a very discreet affair. One would assume they are cheaters also. Yet, their statement contains this sentence:
“Too bad for those men, they’re cheating dirtbags and deserve no such discretion.”
What about the cheating dirtbags who are females? That may point to an angry, vindictive female hacker but I am confused by their strategy. They didn’t dump the entire Ashley Madison database. They didn’t even just dump only the males on that database. They are releasing the details on one account per day until both the Ashley Madison and Established Men sites are shut down. I would think that releasing the data all at once would effectively shut down those websites without the power trip game/drama. This is the main reason I am leaning towards a vengeful insider as the culprit. Their statement includes stuff that appears to be personal:
“Well Trevor [ALM’s CTO], welcome to your worst fucking nightmare.”
“And it was easy. For a company whose main promise is secrecy, it’s like you didn’t even try, like you thought you had never pissed anyone off”
Yet, there is the following statement as well.
“Our one apology is to Mark Steele (Director of Security). You did everything you could, but nothing you could have done could have stopped this.”
The tone, and inconsistency, of those two statements reeks of anger and bragging. It certainly does not fit a purely moralizing hacktivist.
Finally, the name “Impact Team” was probably inspired by the recent “Hacking Team” exploits. I can’t help but notice though that the acronym is “IT”. If, in fact, a former member of ALM’s IT department is seeking revenge than ALM probably already has a good idea who it is. Although, like most companies, they will attempt to keep all details secret while reassuring their paid subscribers that everything will soon be OK.
Re: potential culprits
Thats some nice detective work there.
Re: potential culprits
Cheating dirtbags who are females? What about them? Anyone knows you don’t criticize women or gays. Nobody’s that dumb.
Can they do that???
Can you really even copyright subscriber data in the first place???
How was it done?
I’m just wondering if anybody knows just how the site was hacked. What OS was Ashley Madison running? Which web server?
Re: How was it done?
OK, I just checked (should have done this before posting). According to Netcraft, ashleymadison.com runs of Linux using nginx as a web server.
Of course, hacking could have been via security holes in php programming, rather than the OS and server software.
As someone very sceptical of systemd’s security, I also wonder if that could be the source of the breakdown.
Security, Zuma style
The AshleyMadison copyright/DMCA solution is worthy of Jacob Zuma, the South African Prez; a known womanizer (some would say rapist). He famously claimed to have safeguarded himself from a potential HIV-infection from a lover (victim) by taking a shower!
Is there anything copyright can’t do??
Oh yeah, it sure as hell isn’t going to save AM.
The DMCA thing sounds like Lawyer 1 asking Lawyer 2 how the company can appear to be in compliance with the Due Process/Due Diligence requirements of basic computer security before they both had to appear in a meeting with board members to discuss the company’s action plan.
When lawsuits get filed against the company over lack of basic data security, I wonder how many Officers of the Court will be ethically required to recuse themselves due to their having accounts?
DMCA takedowns are turning, culturally, into a universal data-suppression tool.
Now people, companies, specifically, are assuming that DMCA takedowns are for any information online that you want suppressed, not just incidents of infringement on content you own, but anything.
The carpet crawlers heed their callers…
Re: DMCA takedowns are turning, culturally, into a universal data-suppression tool.
Yes, and wouldn’t this be an excellent case to apply sanctions against false DMCA takedowns? They’re abusing the law because it’s easy and there’s no penalty for doing so.
call 5702908280 if you’re looking to get your profile deleted from Ashley-Madison Dating network .
Re: Re:
Interesting – is the number listed some kind of lo-rent swatting effort? Or crappy fear separation of people from their money?
You can poop in one hand and fill the other with trust and you’ll see which one weighs more! Truth is ALL men are sneaking pigs. Every women should carry a dough roller in one hand, and install this Android on their pigs phone with the other. There’s no longer any reason to “trust”, you don’t even need to sneak into their phone now’days. Get married, find the truth, get divorced and start living! https://www.youtube.com/watch?v=0PCWYkQHTf8
Re: Um... that's an express train to a sucky relationship.
If you can’t trust your man, don’t have him as your man. It’s easier on the rolling pin, and it means you don’t have to betray someone by installing malware on his phone.
My approach has been to try to find people who know themselves, and are willing to be truthful with me from the beginning, even if it means admitting to uncomfortable tendencies, like needing the D from multiple directions. That is a place from which we can negotiate far more easily than the discovery of a betrayal.
Part of it is that infidelity is fun in fantasy. That’s why we like to write about it in fiction a lot. If that’s what is driving your sweetheart to someplace like Ashley Madison, there may be ways to appeal to the fantasy without having to deal with the consequences of reality.
Of course, if your partner is going to Ashley Madison because you’re distrustful and suspicious of him all the time then maybe you weren’t compatible from the beginning. Find a guy you can trust.
More generally: Distrust feels degrading even when it’s not personal. When a store clerk requires me to entrust my bags with a clerk while browsing, it creates from entering the store a tense environment where customers are presumed to be potential thieves. It’s also why discs that have unskippable anti-piracy adverts are distasteful in that they imply the owner (who probably paid for the media themselves) is a media pirate.
Don’t DRM your love life. If you cannot trust any man, steer clear of men.
Re: Re:
Your “all men are pigs” is balanced out by my “all women are crazy.” We’re even. That’s what we’ve got to work with so go from there.