Euro Security Watch with Mathew J. Schwartz

Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)

Hacktivism: An Affair to Remember

Ashley Madison Hack Makes Noise, But Internet Still Intact
Hacktivism: An Affair to Remember

The Ashley Madison dating website hack and threatened data release is a perfect illustration of the perils - and promise - of our Internet-connected, hacktivist age (see Pro-Adultery Dating Site Hacked).

See Also: Live Webinar | Navigating Identity Threats: Detection & Response Strategies for Modern Security Challenges

Indeed, the threatened dump of more than 37 million participants' identities and personal information from the "cheating site" demonstrates the threat faced not just by anyone who shares personally identifiable information, but the organizations that buy, store, or otherwise traffic in PII or other high-value data.

In this case, a hacker or group called "Impact Team" has claimed credit for an attack against Toronto-based Ashley Madison parent company Avid Life Media, and threatened to out its members, unless the business shuts down three of its dating sites. While the Impact Team's manifesto to date has made no claim of allegiance to the hacktivist collective known as Anonymous - which involves no membership trial, but just buying a Guy Fawkes mask and claiming affiliation - a hacktivist ethos pervades the attack, from the hacker-manifesto's incendiary language to its morally simplistic focus.

Yet as with so many attacks - such as Sony Pictures Entertainment's hackers claiming their attack was motivated by the film "The Interview" - it isn't clear if related pronouncements are simply a red herring. Indeed, it's possible that a bored teenager found exploitable vulnerabilities in the AshleyMadison.com site, grabbed everything and then constructed an angry-sounding cover story about a campaign against "cheating dirtbags" just to spice things up (see Ashley Madison Breach: 6 Lessons).

Regardless, such threats are dangerous because they go far beyond hacktivism as "an electronic form of protest," says Radware's vice president of security solutions Carl Herberger. "They're interested in shutting you up, or stopping what you're doing." In that respect, Impact Team can be seen to be acting like morality police, which in a worst-case scenario leads to people self-censoring.

Caution: Internet Tricksters at Work

If the attack is potentially unpleasant for Ashley Madisons' users - and their spouses - it is an excellent reminder that the Internet-connected world is not some anodyne, Disney-esque reality in which things can only be "liked." Indeed, if the Internet came with a warning label, it might read like this: Caution: Internet tricksters may intercept, steal and release everything you say or do online.

Of course, this isn't the first incident bringing attention to this message for any business that stores sensitive information, or anyone who uses the Internet to share or store information or data. Anyone needing a reminder can revisit the dump of emails - which will likely remain online in perpetuity - from breached businesses HBGary Federal, Strategic Forecasting - a.k.a Stratfor, Sony Pictures Entertainment or Hacking Team.

Internet of Hackable Things

The Ashley Madison attack is a further reminder that any and every Internet-connected system or device - not just an online dating service's servers - poses a potential risk to people's privacy and security, which is what makes the increasing number of insecure but IP-enabled devices - a.k.a. the Internet of Things - so risky (see The 'Internet of Things' as a Security Risk).

Many of us continue to rely on an increasing number of Internet-enabled devices, as well as communications. That includes social networking such as Facebook and Twitter - say what you will about the decline and fall of civilization. It also includes many people now meeting prospective partners on online dating sites, which reportedly now lead to one-third of all marriages and lower rates of separation and divorce. And it means using sites such as Tinder, Grindr, AdultFriendFinder and even Ashley Madison, which allows people who want to conduct affairs to find like-minded hookups.

Attack Against Evil?

One ISMG reader has celebrated the Ashley Madison breach as an attack against evil. But another has accused the attackers of shallow moral thinking.

Regardless, the takeaway is that hacktivist outbursts will make noise, but any attempt to shut down sites such as Ashley Madison will fail, although there may be a bit of human drama and relationship fallout along the way. But where there's an urge, the Internet will continue to provide an outlet - no matter the potential consequences.



About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.