AshleyMadison.com hacked

Discussion in 'privacy problems' started by deBoetie, Jul 20, 2015.

  1. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    The website AshleyMadison.com has been hacked, and has verified the breach. The attacker (calling themselves the Impact Team) apparently claims to have credit card details and detailed profiles of people registered on the site, and also released details of staff working there. They are apparently protesting that the paid-for full profile delete function does not do as advertised.... and threaten to release more information if the site is not closed down.

    http://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/

    According to this report, Cougar Life and Established Men are also affected.

    http://www.theguardian.com/technology/2015/jul/20/ashley-madison-hacked-cheating-site-total-shutdown
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    LOL, I support this hack. I think these kind of services are despicable.
     
  3. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Normally I don't subscribe to the idea that "two wrongs make a right" but this is just too good. From the article:
    Anyone stupid enough to put that kind of info online gets exactly what they deserve. I'd love to see the list of "rich and powerful people" before the next elections.
     
  4. Alexhousek

    Alexhousek Registered Member

    Joined:
    Jul 25, 2009
    Posts:
    409
    Location:
    USA--Colorado
    I'm sorry folks, I don't support these sites either. However, I do support privacy rights and the rights of individuals as adults. No one deserves to have their information hacked and displayed to the entire world.

    You can't say you support internet privacy while at the same time condone the work of hackers.

    P.S. Please do not insinuate from this post that I support or condone what the people who have profiles on this site do.
     
  5. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    Ah, the heady whiff of moral rectitude and vigilante justice, applied to 37 million people (presumably not all men as the hacker(s) assert), whose situations we do not know... and not exactly relevant to the forum, although possibly the attackers motivations are somewhat.

    The more scary conclusion, for everyone, is that the internet is dangerous and untrustworthy, and its use should be minimised/anonymised. The toxic mixture of weaponisation. attack (rather than defence) and suspicion-less surveillance by the TLAs, the routine unprincipled data mining by the corporations, and the attacks of the criminal or disgruntled, mean that no-one is safe:- between them, they have killed the golden goose.
     
  6. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Anyone that doesn't live in a cave has heard about the mass hackings of late and that those behind the hacks have been dumping the personal info online for all to see. Nothing online stays private for very long. This isn't the first or second "matching site" to be hacked. Anyone who puts embarrassing and potentially damaging info like their sexual fantasies online on such a site using their real name is a complete fool and deserves what they get. Privacy starts with using the brain when deciding what should be put online, not their genitals.
     
  7. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    Trouble is, no-one gets to say what morality others are applying to our own views and behaviors as expressed online, or how those people might respond to your detriment. It's pretty much guaranteed that you will offend someone with sometimes completely anodyne views, or sometimes have a moment of weakness preserved for unwanted posterity.

    Second, the market is busy pretending that it's isolated incidents - the denial phase. A bit like a beach resort passing off the risks of shark attack when, it is now clear, there are a lot of sharks and a lot of blood in the water.

    So, people will keep on swimming for a while, and not altering their careless behaviors. After all, most people have been pretty blasé about the Snowden revelations.
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,021
    There's an online arms race, and it's heating up. It's heavy on offense. Criminals of all sorts are riffing off each other, stealing tools from each other, consulting with each other, etc, etc, etc. And most citizens are clueless, and in denial. So it goes.
     
  9. PallMall

    PallMall Guest

    I won't be coherent when I state that, if I cannot agree with a whatever hack, some are incentive of revolt when others rather participate to a smile.
    In this case, a wide smile... but I shouldn't :)

    As we say, "All women besides one or one besides all the others" - That's for morality. Without being a moralist (I appreciate all but one). But when a Web site uses immorality to make business, when it charges 20 bucks to get a user's data removed without removing the data in its servers... I smile again, and this time with greater ease, when the place gets hacked.
     
  10. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    In a desperate attempt to get technical here, I have (as a developer), had various looks at encrypted databases, and it's obviously not straightforward. Clearly, some things can be easily hashed (where they are keys for example), as you would do for password hashes. But encryption will remove most db search capability, and that's nasty. The other factor is that, presuming the attacker is running a process with direct access to the db machine, they can just write a suitable query to dump the data unencrypted and that can then be exfiltrated as normal. In this case, because they were likely a contractor with knowledge of the schema and code, that would be easy enough.

    I'm not aware of a hardened solution to this, certainly not a general one, and clearly the market desperately needs something better.

    It's also why the mass surveillance databases are so extraordinarily dangerous. They cannot be fully secured, despite the claims made by ignorant politicians, and the aura of mystique around the TLAs.
     
  11. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    It's very offensive (which is extremely easy and not at all clever); and the defence is a joke. It reminds me of the start of WW1, where cavalry were sent in against the new industrialised weaponry (like artillery and machine guns).

    Our client systems are "terrifically weak", the TLAs have subverted and weaponised the backbone (and pass the data around to all their buddies indiscriminately), and if you do manage to get through unimpeded to the service, the services itself is busy sharing the information with whoever it can for money, and is also "terrifically weak".

    Not only that, whereas the low-hanging fruit argument was originally effective, that no longer applies with the industrialised surveillance and attack. The bullets are firing from a machine gun.
     
  12. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245
    Then surely you must also support the FBI, NSA, and other government intelligence and law enforcement agencies hacking and exploiting users on TOR, right? I mean, they are only chasing pedophiles and drug dealers and we can all agree those people are despicable too.
     
  13. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    The attack tools are clearly not only used for that purpose, are they?

    They are also combined with "evidence" from mass surveillance and 2-hops to increase risks for false positives, lack of probable cause or presumption of innocence.

    The tools explicitly include the capability of planting evidence - they are militarised weapons being put in the hands of law enforcement, to the detriment of rule of law. We know that NSA/GCHQ explicitly do use that to discredit opposition.

     
  14. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    I know it was a criminal act against Ashley Madison, but have been struggling to generate sympathy for some of the recent hacks including this one.
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,021
    Hacking is hacking. How one feels about it depends on whose ox is getting gored. But the tools don't care.
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    I don't know a lot about TOR, but if the FBI is targeting, drug dealers, pedophiles and extremists, then yes of course, I'm all for it.
     
  17. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Drug dealers and pedophiles have pretty defined terms but extremist is very vague term. The UK government has termed conspiracy theorists as extremists as well as people who operate just inside the law (ie lawful). Very tough definition to get right, particularly when you are using it define what FBI/NSA can do. Even more challenging when you are making these decision with a secret court (FISA) where the definitions and scope is not publically debated.
     
  18. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,515
    That's what they claim, but everyone on Tor is targeted simply because it's extremely difficult prove for sure who is who. (hidden agenda aside).
     
  19. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    That is why many use VPN's before connecting to TOR. Its at the point that even being a TOR user draws way too much attention. So the unfortunate answer is to be in a place to hide our use even from our ISP. Not everybody using TOR is being "illegal", many are just connecting to private hidden servers for the sole purpose of PRIVACY.
     
  20. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Agreed, TOR does draw attention.
    They must assume that if you are using TOR that you are up to something illegal. I am sure the FISA court has signed off on this justification. Definitely a good idea to hide it from your ISP.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    To be honest, since I'm not a TOR user I don't really care. If you're not doing anything wrong, you will most likely not become a target. And yes, by using TOR you might draw attention.
     
  22. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,515
    Yeah, caring for oneself is of more importance... On the other hand, you will be targeted if there is even a hint of suspicion on "doing anything wrong" in the real world.
     
  23. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,021
    Generally, we want to act normal. Provide no reason to be targeted.

    I only use Tor via VPN services. Using VPN services is my least distinctive option. Except maybe for hitting remote WiFi hotspots with a parabolic dish and high-power radio. But that has its own signature :eek:
     
  24. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    The problems I have here is that:

    a) "doing anything wrong" seems to include being a journalist, disagreeing with government policy, being an activist for any cause whatsoever, being a trade unionist, being part of a grieving family (e.g. the Lawrence family) - etc.

    b) I do not believe that "targeting" means what we think it ought to mean. I.e. probable cause and a person investigating who is acting properly within the law. I fear that there will be rampant automated auto-targeting based on grotty "selectors" or combinations thereof, and automatically launched assaults, add you to no-fly lists etc. with no human involvement and no remedy. It's no effort for machines to do it - therefore, on the basis of track record they WILL do it, regardless of whether it's useful, lawful, constitutional, moral. They do not bear the costs.

    IOW, I no longer trust in either the "low-hanging fruit" defense, nor necessarily the utility of seeming one-of-the-crowd. A problem indeed. I think they're killing the golden goose.
     
  25. Justintime123

    Justintime123 Registered Member

    Joined:
    Jun 15, 2013
    Posts:
    95
    Hackers Finally Post Stolen Ashley Madison Data
    You can search emails on https://ashleymadisonleakeddata.com
     
    Last edited by a moderator: Aug 19, 2015