The ‘Ashley Madison’ Hack, and What it Means to How We Use the Web
(Scroll to the bottom for a new update to to the piece, from 9/27/15)
(ALSO: And be sure to check out our follow-up entry we look even deeper at how to live a fully public, engaged, and fun Web existence, without handing over our entire lives to the Internet.)
Trouble that’s been with the company since a highly publicized massive data breach was revealed back in July.
The full breadth of the hack’s contents was made available to the curious back in August, at first on the .onion darknet site, and soon thereafter it found itself distributed worldwide via BitTorrent. The full “human cost” is said to be the privacy of 36 million individuals, with facts as rich and varied as credit card numbers and sexual preferences made public. Guaranteeing that at least a couple of million folks remain very, very nervous as of this writing.
Adultery being a hot button topic is not new news. We all saw Charlton Heston smash those tablets, lo those many years ago. So, that’s not this blog entry’s focus.
With a site of Ashley Madison‘s nature — and without question they were the king — we’d argue there are two products being sold; first is obviously the userbase (what we’ll generously choose to describe as the comely collection of wandering eyes and lonely hearts who login every day hoping to meet Mr. and/or Mrs. Right Now), but also it could be argued that people are paying for not just mere discretion but — by virtue of the very nature of an extra-marital affair — iron clad security. Given the site’s very clearly stated concept, the latter could be argued to be implied in the product’s very conception, as without it it’s just a gimmicky, niche dating site. Couldn’t every dating site be used for cheating after all, what makes this one especially well suited to it?
These data leaks are dangerous and potentially quite serious well beyond a clickbait headline about the new Spider-Man, or some executive caught with his pants down. The implications can be far reaching and massively destructive. But let’s for the moment leave the discussions of security on the corporate and governmental side of things to others. All of us have a role in this.
Something about this specific data being out there was making folks curious and nervous, as searching fingers got itchy across our beloved World Wide Web once those files started to go public. Here at PeekYou we saw a dramatic uptick in search activity when the fabled files first hit the Web, and that increase in activity remained inflamed for some time thereafter.
“We saw an enormous lift in search impressions in the second part of August. We didn’t know what to make of it at first, but then realized that the timing with the Ashley Madison breach couldn’t be just a coincidence,” said Tom Lynch, President of PeekYou. “Clearly a search spike driven by those just curious or maybe concerned about being caught?”
The nature of the search queries coming to PeekYou and elsewhere varied quite a lot. We suspect this may be because of the eclectic data contained within the dump itself. One file contained among the massive hack’s multitudes, simply titled “am_am.dump” is what one tech insider we consulted described as “perhaps the scariest file of all.” Adding, “This is the one with the full account details for every member.” He noted that while it doesn’t contain any actual names, only usernames, it does not let the users off free and easy.
Our source continued, “It does not contain any real names, perhaps, but it is full of literally millions of potentially damning and identifying facts about the Ashley Madison userbase; at least to those who personally know the people in question. Not to mention potentially problematic tidbits such as the individual’s height, weight, age, and hair color, in addition to to their various preferences in terms of potential mates.” The “am_am.dump” file also provides information on when an account was created and/or terminated.
But without names and positive identifications, what does all this information mean? It seems like a pile of circumstantial evidence at best, and a pile of lonely spouse’s wishful fantasies at worst. There are notable — and possibly many — exceptions to this inadvertent level of lucky security though, such as cases where an individual signed up using his or her real email address, or a username they employ elsewhere on the Web; things that can be quickly cross-referenced with thousands of other data files readily available throughout cyberspace.
Here is where we begin to editorialize.
PeekYou needn’t restate our commitment to the value of a public Web. Our belief in a free and public Web is a profound conviction for us, and we believe a cornerstone of a united planet. In many areas of our lives we as individuals want to be searchable and found. We want our accomplishments recognized, and we want our friends and loved ones to locate us easily.
But based on the behaviors we’ve observed over the years (repeatedly), it seems some people don’t understand how, and more importantly when, to maintain their own anonymity online. We’ve always emphasized online safety above all else, and often times a level of anonymity that doesn’t put full faith in the security of your Web hosts is just good practice.
People should know that anonymity is an option, and there are times when it’s just common sense. One example off the top of our head where obscuring ones identity might be advisable would be when one is, oh, I don’t know, looking to cheat on his or her spouse (an action we decidedly do not endorse, for the record, but are remaining neutral on for the purposes of our story here).
As the data dump spread across the Web in mid-August — we saw evidence of a whole world of suspicious spouses, curious gossip mongers, and parties even more potentially nefarious becoming electronic, armchair Sherlock Holmeses. Just from using PeekYou’s Username Search, for 20 seconds, in some cases, a whole intricate biography could be revealed for a Romeo who mistakenly believed his extracurricular activities were entirely undetectable.
With the ever increasing number of data dumps becoming available these days, it’s increasingly easy for people to connect the digital dots whether you want them connected or not. The old adage “If you wouldn’t want to see it in the New York Times, don’t share it on the Web” comes to mind. But these days, making front page news with your online scandals is not just a handy digital age analogy.
With this specific leak — a story people giggled over, as philanderers were caught being naughty — state sponsored actors have been getting in on the act, and employing the exact same sort of data correlating described above and creating blackmail dossiers against American counter-intelligence workers and the like. This leak is indeed an international incident.
This is the world we live in now. The Web is an extraordinary tool, and a usually wondrous, sometimes dangerous place (a price that comes with freedom). But if we all become smarter, wiser and more thoughtful users of the Web’s limitless power, the potential for what the Internet can and will accomplish in terms of bringing humanity forward and together is inconceivable.
But along with an open heart and limitless imagination, a little street smarts never hurts.
As a bit of an off-topic, purely hearsay, post-script to the story:
One has to wonder how much horseplay ever really results from a site like Ashley Madison in the first place. The data contained in the dump identified 28-million men, 5 million women, and 2-million of unidentified gender. Having never used the site ourselves we can’t speak with any authority on the veracity of the female profiles. It’s been suggested by trusted friends, however, that as is the case on most other popular dating sites a huge number of the female profiles are obvious spam bots and/or escorts. Our sources observe, however, that in the case of Madison the proportion of obviously real users balancing out those of more, let’s say, commercial interests is smaller than normal. Meaning a not terribly significant proportion of the female userbase “appears” to be real. Do bear in mind that this finding is simply in the opinion of some, but is nonetheless worth noting; at least in a catty post-script.
We’re not certain this is cause for celebration for worried wives, but we do believe it reflects well on our female population
While according to a study recently cited by ABC News, more than 50 % of all married women will, at some point, cheat on their mates, it doesn’t seem they’re turning to Ashley Madison for this variety. They likely need look no further than the entire world to find a potential partner; why take on the added burden of a potentially damning and embarrassing data leak as well.
A bit of a semi-on-topic update as of 9/27/15
To further illustrate the countless ways people are able to correlate and organize data made available in a leak of this nature — and clearly feel perfectly entitled to do so — the site RoadSnacks is buzzing today for posting an article asking its New Jersey based readers if they know any cheaters.
They then respond by saying that “Odds are that if you live in one of the cities below, you do,” before listing the 10 New Jersey cities with the highest numbers of registered Ashley Madison users.
What good anyone having this information accomplishes is beyond us, but you can see for yourself here how they calculated the data to reach their conclusions. We’ve added this here because it’s timely and trending, but obviously it has no impact on our greater feelings regarding these topics.