Damien Manuel, Chief Information Security Officer (CISO) for Blue Coat Australia & New Zealand
The leaking of customer data held by extra-marital affair website Ashley Madison could signify the start of a worrying new trend towards major cyber-attacks motivated by morality and ideology. Stuxnet was the first major attack that crossed from the virtual world to the physical world causing material damage. The Ashley Madison incident is perhaps the first time a major attack has crossed the social boundary where exposed data is primarily being used not for financial gain, but for social shaming of a company and individuals.
The perpetrator, The Impact Team, wrote on their posted manifesto[i] that its actions were “Too bad for those men, they’re cheating dirtbags and deserve no such discretion.” They also criticised Avid Life Media’s failure to secure user data among a number of other grievances.
The company responded that, “The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society.”[ii]
The Impact Team released site members’ names, addresses and credit card details as well as their private messages and details about their sexual fantasies.
For those named in the released data it is at best hugely embarrassing. The leak has the potential to break up relationships and divide families. According to reports, police in Canada believe two individuals associated with the leak have taken their own lives.
Cyber attackers are already seizing the available data to scam the curious and blackmail those named. Many websites claiming to have the data available for download are fakes. Clicking through can expose visitors to malware, spyware, adware and viruses. In other cases, leaked data search sites add searched for email addresses to their fake database.
Extortion emails are being reported around the world. On the threat of exposure to Facebook friend lists, blackmailers are requesting bitcoin hush money.
As one such email received in Australia stated: “Think about how this will affect your social standing amongst family and friends. What will your family and friends think about you?”[iii]
It is a worrying precedent. As more data about our private lives is being captured and stored, the risk of another such ‘morality’ driven hack is higher than ever. If hackers accessed and threatened to release an individual’s metadata, perhaps their approximate location at a certain time of day, it could cause significant social harm or personal strife.
If there is any positive it is this: The importance of caution online has really been brought home. The impact to families and society will continue to unfold over the coming months and we can expect repercussions to range from domestic violence, suicides, family breakups to individuals losing their jobs.