Ashley Madison Fallout: Investigations, Lawsuits, Lessons - InformationWeek
IoT
IoT
Government // Cybersecurity
Commentary
8/26/2015
08:05 AM
Larry Loeb
Larry Loeb
Commentary
0%
100%

Ashley Madison Fallout: Investigations, Lawsuits, Lessons

The fallout from the Ashley Madison breach continues, offering some surprise lessons for CIOs and IT professionals on how to respond to a very public event.

7 Hot Advances In Email Security
7 Hot Advances In Email Security
(Click image for larger view and slideshow.)

The consequences of the Ashley Madison breach continue this week, with law enforcement inquiries and lawsuits starting to pile up for the website, which is known for promoting extramarital affairs, and for its parent company, Avid Life Media.

The incident offers important lessons for CIOs on how to deal with a massively public breach event.

First, try to find out who caused it. See if someone will turn in the culprit or culprits.

Toronto-based Avid Life Media has announced a reward of $500,000 Canadian (US $376,000) for information leading to the identification, arrest, and prosecution of the person or persons responsible for the breach.

If nothing else, it's a start.

Avid's statement also talked about the ongoing investigations.

"The 'Project Unicorn' law enforcement task force members that appeared in Toronto today, led by the Toronto Police Services (TPS), and accompanied by the U.S. Department of Homeland Security, the Ontario Provincial Police, the Royal Canadian Mounted Police, and the U.S. Federal Bureau of Investigation, have been actively investigating all aspects of this crime for more than a month," according to the company's Aug. 24 statement. "As TPS indicated at today's press event, the investigation is progressing in a 'positive direction,' but more help is needed from the outside."

Avid is following the damage control playbook here by publicly showing its efforts to minimize consequences of the breach. If the hackers are arrested and charged, no further disclosures will occur.

(Image: tzahiV/iStockphoto)

(Image: tzahiV/iStockphoto)

Avid also addressed customer concerns about financial information stolen from the site in a statement. "No current or past members' full credit card numbers were stolen from Avid Life Media. Any statements to the contrary are false. Avid Life Media has never stored members' full credit card numbers," according to the company's Aug. 19 statement.

Here, the company is trying to get upstream of user fears by denying reports from others that may be out there. Avoiding the perception of a problem is also crucial to an effective damage control strategy.

In a situation like this, some people will have their own opinions on it. Noted security guru John McAfee, who has had his fair share of controversial episodes, believes that the Ashley Madison hack was an inside job.

McAfee went a step further and said that it may have been a female employee, but his rationale is somewhat thin on that.

[Read about what CIOs need to know about security.]

"How did I come to this conclusion? Very simply. I have spent my entire career in the analysis of cybersecurity breaches, and can recognize an inside job 100% of the time if given sufficient data -- and 40GB is more than sufficient," McAfee wrote in the International Business Times on Aug. 24. "I have also practiced social engineering since the word was first invented and I can very quickly identify gender if given enough emotionally charged words from an individual. The perpetrator's two manifestos provided that."

Interestingly, there have been no comments from Avid Life Media about McAfee's thoughts. That may mean that it is also using one of the basic damage control tactics: Keep an open mind.

By considering all possible scenarios, institutional biases that may blind you may be avoided in the pursuit of a resolution.

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
10/5/2015 | 11:44:32 AM
Re: Getting Attention
SaneIT,

Yes I agree wholeheartedly with your viewpoint here.

Since,I know I am not perfect myself it gives me no right to judge other folks in this area.

The saddest part is what you have very clearly demonstrated-Lack of any visible Privacy safeguards.

This is most unfortunate as well as the total lack of discretion shown by Hackers in releasing People's most personal data here.
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
9/8/2015 | 8:16:36 AM
Re: Getting Attention
Since I don't know their personal situations I'm going to hold off on passing judgement on anyone using those sites. I know that a large portion of the SPAM that I've seen over the past 20 years is sex centric so I'm not at all surprised that people are at least curious about sites selling sex in any form. 

 

What bothers me most is the lack of defense for these people after their data was lost.  I'm not seeing anyone rushing to shut down the reporting of their personal information.  We live in a world where you can have hygiene products sent to you in discreet packaging but your personal information can be shared with a sense of pride if a blogger/reporter wants to hang you out to dry.

 
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
9/6/2015 | 11:16:36 AM
Re: Getting Attention
SaneIT,

I genuinely feel sorry for all those folks who have seen their Privacy compromised in such fashion online.

If nothing else,this should dissuade folks from engaging in such behavior online.

Nothing you do or say in the online space is Anonymous today.

The sooner folks get that into their heads the better for everyone concerned.

 
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
8/31/2015 | 8:25:42 AM
Re: Getting Attention
With their CEO stepping down I suspect you're right, this will end their business for a few reasons.  Their business plan was deceptive, their privacy promises failed and the hack showed that both of those were true.  
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
8/30/2015 | 8:50:19 AM
Re: Getting Attention
SaneIT,

How much do you want to bet that the Company ends up going bankrupt under the Weight of the Lawsuits?

There are so many other such Websites out there;how is anyone going to be able to shut them all down?

You possibly can't.

The only thing that can come out of this issue(I Hope) is that Company founders/Entrepreneurs start taking the Security of their websites much more seriously from now onwards.

I hope so.

 
larryloeb
50%
50%
larryloeb,
User Rank: Author
8/28/2015 | 9:17:28 AM
Re: Getting Attention
in things like this, it's the shock value of the names that hit media mentions.

if you want to check out a neighbor, you do it yourself.
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
8/28/2015 | 8:16:17 AM
Re: Getting Attention
On the plus side if they win the class action suit they won't have as many people to share the money with than the site makes it sound.  I'm waiting for an investigation around prostitution to sprint out of this as well since they were guaranteeing affairs with such a poor ratio of women to me, to me that sounds like at the very least they were working with an escort service. 

 

For those who had their data leaked I also wonder how long it will be before full names are leaked not just sites to see if your own email account was involved.  We've heard about a handful of higher profile people who were customers but we're not hearing about the other 20 million.
larryloeb
50%
50%
larryloeb,
User Rank: Author
8/27/2015 | 3:38:47 PM
Re: Those responsible
Their values seem to be the whole rationale behind this.
kstaron
50%
50%
kstaron,
User Rank: Ninja
8/27/2015 | 2:59:00 PM
Those responsible
We'll see of a half mil is enough to out whoever did this. I'm not sure if I should be amused or outraged by his conclusion that this was done by a female based on the 'emotionally charged' manifesto. With this kind of hacking it seems to me that a company should look to its values because that's the probable reason they got hacked.
larryloeb
50%
50%
larryloeb,
User Rank: Author
8/27/2015 | 9:03:40 AM
Re: Getting Attention
The drama is sort of the point of it all here.

It's a breach with salaciousness and tons of tut-tutting.

Some figures I have seen say there were 31M guys, 5M girl accounts and only 12K active ladies.

Social engineering on a grand scale, in a lot of ways.

 
Page 1 / 2   >   >>
Register for InformationWeek Newsletters
Video
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll