Life is short. Shorter if your affair data lands in enemy hands

By on
Life is short. Shorter if your affair data lands in enemy hands

[Blog post] Full impact of Ashley Madison hack still to come.

If you weren't already aware of infidelity site Ashley Madison, the exfiltration of its entire customer databse by hackers means you will be now.

The July attack was accompanied by a fairly direct warning from the so-called Impact Team hacking group that if the website didn’t shut up shop straight away, its customer database would be exposed to the masses - a promise the group followed through on.

The second, 20GB data set published last week contains a varied assortment of personal information, such as email addresses, user profiles (height, weight, sexual preferences, etc.) and messages to prospective hook-ups.

It spans just about every demographic you could imagine: government officials from the US, UK and Australia sit alongside actors, business leaders and sporting personalities from dozens of counties (however, the majority of the 37 million users are from the US and Canada).

Full repercussions still to come

Aside from the inevitable stories of celebrity infidelity that will hit the media, alongside the individual fallout affecting customers’ relationships and families, there are countless variants of repercussions that may not become apparent for years or decades.

Performing an impact analysis of these sorts of incidents is really difficult, especially from a long-term perspective. The easiest lens to look through is the one that focuses on Ashley Madison.

Legal teams all over the world are now preparing to go to war, and Ashley Madison can expect to be sued from all angles: we’re already seeing individual lawsuits and class actions claiming compensation for damages, fraudulent operation and failure to protect user data.

If I were a betting man, I’d say the company's executives will be spending as much time in the courtroom as they will in the office for a long time.

However, unless you’re caught up in it the direct fallout of this data being released, it’s hard to see what else might happen in the future. One hypothetical scenario, does, however immediately spring to mind.

In the hands of an enemy

Two months ago, the Chinese government was accused of stealing over 20 million records from the US Office of Personnel Management (OPM) in the US.

The OPM manages the human resources aspects of all US government employees, including processing and maintaining security clearances.

Therefore, one important component of each stolen record was “Standard Form 86” [pdf], which contains a plethora of personal and private information about individuals: names, addresses, family details, sexual preferences, friends, police records, military records, and much more.

If the Chinese government was, in fact, behind the attack, the entire OPM dataset has invariably made its way into the hands of the Ministry of State Security (MSS).

The MSS is the equivalent of Australia’s secret intelligence service ASIS and others around the world. Its primary objective is to track and neutralise enemies of the Communist Party of China, and it’s well documented that its modus operandi is to position spies and agents throughout the world.

We have to expect that the MSS has both sets of data, OPM and Ashley Madison.

As a result, it can cross reference who in the US government has secret or high security clearances and is having an affair via Ashley Madison.

This person would therefore be in the sights of the MSS. Intelligence agencies use human weaknesses the same way that hackers use vulnerabilities in computer systems to make the target do something it’s not supposed to do.

China is renowned for playing a long, slow game, working to achieve its objectives over a much longer timeframe than its counterparts.

The Ashley Madison breach coverage will fizzle out soon enough. Some people will get caught and others won’t.

The MSS won’t strike tomorrow, or next week, but maybe in two years time, when you’ve moved jobs but retained your security clearance and suddenly get new neighbours from China who have a couple of kids the same age as your kids, and that’s how it starts… you reveal something at a party, which leads to you telling them something else over a drink.

You’ve been targeted because you have a weakness, something that Ashley Madison and the Impact Team has highlighted to the world.

Whether the Impact Team believes they are working for the power of good or not, they may have started something here that is so ultimately detrimental to the United States on the global stage that is irreversible. Only time will tell.

Tags:
Tony Campbell
Tony Campbell has been a technology and security professional for over two decades, during which time he has worked on dozens of large-scale enterprise security projects, published technical books and worked as a technical editor for Apress Inc.

He was was the co-founder of Digital Forensics Magazine prior to developing security training courses for infosec skills.

He now lives and works in Perth, where he maintains a security consulting role with Kinetic IT while continuing to develop training material and working on fiction in his limited spare time.

Read more from this blog: Unpatched

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?