I am totally convinced that the Ashley Madison hack was an inside job. The range of data came from the database servers, the email servers, and the internal document servers. Even good hackers could either get to the database, or get to the server, but not both without some help. And the access to the other servers, well its just incredulous.
The statement indicates that they know the protocols and where everything is hidden. I doubt that anyone will ever be caught, because only 1% of hackers are caught. The hacker(s) in this case have an alarming familiarity with the operation, that usually can only be gleaned from working there.
John MacAfee wrote that he thinks that the hacker is a disgruntled female employee or ex-employee. I wouldn't go so far as to say that the hacker is female, but the person is hugely technically inclined.
Here is the statement:
Avid Life Media runs Ashley Madison, the internet's #1 cheating site, for people who are married or in a relationship to have an affair. ALM also runs Established Men, a prostitution/human trafficking website for rich men to pay for sex, as well as cougar life, a dating website for cougars, man crunch, a site for gay dating, swappernet for swingers, and the big and the beautiful, for overweight dating.
Trevor, ALM's CTO once said "Protection of personal information" was his biggest "critical success factors" and "I would hate to see our systems hacked and/or the leak of personal information"
Well Trevor, welcome to your worst fucking nightmare.
We are the Impact Team. We have hacked them completely, taking over their entire office and production domains and thousands of systems, and over the past few years have taken all customer information databases, complete source code repositories, financial records, documentation, and emails, as we prove here. And it was easy. For a company whose main promise is secrecy, it's like you didn't even try, like you thought you had never pissed anyone off.
Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers' secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.
So far, ALM has not complied.
First, we expose that ALM management is bullshit and has made millions of dollars from complete 100% fraud. Example:
-Ashley Madison advertises "Full Delete" to "remove all traces of your usage for only $19.00"
-It specifically promises "Removal of site usage history and personally identifiable information from the site"
-Full Delete netted ALM $1.7mm in revenue in 2014. It's also a complete lie.
-Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.
-Other very embarrassing personal information also remains, including sexual fantasies and more
-We have all such records and are releasing them as Ashley Madison remains online.
Avid Life Media will be liable for fraud and extreme personal and professional harm from millions of their users unless Ashley Madison and Established Men are permanently placed offline immediately.
Our one apology is to Mark Steele (Director of Security). You did everything you could, but nothing you could have done could have stopped this.
This is your last warning,
Impact Team
We are not opportunistic skids with DDoS or SQLi scanners or defacements. We are dedicated, focused, skilled, and we're never going away. If you profit off the pain of others, whatever it takes, we will completely own you.
For our first release, and to prove we have done all we claim, we are listing *one* Ashley Madison credit card transaction for each day for the past 7 years, complete with customer name and address (oneperday.txt) and associated profile information (oneperday_am_am_member.txt and oneperday_aminno_member.txt, selected rows from our complete dump of the AM databases). We are also releasing a hash dump and zone file for both domains, select documents from your file servers, executives' google drives, and emails, and the Ashley Madison source code repository. Also, since Ashley Madison stopped using plaintext passwords, we're also releasing the swappernet user table, which still has plaintext passwords:
https://bitbucket.org/TheImpactTeam/ashley
https://bitbucket.org/TheImpactTeam/ashleymadisondump
https://gitlab.com/ImpactTeam/ashley
https://gitlab.com/ImpactTeam/ashleymadisondump
https://launchpad.net/ashley
1 example from this dump: "PERNELL GRAZETTE", with profile ID 23288650, who spitefully paid for Ashley Madison the day after valentine's day in 2014, lives at 10 charlotte st. Brockton, MA in the US, with email UPFRONT73@AOL.COM. He is not only married/attached, but is open to a list of fantasies from Ashley Madison's list: |29|44|39|37|7|, a.k.a. "Cuddling & Hugging", "Likes to Go Slow", "Kissing", and "Conventional Sex". He's looking for 'A woman who seeks the same things I seek: passion and affection. If you have such desires then we will get alone just fine','|54|11|9|' which means "Good Communicator", "Discretion/Secrecy", and "Average Sex Drive". He also says "I have only two personal interests on this site. Making sure that You are comfortable with me should I be so fortunate to hold your attention and making sure I take the role of discretion to an artform. I mean isn't this why we are here, to be as discreet as possible?" From the login table, we know his user ID is 'Heavy73' and password hash is '$2a$12$ndvz/F.EXyJKRYkrErX/w.EDgzF7cNkJcQvNeDGQylEMHRw2COLZO'.
As another, profile ID 48040 is listed as a "paid delete", which means a few of his profile text boxes are gone, but from purchase records we know it is "RICKIE RAMRATTAN" from "5499 Cosmic Crescent" "Mississauga","ON" "L4Z3P8" whose fantasies are |7|40|17|34|33|37|38|48|36|42|43|50|44|32|39|29|49|18|, which includes "Likes to Give Oral Sex", "Likes to Receive Oral Sex", "Light Kinky Fun", "Role Playing", "Erotic Tickling", "Erotic Movies", "Good With Your Hands", "Sensual Massage", and "Dressing Up/Lingerie" among others. You must be glad you paid for your profile to be deleted, huh?
Too bad for those men, they're cheating dirtbags and deserve no such discretion. Too bad for ALM, you promised secrecy but didn't deliver. We've got the complete set of profiles in our DB dumps, and we'll release them soon if Ashley Madison stays online.
And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.
Well, Noel? Trevor? Rizwan? What's it going to be?
No comments:
Post a Comment