Ride the Lightning

The Ashley Madison Mess: Only Lawyers Are Celebrating

August 26, 2015

Well, not all lawyers are celebrating. When the Fairfax Underground posted a list of the Northern Virginia Ashley Madison subscribers by zip code, I found four of my legal colleagues (Sigh, what were they thinking?). But a number of lawyers have expressed their excitement online: "It's going to be Christmas in September!" and the like. Want to find out if your spouse or lover was in the database? You can do that here.

There is a lot of human tragedy at play here. Lives have been torn apart – the news yesterday reported two suicides suspected to be attributable to the breach. And of course children of Ashley Madison subscribers are bound to hear the news – a twisted form of cyberbullying beyond having to live with whatever mom or dad (usually dad from a look at the list) did.

The scum of the earth have been busy trying to feast on the breach. One would-be extortionist said he would contact the victim's spouse unless he was paid $200 in Bitcoins. There are a lot of similar tales – I am not sure why anyone would pay when the data is out there for anyone to find. Are you prepared to have monies extorted from you hundreds of time?

Ashley Madison's owner is Avid Life Media, based in Toronto. The Toronto police have offered $500,000 (in Canadian dollars) to anyone who can provide meaningful information about whomever stole the site's nearly 37 million user records – and a lot of internal e-mail.

The e-mails of Ashley Madison CEO Noel Biderman are still being analyzed, but it appears that Avid Life Media (or one of its ex-employees) hacked into another company with adult-dating services. Kind of makes their "victim" stance off-putting. And it is clear that security was an afterthought at Ashley Madison – which is truly peculiar given the sensitive data it held.

No surprise that two Canadian law firm have filed a $578 million class-action lawsuit against Avid Life Media claiming that Ashley Madison users' privacy rights were violated. There will no doubt be many more, though I wonder, especially in the U.S., what damages most plaintiffs will be able to show.

There were many users with .gov and .mil e-mail addresses, but it looks like the Pentagon is going to give a free pass to Ashley Madison users because there is no crime in signing up for a website – adultery is a crime in the military but mere registration doesn't prove that a crime was committed and the Pentagon has no plan to investigate registered users. I think the government is likely to make the same decision.

The Impact Team hackers claimed responsibility for the hack back in July but then John McAfee recently declared that it was an inside job – and a woman. The idea that an insider may have been involved has some potential given the depth and breadth of the breach, but a fair reading of his conclusions indicates a Texas-size ego and a lot of speculation are at work.

Stay tuned because I imagine this is only the beginning of a sordid story that will continue to claim headlines and make for steamy water-cooler conversations in the office and online.

Got an interesting Ashley Madison story? Feel free to e-mail me . . .

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson