back to article Second Ashley Madison dump prompts more inside-job speculation

The second data dump from Ashley Madison has prompted renewed speculation that the whole hack was an inside job. The Impact Team hackers behind the breach of the infidelity website followed up on the release of a user database of Tuesday with the release of a second data dump, supposedly containing the Avid Life Media CEO's …

  1. Anonymous Coward
    WTF?

    Really?

    As for the operations of Avid Life Media, we continue to devote significant resources to our security protocols and systems and we continue to support our customers around the world.

    So that's all fine then, move along, nothing to see here.

    The hubris of these people is astonishing. Surely they can't survive as a going concern after this.

    1. Anonymous Coward
      Anonymous Coward

      Re: Really?

      other side of the coin

      Their website is now one of the most famous ones on the web (apart from www.google.com and the register obviously).. if they can survive the possible lawsuits and convince any visitors that it can't happen again (super duper privacy enctryption from now on?) they might spring back even bigger than before...

      1. Teiwaz

        Re: Really?

        But will they survive people knowing they had fewer than 10% female membership?

        Seems like the National Lottery has better odds.

        1. Ken Hagan Gold badge

          Re: Really?

          "But will they survive people knowing they had fewer than 10% female membership?"

          There's a story in the Telegraph today alleging that some of the female membership was faked, and so the true stats are even more one-sided. Of course, right now you can make up almost anything you like about AM and the mud will stick.

          Edit: Fruit and Nutcase posted a link (below) whilst I was writing the above!

      2. Anonymous Coward
        Anonymous Coward

        Re: Really?

        might spring back even bigger than before...

        Fnarr fnarr

      3. Anonymous Coward
        Anonymous Coward

        Re: Really?

        >apart from www.google.com and the register obviously)

        Err, google? What's that then? I'll have to go look it up.

        1. Bitbeisser
          Devil

          Re: Really?

          Just don't bing it!

    2. AbelSoul

      Re: Surely they can't survive as a going concern after this.

      Who knows?

      We live in a society that happily resurrected careers for Uri Geller and Peter Popoff despite both being spectacularly demonstrated as charlatans by James Randii.

      I suspect there are still enough gullible fools willing customers around the planet to sustain a diminished version of the site.

    3. h4rm0ny

      Re: Really?

      >>"The hubris of these people is astonishing. Surely they can't survive as a going concern after this."

      As pointed out multiple times by people, it is very, very hard to guard against attacks from the inside. Your technical safeguards can be as good as you like but ask Snowden how much that hindered him.

      But yes, the witch hunt is on. One quote in the media I saw on this was from someone saying "they couldn't find their husband's email address on the list so they must have used a fake email account then". My other favourite is someone who is complaining about the leak because they signed up to AM to try and catch their husband cheating on them and now she's on the list and he is not - and she's blaming AM for it. I'm not saying AM are without fault here - I simply don't know and I doubt anyone outside the investigating people (and the hacker) actually can say. I'm just pointing out that a lot of the finger-pointing going on here isn't reasonable. Yes, you can score a few cheap upvotes by expressing disbelief at someone's hubris/stupidity/credulity/whatever - you always can because the Internet mob is addicted to seeing people have flaws pointed out. They love it more than chips. But that doesn't necessarily make it so.

    4. Anonymous John

      Re: Really?

      They don't even verify email addresses before creating accounts. Something that I thought was the norm nowadays.

  2. admiraljkb
    Joke

    So they need an Internal Affairs Dept?

    to get a handle on themselves and inside *jobs?

  3. Mark 85

    Interesting concepts... but...

    there's the SONY hack that had a lot of insider info in the dumps. So, if SONY wasn't an insider attack, why would they think this hack is an insider? It's pure speculation, and the security guys says it is speculation. That they would keep the web-facing separate apparently wasn't done by SONY or the invaders somehow got access to the internal crap. So what's next.. blame the Norks?

    I do wonder if many of these so-called "hacks" aren't inside jobs even it's just passing on a password or two. You can always find someone who's just pissed about something the company did that they might be tempted.

    1. PleebSmash
      IT Angle

      Re: Interesting concepts... but...

      I agree. If there's anything management loves, it's checking everything online, and inadequate investment in security.

    2. Ben Tasker

      Re: Interesting concepts... but...

      So, if SONY wasn't an insider attack, why would they think this hack is an insider? It's pure speculation, and the security guys says it is speculation. That they would keep the web-facing separate apparently wasn't done by SONY or the invaders somehow got access to the internal crap.

      Or, perhaps they got to the juicy internal stuff first, and hidden amongst that data was an Excel spreadsheet containing all the credentials needed to then go on and compromise the site itself. Just because the data was leaked external first, doesn't mean that's the order it was obtained in.

  4. Richard Altmann

    What theft?

    "The individual or individuals who are responsible for this straightforward case of theft should be held accountable to the fullest extent of international law."

    AM still has it´s data, nothing has been deleted. If something is stolen, its no longer where its supposed to be. So i guess, it was no theft, it was copying.

    1. Velv
      Boffin

      Re: What theft?

      While the letter of the law may originally have had theft written as "depriving someone of their property", you'll find that the spirit and case of the law now more than covers removing something you are not entitled to have.

      1. jonathanb Silver badge

        Re: What theft?

        If they do catch the person responsible, they won't be charged with theft, there are other offences that cover this.

    2. frank ly

      Re: What theft?

      Along with Velv, I'd add that even before 'computer data' came along, there were (and still are) laws protecting confidential information, especially if someone copies it and publishes it thus leading to harm, loss of reputation, loss of business, etc.

      1. Anonymous Coward
        Anonymous Coward

        Re: What theft?

        If someone copied the "mafias" logbooks, published them, and subsequently the mafia lost income, would that also be theft ?

        AM were not exactly angels, I believe that some of their publicity was "misleading", ie downright lies, false accounts were created therey leading people to beleive that more women were available than actually existed, refusal to delete data which people paid to have deleted, which basically put them in the same boat as the other thieves.

        AM is yet another of those bottom feeders, living of other people's misery.. I have absolutely no sympathy for this company.. They are no different to the other bottom feeders...

        They got hacked, they had piss poor protection policies and are basically a bunch of scam artists... Ever notice how no one actually mentions getting laid...

        1. James O'Shea

          Re: What theft?

          "If someone copied the "mafias" logbooks, published them, and subsequently the mafia lost income, would that also be theft ?"

          That would be:

          1 theft

          2 very stupid.

          They _would_ find you. And they would not involve the cops. And you would not like it.

          Yes, Ashley Madison is run by scammers and low-lifes.. It's still possible to steal from them, though.

          It is, however, really funny to watch the results of someone hacking them. Just as it would be really funny to watch, from a safe distance, the results of someone hacking the mafia.

        2. Anonymous Coward
          Anonymous Coward

          Re: What theft?

          If someone copied the "mafias" logbooks, published them, and subsequently the mafia lost income, would that also be theft ?

          YES

          just because people have disobeyed the law, it does not mean they are less entitled to it's protection, else these people in prison that sue the government for poor services and legal costs would never be entitled to representation.

          Don't get all moral about something that is still illegal, else the whore would not have protection from the abusive pimp

    3. Grendel

      Re: What theft?

      Erm, when you take an illegitimate copy of someone's music/film/art isn't that "copyright theft"?

      ... just saying ;-)

      M

      1. Khaptain Silver badge

        Re: What theft?

        "Erm, when you take an illegitimate copy of someone's music/film/art isn't that "copyright theft"?"

        Wouldn't that depend on how that music/film/art/database was used thereafter ?

      2. Richard 12 Silver badge

        Re: What theft?

        Copyright theft could only be fraudulently arranging to have the copyright assigned to you (or your stooge) instead of the rightful party.

        It'd pretty much require a team of lawyers to perpetrate that theft.

        Copying something when you don't have permission from the copyright owner is "infringement".

        Words are important, copyright law says so.

    4. LucreLout

      Re: What theft?

      @Richard

      AM still has it´s data, nothing has been deleted. If something is stolen, its no longer where its supposed to be. So i guess, it was no theft, it was copying.

      No, sorry, but data doesn't work like that. Yes, the original instance of the data still exists, but the value it once had has been taken and destroyed. As the value was taken without permission and it has permenantly deprived the rightful owner of that value of its use, then that rightly should be considered theft.

      It's not the same as copying a high quality rip of Bat Outta Hell because you already bought it on 8 track, cassette, vinyl, and CD; and consider that the great Mr Loaf has had fair value from you for your use of his work.

  5. Anonymous Coward
    Anonymous Coward

    An ALM self-driving CEO?

    containing the Avid Life Media CEO's ... source code

    I see.

    And why is "a former commander of Unit 8200" commenting?

    If there is one thing I fear it's Israel-spook-affiliated things in the network. In bad cases, the PFY will be found having emitted a suicide note all of a sudden. NOPE!

    1. Turtle

      Re: An ALM self-driving CEO?

      "And why is 'a former commander of Unit 8200' commenting? If there is one thing I fear it's Israel-spook-affiliated things in the network. In bad cases, the PFY will be found having emitted a suicide note all of a sudden. NOPE!"

      Maybe someone asked him. His opinions on matters like this would seem to have value. Of course, if you want to use this as more "evidence" of what you read in "The Protocols Of The Elders Of Zion" and Henry Ford's "The International Jew" then nothing's going to stop you.

      1. Anonymous Coward
        Anonymous Coward

        Re: An ALM self-driving CEO?

        "Henry Ford's "The International Jew" then nothing's going to stop you."

        Funny, isn't it? Henry Ford is long dead, it's under completely different management...

        but I still can't bring myself to buy a Ford.

  6. Fruit and Nutcase Silver badge
    Facepalm

    Fake (female) profiles

    report on telegraph.co.uk

    "Doriana Silva, who worked at the company’s headquarters in Toronto, Canada, tried to sue the firm after claiming she suffered repetitive strain injury (RSI) after being given a month to input 1,000 bogus memberships."

    http://www.telegraph.co.uk/news/11817155/Ashley-Madison-employee-told-to-create-hundreds-of-fake-profiles-of-alluring-women.html

    1. Anonymous Coward
      Anonymous Coward

      Re: Fake (female) profiles

      Probably a non-story. With a combined attached/single female seeking male figure of over 4 million they'd have to create a hell of a lot more than 1000 fake female profiles for her story to be believable, I suspect she's out for some attention and money

      1. jonathanb Silver badge

        Re: Fake (female) profiles

        She may not be the only person doing this for them, and they might duplicate the profiles across multiple cities.

        Another dating site, Cupid, apparently had more eligible young ladies in one small village than the entire population of that village.

        1. Anonymous Coward
          Anonymous Coward

          Re: Fake (female) profiles

          <sarcasm>Bugger me, I hadn't thought of that</sarcasm>

          As I said, they'd need a hell of a lot more than 1000 fake profiles to be more than a drop in the ocean. When many others come forward I might start believing her.

      2. fajensen
        Flame

        Re: Fake (female) profiles

        I suspect she's out for some attention and money

        Exactly like the rest of Earth's population, but, good of you to notice ;-)

  7. jgarry

    “Their public servers and their corporate networks are probably completely disparate and are unlikely to be co-located..."

    Oh come on, some dumb-ass startup isn't going to put everything in the "server room?"

    As to the 10% female; look at any whorehouse, patrons v. workers.

    1. Anonymous Coward
      Anonymous Coward

      @jgarry

      Probably is a big word here and made me laugh. Also don't think it's only dumb-ass startups, which after 15 years AM isn't, wouldn't be so careful.

  8. Your alien overlord - fear me

    "breach of the infidelity website" - do you mean the infidels website? Obviously then, the hack came from ISIS.

  9. cantankerous swineherd

    continuing with their business

    of extorting 15 quid for not deleting details.

    1. Anonymous Coward
      Pirate

      Booming?

      I imagine there's probably unusually strong interest in their fraudulent deletion-as-a-racket operation at the moment.

  10. Glenn 6

    The first letters in Impact Team are IT. If it IS an internal job, could who else in the organization would have access to what seems to be everything - from web to corporate servers? A rogue, pissed-off employee in IT?

  11. The Vociferous Time Waster

    Backups

    so they had a disparate selection of critical data from their internal network and also their public web presence - sounds like they might want to see if they can account for all their tapes.

  12. Richard 12 Silver badge

    It's a dangerous business model to begin with

    If your business is based around helping people do stuff that their partners don't want them to do, sooner or later one of those partners will find out and create Consequences for you.

    Some of those people will even be willing to break the law to cause those Consequences.

    - It doesn't even matter whether it's familial, business or "business", partnerships you're affecting.

  13. Will Godfrey Silver badge
    Unhappy

    In spite of years of warnings, and multiple high profile break-ins it seems much of the industry still makes no serious attempt to separate internal structures from Internet facing ones, so why should I believe this bunch of scammers are any better?

    I won't be the least surprised if when the law suits look anywhere near arriving at the courts, it will be found that there is no money in the company and amazingly it never made a profit.

    1. Anonymous Coward
      Anonymous Coward

      Most "Growth" companies are in the business of:

      1) Inventing a sexy / plausible story / business model,

      2) Generate Hype to Attract "Tier 1" Investors,

      3) Use growth figures to leverage seed money by 100 (or more).

      4) Transfer all the assets of the company to the Cxx's, via Warrants, Stock Options, Bonuses, Obscene Salaries ...

      5) ... Then go for the straight bust or the Sell to Suckers (the public, pension funds and HP).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like