After self-righteous hackers dished the ‘dirtbags’ at Ashley Madison in their millions, our trust in technology has taken as big a hit as our faith in fidelity, writes Dani Garavelli
In technological terms, it was cutting edge: a successful raid on the database of a major company by hackers who knew their bcrypts from their MD5 hashes and who, without compunction, dumped their treasure trove in the recesses of the dark web for others to trawl through. But in its moral zealotry, it was bordering on medieval.
In the past, some hacks on major organisations have been driven by a belief in transparency, others by a desire to expose a weakness in security. A handful appear to be born of a nihilistic desire to spread chaos. But the Impact Team – the group of hackers responsible for the cyber attack on the adultery website Ashley Madison – was on a mission to punish anyone who had ever so much as flirted with the idea of cheating on their partner online.
Though they claimed their attacks were motivated by the way the website “conned” its clients by charging them $19 to have their accounts deleted (and then not deleting them), their contempt for those whose lives would be upended by their crime was clear. “Too bad for those men, they’re cheating dirtbags and deserve no such discretion,” the avenging angels said as they ordered parent company Avid Life to take Ashley Madison down. “Learn your lessons and make amends.”
“These guys want as much notoriety as possible,” said Ajay K Sood, general manager for Canada of cyber security firm FireEye Inc. “This isn’t cyber-terrorism. It’s cyber-vigilantism.”
That the hackers should be offended by people breaking their wedding vows is one thing, but the public reaction has bordered on the biblical too. Those who weren’t nervously looking over their shoulder or checking up on their spouses, seemed to be revelling in the prospect of a rough justice which was not so far from a shaming from the pulpit or a stint in the public stocks.
Maybe the mass outbreak of schadenfreude was rooted in a distaste for the way Ashley Madison champions adultery as a must-have status symbol as opposed to a last resort. Its founder, Canadian Noel Biderman, a former attorney and sports agent, justifies himself by claiming the site provides an outlet for those who might otherwise join a singles dating agency (with all the deceit that would involve) or visit prostitutes, but the website’s slogan – Life is Short. Have an Affair – tells you everything you need to know about how it promotes and profits from a culture of self-entitlement and instant gratification. Its Twitter account churns out a relentless stream of questionable statistics and articles – “Did you know 39.4% of men and 40.9% of women watch porn 5-7 times a week? Where in Memphis are the Cheating Hotspots?” – all of which send out the same subliminal message: “Everyone’s at it. Why aren’t you getting a piece of the action?”
Mixed in with this was the suspicion that it was all a bit of a con. Ashley Madison presented itself as an upmarket, equal opportunities adultery site, but well before the hack it was clear it was predominantly (86%) male with an abundance of fake female profiles to even things out; female journalists who tried it out described being exposed to the usual quotient of “dick pics” alongside more promising encounters.
Yet however ethically questionable Ashley Madison is, it is no more unpalatable than witnessing the glee of the divorce lawyers who are currently rubbing their hands at the thought of all the broken marriages. Or the way in which sites which allow people to check if a particular email is on the database are being overwhelmed by search requests from the suspicious and the prurient.
As experts in data security have pointed out, the behaviour of the hackers is not merely mischievous but likely to leave a trail of destruction in its wake. For a start, it opens up the potential for people to be falsely smeared. We now know Ashley Madison emails were not verified nor accounts validated when a new profile was created – only when a financial transaction was made; so the appearance on the database of a particular email address means nothing. It would be possible to set up a fake profile linked to any email address in the world.
The SNP MP for Edinburgh West, Michelle Thomson, for example, says she never accessed the site despite an old email address of hers being linked to it. She was alerted to the fact that the obsolete email appeared on the Ashley Madison data base by political blogger Guido Fawkes. But the accompanying profile, which contained the wrong date of birth and height, was created on a computer she had no access to in a Corstorphine postcode on 30 April during the general election campaign. The account was never validated and Thomson stopped using the email after she was elected MP.
Given the millions of email addresses contained in the database it does seem slightly odd that hers should be one of the few which have so far entered the public domain. Fawkes asked an IT expert to investigate and found the email had been flagged as invalid, there was no information about sexual preferences and no credit card transactions had been recorded. “From the data it seems evident that someone other than Michelle Thomson signed up for the account. Definitely a prank,” Fawkes concedes.
Even where the accounts were validated, and infidelity seems likely, there are dangers attached to this kind of public outing. Leaving aside the question of whether the families of cheats deserve to have their lives ripped apart, you have to wonder if the cyber criminals considered the potential consequences of exposure to those in the military (where adultery is still technically punishable with a year in prison and an dishonourable discharge) or to LGBT members from countries where homosexuality still attracts a death sentence.
There may be little public sympathy for the likes of US reality TV show star Josh Duggar, whose fame was once based on his image as a good family man. But what about those who may have signed up in a moment of weakness or insobriety (and have never taken it any further)? Or those in open marriages who don’t want their bosses prying into their sexual affairs? And what if the prospect of being exposed leads to blackmail or suicide? Extortion threats demanding $450 in Bitcoins have already been sent to several AM members from a would-be blackmailer called Team GrayFlay. There are broader concerns too. Were this kind of cyber crusade to become a trend, what else might be considered fair game? The medical records of men who have contracted an STD or women who have had an abortion?
Since its launch in 2001, Ashley Madison has been facilitating extra-marital sex on an almost industrial scale. It claims to have 40 million members (although information gleaned from the hack suggests up to a third of these may be fake) and last year made a profit of $55 million. Its attitude towards cheating is predicated on the notion that a marriage comes with a sex-on-tap guarantee. Biderman has said he has not been unfaithful to his own wife “so far”, “but if I woke up beside [her] and it was the 200th day we hadn’t been intimate with one another and it looked like nothing would change, I would cheat so fast”.
The Impact Team carried out its attack on the Ashley Madison database in July, successfully accessing the personal, financial and the sexual predilections of 37 million customers (1 million of them in the UK) and identifying a couple of members, such as a man from Mississauga, who was into erotic tickling, as an example of what would follow if their demands were not met. Avid Life failed to act, so the hackers made one data dump on Tuesday and another on Friday, sparking a massive fishing expedition by suspicious spouses, scoop-hungry journalists and anyone with a grudge.
So far most of the information which has filtered through has been general or made anonymous: we know that there are 15,000 email addresses associated with the US military or the US government, thousands linked to banks and the big tech companies, 130-plus to the UK government and a handful to the Vatican.
Despite the digging, however, there have been few celebrities or politicians linked to Ashley Madison so far, and only Duggar has held his hands up and admitted his betrayal. “I have been the biggest hypocrite ever. While espousing faith and family values, I have been unfaithful to my wife,” he said in a statement almost as contrite as the one he made after it emerged he’d molested his sisters as a teenager. Others – Gawker blog writer Sam Biddle and the executive director of the Louisiana Republicans Jason Doré – are insisting they signed up for research purposes. Some news organisations may feel that publishing illegally obtained information is not justified in the public interest. Still, it seems likely more revelations will follow in the weeks to come.
On a domestic level, there have already been repercussions. One woman learned of her husband’s website membership live on an Australian radio phone-in while several divorce lawyers say they have already been instructed in Ashley Madison-linked proceedings.
While the world waits with bated breath for more big names, the raid is providing an unprecedented insight into modern sexual mores. The first impression one gets is that we are a generation split between grab-all-you-can cheaters and voyeurs who express their disapproval while enjoying vicarious titillation.
But time spent on online forums provides a more mixed and nuanced picture: of people in loveless marriages hungry for intimacy or in flexible relationships where sleeping around is part of the deal. One man talked about his love for his invalid wife who understood his need for physical relations outside marriage, others of one-off and much-lamented mistakes made long ago when their marriage was going through a rough patch.
Now a whole industry is gearing up to trade on their desperation: lawyers – both divorce and civil litigation – mediators, therapists and, of course, data security experts all stand to profit from the fallout. CheapAir airline is offering victims a $50 voucher towards a foreign holiday to repair the damage.
Some security experts predict the Ashley Madison hack will represent a watershed moment in our relationship with the internet. Arguably that moment should have come with last year’s Sony hack when embarrassing private emails between Hollywood movers and shakers found their way into the public domain, but that may have felt irrelevant to ordinary people. As for the many corporate hacks that have led to the leaking of financial details, credit cards can always be cancelled and replaced.
After Ashley Madison, however, it’s impossible for people to ignore the fact that every move they make online – from exchanging emails to signing up to websites – is vulnerable to exposure. “[This hack is] a powerful reminder of the impossibility of perfect privacy,” says John Herman of website the Awl.
From here on in, data security will have to be improved or people will have to stop trusting their innermost secrets to websites – however much protection they purport to offer.
And there is the irony. Ashley Madison built its success on the promise of discretion. The image on its website is of a woman with a finger to her mouth. In interviews, Biderman was always boasting about how secure the company was. If people wanted to delete their accounts, he said, “we’ll make like you’re a ghost – you were never here”. Instead, members have been left with digital lipstick all over their collars and reeking of cheap scent.
As of Friday night, the website was still open for business, but the company has an epic challenge ahead if it is to regain trust and fend off the inevitable multi-million-dollar lawsuits; there are many who question its capacity to survive. In a world where it is estimated that 60% of married people cheat on their partners at some point, however, the Impact Team’s attack is unlikely to usher in a new age of fidelity. “Human beings are not genetically wired for monogamy,” says Biderman. And it seems millions of people agree. «