Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Ashley Madison breach shows hackers may be getting personal

David Weldon | Oct. 1, 2015
It’s bad enough that we have to worry about identity theft and assaults on our bank accounts. Now we have to worry about hackers finding – and releasing – embarrassing, lurid life- and career-ruining information, too.

Alexander believes that there certainly could be a social conscience factor to the Ashley Madison breach.

“We’re seeing a lot of hacktivism coming from the political and the geopolitical perspective as well as the social justice perspective. We’re living in a really dangerous world on the virtual or electronic front,” Alexander stresses.

This match is no heaven

While the major “traditional” dating sites may not yet have been compromised in terms of member information, Match.com U.K. was successfully hacked by cybercriminals who were serving malware through ads on the site, according to Stephen Boyer, a cybersecurity expert and founder and CTO at BitSight Technologies.

“With Match.com they’re installing something called Crypto Wall. It’s a ransomware – once it gets installed you’ve got to pay a ransom. That can have potentially a very serious impact. Even though Match.com didn’t appear to have its servers compromised, the ads that were serving from their site were compromising its user base. Their users could then have their information compromised or be exploited in a ransomware scheme.”

Asked if the Ashley Madison breach represents a change in behavior for hacking, Boyer says “You would think that, but it actually has been going on for quite some time.”

Boyer pointed to “a great website called haveIbeenpwned [pwned is computer geek-speak for compromised].” He’s charting roughly 60 breaches and a lot of those are ones that have been “’dumped’ – you’ve got YouPorn accounts, SnapChat accounts, AdultFriendFinder.com – [even] Domino’s and Sony.”

“Why are those potentially interesting targets? Because they have information that can be used. Right now there is a strong underground economy for this type of information. You can buy and sell and trade that. These compromised credentials have currency in the underground markets,” Boyer says.

 

Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.