Hacking, Security & Privacy - Page 17

Avid Life Media announced that CEO Noel Biderman has stepped down, following the company's embarrassing public data breach.

Senior management will be responsible for day-to-day operations of the company, until a permanent replacement can be identified. It's going to be a confusing time for Avid Life Media, after a "criminal intrusion" that reportedly occurred over years by unknown hackers.

"This change is in the best interest of the company and allows us to continue to provide support to our members and dedicated employees," Ashley Madison noted in a statement. "We are steadfast in our commitment to our customer base."

Almost 45 percent of Americans have suffered from a cyberattack targeting sensitive health information, according to a recent iSheriff white paper.

It has been an absolutely atrocious year for healthcare data breaches, with the likes of Anthem, Premera, CareFirst, and UCLA Health Systems suffering breaches - totaling a whopping 143 million patient records.

"When more than forty percent of the US population has been a victim of a data security breach, we must recognize this is an epidemic that can and will hit any healthcare provider," said Paul Lipman, CEO of iSheriff. "These breaches not only cost time and money, they risk compromised medical records that could impact health diagnoses and outcomes. Cybercrime is the new healthcare crisis."

Avid Life Media, the operator of Ashley Madison, is facing multiple lawsuits following a massive data dump that included around 37 million records.

"I'd be surprised if you get a lot of traction here," said Scott Vernick, partner and head of data security and privacy at the Fox Rothschild LLP law firm, in a statement published by the Associated Press. Even with the data finding its way from the dark web to the regular Internet, trying to win lawsuits against breached companies doesn't tend to end up well for plaintiffs.

A Canadian law firm recently filed a $578 million class-action lawsuit on behalf or Ashley Madison users, and there are at least four active lawsuits against Avid Life in the United States. One was filed in Missouri, one was filed in Texas, and two others were filed in California - and all have anonymous plaintiffs listed.

Avid Life Media is still trying to deal with a major PR disaster after The Impact Team breached Ashley Madison, and the company has offered up a $500,000 CAD ($377,000) bounty.

"You know The Impact Team has crossed the line," said Bryce Evans, acting staff superintendent of the Toronto Police, during a Monday morning press conference. "This hack is one of the largest data breaches in the world. The social impact behind this leak, we're talking about families, we're talking about children, we're talking about wives, we're talking about their male partners. It's going to have impacts on their lives... this is affecting all of us."

Evans also asked for the hacking community to "do the right thing" and help Avid Life Media and the police identify the hackers. Even if members of The Impact Team are identified, however, trying to bring them to justice could be extremely difficult - depending where they are located in the world.

After the Ashley Madison data dump, which featured more than 33 million accounts, it was no surprise that the fallout would ensnare plenty of people that would need to explain themselves. One political leader already claimed he used the site for "opposition research," and now Florida State Attorney Jeff Ashton publicly apologized after his name was discovered on Ashley Madison.

Ashton described his decision to sign up for Ashley Madison as a "bad, childish, stupid error" and he "did not commit a crime" by using the site. Ashton claims he typically logged in using a personal laptop and through public Wi-Fi networks. He reportedly didn't meet anyone via the site, and didn't have an affair.

"While I indulged my curiosity about the site it never went beyond that," Ashton said during a press conference. "These were incredibly stupid choices." In addition, Ashton won't step down and plans to return back to work: "I think I've humiliated myself enough for one weekend. Tomorrow morning I go back to work."

Avid Life Media and Avid Dating Life are not going to have a fun time following the fallout of Ashley Madison's data being publicly dumped to the Internet. Thousands of Canadians had their privacy violated following the breach, which included personal names, email addresses, home addresses, and message history - and the lawsuits are going to roll in.

Charney Lawyers and Sutts, Strosberg LLP filed a $578 million class-action lawsuit on behalf of Ashley Madison members located in Canada. The lawyers won't try to include the Impact Team in the class-action lawsuit, as seeking damages from a foreign-based hacker group would be difficult.

"Numerous former users of AshleyMadison.com have approached the law firms to inquire about their privacy rights under Canadian law," the law firms said. "They are outraged that AshleyMadison.com failed to protect its users' information. In many cases, the users paid an additional fee for the website to remove all of their user data, only to discover that the information was left intact and exposed."

Louisiana GOP Executive Director Jason Dore confirmed his name was one of millions exposed in the Ashley Madison data dump.

The Republican Party statewide director used his full name and former personal credit card billing address, but claims he was doing a bit of research for his Doré Jeansonne law firm:

"As the state's leading opposition research firm, our law office routinely searches public records, online databases and websites of all types to provide clients with comprehensive reports," Doré; told The Times-Picayune. "Our utilization of this site was for standard opposition research. Unfortunately, it ended up being a waste of money and time."

DARPA wants to help develop new solutions to defend against distributed denial of service (DDoS) attacks, with foreign cybercriminals launching large volumes of attacks against US military and government targets.

The Extreme DDoS Defense (XD3) aims to provide a DDoS countermeasure system that is able to identify incoming attacks, and help defend networks. Depending on the attack sophistication, DARPA wants to have a response time of 10 seconds or less - a difficult challenge, but an important one that could be used in the private sector and by the government/military.

"In general, the program aims to thwart DDoS attacks by dispersing cyber assets (physically and/or logically), disguising the characteristics and behaviors of those assets, and mitigating the attacks (especially low-volume attacks) that still penetrate the targeted environment," according to the DARPA Broad Agency announcement, asking for applicants.

Well, it didn't take long before the scam artists and extortionists started taking advantage of the recent Ashley Madison data dump. People with email addresses exposed are receiving shady looking emails that demand payment in exchange for secrecy so their spouses and partners aren't informed.

Here is one email that was shared with Brian Krebs from Krebs on Security:

Hello,

Avid Life Media has gone on the offensive following the Ashley Madison data dump, sending takedown notices to social networking websites and file-sharing services.

Stolen data includes data of up to 33 million users, and while removing data from Twitter, Facebook, Reddit, and other sites has been successful, it's going to be nearly impossible to scrub the data dump from the Internet.

The data is out there, and there are plenty of links to anyone looking for a searchable database - yielding everything from names, usernames, email addresses, and sexual preferences - as Avid Life Media tries a desperate effort to fix its PR disaster.

It looks like spouses are calling divorce lawyers after finding potentially unfaithful partners listed as members of Ashley Madison.

A report published by The Times indicates relationship counseling services and divorce lawyers have seen an uptick in phone calls and correspondence from angry spouses. After 33 million members were exposed, it's likely a similar trend is likely to happen in the United States and elsewhere in the world - as more people search the database.

The data dump has created "lots of difficult emotions" for partners finding spouses in the Ashley Madison data dump, said Denise Knowles, a counselor at Relate counseling service, told The Times.

Avid Life Media has suffered a major PR disaster after hackers were able to spend a lengthy amount of time stealing data from the Ashley Madison website. The Impact Team hacker group, reportedly made up of "very" experienced hackers, has collected information from Ashley Madison "over the past few years."

"Bad. Nobody was watching," The Impact Team told Motherboard, when asked about security protocols. "No security. Only thing was segmented network. You could use Pass1234 from the Internet to VPN to root on all servers."

The group also has plenty of other information taken from Avid Life Media, including "300GB of employee emails and docs from internal network. Tens of thousands of Ashley Madison user pictures. Some Ashley Madison user chats and messages. 1/3 of pictures are dick pictures and we won't dump. Not dumping most employee emails either. Maybe other executives."

It's not a surprise that federal agencies have fully embraced mobile technology like smartphones and tablets, but there is great concern that 40 percent of government employees put sensitive data at risk by ignoring agency policies.

A recent study from mobile security firm Lookout discovered employees rooting, jailbreaking and sideloading applications, while still having direct access to work documents, work email, and other possibly sensitive data. The study also found 49 percent of federal employees don't have any form of anti-malware or anti-virus security solution installed, and employees use unsecured devices while handling sensitive data.

Not that the policies used by government agencies should be followed in the private sector, but gives decision makers guidelines on behaviors that don't work - and how to avoid them.

With news already coming out that the Ashley Madison hack has seen over 700 Australian Government employee email addresses named, sitting alongside members of the White House and US congress and even dirtying the name of Sao Paulo due to the sheer number of accounts within, there is now even more to add to the plate.

This latest update comes in the form of yet another information dump, being twice the size of the last one. Released onto the dark web, this information leak is largely targeted at Noel Biderman, the CEO of Ashley Madison's parent company, Avid Life. Alongside including many of his business emails, this leak is coupled with a statement which reads "Hey Noel, you can admit it's real now."

Measuring around 20GB, this leak is said to be focused mainly on internal operations and information - quite possibly to ensure people take this leak seriously and removing the possibility of Ashley Madison calling it off as a hoax.

The Aussies are in trouble, with the latest Ashley Madison hacking scandal unveiling over 700 Australian Government email address' linked to the affairs website, but it looks like they aren't the only ones. Looking further into the data, The Big Story published an article outlining that members of the White House and US Congress were also involved in the mix.

Including those holding high positions in multiple Government offices (including law enforcement), the hacked and published list includes some powerful titles which The Big Story explained as; "at least two assistant U.S. attorneys; an information technology administrator in the Executive Office of the President; a division chief, an investigator and a trial attorney in the Justice Department; a government hacker at the Homeland Security Department and another DHS employee who indicated he worked on a U.S. counter terrorism response team."

Although you may view it as morally unjust, there will be no legal action taken against these Government employees, sources say. This inaction is due to there being no elected officials involved, nor have these people committed a felony. Further to this information, the names have not been publically posted or confirmed by the US Government.

Millions of people have been exposed following the recent data dump of stolen Ashley Madison accounts, though there is something a bit frightening to consider: the possibility of people committing suicide, or being injured or killed.

The Impact Team released data of 37 million users of the popular infidelity website, and details include names, email addresses, and sexual preferences.

"We have to be very cautious and I think sensitive to this," cybersecurity specialist Brian Krebs told the Guardian. "There's a very real chance that people are going to overreact. I wouldn't be surprised if we saw people taking their lives because of this."

Former NSA contractor Edward Snowden's chance at creating some type of plea agreement with the US Justice Department is not likely - and a possible agreement window is rapidly closing. Snowden's attorneys and the government haven't spoken about a deal in almost one year, according to sources speaking to Bloomberg.

The US government isn't in dire need of gaining information from Snowden, because they have a much clearer picture of the data he took. However, the American said he would like to one day return to the United States, but that hasn't seemed like a plausible scenario for quite some time now.

"Many people in government believe that the journalists who received Snowden's material are not capable of protecting it from a competent and committed state level adversary service," said Ben Wittes, a Brookings Institution national security law specialist, told Bloomberg. "Even if Snowden did not give the material to others, they argue it would have bene ripe for the picking."

Republican presidential candidate Jeb Bush believes the United States government needs broader surveillance capabilities, and tech companies shouldn't be fighting back about encryption.

"There's a place to find common ground between personal civil liberties and NSA doing its job," Bush recently said, as published by the AP. "I think the balance has actually gone the wrong way."

Bush also noted that recent Patriot Act changes forcing an end to bulk collection of American phone records wasn't the right idea - and was done with "no evidence" Americans' civil liberties were violated.

In further shocking news, the Ashley Madison hacking scandal has not only seen Australian Government employees damned by the leak, but there has further been an investigation into statistics based around the findings.

This investigation came in the form of locations, naming how many Ashley Madison accounts were linked to major cities around the globe. Topping the list of 25 cities by a large margin was Sao Paulo, sitting at over 370,000 accounts in total, backed up by New York at 268,171 in second place. These results were certainly not locked to a single continent either, with London and Melbourne (Australia) both ranking quite highly.

As reported by News.com.au, these numbers also don't take total population into account. So not only are you looking at places like Perth (Australia) having 88,697 total Ashley Madison members, but this city has 1/10th of the inhabitants when compared to the #1 ranked Sao Paulo.

In recent news, dating and affairs website Ashley Madison was hacked and user information posted on the dark web. Among this information were over 700 Australian Government email address' ranging from members of parliament to high-held positions in the police force. With more uncovered members said to be found soon, the Queensland Government wants to know exactly how its workers ended up on this list.

With these 'Queenslanders' holding positions such as detective, government official and regional Councillor, the Queensland Government's IT section are reportedly conducting a full investigation in order to find out exactly how these email addresses came to be included in these lists.

There is a possibility that some emails were signed up by other people in a bid to inconvenience a worker they don't like, however, that's not likely to be the case for all members on the list.