- No comment

Ashley Madison leak: the guilty, the damned and the cyber vigilantes

First off, let us begin with a quick recap of the facts: the website Ashley Madison that aims to bring together unfaithful married individuals got compromised by a group of hackers named “The Impact Team” last month, who then threatened to disclose Ashley Madison’s customer data (including names, email addresses, sexual preferences… but no full credit card numbers) unless the service got taken down by Avid Life Media (ALM) which owns Ashley Madison as well as other dating websites. ALM decided against it, and as a result the team made the data freely available.

  • 32 million accounts compromised
  • Sensitive data leaked (names, emails…)
  • Shell-shock for hundreds of thousands of people

The data is currently available to anyone. At this stage it is still too soon to fully grasp the extent of the problem, but it is likely that over the next few days we will begin to see a rise in the number of websites, blogs, and even social media accounts aimed at divulging the names. There has already been a number of Twitter accounts set up for that purpose, thankfully they seem to be taken down readily as they start to gather momentum. Unfortunately, the same cannot be said for the blogs and websites, especially if there are hosted in countries with very few regulations on the privacy front.

The truth is, it would be foolish to designate a sole culprit, and given the nature of the targeted website and victims and the ethical standpoint that one may take, therein lies the illusion of a debate: was it right or wrong for the hackers to do what they did? I will go straight to the point: make no mistake, the unsolicited and aggressive publication of these private data concerning millions of people is an irresponsible act, and an invasion of privacy. Privacy is an inalienable and fundamental right allowing one to do things that may be perceived as morally wrong, as long as it is law-abiding. In short, there is absolutely no reason to condone the action of the hackers. Not if you respect the society we live in.

Degrees of blame and shared responsibilities

The hackers are to blame. This is a classic case of vigilante work going wrong. These people are no better than ISIS: they use terrorist tactics in order to uphold their vision of what society should be with a complete disregard for their victims or the consequences of their actions. Admittedly they have not directly killed anyone, but what of the countries in which this is illegal – for instance, take the Saudi Arabians users: they can get flogged for this (or worse, if they were looking for homosexual relationships). And what if some former customers think this public shaming is too much and decide to take their own lives? Besides, it also opens up a new playground for scammers, blackmailers and other hackers, there is no telling how far this thing might go. So we are not just talking about threatening couple and family lives (and that alone is already huge), it goes way beyond that. This, incidentally, is also Ashley Madison’s communications angle.

Avid Life Media and Ashley Madison are to blame. In all fairness, it appears their data was encrypted to a higher standard than most of their peers. Not that it mattered in the end, and really it just makes the whole thing even scarier. But they are certainly guilty of shady practices: customers had to pay a fee in order to erase their profiles (this alone is rather poor ethics), but in reality, companies keep a record of former customers (even the ones that have deleted their accounts), and so did ALM. Their communications strategy so far has been weak at best, and they don’t seem to be readily available to answer questions from their customers. Finally, between the actual hack in July and the publication of the data earlier this week, it is unclear what actions they put in place, if any, and strengthening their systems made no difference whatsoever to the existing customers. In a similar case, Russian dating site Topface paid the hacker an award for “finding a security breach” and to stop trying to sell about 20 million stolen email addresses stolen. Ashley Madison, on the other hand, did not seem to do anything about it, or at least they did not communicate their actions.

The customers are to blame. Not necessarily because of the intentions that they had when signing up, but because they gave away too much information. Giving a work email address may seem logical if one did not want his or her partner to find out, but surely giving a fake name and address is also an option, there are no ID verification processes, and no verification of email addresses either. There is a very simple thought process that everyone should have, and that is asking oneself when entering information whether it is useful or dangerous to do so. Having one’s real name on LinkedIn is both safe and useful. Having one’s real name on Ashley Madison serves no purpose and is potentially harmful.

Perspectives of the future and cybersafety

I do not particularly relish to take up the role of the doomsayer, and the truth is that in the grand scheme of things most people will not be affected by a life changing large scale hack, but the problem is it could very well happen to anyone. This sort of situation is where a cyber authority should come in and intervene, however there is no such entity, at least not on an international level. No government on the planet today has the means to tackle such an issue efficiently, if at all. We are in need of a global overhaul, something of a new cyberworld order, whilst at the same time avoiding the pitfalls that too much control can bring. It seems that striking the balance will be a difficult task to achieve, but cooperation between the nations and the main actors of the web is absolutely key.

Let one thing be clear: Ashley Madison may have shock value, and it might end up breaking hundreds of homes and families, yet it is just one of the many potential problems that can arise from sharing too much personal information on the web. In the meantime, it is up to the web users to try and take as many precautions as they can.