Shhhhh....be quiet....and don't tell anyone it's all a big fib
As almost everyone knows, Ashley Madison, whose slogan is "Life is short. Have an affair" was the victim of about the worst data breach imaginable. Still unknown hackers targeted the site, apparently because they considered the site immoral, and stole ‘members’ personal information, which was then posted for all to see on the Internet. Since pretty much the only reason anyone would join Ashley Madison is to have an affair, AKA cheat, people who had joined were horrified to have their names made public. There have been divorces, extortion attempts, and even suicides linked to this hack.
However, after analyzing the leaked data it soon became clear that the biggest cheaters at Ashley Madison are the members of the management team, who screwed every hopeful male philanderer out of their hard earned money.
Ashley Madison really conned their paying clients, the men looking to meet women, because of one major, critical flaw in their concept. No women joined, or at least no more than a rounding error above 0%. There just weren’t any real women on the site despite an offer of free membership. The subscribers to Ashley Madison were 100% men, excepting the .032% of what look to be actual women using the site, and common sense tells you that a good portion of that tiny percent were probably enterprising and technically savvy “professionals” looking for a paying date.
From Ashley Madison’s viewpoint, the most damaging information coming from the hack was:
1. The site is a fake—there are no real women members to speak of
2. Ashley Madison, as a company, is not quite as discreet as advertised, and their security is incompetent
Although their IT security controls, including table structures, were remarkably inept, Ashley Madison is surprisingly in the forefront of one IT final frontier—sex with robots. Since there weren’t any actual women on the site, and Ashley Madison charges men by how many times they answer or receive messages from women, something obviously had to be done—FemBots! Ashley Madison had programmers create fake women members, who then struck up conversations with men who joined. This wasn’t as easy as it sounds, since Ashley is spread across many different countries where many languages are spoken, so they also enlisted some employees to set up accounts and correspond with men.
Imagine that—it was all an elaborate illusion, a ruse, a mirage. There wasn’t even a female wizard behind the curtain. Avid Media was actually going to advertise during the Super Bowl. Talk about brazen. At least if you are misfortunate enough to find your male 'significant other’ appearing on the Ashley Madison hacked list (it was on Pirates’ Bay but now it’s everywhere), it’s a virtual certainty that nothing came of it. His heart and head might have been in the wrong place, but so was his credit card. As a corollary, if you were worried that your female ‘significant other’ was on the site, most likely you’ve got nothing to worry about.
Ha, ha, ha, suckers
What morons ran this company? If you are going to run your entire business on a premise that’s a big lie, the least you could do is have good security. I don’t know what it costs to join Ashley Madison, I’m very glad to say, but if you figure it’s around $75 for X number of text exchanges, then these clowns sold 33,000,000 guys/suckers membership in an all-male club so they could meet nonexistent, virtual women (for virtuous women you need to go on ChristianMingle.com). They took in…..I need a calculator….$2,475,000,000…..$2.5 billion dollars! What a scam! It doesn’t reach the heights of Bernie Madoff’s Ponzi scheme ($20 Billion invested, which “grew” to a fake $65 billion), but on the other hand Biderman might not go to jail over this—Madoff stole people’s life savings , ruining their lives and earning life in prison, while Biderman just sold $75 one way tickets to Suckerville. Biderman is just an e-version of P. T. Barnum, forever associated with the infamous quote, “There’s a sucker born every minute”. Some things never change.
Well, maybe not quite 100% secure
There are a lot of lessons here, one of which isn’t that men are more likely to cheat than women…it always takes two, so do the math. But since this is an IT blog, the takeaway is that you really have to pay attention to security, especially if you are an officer of a company. Don’t expect IT to handle everything. Your IT group can develop policies, but management has to approve, enforce, support, and periodically check the effort. “Shelfware” (a list of security procedures sitting on a shelf or file server) doesn’t do you any good, and neither does having someone like IT to blame. Management needs to take ownership proactively because if something major goes wrong, they will own it no matter what.
Don’t assume IT is doing even the little things right—check on it yourself. Here are the top 4 (in no particular order) passwords used on Ashley Madison: 12345, 123456, 1234567, and that all time hacker stumper ‘password’. That’s not exactly stringent complexity rules for passwords. Wonder how they were hacked?
And get an expert assessment every so often, because it’s a fast moving field. Just because you’ve never been hacked (that you know of) doesn’t mean you won’t be, and you don’t want to publicly be shoving the barn door closed after the cows with their credit cards have all escaped into the deep Internet.
Some other great articles on this hack are:
A woman joins and checks out Ashley Madison (hint: they are still crummy at being discreet)
A previously successful founder of a antivirus company, and now perhaps a lunatic, offers some interesting opinions
Is it likely that 40,000 real women shared 6 email addresses?
Copyright Crow Hill Associates, LLC; which is solely responsible for the contents of this article