The fallout of the Ashley Madison breach continues. Extortion, even suicides, are being linked to the data dump, which revealed a lot of personal information about the site’s users. It’s an interesting case.
The hackers involved did not try to get money from the site, which facilitates extramarital affairs. Instead, they demanded it be shut down.
At face value, they may be offended by cheating, but the actual reasons appear to lie closer to the business itself. The hackers have accused the site’s parent company of some fairly staggering things — and those digging through the data trove have found at least a few of those accusations can be substantiated.
But such breaches are not unheard of. Several years ago the user profiles from a major porn site were leaked online, all in an effort to embarrass those users. It didn’t really work, mainly because that breach lacked any media profile. Ashley Madison is different and the damage out there so far proves it. Some have even questioned whether the business will survive.
The real story here, though, is that hacktivism is taking on a new character. The idea was first coined in the mid-1990s and stands for cyber attacks that are motivated by political or social principles, not criminality or sovereign power games. It’s essentially a way for the little person to punch above their weight class, taking on the corporate world and governments.
In the regular world that would be called a whistleblower and we’ve seen several events involving digital whistleblowers. Edward Snowden, Chelsea Manning, whoever dumped all those South African secret documents on a USB drive — all examples of sticking it to the man. Results have varied: Snowden’s revelations shook the foundations of the US, while the South African leaks caused little more than a few red faces — at least publically.
Hacktivist groups have also been more active of late. For the past several years, both Anonymous and Lulzsec were thorns in the side of authority, though they are applying the definition very loosely.
Anonymous has attacked companies for unethical practices, declared war on terrorists and harassed second-rate hip hop performers. Lulzsec was a bit more focused yet still broadly anti-authoritarian, but had to disband after several of its members were jailed. Some groups are far more specific — RedHack, for example, has thrown its weight behind critics of the increasingly autocratic Turkish government.
You can find hacktivists on both sides of the fight. The Islamic State appears to have several hacker groups sympathetic to its brutal regime. So has North Korea, though it is difficult to determine just how much of a role governments play in these movements. Hacking groups have been orchestrating attacks on either side of the Russia/Ukraine conflict. Some may actually be government spooks, but at least a few appear to be genuine digital partisans.
Yet, as mentioned, the trend is evolving. Ashley Madison’s breach may have been an inside job by unhappy employees. Around the same time the cyber espionage firm Hacking Team saw hundreds of gigabytes of its data dumped online, doing serious damage to the company’s trade secrets and operations. Several of its employees are being investigated.
This leads me to wonder: as data becomes a central currency for companies, just how prolific can the trend become? Not all companies are evil, but many are not saints either. It may not even be about the company, but simply a maligned employee. They will probably get caught and sent to jail, but by that time the damage is done. Look at the Sony Pictures hack (which may have also had inside help): some executives lost their jobs and, more harrowingly for those in the ivory tower, their reputations.
Sony Pictures survived, but Ashley Madison may not. This is going to be a problem. The tech market increasingly wants to move away from silos, unifying everything under one digital roof. But that exposes a lot of data. Companies may have to start thinking about that: should data be segmented, to make sure that nobody can get their hands on most of the critical stuff, not even the executives? It’s already gospel in the security industry that people are the real problem — and exactly how much can you trust your people? Forget them walking off with trade secrets. These days they can dump it online just to prove a point.
At least criminals are easier to understand: they are motivated by greed. But hacktivism has many faces and one of its newest — where anyone with the will and the means can, out of principle, strike a crippling blow to their organisation — is going to become a reoccurring topic.
- James Francis is a freelance writer whose work has appeared in several local and international publications
- Author image: Paul McGavin