Slashdot Mirror
Ashley Madison Hack Claims First Victims
wired_parrot writes: Toronto police are reporting that 2 unconfirmed suicides have been linked to the data breach. This follows pleas from other users of the site for the hackers to not release the data before it was exposed- an anonymous gay Reddit user from Saudi Arabia, where homosexuality is illegal, pleaded for the data to be kept private: "I am about to be killed, tortured, or exiled," he wrote. "And I did nothing." And when The Intercept published a piece condemning the puritanical glee over the data dump, one user who commented on the article said she's been "a long term member" of the site because her spouse's medical condition has affected their intimate life. Her spouse knows she's engaged with other Ashley Madison members, she says, but now fears she will likely lose friends and have to find a new job now that her association with the site is out there.
Ashley Madison has now offered a $380,000 reward for information that leads to the arrest and conviction of the hackers who leaked the data. Security researcher Troy Hunt has also posted about the kind of emails he's received from users after the data leak.
This should create the head of steam required to get some legislation passed to make companies and specific executives SUFFER if they screw up their data security. Ultimately that means if an executive is advised that a system is insecure, fails to act and it gets hacked, the executive needs to personally liable, with a small taste of prison. It happening once is all that is required....
It is, it's a 500k CAD reward, which translates to ~380k USD.
Your hair look like poop, Bob! - Wanker.
"I am about to be killed, tortured, or exiled," he wrote. "And I did nothing."
No, what you did was expose yourself using social media to an authoritarian, abusive government. Realize that or do not.
When you define any extramarital intimacy as "cheating", you've already cut off the debate paths that the victims from the summary illustrate. Not, mind you, that AM's marketing did much to discourage that definition.
But, hey, enjoy your puritanical two-minute hate, and don't worry about collateral damage.
(Posting as AC, even though I've never gone near the site, because I'm stuck with this country's puritanical environment and the consequences it imposes for even talking about ethical decisions that don't fit the standard mold. And, yeah, I guess I'm a bit of a coward.)
While I believe that there might be some people who had no "morally" dubious intents, I fail to see why anyone with a traditional moral compass would sign up for this website.
Even if you are not married and simply looking for a one nighter, you are still signing up to site where married people are looking for an affair. It is right on their main landing page: "Life is too short, Have an affair". While it sucks for them, I feel it difficult to feel pity for them when signing up to a website which main intend is to make is to make it easy for people to cheat.
The other people could have simply signed up for a different website where the main intent is not cheating. It seems there would be plenty, and none of them are getting hacked
" one user who commented on the article said she's been "a long term member" of the site because her spouse's medical condition has affected their intimate life. Her spouse knows she's engaged with other Ashley Madison members, she says, but now fears she will likely lose friends and have to find a new job now that her association with the site is out there."
At the end of the day these people signed up for a site whose primary market is marital infidelity. I feel a bit sorry for the woman referenced above, but I also have to wonder if the partners of the people she's "engaged with" on AM were as accepting as her husband was. I kind of doubt it.
There are a lot of other sites out there that don't specifically target cheating that she could have used instead. By choosing to have her hookups through that site she was pretty much guaranteeing that she was actively screwing around with someone else's relationship.
Rest assured that the new legislation will make hacking a crime worthy of being hung, drawn and quartered while at the same time not changing anything about how corporations have to secure data, or even (god forbid!) be punished for having sloppy security.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
People paid him to have their personal info deleted. He took their money but did not delete anything. Put him in prison for fraud.
Toronto police are reporting that 2 unconfirmed suicides have been linked to the data breach.
so, basically corollary conjecture pertaining to sets of potential outcomes of a data breech.
Dont get me wrong, as a homosexual I'm not at all condoning the death of a person for their sexuality. I think puritanical elation is at best inappropriate as a response to the incident. But frankly Ashley Madisons catchphrase was 'lifes short, have an affair.' As a saudi national, someone is unfortunately about to find out exactly how short that life can really be. Standard issue infidelity aside there are numerous gay dating sites you could have chosen. numerous potential outlets for gay, straight, questioning, bisexual, whatever your heart desires. But selecting Ashley Madison shows a puerile approach to interpersonal relationship as well as sexual orientation in general. Homosexuality is not the same as a casual extramarital affair.
Good people go to bed earlier.
As much as I'd like to drag all the cheap-ass executives who shortchange IT security and reliability with an eye on promotion and their own bonuses into the street and have them tarred and feathered, I can only imagine that such a regulation would have loopholes a mile wide.
What makes a system insecure? The system integration/networking? The software, especially third party software with its disclaimers about "no liability for implied merchantability and fitness for a particular purpose"?
Who judges a system as secure/insecure? If I get a third party to sign off on it, are the execs then immune? How long does a system retain its status as officially secure? Can you patch it with new patches, which theoretically could introduce their own flaws?
How about unknown zero-days? You could judge a system as secure and then a new zero-day appears in some critical security juncture that renders it insecure. Worse yet, what about unknown exploits used for which there are no patches?
To me it smells like Sarbanes-Oxley all over again.
When he was CEO of SUN, Scott was once quoted as saying "You already have no privacy. Get over it."
If telephones are outlawed, then only outlaws will have telephones.
And, of course, don't forget carving out huge exemptions for copyright holders aggressively being assholes^Wdilligent ... there will be one of those.
And one for law enforcement, because hacking is OK if you're law enforcement.
And to protect the children. You can do anything if you're protecting children.
And national security, even if it is unrelated to national security. You know, that way the Stingray devices are still OK.
By the time all of those exemptions get made, it will boil down to "it shall be illegal for any private citizen to exploit the security holes we have ensured are in place", and will be utterly meaningless.
But, nosirree, we can't risk impacting quarterly profits and executive bonuses by ensuring corporations have legal responsibility to safeguard data. That would be like Communism.
Lost at C:>. Found at C.
This is not puritanism. This is looking down on people who make commitments they don't keep. There exists a way for a married person to declare that they no longer intend to maintain fidelity, it's called divorce. There is also swinging for couples that mutually choose that. AM is instead dedicated to people who vowed fidelity and unilaterally choose not to honor that vow.
Forgive me for being the odd duck out here, but what ever happened to "Personal Responsibility"? I, too, think it's wrong for the hackers to release that information. It sounds like a despicable act of misguided morality to me, but that's irrelevant.
These people took their own lives, the external stressers don't really matter; they CHOSE to commit suicide. Maybe if signing up and using that site was such an emotional risk for them, they shouldn't have done it?
Mod me down with all of your hatred and your journey towards the dark side will be complete!
This is a bit like saying you're going to send someone to jail for getting rear-ended waiting at a traffic light.
I totally agree, data security is a big deal - but I think "gross negligence" probably covers the fact that someone did not put proper security in place. Beyond that, it's an arms race. You can't hold someone responsible for being hacked, unless they've demonstrated that they didn't even try to avoid it. Reasonable preventative measures.
The same reason you can't claim insurance when you don't have any locks on your house. But if they really want to, that moat and electric fence won't stop someone from breaking into your house.
.
If I leave my door open, and my stuff gets stolen, I am the one who has been punished.
If some asshole corporation fails at security, and my stuff gets stolen, I am still the one who has been punished.
See, the stuff being stolen here ... It's not the property of the corporation, and they're not the ones who suffer when it is stolen. They've deemed themselves trustworthy to hold onto your data, and failed to safeguard it.
Oh, sure, they might get a little bad PR, and the stock might slip a little. But that asshole executive who decided security was too costly? It's not his data being stolen, and it's not him who has to deal with it.
So he, being an asshole executive, says "wow, we're not really sorry but if we say it will you shut up and go away?"
This is more like I've got stuff in my safe deposit box, and the bank gets robbed, and the bank say "wow, that's totally not our fault".
Your analogy sucks.
Corporations failing to protect the private and sensitive information they have been entrusted with are not the fucking victims, and they don't get to play the victim card.
Lost at C:>. Found at C.
How stupid do you have to be to misunderstand the parent post so badly? Adequate data security stops all but the most skilled hackers. Laws are already in place to force corporations to act better than they otherwise would in other areas and there is a good case to be made that that should be the case with data security as well. When you're responsible for other people's personal details, you have to act responsibly and have proper data security. Just like airlines must follow safety regulations and are penalized if they don't, corporate executives should be held responsible if data security is neglected. The main question is how to formulate it into a law and the parent proposed a solution which I don't fully agree with but I do agree with the idea. We've seen it happen over and over and over again - corporations need to be held in a short leash through laws because their ultimate incentive is always shareholder wealth. A bad reputation is nothing that a good PR campaign won't fix cheaper than preventing the problem in the first place.
I agree. If any, the guilty here is AMs poor security and data management. And its nothing new, people cheat, we are good at it . I think it's a little over the top to "make a new life because... Oh the shame".
"If anyone"? That's overboard. I agree that to a degree, AM is complicit due to their poor security and negligence with their clients data, yes, but still the truly guilty party here, quite simply, is the one who actually committed the crime and stole data they were not entitled to. I'm a fool if I leave my house or car unlocked at night; nevertheless, if someone breaks in and steals stuff, they have committed a crime, not me; I was naive, negligent, careless, but I didn't steal anything. Granted, I'd feel more culpable if I had several friends' gear in my house or car that got stolen, as that's less excuse to be so careless, and some responsibility must be shouldered in that case, but still, I am not directly responsible for the behavior of a thief, he is. The thief must still be found and held accountable. That is not debatable.
Look, if you cheat on your wife, that's NOT OUR BUSINESS.
You don't get the right to vilify and laugh and insult someone because they betrayed someone else.
Why do you think everyone has a right to cheat on their spouses, but nobody has the right to the free speech of criticizing that behavior?
Yes, blame the victim because they violated our society's moral code, rather than an actual law.
Worst of all, I have never seen a case where someone cheated on a virtuous spouse. Every single case of cheating I have ever heard of or seen among my friends was one shallow shmuck marrying a clear and obvious player and then getting upset that the player played.
My sister married her law professor - after he divorced his 2nd wife (yes, she slept with him before he was divorced). Surprise surprise, he cheated on her also. What happened to her is pretty much exactly like what happens most of the time.
Why do others not to get to blame the victim, but you do when you think they deserved it?
Your claim that it is 'puritan' to challenge promise breakers is pure labelling to avoid the issue. Whilst politicians are accepted to lie, there's no reason for the rest of the community to descend to such a level. If a couple makes promises to each other in marriage, it is reasonable to expect them to live by those promises. It is reasonable for society - attempting to encourage couples to stay together so that children get to benefit from a stable background in which to grow up - to challenge behaviour that damages children, and therefore society.
Eating pussy is also illegal in NC. Who cares?
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Your own Apples to other people's Orangutans comparison.
The Government requires you to have vehicle insurance because you impact other people if you wreck on a road. Banks are required to have insurance protecting a specific percentage of deposited wealth. You will go to jail if you kill someone while driving even if it was on accident if you don't have insurance. Banks have had people go to jail when they lied about or have not met obligations required by law. Why should a business be treated differently exactly? No reason, except that we lack enforceable regulation.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
And that is the root cause of this whole situation. We need to find a way to change the overall mindset (especially in these here Unitee States) towards other people's personal sexual congresses. Not only should it be nobody else's business, but nobody should even **care** what some person they're neither related to nor dating is doing.
If someone's cheating on a spouse (and the spouse does not approve of extramarital sex), the spouse will likely find out one way or another at some point. What happens to the couple is up to them. But what your employees, or Congressional reps, or sports/music/theatre idols do in their personal lives including sex, just plain shouldn't matter.
https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
alienation of affection, which is punishable with jail time.
Bullshit. Even in NC, alienation of affection is a civil matter.
Affairs are probably illegal in most states in the U.S. If not all.
Also bullshit. Just a few states still have these laws on the books.
Furthermore, such laws are plainly totalitarian, they misplace responsibility, they view a marriage as little more than a property deed, and they elevate particular religions to sources of law. No small government conservative, nor any other supporter of a free society, could possibly support such a law. The only reason they haven't been declared unconstitutional is that no relevant case has yet reached the Supreme Court.
One NC attorney, quoted in the Wiki, says it quite well:
One North Carolina divorce attorney has written: "Adultery is not uncommon, but an alienation-of-affection case just polarizes everyone and devastates everything in its path including the children and both spouses....The world has changed. Women are no longer viewed as property. Alienation-of-affection is something that dates way, way back, and if there was ever a law that needed to be removed, this is it."
.: Semper Absurda
If you store other peoples' shit in your home for money, damn right you are responsible for its security. Nobody cares if your own stuff gets stolen.
My wife has a yarn store and import/distribution business for fancy schmancy yarns. We have customer data, not by choice, customers demand it for their convenience. I happen to be a security/crypto type engineer. So we worked out what the plan was based on the notion that a yarn store is helpless in the face of electronic warfare.
1) Outsource anything touching PCI-DSS. The payment card machine doesn't attach to the computer. The online payments are through a service that handles the card data on their servers while appearing to be on our web site and PCI-DSS compliance is part of their service. PCI-DSS sucks (I've read the specs - It's not pretty). But it's what we have. So pay someone else to hold the responsibility who on the surface may be better positioned that a yarn store to handle such data.
2) Don't keep customer credit card data on a computer. Use other means.
In general, there's nothing anyone can do who isn't deeply involved in computer security and cryptography, which on average is everyone. Those few who are involved in the intersection of retail and computer security are disempowered by the payment card companies who dictate terms, avoid liability and push absolutely useless security standards on the rest of us.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Yes, this is quite unfortunate. However: given a random selection of 30 million individuals, at what rate would suicides be observed? Make sure you know the answer to this question before jumping to conclusions.
My wife says it already is.
You are welcome on my lawn.
Social media is for fools. It's not just Ashley Madison. It's Facebook too. It is just amazing to me how people will pony up so much personal information and entrust other people to "manage" it.
How long is it going to be before someone hacks into Facebook and steals millions of user account details? Email addresses, phone numbers (in some cases), family photos, where you work (in some cases), all your friends (in some cases), you name it.
Buyer beware.