Slashdot Mirror
Ashley Madison CEO Steps Down, Reporter Finds Clues To Hacker's Identity
Dave Knott writes: Following the recent hacks on the infidelity website Ashley Madison, Noel Biderman has stepped down as CEO of both AshleyMadison.com and its parent company. Avid Life Media Inc., the company that owns the site and many others, announced Biderman's move in a short press release on Friday: "Noel Biderman, in mutual agreement with the company, is stepping down as chief executive officer of Avid Life Media Inc. (ALM) and is no longer with the company. Until the appointment of a new CEO, the company will be led by the existing senior management team." Before the data hack, the company was planning an IPO in London that would have taken in as much as $200 million from investors. According to regulatory filings, the company had $115 million in revenue last year, more than four times the amount it obtained in 2009.
Meanwhile, in related news, Brian Krebs (the reporter who first uncovered the hack) says he has uncovered clues to the possible identity of the hacker. Krebs says he noticed the Twitter account operated by a known hacker recently posted a link to Ashley Madison's stolen proprietary source code before it was made public. Intrigued by the poster's apparent access, he examined the account's posting history and noticed a predilection for the music of Australian hard rock band AC/DC. This jibes with the behavior of the hacker(s), who had displayed threatening messages on the computers of Ashley Madison employees, accompanied by AC/DC song Thunderstruck. In a series of tweets, the owner of the account, one Thadeus Zu, appears to deny that he was behind the hack, and indeed makes several suggestions that the account itself isn't even run by one person, but is instead an amalgam of like-minded digital vigilantes. The NY Times also reports that people whose details were contained in the leak are beginning to face threats of blackmail.
Meanwhile, in related news, Brian Krebs (the reporter who first uncovered the hack) says he has uncovered clues to the possible identity of the hacker. Krebs says he noticed the Twitter account operated by a known hacker recently posted a link to Ashley Madison's stolen proprietary source code before it was made public. Intrigued by the poster's apparent access, he examined the account's posting history and noticed a predilection for the music of Australian hard rock band AC/DC. This jibes with the behavior of the hacker(s), who had displayed threatening messages on the computers of Ashley Madison employees, accompanied by AC/DC song Thunderstruck. In a series of tweets, the owner of the account, one Thadeus Zu, appears to deny that he was behind the hack, and indeed makes several suggestions that the account itself isn't even run by one person, but is instead an amalgam of like-minded digital vigilantes. The NY Times also reports that people whose details were contained in the leak are beginning to face threats of blackmail.
He'll find another place to lose control of people's data.
Make no mistake, I don't like what Ashley Madison did. They've been exposed for running a scam web site designed to sucker men out of lots of money quickly. However, that doesn't justify the hack - which is almost certainly a criminal offense at this level. Sure, the hackers took down the CEO of Ashley Madison, but we don't know what will happen next. They might just relaunch with the same aims and different window dressing. Meanwhile we seem to be celebrating the actions of the hackers, in spite of the fact that they did break the law.
Just because they used illegal techniques to attack a morally reprehensible company doesn't mean their techniques are magically vindicated. Celebrating the hack is immoral as well.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I expect they'll hire someone from a well-known tech company to be CTO, who will give a buzzword-filled speech frequently referencing encryption and 'best practices' and how incredibly secure their new system will be. The new CEO will announce that they won't hold on to personal data any more once one pays to delete it, that financial data will be held in a separate system/outsourced, and steps will be taken to improve the male/female ratio. They might even change their TOS to remove reference to the 'for entertainment only' women, and claim to stop using them. They'll almost certainly change their website name, maybe just to the initialism 'AM', to make it harder years from now to find out that it'd been hacked.
One might remember that Plenty of Fish and Adult Friend Finder have both been hacked in recent years, which didn't kill those sites.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
This whole thing screams "inside job".
A lot of the information that has been released, most notably employee emails and internal company documents, couldn't possibly have also been on the servers that held the databases for the AM site. So either (1) the hackers thoroughly penetrated the company and got *everything*, or (2) the people running AM were stupider than I believe possible (actually you would have to *work* to put all of your eggs in one basket that way), or (3) someone swiped backup tapes when they were on their way out the door.
Well, compromise a Domain Admin account, and you pretty much own all of the servers an all-Microsoft shop. Lazy Linux administration can lead to a similar fate (excepting Exchange email, perhaps). Given the sorry state of security I've seen pretty much everywhere, once you get a foot in the door, it's not hard to expand your reach.
Trump isn't remotely honest, but he does say the xenophobic things
Please keep making comments like this. Comments like this are what is fueling Trumps campaign.
We are so fucking sick of being called out as racists or mean or anti-woman or anti-science or whatever sanctimonious bullshit phrase you want to throw at us.
And yes, I'll get a flamebait mod with a few smug responses like "well then don't be conservative" or some variation of that but these comments are getting old.
Just look at this thread...
http://slashdot.org/comments.p...
For me to defend Bush makes me sick but these lies and name calling are getting ridiculous. And we are not really even into the primaries yet!
look at my user name.
Trump went on air and intentionally mocked Asians by using a stereotyped pinyin/coolie accent. he went on air another time and labeled latino immigrants as criminals and worse things.
that is racist in my book. and if you don't see it, consider that you might actually be a racist, too. racism isn't just wearing white hoods and going around burning crosses. it's ALSO staying silent or even applauding utter garbage like that uttered by Trump.
the most disgusting part of it: Trump knows EXACTLY what he's doing. he's riling up the ultra-conservative base to build primary support. that is solid proof of what powers the modern GOP.
I imagine they had those bases covered with ToS language.
A judge may not side with them just due to ToS. And A.M. misrepresented the facts pretty grossly here, and failed to live up to its obligations (paid delete).
Canada is pretty pragmatic about contracts; and its pretty common to side with the "little guy" if the contract is deemed to be deliberately constructed to weasel out of what a reasonable person should think they were signing up for.
There's also the fact that once a female made a response in that sort of environment, you'd probably have a date and be able to take it off the site,
Even so... only 9700 accounts by women ever sent a single message. And we don't know how many of those 9700 sent only one and then vanished, or how many of them had been online in the last 3 years... the number of active women on the site could well have been in the middle HUNDREDS.
As you pointed out, the numbers of women actually participating were overwhelmingly dwarfed by number of males, just as they are on most dating sites
1) Were not talking overwhemlingly dwarfed. I consider 10 or 20 to 1 to be overwhelmingly dwared. We're talking thousands to 1, maybe even 10s of thousands to 1. You could spend your whole month sending female profiles messages without getting a response... not because the women weren't interested in you, but because you never actually sent it to an account a woman actually even used.
Given that AM is charging you to send messages to these women (over and above "membership")... they are literally taking money so you can send a message to a fake account that no woman has ever used. Men may have to accept that not every message they send will be responded too, or even read, but to accept (without clear disclosure) that they have *vanishingly small odds* the messages they are paying to send will even be delivered to an account a real person even uses is beyond the pale. That's fraud.
just as they are on most dating sites. Most of the money in those sites is getting males to stay interested enough to keep shelling out money.
All that suggests is that fraud is probably pervasive in the industry and perhaps we should regulate these sites to disclose membership numbers, and for those numbers to be independently audited.
So that consumers can make an informed buying decision.
It's like ladies night at the bars.
I can see pretty clearly whether or not there are any ladies at the bar. And its not terribly hard to tell if they are all hookers and hostesses paid by the bar itself to be there.
Yes, I know where and how you calculated based on paid deletes.
The paid delete functionality is the one good indication that an account was genuine,
a) First, no. I think "responded to at least one message" is FAR more telling. In theory they could have been faking reponses etc making that metric useless... but the fact that it is SO RIDICULOUSLY LOW tells us that they weren't, and it tells us that however many women joined only an insigifcant number deleted.
b) Also no. I think women may have been significantly more inclined to use the paid delete option then men for a variety of reasons. So your calculation is suspect. Further it evidently counts women who created an account only to lurk or see if their husband joined. Even if you want to count them as "members", the fact that they weren't responding to any messages at all is material evidence that even though they joined they simply weren't engaging in the site.
Look at "responded to at least one message" and "checked inbox".
Less than 10,000. You don't need to "correspond that with men" to come up with a number of women engaged in the site. It stands on its own. Less than 10000 accounts belonging to a female ever responded to a single message, fewer still ever checked there inbox. Half the men responded (to what exactly, I wonder?!!) and nearly all of them checked their inboxes.
You can't tell me there 2 million women on the site, when fewer than 10k ever responded to a single message or checked their inbox or enaged in chat. If they were "there" they may as well not have been as far as the men were concerned. And more likely than not, they weren't really there, or were signed up en-masse at A.M sponsored ladies night events. And they never used the site at all, beyond filling out a paper ballot with some info to get a free drink or something. (I admit I'm speculating here.) To count such accounts, where there is no evidence they logged in more than once, no evidence they logged in even once... is dishonest to say the least.
There is evidence 20,000,000+ men used the site. There is evidence fewer 10,000 women did. Whereas you call the paid deletes the "one good bit of data" I disagree... I suspect more women paid to remove there info from the site than actually used it, under a variety of scenarios.
I'm not talking about "at any one time".
I know. I brought that up after the fact to illustrate that not only was 10,000 the upper maximum of responsive women, but its extremely unlikely there were even that many women. 2 million simply lacks any credibility at all whatsoever.
He ran a fraud:
That seems possible, and perhaps even likely. But the Gizmodo story overlooks something.
From your link:
There are definitely other possible explanations for these data discrepancies. It could be that the women's data in these three fields just happened to get hopelessly corrupted, even though the men's data didn't. Or maybe most of those accounts weren't deliberately faked, but just represented real women who came to the site once, never to return.
There's an obvious missing alternative possible explanation here -- The hackers could have tampered with the data.
This hack is notable because of its specific target of embarrassing and destroying the reputation of the company. Erasing or tampering with very specific database fields that make it look like Ashley Madison was perpetrating a complete fraud... well, that's certainly a convenient way to provide the final knife blow to any credibility the site or its management might have had.
Don't get me wrong -- I have no doubt that the site likely fabricated thousands or maybe even tens of thousands of female profiles, perhaps as initial enticement to get the site going in the beginning (since female numbers obviously are going to be less, as on any dating site). But the Gizmodo analysis wants us to believe that the ratio of active male:female members was something like 1000:1 or greater. Men and women certainly are different, but it's a little hard to believe that they're THAT different.
I'd say it's at least POSSIBLE that this data has been altered or tampered with by hackers who clearly have a specific moral agenda. This kind of tampering -- if it happened -- would effectively further their agenda to discredit the company. But perhaps it also serves other purposes... certainly there's been speculation that this moral attack was motivated by a personal affront or something. Perhaps the hack was partly motivated by someone specifically angry about a situation involving men cheating. Erasing data from most of the female accounts makes the men look even more desperate and pathetic than before, while simultaneously making the women look more "innocent."
I don't much care either way. But the reality is that the only data being used to support these claims has passed through hackers who clearly have their own agendas. Thus, we should be suspicious about apparent trends in that data which also conveniently further the hackers' moral agenda.
Not saying my hypothesis here is true, or even that it's likely. But it shouldn't be completely ignored as a possibility.