Ashley Madison CEO Steps Down, Reporter Finds Clues To Hacker's Identity

Dave Knott writes: Following the recent hacks on the infidelity website Ashley Madison, Noel Biderman has stepped down as CEO of both AshleyMadison.com and its parent company. Avid Life Media Inc., the company that owns the site and many others, announced Biderman's move in a short press release on Friday: "Noel Biderman, in mutual agreement with the company, is stepping down as chief executive officer of Avid Life Media Inc. (ALM) and is no longer with the company. Until the appointment of a new CEO, the company will be led by the existing senior management team." Before the data hack, the company was planning an IPO in London that would have taken in as much as $200 million from investors. According to regulatory filings, the company had $115 million in revenue last year, more than four times the amount it obtained in 2009.

Meanwhile, in related news, Brian Krebs (the reporter who first uncovered the hack) says he has uncovered clues to the possible identity of the hacker. Krebs says he noticed the Twitter account operated by a known hacker recently posted a link to Ashley Madison's stolen proprietary source code before it was made public. Intrigued by the poster's apparent access, he examined the account's posting history and noticed a predilection for the music of Australian hard rock band AC/DC. This jibes with the behavior of the hacker(s), who had displayed threatening messages on the computers of Ashley Madison employees, accompanied by AC/DC song Thunderstruck. In a series of tweets, the owner of the account, one Thadeus Zu, appears to deny that he was behind the hack, and indeed makes several suggestions that the account itself isn't even run by one person, but is instead an amalgam of like-minded digital vigilantes. The NY Times also reports that people whose details were contained in the leak are beginning to face threats of blackmail.

Ironic

[XxtraLarGe]

A guy who runs a web site for cheaters has more integrity than a certain presidential candidate...

Re:Ironic

[gstoddart]

Than all of them, probably.

The guy who ran a website for cheaters was always open about that fact.

I'm less convinced in the transparency or honesty of pretty much any political candidate.

Re:Ironic

Sure he does.....

http://nypost.com/2015/08/27/ashley-madison-ceo-gets-caught-in-ashley-madison-hack/

Re:Ironic

A guy who runs a web site for cheaters has more integrity than a certain presidential candidate...

You sure? See other posts.

Come to think of it, though, he could very well be that fraudulent and STILL have more integrity then Hillary! She really does set a low bar for integrity and honesty. Well, OK, she doesn't set any bar. If she said it was raining out, I'd go check. And expect to see a cloudless sky.

Re: Ironic

[Ilgaz]

There are many analysts checking the massive data leak, this thing, the entire company & website could turn out to be scam of the century.

Don't speak too soon about integrity and the CEO.

Re:Ironic

[tompaulco]

I'm less convinced in the transparency or honesty of pretty much any political candidate.

Apparently some people find Trump to be a little too transparent and honest.

Re:Ironic

[DaHat]

Given the user database has multiple occurrences of email addresses it's pretty hard to imagine the actual owners of which using on the site (some of which even reported to have been validated)... it would not surprise me at all if the hackers decided to inject some false data into one of the stores to try to grind their axe even more.

Re:Ironic

[chispito]

A guy who runs a web site for cheaters has more integrity than a certain presidential candidate...

This is just stupid. Seriously? Hillary had her own mail server. Big deal. That doesn't make me dislike her any more than I already do because all politicians are clueless about technology. The AM CEO basically discussed hacking a rival with his CTO: http://krebsonsecurity.com/201...

Re:Ironic

[vux984]

The guy who ran a website for cheaters was always open about that fact.

On the other hand he was less than honest about how many actual women were on the site. (Fewer than 15,000 vs millions of clearly fake profiles) and also less than honest about what a "paid delete" actually paid for.

So men paid money to join a site to cheat with women that didn't exist, were then charged extra to send messages to women's accounts that were fake, and then when they paid even more to delete their accounts, well that didn't happen either.

If that's your idea of honesty and transparency, I don't know what you think counts as "dishonest".

Re:Ironic

[phantomfive]

He had no choice. "Stepped down" is a way of saying, "realized the board wanted to fire him." The only question is whether he was able to keep his stock.

Re:Ironic

This wasn't from the user accounts db, they ganked his email and there are _hundreds_ of messages that seem to point to several affairs.

Re:Ironic

[chispito]

He had no choice. "Stepped down" is a way of saying, "realized the board wanted to fire him." The only question is whether he was able to keep his stock.

That stock is going to be worth a lot once the Avid Life gets sued into the ground.

Re:Ironic

Indeed, equal in integrity to the former CEOs of Redditt and Enron.

Re:Ironic

Exactly. The mail server issue is not an issue, and those Republicans just spew lies. There was no classified information every sent to her. Not a single email message. Plus, if someone copied it from a secure system to an insecure one so they could mail it to her, then they're the ones committing the crime. It is logically impossible for her to have committed a crime. Of course since the Republicans are too stupid to understand logic, thus why they're Republicans, they think there is something illegal about her having classified material on a mail server in an apartment bathroom. They're so stupid.

Re:Ironic

Trump isn't remotely honest, but he does say the xenophobic things that the ignorant, destructive Conservatives are thinking. The Republican party is so dumbed down and paranoid that he may actually win the primary. Of course he can't succeed outside the far-right-wing, deeply delusional, Conservative subculture.

Re:Ironic

Burning people. He says what we're all thinking!

Re:Ironic

[datavirtue]

"the company was planning an IPO in London that would have taken as much as $200 million from investors"

There...fixed that for ya.

Re: Ironic

You just know one of those republicans sent her something classified to try to get her in trouble.

Re:Ironic

[tnk1]

They can't take his stock away from him, at least not the stock he owns already. That belongs to him personally like his house does.

Obviously, he might lose options or stock grants that he hasn't received yet as part of his compensation package, but not necessarily. It depends on the contract.

Of course, stock is pretty much moot at this point, although it may be interesting to see if ALM can dig out of this.

I wouldn't be surprised if they do, cockroaches are good at surviving things that would have killed any other organism.

Re:Ironic

[phantomfive]

Never underestimate the ability of con-men to part men from their money when the dick is involved. Rumors are that AM has gotten more users as a result of this hack.

Re:Ironic

Xenophobia starts at home...

Re:Ironic

Hillary isn't remotely honest, but she does remain mostly evasive with empty statements that gel with the minds of ignorant, brain-dead progressives. The Democratic party is so dumbed down and willfully dismissive of blatant dishonesty that she may actually win the primary. Of course she can't succeed outside the far-left-wing, deeply delusional, progressive subculture.

FTFY

Re:Ironic

[DaHat]

I am fully aware of that... and once you have a copy of someone's db & email account, there is no end to the fun you can have with regards to adding/removing/changing entries within... and the only way to prove it is for the original owner of the content to compare everything... however given what people think about AM and it's business model/practices... how likely would they be to be believed?

Re:Ironic

[Impy+the+Impiuos+Imp]

So freelance blackmailers are encroaching on their paid delete quasi-blackmail-wink-wink.

> people whose details were contained in the leak are beginning to face threats of blackmail.

"I see you joined Ashley Madison, Mr. Slashdotter, but nobody cheated with you. I will reveal your pathos unless you pay me 400 quatloos in Bitcoin."

Re:Ironic

[JackieBrown]

Trump isn't remotely honest, but he does say the xenophobic things

Please keep making comments like this. Comments like this are what is fueling Trumps campaign.

We are so fucking sick of being called out as racists or mean or anti-woman or anti-science or whatever sanctimonious bullshit phrase you want to throw at us.

And yes, I'll get a flamebait mod with a few smug responses like "well then don't be conservative" or some variation of that but these comments are getting old.

Just look at this thread...
http://slashdot.org/comments.p...

For me to defend Bush makes me sick but these lies and name calling are getting ridiculous. And we are not really even into the primaries yet!

Re:Ironic

[XxtraLarGe]

Hillary had her own mail server. Big deal. That doesn't make me dislike her any more than I already do because all politicians are clueless about technology.

Yeah, because that's the only thing she's ever done.

Re: Ironic

[O('_')O_Bush]

Saying whatever the most ignorant of the GOP wants to hear while simultaneously acting as a puppet for Hillary is hardly honest.

Re:Ironic

[fightinfilipino]

look at my user name.

Trump went on air and intentionally mocked Asians by using a stereotyped pinyin/coolie accent. he went on air another time and labeled latino immigrants as criminals and worse things.

that is racist in my book. and if you don't see it, consider that you might actually be a racist, too. racism isn't just wearing white hoods and going around burning crosses. it's ALSO staying silent or even applauding utter garbage like that uttered by Trump.

the most disgusting part of it: Trump knows EXACTLY what he's doing. he's riling up the ultra-conservative base to build primary support. that is solid proof of what powers the modern GOP.

Re:Ironic

a lot of slashdot users work in IT, since when would we ever allow one of our users to setup and use their own personal email server while at work? we don't like to allow non-approved devices on our networks.

make an example of her!

Disclaimer I think both the dems and reps are crooks and don't support either group.

Re:Ironic

haven't they read the stories about there being almost no women on the site? or is that what those new customers prefer?

Re:Ironic

[amicusNYCL]

We are so fucking sick of being called out as racists or mean or anti-woman or anti-science or whatever sanctimonious bullshit phrase you want to throw at us.

So stop being racist, mean, anti-woman, anti-science sanctimonious bullshit?

In all seriousness though, this article has an interesting take on Trump:

http://www.huffingtonpost.com/...

Re:Ironic

[amicusNYCL]

Fewer than 15,000 vs millions of clearly fake profiles

We'll never know exactly how many women were actually using the site. 12,000 seems awfully low, frankly. That number only comes from the number of female accounts who paid to have their information deleted, which is the single best indicator that an account belonged to an actual person. On the men's side, only around 173,000 thousand men (out of over 31 million accounts) paid to have their information deleted. If the same proportion of men and women paid to have their accounts deleted then that would indicate over 2.1 million actual women using the site.

Like I said, I doubt we'll ever know the exact number, but the truth is probably somewhere between 12,000 and 2.1 million.

Re:Ironic

[TheCarp]

Well actually, I would say he plays to a broad demographic of uneducated, mostly poor, white people. He is, and always has been, playing a public character. His public character started when he inherited his fortune and spent the next decade or two pretending to be a shrewd business man just because he is rich.

Like most politicians, his words have no meaning, and his real backers know that. They know what side he will be on when the decisions come, and, its the same side all the other candidates are on.

It really has nothing to do with conservatism or liberalism, these are just words in the current politics. There is no ideology in a big tent parties, you can't maintain a large tent and actually stand for anything at all.

Fact is, Trump plays to both Republican and Democrat interests because he helps force people into the big tents by increasing the percieved danger of defectors, because defectors from the big tents are the only people who pose any danger to them.

Re:Ironic

...and it ends at home too!

(Captcha: infidels)

Re:Ironic

[vux984]

Like I said, I doubt we'll ever know the exact number, but the truth is probably somewhere between 12,000 and 2.1 million.

http://gizmodo.com/almost-none...

The truth is probably somewhere below 15,000 'real' members, and probably much lower, like 1000. After all, someone joining and responding to a couple messages and then never coming back is being counted as an "active" member here. I'm willing to bet of the 10k women who had replied to "at least 1 message", a majority of even them were gone within a week or two. And that 15,000 includes people who were active in the past but might not have used the site in 2 years... how many active women were there in the last 3 months? I think one could credibly suggest it was in the hundreds.

Only 1,492 women had ever checked their inbox. (20 million men had)
Only 9,700 women had ever replied to a single message. (Note the article explains how this number can be higher than the above number.) (6 million men did)
Only 2,400 women had engaged in chat. (11 million men did)

The higher portion of paid deletes for women also lines up with the large number of female accounts that basically existed for one day and never came back; a good number of those may have opted for the paid delete. Especially if they were only checking to see if their husband had an account.

The proportions don't line up 100% (although it makes sense that more men checked their inboxes; they weren't getting all the messages on login that women did. So women would answer their messages directly from login, and rarely check their inbox, while men would futilely check their inbox looking for messages that would never come.)

Frankly, as I said, based on what I see there. I don't think the site even credibly had even 1000 active women on it at any one time.

Re:Ironic

[AK+Marc]

Deliberately rude and abrasive isn't the same as honest. Rush Limbaugh has said that he doesn't believe what he says, but it gets the results he wants. I suspect Donald Trump is closer to that than honest. Or he's truly that much of an ignorant hypocrite. Who can better lead us to financial prosperity because no other candidate has declared bankruptcy as many times as he has, who understands the Mexican Menace more than anyone else because he employees more illegal aliens than any of them.

Re: Ironic

It's dishonest if he's faking it.

It he genuinely has that particular mental illness, then it's honest.

Re:Ironic

What's your opinion of illegal immigration?

Re:Ironic

[AK+Marc]

Hillary is evasive because if someone asks her what she had for dinner, and she says "chicken" the conservatives go to the media and talk about Hillary's anti-beef agenda, and then go to the beef lobby for money and support against the evil fascist anti-beef Hillary. So when asked about dinner, she says "food" and is attacked for being evasive.

It doesn't matter what her stance is. So many hate her as a person that her politics don't matter. To the conservatives, this is a personal issue, not a political or ideological one.

Re:Ironic

I try to avoid politics and the only overtly political people I know are conservative, highly educated wealthy minorities. If you still consider Asians to be political.

Re:Ironic

Why do you care how many women were on the site? You were probably looking for men there, you dirty bird gaywho.

Re:Ironic

Political defenses are funny. When ever someone says something negative about ones party or brings up an issue about a person the defense is typically one of two things.

Totally ignore the actual issue and come up with an excuse of why they are questioning the issue. The are only going after him/her because of "political" reasons or or because it is a witch hunt etc.

or

Totally ignore the issue and claim someone from another party is doing something just as bad.

The issue is typically not addressed directly.

Re:Ironic

[amicusNYCL]

I read that article the other day, that's where I got my numbers from.

The truth is probably somewhere below 15,000 'real' members, and probably much lower, like 1000.

If 12,108 accounts marked as female paid to delete their information, it is highly unlikely that there were fewer actual female users than that. 12,108 is the minimum. The paid delete functionality is the one good indication that an account was genuine, and those numbers were 12,108 for women and around 173,000 for men, like I said above.

31,343,429 male accounts
173,838 men paid to delete
0.55462342...% of men
12,108 women paid to delete
If the same percentage of women paid to delete, then there were 2,183,102 actual women

Hence my claim that the real number is probably somewhere between 12,000 and 2.1 million, which is less than the 5.5 million total female accounts and far less than the advertised 70/30 ratio. That's what I see from the data.

I don't think the site even credibly had even 1000 active women on it at any one time.

I'm not talking about "at any one time". We can't draw any conclusions about that from the data, I'm talking total numbers. Dating sites do not advertise who is online "at any one time", they show total accounts.

Re:Ironic

[tompaulco]

Who can better lead us to financial prosperity because no other candidate has declared bankruptcy as many times as he has

Oh, I'm sure some candidates have filed bankruptcy more than zero times, which is the number of times Trump has filed.

, who understands the Mexican Menace more than anyone else because he employees more illegal aliens than any of them.

Oh, I'm sure some candidates employ more than zero illegal aliens, which is the number that Trump has hired.

Re:Ironic

Xenophobia starts at home...

Damn, I thought it started at "X".

Re:Ironic

[penguinoid]

The guy who ran a website for cheaters was always open about that fact.

On the other hand he was less than honest about how many actual women were on the site. (Fewer than 15,000 vs millions of clearly fake profiles) and also less than honest about what a "paid delete" actually paid for.

[...]

If that's your idea of honesty and transparency, I don't know what you think counts as "dishonest".

OK then tell me which presidential candidate in the history of American politics, has ever admitted that some of his campaign promises might be for entertainment purposes only.

Re:Ironic

[vux984]

Yes, I know where and how you calculated based on paid deletes.

The paid delete functionality is the one good indication that an account was genuine,

a) First, no. I think "responded to at least one message" is FAR more telling. In theory they could have been faking reponses etc making that metric useless... but the fact that it is SO RIDICULOUSLY LOW tells us that they weren't, and it tells us that however many women joined only an insigifcant number deleted.

b) Also no. I think women may have been significantly more inclined to use the paid delete option then men for a variety of reasons. So your calculation is suspect. Further it evidently counts women who created an account only to lurk or see if their husband joined. Even if you want to count them as "members", the fact that they weren't responding to any messages at all is material evidence that even though they joined they simply weren't engaging in the site.

Look at "responded to at least one message" and "checked inbox".

Less than 10,000. You don't need to "correspond that with men" to come up with a number of women engaged in the site. It stands on its own. Less than 10000 accounts belonging to a female ever responded to a single message, fewer still ever checked there inbox. Half the men responded (to what exactly, I wonder?!!) and nearly all of them checked their inboxes.

You can't tell me there 2 million women on the site, when fewer than 10k ever responded to a single message or checked their inbox or enaged in chat. If they were "there" they may as well not have been as far as the men were concerned. And more likely than not, they weren't really there, or were signed up en-masse at A.M sponsored ladies night events. And they never used the site at all, beyond filling out a paper ballot with some info to get a free drink or something. (I admit I'm speculating here.) To count such accounts, where there is no evidence they logged in more than once, no evidence they logged in even once... is dishonest to say the least.

There is evidence 20,000,000+ men used the site. There is evidence fewer 10,000 women did. Whereas you call the paid deletes the "one good bit of data" I disagree... I suspect more women paid to remove there info from the site than actually used it, under a variety of scenarios.

I'm not talking about "at any one time".

I know. I brought that up after the fact to illustrate that not only was 10,000 the upper maximum of responsive women, but its extremely unlikely there were even that many women. 2 million simply lacks any credibility at all whatsoever.

Re:Ironic

[vux984]

OK then tell me which presidential candidate in the history of American politics, has ever admitted that some of his campaign promises might be for entertainment purposes only.

The president isn't the king. Anyone with basic civics knows that the president isn't really empowered to do all that much without the support of Congress; and is subject to the law and consitution, at least in theory :) and that even on something he can act on, may be challenged in court and tied up.

So an "election promise" by a presidential candidate amounts to little more than a policy statement.

That said, 45% kept, another 25% compromised isn't bad, and 7% more "in the works"...

http://www.politifact.com/trut...

http://www.politifact.com/trut...

And even the GOP leadership, fairs pretty well all things considered.

Really, if a politician really actually succeeded in doing everything they said they'd do, I'd be pretty worried that the entire democratic government system had collapsed. Putin maybe has the clout to do almost anything he says... not necessarily a good thing.

Re:Ironic

[AK+Marc]

Donald Trump has filed for bankruptcy 4 times. More than any other candidate, from any party.

Donald Trump has had many employees of his come forward as illegal aliens. No other candidate has had any do the same.

Re:Ironic

[AK+Marc]

And pointing out the truth when someone is being an idiot is a "political defense". I don't like Hillary. I won't be voting for Hillary. But I see her treatment by the conservatives (And the conservative media) as unfair and quite silly. But pointing that out apparently makes me a Hillary supporter, like her eating chicken makes her a beef-hater.

Re:Ironic

I'm less convinced in the transparency or honesty of pretty much any political candidate.

Apparently some people find Trump to be a little too transparent and honest.

It's not the transparency and honesty that bothers me. It's the batshit crazy that is on full display which bothers me.

Re:Ironic

We are so fucking sick of being called out as racists or mean or anti-woman or anti-science or whatever sanctimonious bullshit phrase you want to throw at us.

If you don't wish to thought of as "racists or mean or anti-woman or anti-science or whatever" then you would probably be well served by driving from your midst those who take (or support) outrageous xenophobic, anti-woman, anti-science stances on issues. Seriously. You guys have dug your own grave on this one. I used to be registered Republican but I just can't be associated with you any more. It's no longer just that the clown car is embarrassing but that I now consider many of the front running candidates to be a clear and present threat to the Republic. When you have dealt with the most egregious lot of crazy and driven them out, I might actually take another look at your party. Until then, though,....

Re: Ironic

And one of those 15,000 women was my ex-girlfriend. Man do I know how to pick 'em.

Re:Ironic

Actual numbers of warm bodies behind the keyboard are irrelevant, If they aren't responding to messages, they might as well not be there.

Re:Ironic

[penix1]

What's your opinion of illegal immigration?

And what is your opinion of the Statue of Liberty?

Give me your tired, your poor,
Your huddled masses, yearning to breath free,
The wretched refuse of your teeming shore,
Send these, the homeless, tempest tost to me,
I lift my lamp beside the golden door.

In the end, unless you are Native American, you are an immigrant.

Re:Ironic

If Illegal Immigration bothers you, there is a very easy solution. Legalize it!

Now, a reasonable debate can be had as to how much immigrations should be allowed, what the process should be, etc., etc. If there were some reasoned debate around what the immigration laws should be, that would be one thing. Start by looking at facts. For instance, almost any economist, of any political leaning, will tell you that immigration is good for economic growth.

Instead, all we ever hear is the histrionic "It's illegal, so it's bad". This really really comes off sounding xenophobic and racist. Absent a debate about what should or shouldn't be legal, I have a hard time understanding it any other way.

Re:Ironic

Donald Trump has filed for bankruptcy 4 times

Businesses Trump has been involved with have filed for corporate bankruptcy 4 times and he has been deeply involved in over 100 large scale business ventures. His record on this is ridiculously good and he has never filed for personal bankruptcy or come anywhere close to it.

Look, I hate Trump and will vote for Sanders or not at all, but attacking him on business is absolutely idiotic. He has been incredibly successful in business by any reasonable metric and he has far more experience here than any other President.

Re:Ironic

he went on air another time and labeled latino immigrants as criminals

He labelled illegal immigrants as criminals which they obviously are. He has said nothing but positive things about legal immigrants.

Re:Ironic

[AK+Marc]

Businesses Trump has been involved with have filed for corporate bankruptcy 4 times

So he signed the paperwork on 4 bankruptcies, but never went bankrupt. That makes logical sense only to an insane fanboy.

He has been incredibly successful in business by any reasonable metric

And, like most rich people, was born rich and white. Yay white privilege. He worked hard to be born rich and white. Eminem has more "business" experience than Trump. Eminem's net worth is many more times greater than Trumps, comparing today to birth. Yes, trump did well with the millions he was born with, but he was born a multi-millionaire. If you want to talk success, try talking about someone who started with nothing and built on that. Perhaps even had hurdles, other than how best to be a slumlord. His business track record isn't impressive.

Re:Ironic

Personally I think its one of Hillary's greatest strengths - as a candidate she's kinda boring but the R's have been throwing mud, bile and slander at her since the beginning of the 90s, nearly a quarter of a century of hate. At this point you could show her barbequing babies live on TV and half the US would go "see that proves she's a Socialist!" while the other half goes "Meh, Republicans will say anything."

Re:Ironic

[Anonymous+Cow+Ward]

Hell, even the Native Americans are immigrants. They came from Africa just like everyone else.

Re:Ironic

[Jack+Griffin]

His public character started when he inherited his fortune and spent the next decade or two pretending to be a shrewd business man just because he is rich.

Donald Trump was rich well before his father died...

Re:Ironic

[amicusNYCL]

First, no. I think "responded to at least one message" is FAR more telling.

You think it's more likely that a fake account will pay to delete their information than sending messages? I don't agree with that. Why would a fake account pay to delete anything? It's fake. Only a real account would bother to pay to have their information deleted.

but the fact that it is SO RIDICULOUSLY LOW tells us that they weren't

No, the number doesn't reveal anything like that.

and it tells us that however many women joined only an insigifcant number deleted.

Although that number is more significant than the number sending messages.

I think women may have been significantly more inclined to use the paid delete option then men for a variety of reasons.

The percent of female accounts that paid to delete is a little less than half of the male accounts who paid to delete, whatever that means. And it doesn't really matter what you think, I'm looking for what the data can point to instead of opinions.

Further it evidently counts women who created an account only to lurk or see if their husband joined. Even if you want to count them as "members", the fact that they weren't responding to any messages at all is material evidence that even though they joined they simply weren't engaging in the site.

That is not even relevant. It also doesn't factor the number of men who signed up only to look for their wife, so what? We can't even guess what those numbers are. Maybe it's 100%. Who the hell knows? Neither of us, and the data doesn't provide any evidence either way. I'm specifically trying to determine the number of actual women on the site as opposed to fake accounts. I'm not interested in, and cannot guess, their motivations for being there. The data does not provide a way to estimate that and, again, I'm less interested in opinions than statistical evidence.

Look at "responded to at least one message" and "checked inbox".

Look at "sent a message". Wait, you can't, because that's not in the data set. What about someone sending messages to other users telling them to respond via email or phone? That user would never need to check their inbox or respond to any unsolicited messages. That could very well be a large number of people (especially women), and we have no way to know that. We do know the number of people who paid to have their information deleted though.

You can't tell me there 2 million women on the site, when fewer than 10k ever responded to a single message or checked their inbox or enaged in chat.

Actually it's not that difficult, here let me try: There very well might have been 2 million women on that site, actively sending messages to men telling them to respond via email. There, that wasn't that hard. You cannot point to a single piece of evidence which would definitively and unambiguously refute that claim, either.

I admit I'm speculating here.

You are speculating with virtually all of your conclusions. So am I, which is why my range of 12,000 to 2.1 million women is so broad. Here's a question - if Ashley Madison can get men to sign up by operating 10,000 accounts to chat with the men, then why are there 5.5 million accounts marked as female? They don't need 5.5 million accounts, they need 10,000, so where did those other 99.998% of accounts come from? Are you trying to suggest that the database for female accounts contains 10,000 accounts either operated by Ashley Madison or actual women, with millions of women just trying to check on their husband? Now they are claiming that hundreds of thousands of new accounts have been created, including (at least) 87,596 female ac

Re:Ironic

[vux984]

I'm specifically trying to determine the number of actual women on the site as opposed to fake accounts. I'm not interested in, and cannot guess, their motivations for being there. The data does not provide a way to estimate that and, again, I'm less interested in opinions than statistical evidence.

One CAN determine to an extent their level of engagement. Never checking the inbox, or sending messages tells us a LOT.

Obviously, I disagree, and a statistician would agree with me.

A statistician would tell you that there are between 0 and 20,000,000 women on the site with an VERY high level of confidence.

They would agree with you that there are between 12,000 and 2.1 million with a high level of confidence; based on the paid deletes and the fact that it is a wide range.

And they would agree with me that there are between 5,000 and 15,000 women ENGAGED with the site with a high level of confidence, based on the strong evidence of a total lack of engagement with the site from the overwhelming majority of female accounts, despite it being a much narrower range.

You're looking at this from a psychological perspective, and I'm looking at it from a statistical perspective. That's the difference.

Not really, I'm looking it from a statistical perspective too. I consider the paid deletes to be something of an outlier; and don't see any evidence to support an assumption that men and women would pay to delete in the same proportion.

Further I am more specifically interested in female accounts that are ENGAGED with the site, as opposed to those who merely had accounts, but clearly did nothing with them, since they never checked their inbox or sent a single message.

I freely admit I am speculating that millions of those un-engaged accounts don't really even belong to women. But lets say I'm wrong and they were created by 'real women'... so what? they weren't checking or responding to messages.

Its misleading to the point of fraud to mischaracterize that many users. Facebook sells advertising based on the number of people on the site, and so forth. People buying the ads know that some percentage of those users aren't real and facebook acknowledges this... but you pay for "millions of users" and you expect to reach "millions" of users. It might not be quite as many millions as they have users, but it should be in the right ballpark. If it came out that only a few thousand people on facebook actually were seeing the ads you were paying for instead of the millions they promised? That would still be fraud.

Similarly, AM was charging money to send messages to millions of women on their site, while they had actual knowledge that only a few thousand were actually even looking at messages... that's fraud in my eyes. And they were withholding that information to entice men to spend more money sending more messages to women that weren't receiving them. That they KNEW weren't receiving them.

Re:Ironic

[amicusNYCL]

One CAN determine to an extent their level of engagement. Never checking the inbox, or sending messages tells us a LOT.

The data does not indicate whether or not a message was sent at all.

based on the strong evidence of a total lack of engagement with the site from the overwhelming majority of female accounts

Again, the data simply does not show that. You're looking at a single metric or two (inbox opened, messages replied to) and trying to extrapolate additional information that is simply not there.

I consider the paid deletes to be something of an outlier; and don't see any evidence to support an assumption that men and women would pay to delete in the same proportion.

I don't see any evidence to suggest that they wouldn't. Hence an upper bound and not an absolute number. I would find it unlikely that the number of actual women would be near the upper bound. It's probably in the middle.

Further I am more specifically interested in female accounts that are ENGAGED with the site

Then you're looking at the wrong data set, because it doesn't contain the information necessary to estimate that. At best you can only estimate the minimum, which you have apparently pegged at "less than 10,000" and assume that to also be the maximum due to a lack of data, which is not even included in the data set we have. You interpret the fact that we don't have that data as assuming that the data simply does not exist. I haven't downloaded the entire leaked data, but it sounded like it contained messages sent between users. That list of messages is the data you're actually looking for, so feel free to set up a database, import the data set, and analyze it. A single field in the table full of users is not a meaningful substitute for that data.

But lets say I'm wrong and they were created by 'real women'... so what? they weren't checking or responding to messages.

So what? Maybe they were sending messages. Women I know enjoy using dating sites like window shopping. They look at men and message the ones they are interested in. Why wouldn't they try to take that conversation off the site using a burner email account? That way it looks like they're checking email instead of using a dating site. Your only 2 data points are checking the inbox and responding to messages they get. You don't have any data that shows how many profiles they looked at or how many messages they send, and again, you're interpreting the lack of that data to assume that the data does not exist and setting your maximum accordingly. I'm not making that assumption.

Similarly, AM was charging money to send messages to millions of women on their site, while they had actual knowledge that only a few thousand were actually even looking at messages... that's fraud in my eyes.

They were charging men to be able to read the messages they received from women. If an actual woman sent a message to a man and he paid to be able to read it then that is not fraud. And, for the hundredth time, the data that we are looking at, and the data that Gizmodo analyzed, does not contain that information. It is not possible to claim with even any degree of reasonable certainty that the maximum number of women on the site is the low tens of thousands. That is the lower bound, not the upper bound. We can only determine a reasonable lower bound, and then try to extrapolate an upper bound based on what we know and assume about the men. That's exactly what I did with my calculations above, and the upper bound I reached was 2.1 million. That still leaves well over 10 million total users of the site, or around a third, that probably didn't do anything except look around. That sounds reasonable to me. It sounds ridiculous to assume that a site with that much marketing had no more than 15,000 or so women actually using it. That claim does not pas

Re:Ironic

[vux984]

There's actually an update to the Gizmodo article since I'd last read it. I'm reading the new article now.

http://gizmodo.com/ashley-madi...

Its quite interesting.

You're looking at a single metric or two (inbox opened, messages replied to) and trying to extrapolate additional information that is simply not there.

You are right. I conflated "replied to" with "sent". That changes things significantly. But the debate is somewhat mooted by the new article.

-cheers

Re:Ironic

[amicusNYCL]

That seems pretty interesting, I'm kind of losing confidence in the woman writing those articles though. She's making statements like this:

Looking at the code, there appear to be several database tables where the system keeps track of when humans chat or message with other humans. It also seems that Ashley Madison even keeps records of what each member says to the other in chat sessions. ... So much for Ashley Madison's guarantee that they'll keep your affair hushed up. Right now, the company has reams of incredibly incriminating personal information about everything its human users are doing and saying.

I mean, where are they supposed to store that data if not in a database? She sounds a little bit alarmist and relatively non-technical for someone trying to analyze a database dump.

Perhaps one of the most poignant parts of reading the engineers' comments in the code was when I uncovered a set of descriptions for how the engager bots should act. I found these in a database devoted to engager activity. Here are a few of them:

host bot mother creates engagers

birth has been given! let the engager find itself a man!

randomizing start time so engagers don't all pop up at the same time

for every single state that has guest males, we want to have a chat engager

Annalee, you found those in code comments or a database?

They operate by inhabiting, as a demon might, previously existing fake profiles

Yes, it's all witchcraft and sorcery.

The Angels, also called "hosts" by the company’s engineers, lay dormant until a bot animates them and uses them like a skin to contact a male user.

I think that Annalee thinks that her target audience is politicians.

It's unclear what else the engager would say - either the bots really are this simple, or further chat phrases weren't in the code. Most likely, based on what I saw from other bot code, the bot would urge the man to pay credits to talk further.

The most genius part of this entire scam is that the men will never go to the authorities if they figure it out. If a man gets messages from 10 different women all saying this:

I'm sexy, discreet, and always up for kinky chat. Would also meet up in person if we get to know each other and think there might be a good connection. Does this sound intriguing?

He's going to know that he's being scammed. He's not going to tell anyone about it though, beyond complaining to the site. He's not going to the media. It's like the druggie who gets his drugs stolen. He's not going to call the police to report that.

All told though, it's an interesting article with some better analysis. Upon hearing about the leak this was what I was most excited about - getting a real insider peak at how a dating site actually operates, from an analytical perspective it's great that both the source code and some or all of the database was leaked. From a privacy perspective that's obviously a horrible thing, but I'm definitely interested in the broad (non-personal) conclusions that come from seeing all of this information.

She posted another article here that shows the profit motive for running the bots, from email:

http://gizmodo.com/one-chart-t...

Re:Ironic

[vux984]

I think that Annalee thinks that her target audience is politicians.

I'd expect it's people that read a lot of gizmodo ... which sort of says all that needs to be said.

The most genius part of this entire scam is that the men will never go to the authorities if they figure it out.

Agreed.

getting a real insider peak at how a dating site actually operates,

Also agreed. I almost think this 'reveal' should prompt some regulation of dating sites. They should be obligated to provide the services people think they are buying. Sites like OK Cupid and eHarmony etc... I'm sure they are better... we all know people who have met someone there... but is it really all on the up and up or is there a lot of shady going on there too?

Re:Ironic

[amicusNYCL]

I think that some are more obvious than others. I was on OK Cupid, for example, and I met people just fine without paying anything. The fact that AM charged men to read messages should be a major red flag. It's kind of hard to legislate though, especially when the fine print says that many accounts are there just for entertainment. It's a pretty thin line, especially when those accounts aren't marked as being a bot.

That really narrows it down

[hawguy]

There must only be a handful of people that could match such a specific description: listens to AC/DC, uses twitter, and denies any culpability. AC/DC has only sold around 200 million albums, so that alone dramatically restricts the possible culprits. The intersection between AC/DC aficionados and Twittter's 300M active users must be minuscule, maybe only one or two possible people.

Re:That really narrows it down

[sexconker]

Seems about as solid as the reveal of Satoshi Nakamoto.

Re:That really narrows it down

[tomhath]

When you only include people who had access to the source code before it was publicly available, the pool becomes quite small.

Re:That really narrows it down

Yep, pretty flimsy. Embarrassingly so really.

Re:That really narrows it down

[meta-monkey]

Didn't a variant of stuxnet play Thunderstruck when it pwned the Iranian nuclear facilities? So, one does not have to be an AC/DC fan to think up taunting AM with Thunderstruck during the hack. Just giving a nod to stuff better hackers than you did before.

Re:That really narrows it down

[infolation]

I thought all hackers hacked to AC/DC's Thunderstruck? Are you saying hollywood is wrong?

Re:That really narrows it down

Thunderstruck wasn't even a song when David Lightman was pulling off his kung-f00.

Re:That really narrows it down

Maybe on that point hollywood might be wrong... but I'm pretty sure they all get BJs while they're at it.

Re:That really narrows it down

[meta-monkey]

Wait, what!?! And here I've been hacking away without so much as a tug for all these years. Monday morning I'm marching right into HR and DEMANDING a sloppy beej on at least a weekly basis, as is standard in the industry.

Re:That really narrows it down

[rtb61]

Ahh, so the whole Ashley Madison hack was actually a surreptitious promotion of AC DC https://www.youtube.com/watch?.... So hacks are bad and some a truly hilariously glorious. What is even funnier is data analysis of the Ashley Madison information tended to indicate that by far the majority of 'females' were fake entries and it is not the data leak killing the company but the rampant fraud by company being exposed (so many rats caught by so much fake cheese). Who knows perhaps AC DC is hacking music.

He should be going to jail

He ran a fraud:

Almost None of the Women in the Ashley Madison Database Ever Used the Site

...

About two-thirds of the men, or 20.2 million of them, had checked the messages in their accounts at least once. But only 1,492 women had ever checked their messages.

...

... a member had last replied to a message from another person on Ashley Madison. 5.9 million men had done it, and only 9700 women had.

...

Out of 5.5 million female accounts, roughly zero percent had ever shown any kind of activity at all, after the day they were created.

...

Re:He should be going to jail

[tnk1]

I sincerely doubt it would legally be a fraud, I imagine they had those bases covered with ToS language. I agree that it was certainly misleading given the fact that they apparently had bots pretending to be females.

There were definitely women who used the service, however. Both the credit card records and some reports of females who had used it make that pretty clear.

There's also the fact that once a female made a response in that sort of environment, you'd probably have a date and be able to take it off the site, whereas males would spend more effort and money because they'd usually end up pursuing many more "non-productive" leads on the site (and therefore being forced to use the site for all contacts).

As you pointed out, the numbers of women actually participating were overwhelmingly dwarfed by number of males, just as they are on most dating sites. Most of the money in those sites is getting males to stay interested enough to keep shelling out money. It's like ladies night at the bars.

Re:He should be going to jail

[HornWumpus]

Ladies night in you neck of the woods involves a bunch of men in dresses trying to fool someone?

You need to find some new bars to go to, unless that's what you're into of course.

Re:He should be going to jail

[vux984]

I imagine they had those bases covered with ToS language.

A judge may not side with them just due to ToS. And A.M. misrepresented the facts pretty grossly here, and failed to live up to its obligations (paid delete).

Canada is pretty pragmatic about contracts; and its pretty common to side with the "little guy" if the contract is deemed to be deliberately constructed to weasel out of what a reasonable person should think they were signing up for.

There's also the fact that once a female made a response in that sort of environment, you'd probably have a date and be able to take it off the site,

Even so... only 9700 accounts by women ever sent a single message. And we don't know how many of those 9700 sent only one and then vanished, or how many of them had been online in the last 3 years... the number of active women on the site could well have been in the middle HUNDREDS.

As you pointed out, the numbers of women actually participating were overwhelmingly dwarfed by number of males, just as they are on most dating sites

1) Were not talking overwhemlingly dwarfed. I consider 10 or 20 to 1 to be overwhelmingly dwared. We're talking thousands to 1, maybe even 10s of thousands to 1. You could spend your whole month sending female profiles messages without getting a response... not because the women weren't interested in you, but because you never actually sent it to an account a woman actually even used.

Given that AM is charging you to send messages to these women (over and above "membership")... they are literally taking money so you can send a message to a fake account that no woman has ever used. Men may have to accept that not every message they send will be responded too, or even read, but to accept (without clear disclosure) that they have *vanishingly small odds* the messages they are paying to send will even be delivered to an account a real person even uses is beyond the pale. That's fraud.

just as they are on most dating sites. Most of the money in those sites is getting males to stay interested enough to keep shelling out money.

All that suggests is that fraud is probably pervasive in the industry and perhaps we should regulate these sites to disclose membership numbers, and for those numbers to be independently audited.

So that consumers can make an informed buying decision.

It's like ladies night at the bars.

I can see pretty clearly whether or not there are any ladies at the bar. And its not terribly hard to tell if they are all hookers and hostesses paid by the bar itself to be there.

Re:He should be going to jail

[tnk1]

Not precisely what I was getting at with that comment.

Re:He should be going to jail

You're assuming Gizmodo did a good analysis, AM didn't screw up their database, and the hackers didn't tamper with the database.

It seems that a fraction of the accounts were fake. The rest of the accounts were possibly real, but the database says they didn't reply to a message. If it cost money to send messages, maybe men just included an phone number and email address in their message?

It's very easy to imagine men on a dating site would outnumber women 5:1. It's hard to imagine them outnumbering women 3,000:1. Men and women might be different, but they're not that different.

Re:He should be going to jail

[AthanasiusKircher]

He ran a fraud:

That seems possible, and perhaps even likely. But the Gizmodo story overlooks something.

From your link:

There are definitely other possible explanations for these data discrepancies. It could be that the women's data in these three fields just happened to get hopelessly corrupted, even though the men's data didn't. Or maybe most of those accounts weren't deliberately faked, but just represented real women who came to the site once, never to return.

There's an obvious missing alternative possible explanation here -- The hackers could have tampered with the data.

This hack is notable because of its specific target of embarrassing and destroying the reputation of the company. Erasing or tampering with very specific database fields that make it look like Ashley Madison was perpetrating a complete fraud... well, that's certainly a convenient way to provide the final knife blow to any credibility the site or its management might have had.

Don't get me wrong -- I have no doubt that the site likely fabricated thousands or maybe even tens of thousands of female profiles, perhaps as initial enticement to get the site going in the beginning (since female numbers obviously are going to be less, as on any dating site). But the Gizmodo analysis wants us to believe that the ratio of active male:female members was something like 1000:1 or greater. Men and women certainly are different, but it's a little hard to believe that they're THAT different.

I'd say it's at least POSSIBLE that this data has been altered or tampered with by hackers who clearly have a specific moral agenda. This kind of tampering -- if it happened -- would effectively further their agenda to discredit the company. But perhaps it also serves other purposes... certainly there's been speculation that this moral attack was motivated by a personal affront or something. Perhaps the hack was partly motivated by someone specifically angry about a situation involving men cheating. Erasing data from most of the female accounts makes the men look even more desperate and pathetic than before, while simultaneously making the women look more "innocent."

I don't much care either way. But the reality is that the only data being used to support these claims has passed through hackers who clearly have their own agendas. Thus, we should be suspicious about apparent trends in that data which also conveniently further the hackers' moral agenda.

Not saying my hypothesis here is true, or even that it's likely. But it shouldn't be completely ignored as a possibility.

Re:He should be going to jail

While I mostly agree, it does appear that the data may have been scrubbed of much of its data in regards to females.

Re:He should be going to jail

You refer to Bangkok in your sig, yet you've never been there yourself, it seems.

Re:He should be going to jail

I suspect the real reason the CEO stepped down/was fired was not for the hack, but that the fraud was exposed, throwing suspicion that the remainder of their sites are also fraudulent -- including Swappernet, Established Men, CougarLife, ManCrunch, etc.

Legalities aside, who would be so foolish to use one of their sites now?

Or any dating site, for that matter?

Re:He should be going to jail

You've never seen "How To Uninstall McAfee Antivirus"?
https://www.youtube.com/watch?...

Re:He should be going to jail

I'd try to verify this .. but I'm too busy laughing :-)

Re:He should be going to jail

Perhaps they have stonings in his neck of the woods:

https://www.youtube.com/watch?v=bDe9msExUK8

The hacker is me, Spartacus

I...I am Spartacus.

Re:The hacker is me, Spartacus

No, I'm Brian, and so's my wife!

CEOs stepping down

[Bovius]

Protip: The CEO stepping down after a public embarrassment has never been anything other than a publicity stunt to save face. It does not represent remorse or an intent to change policy. At most, it means "we want someone who will do continue to do the same things we've always done but, somehow, will magically make these revelations stop happening".

I would be shocked if Biderman wasn't receiving a nice golden parachute along with it. Or at least silver.

Re:CEOs stepping down

[MightyMartian]

I'm not sure what the point of any of this is. Between the hacks and the revelations that the site is little more than a few hookers, some staff trying to titillate members, and a whole fucking lot of men, I'd say AM is pretty much dead at this point.

When I'm tinfoil hat mode, I wonder if this hack was really about some competitor committing an act of commercial homicide. It sure would be one way to wipe out a dominant player in the "find you a fuck buddy" industry.

Re:CEOs stepping down

[gstoddart]

It sure would be one way to wipe out a dominant player in the "find you a fuck buddy" industry.

Is this an actual industry?

Wow, I'm out of touch with this stuff.

Re:CEOs stepping down

One of their former people did claim to have hacked Nerve.com and taken their entire account database.

http://www.theguardian.com/technology/2015/aug/25/ashley-madison-discussed-hacking-competitor-site-nerve-com-emails

Re:CEOs stepping down

[tlhIngan]

Protip: The CEO stepping down after a public embarrassment has never been anything other than a publicity stunt to save face. It does not represent remorse or an intent to change policy. At most, it means "we want someone who will do continue to do the same things we've always done but, somehow, will magically make these revelations stop happening".

I think it's more revealing that AM with full consent of the executives were caught doing the same thing to a competitor. AM is not clean and neither are its executives whose email showed them encouraging hacking of toher sites.

Him stepping down is probably a requirement because AM is not an innocent site helping straying spouses, but also into the same game of hacking competitors. Probably for the same reason.

Hell, for all we know, AM may have been threatening one of their competitors with a database release. It's just going to be a lot less innocent and possibly, the execs will have to be charged with the same crimes as the Impact Team.

Re:CEOs stepping down

[mentil]

I expect they'll hire someone from a well-known tech company to be CTO, who will give a buzzword-filled speech frequently referencing encryption and 'best practices' and how incredibly secure their new system will be. The new CEO will announce that they won't hold on to personal data any more once one pays to delete it, that financial data will be held in a separate system/outsourced, and steps will be taken to improve the male/female ratio. They might even change their TOS to remove reference to the 'for entertainment only' women, and claim to stop using them. They'll almost certainly change their website name, maybe just to the initialism 'AM', to make it harder years from now to find out that it'd been hacked.

One might remember that Plenty of Fish and Adult Friend Finder have both been hacked in recent years, which didn't kill those sites.

Re:CEOs stepping down

[Firethorn]

Is this an actual industry?

Personal ads back in the paper days, craigslist, etc...

Yes, it's an industry. However, most at least maintain the pretext that it's 'singles' seeking others.

Re:CEOs stepping down

[meta-monkey]

Never heard of Tinder, Adult Friend Finder, Fuckbook, etc?

Re:CEOs stepping down

[Lab+Rat+Jason]

Technically it's the second oldest profession...

Re:CEOs stepping down

[hodet]

Then they may have just shot themselves in the foot as well. If there were only 15000 women on the world's largest site and millions of men, it is hard to believe that the second tier sites are not the same. Lol, the world's biggest sausage fest. Good luck 'rest of industry'.

Re:CEOs stepping down

[tnk1]

Biderman was a founder of AshleyMadison.com. You can be sure he's already been paid. Unless he's been squandering his money on hookers and blow (which admittedly is something he might do), he's not going to lose his shirt.

Any lawsuits that breach the corporate barrier may be an issue, though.

He quit because that is what a CEO does who has presided over such a disastrous set of events. At least in this case, he was the man in power during all of those actions, so he did richly deserve it. He's not just the scapegoat/sacrifice.

 

Re:CEOs stepping down

[MightyMartian]

I long ago heard some anecdotal claim that most of the people on lesbian web forums were middle-aged men dirty talking to each other.

Re:CEOs stepping down

[TeknoHog]

I've never understood why stepping down is the responsible solution for CEOs, politicians or whatever after a major embarrassment or mistake. Maybe it's because I think like an engineer. If I make a mistake, I should be the one to bite the bullet and fix it. Instead, the CEO/politician solution is to walk away and let other people clean up the mess. This way, real issues in society are never actually fixed. It's as if "saving the face" is more important than actually fixing broken things.

Re:CEOs stepping down

[AmiMoJo]

You would expect senior AM staff to bail before the company collapses, but it's interesting that even people at the parent company are getting out before their payoffs get swallowed up by litigation and bankruptcy.

Re:CEOs stepping down

I've never understood why stepping down is the responsible solution for CEOs, politicians or whatever after a major embarrassment or mistake.

While I'm sure there is certainly an element of saving face to it, on a more practical level CEOs probably step down because after a really big mistake everyone has lost all confidence in them. If the mistake is small this can be forgiven and the one who made the mistake will likely be trusted to fix it. But for a mistake of this magnitude, not likely.

Re:CEOs stepping down

[thegarbz]

Did the hacks of those sites reveal that the chances of actually finding a female on the site was somewhere in the same uncertainty range of winning the lottery?

People have short memories about hacks and their personal information.
People have long memories when they realise they weren't getting screwed at all in the way they were hoping.

Re:CEOs stepping down

[Jack+Griffin]

One might remember that Plenty of Fish and Adult Friend Finder have both been hacked in recent years, which didn't kill those sites.

Because single people don't care if they're found to be members of an online dating site. Your wife however....

Not to worry.

He'll find another place to lose control of people's data.

Revenue numbers

[doconnor]

Has anyone compared the claimed $115 million in revenue to the leaked data? I've read some suggestions that their revenue was a lot higher.

I'm not sure this is the right response

[damn_registrars]

Make no mistake, I don't like what Ashley Madison did. They've been exposed for running a scam web site designed to sucker men out of lots of money quickly. However, that doesn't justify the hack - which is almost certainly a criminal offense at this level. Sure, the hackers took down the CEO of Ashley Madison, but we don't know what will happen next. They might just relaunch with the same aims and different window dressing. Meanwhile we seem to be celebrating the actions of the hackers, in spite of the fact that they did break the law.

Just because they used illegal techniques to attack a morally reprehensible company doesn't mean their techniques are magically vindicated. Celebrating the hack is immoral as well.

Re:I'm not sure this is the right response

[godrik]

I do not think many people are celebrating these hackers. I have no personal stakes in the story but I follow it because I find it socially interesting. It shows that security of webservices is critical to the life of many people. Ashley Madison is one thing with measurable but small social impact. If facebook's database was made public, the uproar would be much bigger.

Overall, this story makes it more clear why I would rather not participate in so called social networks. And it also gives a good example to give my student when talking about SQL injection, stack overflows and user input validation in general.

Re:I'm not sure this is the right response

[s.petry]

You do a good job covering the "Two wrongs don't make a right" argument, but that does not excuse AM from it's wrong doing. Look at this from a slightly different perspective.

AM doing shitty things resulted in vigilantism because these people are operating illegally (AFAIK at least) and nobody was doing any investigating or prosecution. I'm sure that Canada has laws to protect consumers from deceptive advertising tactics and fraud. If not, the US could request that Canada extradite the people responsible and provide full criminal prosecution. That latter part gets completely overlooked because people are too busy looking for the vigilante to see why someone thought it necessary.

While I surely don't put these hackers on any high moral ground I see them "not so" different from Snowden, Manning, Schwartz, etc... Their cause may not match your morality, but yours may not match theirs either.

Re:I'm not sure this is the right response

The only people exposed were lying to their families. Nobody else had any great reason to worry.

Re:I'm not sure this is the right response

[damn_registrars]

I do not think many people are celebrating these hackers

Admittedly, it is hard to say how many people are celebrating them. However, there have been plenty of posts and stories here on slashdot that have been. And when hackers (and wannabe hackers) see that publicity they might consider going that way against something that they dislike as well...

Re:I'm not sure this is the right response

Sure, the hackers took down the CEO of Ashley Madison, but we don't know what will happen next.

They also indirectly took out a couple of suicide committers. Sure, they would have killed themselves anyway eventually, but still a trigger is a trigger.

to attack a morally reprehensible company

Dating sites should reveal their true gender biases as a matter of standard business ethics. It's not something that easily comes to mind for an entrepreneur in the field without some external pressure.

Re: I'm not sure this is the right response

[jxander]

Sure, they broke the law. Do did Batman, Robin Hood, Han Solo, Edmond DantÃs, Malcolm Reynolds and a host of other characters.

As a society, we absolutely love stories where some rogueish antihero skirts the law to bring down or expose some greater villainy. Is it any wonder that we react similarly when it happens in real life?

Re:I'm not sure this is the right response

[tomhath]

Except it wasn't about vigilantes taking down an illegal website because society hadn't stepped up to the task. They stole personal data and are now trying to blackmail people with it. Where are the vigilantes who watch over the vigilantes?

Re:I'm not sure this is the right response

[grimmjeeper]

I don't condone hacking but I have to wonder if the original intent was to find specific people of prominence to blackmail. But when they found out that there were basically no women on the site and all the men were being systemically defrauded, they decided to expose the whole company instead. That to me makes a certain amount of sense.

No matter the original intention of the hackers and how it led to the release of the records, I have to wonder how long it will be until the class action lawsuit is filed by the subscribers. And, with as much evidence of widespread and organized fraud as has been released, I have to wonder if the FBI is looking into pursuing any investigation under the RICO statues. Regardless, I have a feeling this story is not going to be over any time soon.

Re:I'm not sure this is the right response

[phantomfive]

Just because they used illegal techniques to attack a morally reprehensible company doesn't mean their techniques are magically vindicated. Celebrating the hack is immoral as well.

If the hacker gets caught, he'll end up in jail, but tell me you didn't smile when you first heard about the hack. It's pretty hilarious.

Re:I'm not sure this is the right response

"There is no good and evil but thinking makes it so."

I think AM was evil and the hackers were doing the lords work.

Re:I'm not sure this is the right response

[snarfies]

Look, you got caught cheating. We get it. I suggest you make the best of it and move on.

Re: I'm not sure this is the right response

Sure, they broke the law. Do did Batman, Robin Hood, Han Solo, Edmond DantÃs, Malcolm Reynolds and a host of other characters.

As a society, we absolutely love stories where some rogueish antihero skirts the law to bring down or expose some greater villainy. Is it any wonder that we react similarly when it happens in real life?

Why don't you list some actual hero's like MLK.

Re:I'm not sure this is the right response

Since the leak, and arguably because of the leak, there is now a class action lawsuit in Canada:

http://abcnews.go.com/International/wireStory/ashley-madison-faces-578m-canadian-class-action-lawsuit-33234548

Re:I'm not sure this is the right response

[damn_registrars]

nobody was doing any investigating or prosecution.

I'm not so sure that nobody was doing any investigating or prosecution. Just because there wasn't front-page news about such an action doesn't mean it wasn't being done. The wheels of justice don't always turn quickly, and fraud investigations in particular are seldom quick.

I'm sure that Canada has laws to protect consumers from deceptive advertising tactics and fraud.

I'm pretty sure they do as well.

If not, the US could request that Canada extradite the people responsible and provide full criminal prosecution.

That would be difficult (although I expect the Canadian laws would be more than sufficient). There are many cases of international fraud being committed over the internet with American victims, and very few (if any) result in the perpetrators being extradited.

people are too busy looking for the vigilante to see why someone thought it necessary.

I have seen far more people celebrating the vigilantes than people searching for them. For that matter, more people seem to be searching for them to celebrate them than to seek them to be prosecuted for themselves breaking the law. This sets a bad precedent for future vigilante hacking.

I see them "not so" different from Snowden, Manning, Schwartz

You are entitled to your opinion but the fact of the matter is that Schwartz in particular was an idiot who broke the law and deserved to be punished. He did not deserve to die but he made that choice himself. These hackers are comparable to him, but neither are comparable to Snowden or Manning.

Re:I'm not sure this is the right response

[s.petry]

Ashley Madison was not intentionally deceiving people to make money? The Police were all over them ensuring prosecution for fraud? Regulators were investigating? AM had no notice to come clean long before the breach? None of those are true and you know it.

So what you are saying is those guys can lie for some reason. Is it because they have lots of money? You happen to have morality that sympathizes with cheaters? Sorry, I don't see them as any better than the people selling "grow 3 inches" medicine. Lies are lies, and deceit is deceit. _YOU_ can attempt to rationalize it all you like, but I won't agree.

Re:I'm not sure this is the right response

[vux984]

Make no mistake, I don't like what Ashley Madison did. . They've been exposed for running a scam web site designed to sucker men out of lots of money quickly. However, that doesn't justify the hack - which is almost certainly a criminal offense at this level.

Just because they used illegal techniques to attack a morally reprehensible company doesn't mean their techniques are magically vindicated. Celebrating the hack is immoral as well.

And Rosa Parks should have gone to jail for disobeying a bus driver right? If an activist didn't break the law, they probably aren't getting anything done.

The "protesters" holding signs and singing songs in the designated free speech zone behind parking lot D and signing whitehouse.gov petititions... those guys are accomplishing jack and shit.

You want real change? You need need real activism, a few hundred thousand people blocking all the streets around the state capital, and refusing to disperse... protesting with out a permit?! gasp. But they're breaking the law... and we shouldn't celebrate them.

Whether its Rosa Parks breaking the law that said she had to move to the back when the bus driver said so. Or activist journalists violating the law in some state preventing them from videoing or photographing animal treatment in farm facilities. Breaking the law is sometimes the right thing to do; sometimes the necessary thing to do.

At the same time, yes, vigilantism, bypassing the legal system to mete out punishment directly is often a miscarriage of justice, and that is immoral.

The upshot is that morality of an illegal act hinges on a lot more than simple legality.

The law tries to reflect morality... not the other way around.

Celebrating the hack is immoral as well.

In this case maybe. Or maybe not. The fact that the hack was illegal does not automatically make it immoral. Given the extent of fraud perpetrated, maybe it was moral. Given the "innocent" victims... maybe it wasn't.

So far, I think the balance is that it was moral.

Re:I'm not sure this is the right response

[damn_registrars]

Just because they used illegal techniques to attack a morally reprehensible company doesn't mean their techniques are magically vindicated. Celebrating the hack is immoral as well.

If the hacker gets caught, he'll end up in jail, but tell me you didn't smile when you first heard about the hack. It's pretty hilarious.

I don't care for AM. If what I read about them on wikipedia (in particular the number of bogus "female" accounts that exist primarily to separate men from their money) is true they are a terrible operation. However, the hack did not show us what is written about them on wikipedia, other work did. This is the information that will be the most useful towards shutting them down (as a fraudulent operation).

Pretending that the hack did some kind of great public good itself does no public good.

Re: I'm not sure this is the right response

[Lab+Rat+Jason]

I think you completely missed the GP's point... which was that we craft our fiction to reflect our reality. As a society we do, in fact, love vigilantism. Even if we do outwardly claim to despise it.

Re:I'm not sure this is the right response

[phantomfive]

You didn't answer the question. Did you smile when you first heard about the hack? It's pretty hilarious.

Re:I'm not sure this is the right response

Remind us this next time you're being "restrained" for "resisting arrest"... wouldn't want a vigilante citizen to step in and stop that police officer's lawful battery would we?

Re: I'm not sure this is the right response

Who ironically cheated on his wife.

Re:I'm not sure this is the right response

[ThatsDrDangerToYou]

Ashley Madison is one thing with measurable but small social impact.

Clearly you haven't seen my profile. Just ask all my ladies about my "social impact".

[bonus joke: that's what she said]

Re:I'm not sure this is the right response

[meta-monkey]

The hackers didn't blackmail the users. Or, they're really, really bad at blackmail. There's two parts to blackmail:

A) "Hey everyone! Here's what this guy did!"

B) "Hey buddy, pay me or I'll tell everyone what you did."

For blackmail to be effective and profitable, which should come first, A or B?

Re:I'm not sure this is the right response

I do not think many people are celebrating these hackers.

So I'm one of the few then. So a bad company/site got disrupted - good work. And now there's blackmail - good work that too. You see - blackmail only works against people with double standard - no sympathy for them.

By all means - have affairs if you feel like it. But don't come crying if you're found out! A marriage ending is not the end of the world. When blackmailers come calling, tell them to piss off. All they can do is tell stuff - no real damage. You can even report them if you like. Infidelity is only impolite - blackmail is illegal.

Re:I'm not sure this is the right response

[meta-monkey]

Few people are "celebrating."

We're sitting here with our popcorn. You've got fuckers (Impact Team) fucking fuckers (AM) who were fucking fuckers (cheaters). Impact team also fucked those last fuckers.

Oh and if they get caught then more fuckers (the government) will fuck those first fuckers (Impact Team). And may also fuck those second fuckers.

I feel a tiny bit bad for any innocents who may have been on AM who had their data leaked. But, well, you lie down with dogs...

Re:I'm not sure this is the right response

I'm celebrating these hackers. But it's nothing to do with the airing of anybody's personal dirty laundry. It's about bad security, and dishonest claims of security.

We've known for decades that any organization large, small, government, private, or otherwise will NEVER come clean unless forced to.

Vendors will sit in security vulns and not fix them. Governments will sit on secrets and let justice go unserved. Police departments will sit on evidence and watch innocent people get executed.

Ashley Madison claimed to run a secure forum for people to connect and they lied. They lied about the security, they lied about who they connected to who, and they lied about their engagement services.

They ONLY way to punish them is to make the data public. The airing of personal details is is bad, yes, but the guilt lies ENTIRELY on the Ashley Madison company because they're the ones who fucked up.

What the hackers did is not only correct, but extremely ethical. Unethical would be to let Ashley Madison continue operating their scam operation. Will people hate them? Yep! Will the police go after them? Sure will! - This is the lot of the whistle-blower and the muckraker and the black hat hacker.

Like all things truly worth doing, expect nothing but contempt and scorn. Especially from the ones you're helping most.

Re:I'm not sure this is the right response

[houghi]

But the Facebook Database is available to the public. Oh, you ment for free. Sorry.

Re:I'm not sure this is the right response

[HornWumpus]

Did you not also smile when you first heard of the Fappening?

Re: I'm not sure this is the right response

[LordSnooty]

It's a three way fucking. The only ones not fucking are the blokes, who ironically paid to fuck in the first place.

Re:I'm not sure this is the right response

[amicusNYCL]

What was the point of that post? Are you suggesting that the hackers are some sort of vigilante activist group out to stomp out infidelity or immorality in general? Is that what you think this is about?

From the first statements by the hackers it seemed pretty obvious that this was personal, an attack against that specific company (and the CEO personally) for fraud, personal enough that it sounds like the hackers got burned by the company at some point. I don't see any crusade against immorality here. The hackers were taunting the CEO personally, even while apologizing to some of the security people at the company.

The hackers knew that company, almost as if they had worked there at some point... maybe like that Thadeus Zu character, who claims he spent a year living in Canada. Guess where Avid Life Media is based.

Re: I'm not sure this is the right response

[leonardluen]

who was MLK? i am not allowed to find out because his estate has kept a deathgrip on all his speaches.

His children seem more interested in making an easy buck than spreading his message, whatever that was about...

Re:I'm not sure this is the right response

[tnk1]

I don't see the blackmail-type of hacker becoming an "outraged" type of hacker. Someone who blackmails a site like this doesn't care how they get their money, they just want a cut of it. It's a very pragmatic business. They're parasites, why would they kill a site that they know they could knock over every few months or years?

I think this was an inside job due to someone who sounds like they flew into a righteous rage about what ALM was and was not doing. Or not-so-righteous rage if ALM somehow failed to meet their personal expectations for some reason. The comments from ALM make me think it was some sort of contractor or consultant who was working with ALM on a technical or security level, but *something* soured the relationship and that contractor used his knowledge to perpetrate the hack.
It makes it sound like he was working with the security director or knew of him and all the other execs were part of the problem. That screams "working relationship" with the company at the very least.

Re:I'm not sure this is the right response

[grimmjeeper]

It could be that the report of "shut down or we'll reveal the info" really was "pay us a bunch or we'll reveal the info".

Re:I'm not sure this is the right response

[vux984]

Are you suggesting that the hackers are some sort of vigilante activist group out to stomp out infidelity or immorality in general?

Huh? I felt the hackers made a stand against the fraud perpetrated by the company, not infidelity in general. Where did you infer infidelity from my post?

From the first statements by the hackers it seemed pretty obvious that this was personal, an attack against that specific company (and the CEO personally) for fraud,

Agreed. (emphasis mine)

What was the point of that post?

Primarily to refute the claim made in the post I replied to that "because the hackers committed an illegal act that what they did was immoral, and it's immoral to 'celebrate' their hack."

I didn't raise the topic of infidelity or its morality at all in my post.

Re:I'm not sure this is the right response

[s.petry]

I'm not so sure that nobody was doing any investigating or prosecution. Just because there wasn't front-page news about such an action doesn't mean it wasn't being done. The wheels of justice don't always turn quickly, and fraud investigations in particular are seldom quick.

First, you would need to prove this. We know they were acting illegally, no need for that proof. Second, delays in law are generally a corruption and no different than no charges. This tactic has been used for decades to my knowledge with US Politicians and uber wealthy people, but I study history and this was also done throughout our written history. More often in the most corrupt societies, less often after revolutions and cleaner societies.

Intentionally dragging feet leads to vigilantism for the same exact reason a lack of action does.

I have seen far more people celebrating the vigilantes than people searching for them. For that matter, more people seem to be searching for them to celebrate them than to seek them to be prosecuted for themselves breaking the law. This sets a bad precedent for future vigilante hacking.

Where, here and on Reddit? Okay, I'll give you that social media has some vocal support for these guys. Corporate media has only provided an anti-hacker message and has never to my knowledge mentioned AM's illegal activities. The only negative discussion has been "most people on the site were men" and "many of the female accounts were fake". No mention of them baiting people for cash, having employees commit fraud to gain cash, etc...

You are entitled to your opinion but the fact of the matter is that Schwartz in particular was an idiot who broke the law and deserved to be punished. He did not deserve to die but he made that choice himself. These hackers are comparable to him, but neither are comparable to Snowden or Manning.

Thanks for letting me know what my opinion was instead of asking. I didn't give an opinion positive or negative, I simply stated that these hackers are not very different from those people.

Re:I'm not sure this is the right response

[tlhIngan]

Except it wasn't about vigilantes taking down an illegal website because society hadn't stepped up to the task. They stole personal data and are now trying to blackmail people with it. Where are the vigilantes who watch over the vigilantes?

Except no such thing happened. Impact Team blackmailed AM - either shut down AM and EM (established men - a prostitution site), or the data will be released. If they wanted to blackmail people, they could've done it, but didn't. Now everyone else is.

And I don't really have much sympathy for users either - Impact Team made a big splash over a month ago when they said they had the data. That means all their users had a month to own up to their significant others. The fact is, they gave Avid Life Media (who own many dating sites besides AM and EM) plenty of time to either contact users that their information may be compromised (1 whole month!), but instead everyone hunkered down and hoped someone was either bluffing or lying.,

Re:I'm not sure this is the right response

[AmiMoJo]

Some good may yet come of it. Well, some already has, people are less likely to use AM now, but more over the public is starting to wake up to the fact that stuff the do online on supposedly private sites isn't likely to stay private for long.

Re:I'm not sure this is the right response

[farble1670]

Except it wasn't about vigilantes taking down an illegal website because society hadn't stepped up to the task. They stole personal data and are now trying to blackmail people with it. Where are the vigilantes who watch over the vigilantes?

if the hackers wanted to blackmail users, they'd have not gone public, and would have contacted users independently. sorry that does't fit.

Re:I'm not sure this is the right response

[farble1670]

if that was the case, then they would have done that privately, and if they had done it privately, AM would have exposed that to put them in a bad light and to cast themselves as the victim.

Re:I'm not sure this is the right response

[farble1670]

I don't see any crusade against immorality here.

who cares? if robin hood stole from the rich and gave to the poor because he had mental illness, did the poor benefit any less?

Re:I'm not sure this is the right response

[damn_registrars]

I'm not so sure that nobody was doing any investigating or prosecution. Just because there wasn't front-page news about such an action doesn't mean it wasn't being done. The wheels of justice don't always turn quickly, and fraud investigations in particular are seldom quick.

First, you would need to prove this.

It is generally (at the very least) very difficult to prove a negative. There are a lot of variables at play as well; if the Canadian Mounties prosecute AM would the FBI go for it as well on behalf of American victims? If the company goes bankrupt entirely (I haven't seen any suggestion yet that this would happen, but just to consider another possible situation) would anyone bother to prosecute afterwards? What they did was criminal but not murder. If we think of other cases of fraud - Goldman Sachs and Enron come to mind - the prosecution does sometimes fold completely when the company goes broke, regardless of the fate of the people from that company who held the power to make fraudulent decisions.

Intentionally dragging feet leads to vigilantism for the same exact reason a lack of action does.

That is a rather high accusation, there. When did someone first bring accusations about the fraudulent activity of the site to the attention of authorities? Wikipedia tells us the site launched in 2001, with a lawsuit against them that went through in 2012. We don't know if anyone up to that point ever brought this site to the attention of law enforcement with allegations of fraud.

You are entitled to your opinion but the fact of the matter is that Schwartz in particular was an idiot who broke the law and deserved to be punished. He did not deserve to die but he made that choice himself. These hackers are comparable to him, but neither are comparable to Snowden or Manning.

Thanks for letting me know what my opinion was instead of asking. I didn't give an opinion positive or negative, I simply stated that these hackers are not very different from those people.

Reread what I wrote before criticizing me for writing it. I added emphasis to a part of what you quoted to direct your attention.

Re:I'm not sure this is the right response

[quantaman]

Are you suggesting that the hackers are some sort of vigilante activist group out to stomp out infidelity or immorality in general?

Huh? I felt the hackers made a stand against the fraud perpetrated by the company, not infidelity in general. Where did you infer infidelity from my post?

The company was dead the moment it came out that all the female accounts were fake and paid for account deletions never happened. It was unnecessary to release personal user information to punish the company.

Primarily to refute the claim made in the post I replied to that "because the hackers committed an illegal act that what they did was immoral, and it's immoral to 'celebrate' their hack."

I didn't raise the topic of infidelity or its morality at all in my post.

That wasn't the quote, the poster wasn't clear if he considered the hacks immoral just because they were illegal or because of the exposed user information coupled with the illegality:
Just because they used illegal techniques to attack a morally reprehensible company doesn't mean their techniques are magically vindicated. Celebrating the hack is immoral as well.

True the poster didn't mention the user information directly but I feel it's implied due to the volume of coverage and discussion about the user info.

I think the hackers would be morally justified if the simply hacked AM and demonstrated they were lying about the female users and the deleted accounts. They became immoral when they also released very sensitive and potentially devastating user information.

Re:I'm not sure this is the right response

[Zontar+The+Mindless]

Infidelity is only impolite - blackmail is illegal.

Depends on where you are. In some places, having sex with anyone you're not married to is punishable by death.

Re:I'm not sure this is the right response

[vux984]

The company was dead the moment it came out that all the female accounts were fake and paid for account deletions never happened.

It should be dead. I'm not convinced yet it will actually die. Even with the leak.

Re:I'm not sure this is the right response

[quantaman]

The company was dead the moment it came out that all the female accounts were fake and paid for account deletions never happened.

It should be dead. I'm not convinced yet it will actually die. Even with the leak.

Depends what you mean by die. As one of the top cheat-on-your-spouse sites they should be done. As a widely known name and a pre-existing website that could be run with a skeleton staff for cheap it could go on indefinitely.

Re:I'm not sure this is the right response

[s.petry]

It is generally (at the very least) very difficult to prove a negative.

WTF? You claimed that they 'may' have been under investigation, not I. I discounted that and you say I have to prove your lie is wrong? No, that is not how it works.

Reread what I wrote before criticizing me for writing it. I added emphasis to a part of what you quoted to direct your attention.

You lack knowledge of what a sentence is for, but write them? Come now. If you had made two separate statements I would not have said a word. As written it provides an opinion for me which was not provided by me.

You are entitled to your opinion but the fact of the matter is that Schwartz in particular was an idiot who broke the law and deserved to be punished.

If this was two separate statements with one including your opinion it would have been written similar to

You are entitled to your opinion. My opinion is that Schwartz in particular was an idiot who broke the law and deserved to be punished.

Do you see the massive difference there? Oh, I'm sure you had it before and were either defending your poor use if language or attempting to insist you were fine to assert my opinion for me.

If you are still confused ask a elementary school teacher help you with Sentences and structure. Then you can move on to paragraphs!

Re:I'm not sure this is the right response

[damn_registrars]

It is generally (at the very least) very difficult to prove a negative.

WTF? You claimed that they 'may' have been under investigation, not I. I discounted that and you say I have to prove your lie is wrong?

Hopefully you wake up this morning with your underwear un-knotted so we can have an actual discussion on this matter.

To comply with the latest version of your request, I would have to be able to show now that there was an investigation started into AM before the hack was known. However, if there is an investigation underway, we generally won't know until charges are brought. That is the way many criminal investigations go; you don't want the accused to start running around destroying evidence.

However you are so full of piss and vinegar over the matter I expect that even if charges were announced tomorrow you would still be unsatisfied.

Do you see the massive difference there? Oh, I'm sure you had it before and were either defending your poor use if language or attempting to insist you were fine to assert my opinion for me.

I am not asserting an opinion for you. The fact of the matter is that Schwartz made a stupid choice and broke the law. You might happen to think highly of him regardless of it, and you are entitled to that opinion if you wish you hold it. Regardless he broke the law and deserved to face consequences - including a trial. I'm not telling you what to think about him. I'm sorry that you struggle so greatly to comprehend the written word here and that you find it justification to attack me.

Re:I'm not sure this is the right response

[s.petry]

My demeanor is not piss and vinegar, nor am I waking up on the wrong side of the bed, or anything else you wish to imagine. I simply refuse to coddle people who continue to believe delusional bullshit, and further refuse accept responsibility for their actions and words. My first response was cordial, but your defense of your irrational position and failure to take responsibility for your written words resulted in a harsher response.

Your request that I need to disprove your speculation of "they may have been under investigation" is so horribly illogical I can only counter with a metaphor. "T-Rex meat tasted like candy." Using your broken logic the only way you can counter my statement is to prove me wrong.

See how that works, or do you think it only counts if you make an invalid unsubstantiated claim?

Take note of your poor use of grammar if it was incorrect, apologize and learn from your mistake. You maintain a path of "nuh uh, I didn't mean what I wrote". The first is the mature method of handling the situation, the second is the infantile method you have engated thus far.

Re:I'm not sure this is the right response

[damn_registrars]

My demeanor is not piss and vinegar, nor am I waking up on the wrong side of the bed, or anything else you wish to imagine.

Your assertion of your attitude is your own opinion - and you are entitled to it - but it is not really well supported by the very next thing you said:

I simply refuse to coddle people who continue to believe delusional bullshit,

Continuing on:

My first response was cordial,

We happen to have the ability to look at that right here. There is an argument for it being somewhat "cordial", although lacking in factual support. In my reply I mostly called you out for your sweeping, fact-free assertion of

nobody was doing any investigating or prosecution.

I also pointed out

That would be difficult (although I expect the Canadian laws would be more than sufficient). There are many cases of international fraud being committed over the internet with American victims, and very few (if any) result in the perpetrators being extradited.

Your response was quite angry, and your demeanor never exactly became cordial after that. Where you come up with this strange notion of my posts not meaning what they say is beyond me; the fact that you can't be bothered to quote the text that you think supports that notion suggests you can't actually support it.

Dead.

[digsbo]

That guy is dead. I guarantee there are enough well-funded sociopaths outed by this that there will be a hit placed on this dude. He will be in worse shape that Assange or Manning.

Re:Dead.

That guy is dead. I guarantee there are enough well-funded sociopaths outed by this that there will be a hit placed on this dude. He will be in worse shape that Assange or Manning.

Outed for what, paying for affairs they didn't have?

Re:Dead.

[Dutch+Gun]

Outed for what, paying for affairs they didn't have?

I'm pretty sure most married women would take a fairly dim view of their husband actively trying to have an affair, even if it didn't happen.

Spending More Time With 'Family'

[mentil]

He decided he 'wanted to spend more time with his mistress... err, wife.'

Re:Spending More Time With 'Family'

[amicusNYCL]

He decided he 'wanted to spend more time with his mistress... err, wife.'

I had to look it up to confirm, but yes, apparently Noel Biderman did in fact find the most gullible woman in the world to marry him. He's also admitted to multiple affairs.

Shit I'm sorry, I should have started this post with a warning to get your fainting couch ready. Hopefully I didn't harm anyone with these stunning revelations.

Re:Spending More Time With 'Family'

It's quite alright! I only browse the web while I'm laying down on my fainting couch.

Corporate Espionage alive and well

You'd be foolish to not raise an eyebrow to the timing of the hack related to the fact that ALM was about to do an IPO. After all, hackerz can work for corporations, too.

Re:Corporate Espionage alive and well

[HornWumpus]

They could have made a fortune by waiting for the IPO, buying long, out of the money puts (assuming an option market existed for such a new shady buisness) and then dumping the DB.

Where do these people go?

[Okian+Warrior]

I've often wondered what happens to people like this after the fact.

For example, recall Aaron Barr, the guy running HB Gary and who claimed he could "out" the Anonymous members by dubious correlation of social media accounts.

Or that guy Paul Christoforo who threw down with Penny Arcade founder Mike Krahulik (and got fired, banned from PAX, and his marketing company's client dropped them).

Do these people find jobs somewhere on this planet? Does Kevin Mitnick's security firm have a lot of customers?

The Ashley Madison guy - that's 'gotta be an awkward interview, you know.

"Why did you leave your previous place of employment?"

Re:Where do these people go?

Looks like this is Barr; let your curiosity have at it:

https://www.linkedin.com/in/aaronbarr3
https://www.twitter.com/aaronbarr

Re:Where do these people go?

[meta-monkey]

Well, Krebs is a legit security researcher. He's been on /. many times.

I think he's overstating things here, as "Thunderstruck" played during a hack to me doesn't say "AC/DC fan" it says "stuxnet lolz nice one." But, announcing that may have been a tactic. Zu, there, ah, the lady doth protest too much...

Re:Where do these people go?

[amicusNYCL]

For example, recall Aaron Barr

After he shot Hamilton he did just kind of fade into obscurity.

Re:Where do these people go?

[AmiMoJo]

Those guys don't have job interviews like that. They know other C level execs who get them in because they "did a good job" at (the parent company of) AM - after all, it was making plenty of money until it was the victim of a crime. Stuff like that - hacks, regulatory changes that fuck up your business, industrial accidents on your watch etc. are just the kinds of things that happen to C levels. They get paid big bucks to take that risk, so naturally when things go bad the other C levels won't hold it against them.

Re:Where do these people go?

The damn fool who shot him

Re:Where do these people go?

[phantomfive]

NYT did some investigation on that point. They found several victims of the shaming and tried to find out how it affected them. That sort of story is why I like the NYT. It can get really bad, here are some quotes:

She barely left home for the year that followed, racked by PTSD, depression and insomnia. “I didn’t want to be seen by anyone,” she told me last March at her home in Plymouth, Mass. “I didn’t want people looking at me.”

Fearing for her life, she left her home, sleeping on friends’ couches for the remainder of the year. "I felt betrayed. I felt abandoned. I felt ashamed. I felt rejected. I felt alone.”

This CEO will probably be fine, though.

Re:Where do these people go?

[ScaledLizard]

The Ashley Madison guy - that's 'gotta be an awkward interview, you know.

"Why did you leave your previous place of employment?"

Haven't we read those often enough? "Things didn't work out, and we mutually agreed that it was time to move on."

Re:Where do these people go?

[Jack+Griffin]

Monica Lewinsky, where is she now?

It pays to resign.

[xenotransplant]

Wonder what his "last pay check" looked like.

It's the music's fault!

[krkhan]

Australian hard rock band AC/DC. This jibes with the behavior of the hacker(s), who had displayed threatening messages on the computers of Ashley Madison employees, accompanied by AC/DC song Thunderstruck.

Never have I been more ashamed (and afraid) of having an AC/DC collection ;) .

Re:It's the music's fault!

[ThatsDrDangerToYou]

REPENT!!!

https://www.youtube.com/watch?...

(Radiohead--pretty much a cure-all for AC/DC collections)

BINGO! Found him (them).

BINGO! Found him (them). This is a typical reply of a perp LOLZ. If a warrant cannot be sent out at least there is a physical trail which can be constructed from the digital trail.

Looks like he (they) will get some busted arms and legs out of this if nothing else.
; )

Of Course Biderman Steps Down!

[MarkvW]

Biderman has milked the fake cow for all it's worth. Time to move on.

Re:Of Course Biderman Steps Down!

[meta-monkey]

So, you're saying Ashley Madison is for cows?

inside job

[david_bonn]

This whole thing screams "inside job".

A lot of the information that has been released, most notably employee emails and internal company documents, couldn't possibly have also been on the servers that held the databases for the AM site. So either (1) the hackers thoroughly penetrated the company and got *everything*, or (2) the people running AM were stupider than I believe possible (actually you would have to *work* to put all of your eggs in one basket that way), or (3) someone swiped backup tapes when they were on their way out the door.

The last theory is the simplest.

Most places I worked at did offsite backups. The backups were left at the front desk for the courier to pick up each day. If some backups went missing there probably wouldn't be a freakout -- they'd just figure someone had thrown them in the trash or picked them up by mistake. Even if they did freak out they would do so very privately.

Re:inside job

[eth1]

This whole thing screams "inside job".

A lot of the information that has been released, most notably employee emails and internal company documents, couldn't possibly have also been on the servers that held the databases for the AM site. So either (1) the hackers thoroughly penetrated the company and got *everything*, or (2) the people running AM were stupider than I believe possible (actually you would have to *work* to put all of your eggs in one basket that way), or (3) someone swiped backup tapes when they were on their way out the door.

Well, compromise a Domain Admin account, and you pretty much own all of the servers an all-Microsoft shop. Lazy Linux administration can lead to a similar fate (excepting Exchange email, perhaps). Given the sorry state of security I've seen pretty much everywhere, once you get a foot in the door, it's not hard to expand your reach.

Re:inside job

[vux984]

Well, compromise a Domain Admin account, and you pretty much own all of the servers an all-Microsoft shop.

Pretty much.

Lazy Linux administration can lead to a similar fate

I'm not sure why you are calling it "Lazy" for a Linux admin?? even a competent and proactive linux admin would still be thoroughly vulnerable if his credentials were compromised.

This company really wouldn't need to be terribly big or complicated, so the IT team probably had keys to everything, like pretty much any small/medium business with a small IT team, or it could have been via outsourced IT or credentials used by outsourced IT...

Or the attack just needed to be against the backups. If the whole company was having its nightlies managed by a single tape sytem (and why not? Those are expensive. And it's not that big of a company, there's not THAT much data... so it would be reasonable to have it all managed by one backup regime, local tapes, near-line backups on spinning drives, plus offsite tape storage, maybe a cloud provider. Easily managed by one or two people. So if they're credentials are compromised...

Re:inside job

[eth1]

Lazy Linux administration can lead to a similar fate

I'm not sure why you are calling it "Lazy" for a Linux admin?? even a competent and proactive linux admin would still be thoroughly vulnerable if his credentials were compromised.

I mean things like using the same password for root on every server. I've even seen places that had admin users' usernames all given UID 0, so they didn't have to bother with sudo or su. So no, Linux isn't invulnerable by any means, but you can certainly make it much worse.

Re:inside job

[vux984]

I mean things like using the same password for root on every server.

Gotcha; one can do that on windows too. Every server has a local admin account. So if that were reused you could jump from server to server even without a domain admin.

I've even seen places that had admin users' usernames all given UID 0, so they didn't have to bother with sudo or su.

Heh. That just seems dangerous. I'm not sure it really makes things more vulnerable though to penetration.

So no, Linux isn't invulnerable by any means, but you can certainly make it much worse.

Fair enough. But the reality is that even a competent active linux admin is going to have the equivalent ease of access to his server pools as a domain admins in windows.

I just felt that by contrasting windows and linux admins the way you did and your use of the word lazy, implied that somehow only an incompetent linux admin would have the equivalent vulnerability as a windows domain admin has by default. And that implication isn't really true.

Re:inside job

[tnk1]

It's definitely an inside job, and it certainly could be backup tapes, although I think it is just as likely that they stored all their backups on the same file server in the office as their desktop file shares and the hacker simply had a backdoor into the network and just went in and downloaded it all.

The level of security in the dumps that I have seen leads me to believe that they really didn't give two shits about security. Which is odd, given that they should have realized that they are Blackmail Central. Although I have met enough managers who think security is just overhead that I could believe that it kept being put off until "later" or that it was "too inconvenient".

Re:inside job

[tobiasly]

The leaked profile databases were MySQL, so not an all-Microsoft shop. I seem to recall comments from the hacker in some interview that they basically had a few "passwords.txt" files lying around.

Re:inside job

[quantaman]

This whole thing screams "inside job".

A lot of the information that has been released, most notably employee emails and internal company documents, couldn't possibly have also been on the servers that held the databases for the AM site. So either (1) the hackers thoroughly penetrated the company and got *everything*, or (2) the people running AM were stupider than I believe possible (actually you would have to *work* to put all of your eggs in one basket that way)

I think a combination of 1 & 2 is most likely. There's no real way for a user to tell if a site is secure or not, and an insecure site is easier to run than a secure one. No need to manage a bunch of different logins, sign out keys, create fake databases, etc. The easiest thing is to simply give devs the power to go anywhere and do anything and I wouldn't expect the management of a site like AM to spend money on something like security.

In that scenario all you need is to get a remote login to one machine, from there you sneak in a logger and grab the one admin password they use everywhere and then all you need is a bit of patience before you have everything on their network.

Thadeus Zu!? Gotta be him!

[GameboyRMH]

Thadeus Zu can't claim innocence while having an actual cyberpunk hacker name on his birth certificate :-P

Shema Jisrael!

> displayed threatening messages on the computers of Ashley Madison employees, accompanied by AC/DC song Thunderstruck

Curiously the AC/DC song Thunderstruck was also featured in a cyber-weapon malware, which was employed by Israel, USA and Australia against the iranian nuclear programme three years ago. See:
http://www.bloomberg.com/news/articles/2012-07-25/iranian-nuclear-plants-hit-by-virus-playing-ac-dc-website-says

All the great ones...

...we're the Wet Bandits! Congrats on signing your crime with a song so that we can laugh at how you got nabbed.

Welcome to the Internet

Welcome to the Internet where:

• The men are men.
• The women are men.
• And the 13 year old girls are vice cops.

Why is Blackmailing illegal?

[trout007]

I'm not quite sure why blackmail is illegal. The gathering of the information may have broken laws so I'm not arguing that. But if you find out information on someone why would it be illegal to sell your promise of silence?

Re:Why is Blackmailing illegal?

[HornWumpus]

If you find yourself in that situation first hire a really good shyster. Blackmail can't be legal by the definition of the word, but nondisclosure agreements can be if the lawyering is well done.

Re:Why is Blackmailing illegal?

I'm not quite sure why blackmail is illegal. The gathering of the information may have broken laws so I'm not arguing that. But if you find out information on someone why would it be illegal to sell your promise of silence?

Hoo, boy! May you someday be forced to swallow your own medicine. And I hope that day comes quickly for you!

Re:Why is Blackmailing illegal?

[trout007]

I agree it's immoral but there is a lot of immoral stuff that is legal. Take cheating on your spouce for one.

Re:Why is Blackmailing illegal?

[Pfhorrest]

I can totally see why someone would be furious if someone was threatening to release embarrassing information about them, but what I don't see is why it's not a crime to just release the information, but it is a crime to agree not to release the information (in exchange for something from the other party).

Say I'm in a mostly-empty public place and I see someone who thinks they're alone doing something really embarrassing, like picking their butt or something.

I laugh and say I'm gonna tell everybody what a ridiculous butt-picker they are. That's legal, right?

If they say "no, please don't!", and I take pity and agree not to, that's still legal of course.

But if I don't agree, and they say "I'll give you $20 if you just keep your mouth shut!"...?

If I say "no" and tell anyway, we're back in case one which was legal, but if I say "ok sure"... now that's not legal?

Or maybe that is, but if I say "nah I'm totally telling... unless you make it worth my while not to". Now that's a crime?

Re:Why is Blackmailing illegal?

It's to protect the cash flow of the blackmailers. If blackmail were legal, everyone would be making up whatever disgusting nasty things you're doing and threatening to tell everyone that you're doing them, of course, so would everyone else, and after a period of turmoil and nasty insults, nobody would believe it anymore and the market for blackmail will crash. After all, what's the value of telling the world that you're being unfaithful to your wife when the last five guys let slip that you're a necropedobestiphiliac who has sex with dead puppies?

Same reason there are drug gangs that are moving money against drug decriminalization. They can't keep up their lifestyle if they can't just blow the brains out of their competition.

Re:Why is Blackmailing illegal?

Are you serious? Surely it's because it can hurt the rich and powerful.

If blackmail could only hurt the poor (everyone has a wife, secrets, etc.) it wouldn't be illegal. But it can be used to take down the most powerful, so of course it is one of the most heinous crimes.

Of course it *should* be illegal because it's just cruel and evil to do that to someone. But I'm just saying, there's a motivation for the powers that be to make it one of the worst crimes....

Heh, captcha: profits

I like AC/DC

[thinkwaitfast]

especially thunderstruck. Reminds me of the time I first heard it driving through a massive lightning disply during a monsoon storm .
What does this have to do with anything? Well, nothing really, just thought nerds might be interested in it.

Re:I like AC/DC

[TeknoHog]

He's the witch^Whacker! Burn him!

Blackmail?

[miltonw]

I can see it now, "If you don't pay me money, I'll leak all your Ashley Madison information on the internet ... um, well, oh, ... nevermind."

'Noel Biderman' - a JEW!

Now there's a surprise...

People paid to get screwed

and looks like they got their money's worth. (not my statement, another poster mentioned this on a AM thread.)

Re:Blackmail?FTFY

[zlives]

"If you don't pay me money, I'll email all your Ashley Madison information to your wife"

Re:Blackmail?FTFY

[zlives]

since we already know there are no women on the internet.. the info on the net is pretty safe. excepting facebook

Fraud

Legal definition of fraud is engaging in deception for financial advantage.

With someone else's money

[tjstork]

The whole thing about the left, is that they say they are nice because they want to spend someone else's money to do what they want. If they got up and did whatever they wanted to do, on their own, they wouldn't need government. But nope, they want to take everyone else's money to build their wonder society because their own society is too useless to build anything for itself. It's like a cancer, consuming everything in the body of the nation.

Let me explain

[gzuckier]

If anyone finds me in the Ashley Madison database, I just want to emphasize that I was under the impression that it was a fine furniture retailer.