Ex-Ashley Madison CTO Threatens Libel Suit Against Journalist

An anonymous reader writes: Security reporter Brian Krebs, who has been instrumental in breaking news about the Ashley Madison hack, is now being threatened by the website's former CTO with a libel suit. Contained in the leaked data was a series of emails from the ex-CTO, Raja Bhatia, to the CEO of Ashley Madison's parent company. In the emails, Bhatia noted a security hole in a competing website, saying that he downloaded their user database and was capable of modifying and exposing it. After reporting on these emails, Krebs received a letter from Bhatia's lawyer (PDF) saying the post was libelous and defamatory. They demanded a retraction, which Krebs is thus far unwilling to do.

Uh, okay

I'd love to see under what legal theory that reporting facts could be considered libelous or defamatory.

Criminal charges trump phoney liable threats

If I was Krebs, I would request my attorney send a letter to Bhatia's lawyer stating that since those Emails consist of a confession to Federal level hacking charges against a US corporation that he is required by law to make the information as public as possible, especially to such agencies as the DOJ and FBI (and whatever the equivalent Canadian authorities are), and that by definition there is no liable (at least in the US, the article does state that Canada's liable laws are different). Then follow up on that threat and actually forward all information to those agencies (and nerve.com) for review.

Re:It's mind blowing

[Striek]

This actually has nothing to do with the Ashley Madison hack, except that Brian Krebs discovered this alleged hack during his investigation, and that the plaintiff used to be Ashley Madison's CTO.

The lawsuit centres around the claim that Mr. Batia hacked into rival company nerve.com and exfiltrated their entire client database back in 2012. It has nothing to do with any claims against Ashley Madison.

lawyer letter says article misrepresented the fact

[raymorris]

The lawyer's letter lays out his position. We don't the facts, but here's his position, which may be reasonable g

The letter to Krebs says that in the very emails Krebs relied on, the former CTO explicitly said that he did NOT download the account database. He said there is a clear vulnerability so someone COULD download the database, and he did not do so. The Krebs article appears to suggest that he did, so the Krebs article might be misrepresenting what is actually said in the emails.

The letter also seeks to distinguish between noticing a readily apparent vulnerability vs "hacking" the web site. Those are kind of two degrees of the same thing, but Krebs said "hacked". If the truth is more like "noticed", a retraction is in order.

Lastly, thr letter seeks to clarify that he was not AM's CTO, or even working for AM, at the time. Reading the article one might well get the impression that AM's CTO, on behalf of AM, hacked a competitor. That's not factually correct, the lawyer says.

this reminds me of an article some time ago about.

do you all remember an article that described a certain Indian class of individuals have claimed the right to lie, cheat, steal, and engage in dishonest practices to (supposedly further their advancement. This was based on the notion that individuals in their culture have been do depraved, "shit on", etc. Because of such atrocities committed, they have the right.
I wonder if this episode could be attributed to that statement and thus that type of behavior. I wonder what cultural connections this may tie back to..
I am not a racist, I believe in equality for all, when appropriate. But when public statements are made like the one i described above, seem to surface in the way people conduct themselves at a global/trusted level, its had to ignore the correlation..
Requesting to be stood corrected if necessary, or if my assertion is flawed..
Otherwise thank you