Ashley Madison users are now prime targets for blackmail, warn security experts
Earlier this year, John McAfee warned that hackers would target “weak links” in humankind to gain access to big businesses’ data
At Infosecurity 2015 in London this summer, controversial anti-virus boss John McAfee took to the stage to warn of a data breach apocalypse.
The world’s most sensitive data
We live in a world in which hackers are increasingly using social engineering as a way to gain access to some of the world’s most sensitive and important data.
The hacking of deviant ‘dating’ websites, for example, would give criminals plenty of dirt on the websites’ users, making them ideal blackmail targets, he explained. It would, thereby, create a “give us access to your companies’ data or the world will find out what you’ve secretly been doing online” situation.
McAfee was particularly concerned that hackers could blackmail their way into ‘backdoors’, which he says are created in tech companies’ security products.
“Someone has to know that there is a backdoor – the programmer, the owner of the company, the government agency that has access,” he said. “At some point one of the people in this chain is going to find themselves in a situation where they become the weak link in the chain. We’re human.”
In fairness, McAfee is not the only one who has predicted such a situation, which certainly seems far more likely to come to complete fruition following the hack of adult dating/cheating website Ashley Madison.
A total of 9.7GB of the websites’ customer data has supposedly been dumped on the dark web – the data of 37 million alleged users.
The data released amounts to millions of payment transactions, includes names, street address and email addresses. This freely available information can arm cyber attackers with the weapons to cause even more damage to Ashley Madison users at work or at home. Worryingly, email addresses of likes of government workers, police officers and members of the armed forces make an appearance on the data lump list.
Blue Coat, a cyber security technology company investigating the breach, believes there is definitely more to come from the Ashley Maddison data breach, much of which will come in the form of social engineering.
“Attackers can identify high value targets who are members of Ashley Madison and collect widely available social media data to impersonate the victim over a long period,” warned a Blue Coat spokesperson. “If successful, attackers can gain unrestricted access to corporate networks and sensitive work information.”
Corey Nachreiner, CTO at WatchGuard, agreed, saying: “What is alarming about this data breach is the sheer scale of the compromise, which included the company’s entire infrastructure. The danger here would be to condone this kind of Robin Hood vigilante behaviour because of the ethical code of the site’s users.
“The reality is, information stolen could lead to any number of hackers extorting money and blackmailing users for the rest of their lives.”
James Maude, senior security engineer at Avecto, described the impact this could have on areas such as national security, government policy and law enforcement as a “hidden danger.”
He added: “At first glance, it may look like the Ashley Madison data leak will cause nothing more than embarrassment. But this type of sensitive personal information can be used by criminals to generate serious leverage against an individual, when combined with details released from other attacks.”
So, for future reference, what can we learn from this?
Nachreiner said: “I am reminded of the advice I regularly give to kids. At a very basic level, do not put anything online you wouldn’t be happy to see on the front page of news on your grandmother’s coffee table. The Internet is forever, no matter who you trust with your data.”
How much do you know about Internet security? Try our quiz!