Ashley Madison Hackers ‘Left Online Footprints’

ashley madison

The attackers behind the Ashley Madison breach left a BitTorrent server partly exposed to Internet intruders

The hackers who breached the adultery-oriented dating website Ashley Madison have released a third cache of data, fixing an issue that made the previous release partially illegible, as security researchers said they had uncovered a clue that may help uncover the hackers’ identity.

Separately, two Canadian law firms said they would launch a C$760m (£367m) class-action lawsuit against Ashley Madison parent company Avid Life Media (ALM) after the personal details of more than 30 million users were published online.

Emails decyphered

Hacker, cyber crime © Stokkete, Shutterstock 2014The unknown person or persons using the name “Impact Team” released the third cache late on Friday or early on Saturday, and on Saturday morning researchers verified that it appeared to contain a large number of emails from the Gmail address of ALM chief executive Noel Biderman.

Only 93.22 percent of the torrent file used to distribute the latest cache was available, but researchers said they were nonetheless able to decode the compressed file containing the emails, which had been unreadable in the earlier release.

The file, which is about 30GB in size uncompressed, appears to contain emails dating from 2012 to 2015, TrustedSec said in an advisory. The archive contains about 200,000 emails with 6,800 senders and 3,600 recipients in all, TrustedSec said.

“This will be the extent of our analysis as we do not plan on reviewing any emails, or anything relating to the dump that is around an individuals personal account,” TrustedSec said.

Hacker traces

Meanwhile, researchers observed that the BitTorrent server originally used to seed the file was left partly exposed to attackers, before being shut down a few hours after the file was uploaded.

Users on Twitter said they had accessed the server via a web-based administration interface that had no password.

Security researchers said the hackers appeared to have forgotten to password-protect the interface, indicating they may have made other mistakes that could lead to their identification.

The server was reportedly hosted by Ecatel, a privacy-oriented hosting provider that is registered in the UK but is headquartered in The Hague.

Ecatel accepts Bitcoin, making payments potentially difficult to trace, and says it protects the privacy of its clients as a “priority”.

“Freedom of speech on the internet is our motto,” the company states on its website. “We do not judge, we leave judgement to qualified people to do so.”

Class-action suit

Charney Lawyers and Sutts, Strosberg LLP said they were bringing a class-action lawsuit against ALM for “all Canadians” affected by the breach.

“Numerous former users of have approached the law firms to inquire about their privacy rights under Canadian law,” the two firms stated.

“They are outraged that failed to protect its users’ information. In many cases, the users paid an additional fee for the website to remove all of their user data, only to discover that the information was left intact and exposed.”

Industry observers, as well as the hackers themselves, have pointed out that few of Ashley Madison’s users in fact carried out affairs, although they may have signed up for the site with the intent to do so.

Analyses of the leaked data indicate that about 84 percent of all the accounts on the site worldwide were male.

ALM assigns staff to create fictional female profiles, a practice disclosed in its terms and conditions, which state that the company “may create profiles that can interact with (users)”.

“You acknowledge and agree that some of the profiles posted on the Site that you may communicate with as a Guest may be fictitious,” the terms state.

Are you a security pro? Try our quiz!