Ashley Madison Fallout: Investigations, Lawsuits, Lessons - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity
Commentary
8/26/2015
08:05 AM
Larry Loeb
Larry Loeb
Commentary
0%
100%

Ashley Madison Fallout: Investigations, Lawsuits, Lessons

The fallout from the Ashley Madison breach continues, offering some surprise lessons for CIOs and IT professionals on how to respond to a very public event.

7 Hot Advances In Email Security
7 Hot Advances In Email Security
(Click image for larger view and slideshow.)

The consequences of the Ashley Madison breach continue this week, with law enforcement inquiries and lawsuits starting to pile up for the website, which is known for promoting extramarital affairs, and for its parent company, Avid Life Media.

The incident offers important lessons for CIOs on how to deal with a massively public breach event.

First, try to find out who caused it. See if someone will turn in the culprit or culprits.

Toronto-based Avid Life Media has announced a reward of $500,000 Canadian (US $376,000) for information leading to the identification, arrest, and prosecution of the person or persons responsible for the breach.

If nothing else, it's a start.

Avid's statement also talked about the ongoing investigations.

"The 'Project Unicorn' law enforcement task force members that appeared in Toronto today, led by the Toronto Police Services (TPS), and accompanied by the U.S. Department of Homeland Security, the Ontario Provincial Police, the Royal Canadian Mounted Police, and the U.S. Federal Bureau of Investigation, have been actively investigating all aspects of this crime for more than a month," according to the company's Aug. 24 statement. "As TPS indicated at today's press event, the investigation is progressing in a 'positive direction,' but more help is needed from the outside."

Avid is following the damage control playbook here by publicly showing its efforts to minimize consequences of the breach. If the hackers are arrested and charged, no further disclosures will occur.

(Image: tzahiV/iStockphoto)

(Image: tzahiV/iStockphoto)

Avid also addressed customer concerns about financial information stolen from the site in a statement. "No current or past members' full credit card numbers were stolen from Avid Life Media. Any statements to the contrary are false. Avid Life Media has never stored members' full credit card numbers," according to the company's Aug. 19 statement.

Here, the company is trying to get upstream of user fears by denying reports from others that may be out there. Avoiding the perception of a problem is also crucial to an effective damage control strategy.

In a situation like this, some people will have their own opinions on it. Noted security guru John McAfee, who has had his fair share of controversial episodes, believes that the Ashley Madison hack was an inside job.

McAfee went a step further and said that it may have been a female employee, but his rationale is somewhat thin on that.

[Read about what CIOs need to know about security.]

"How did I come to this conclusion? Very simply. I have spent my entire career in the analysis of cybersecurity breaches, and can recognize an inside job 100% of the time if given sufficient data -- and 40GB is more than sufficient," McAfee wrote in the International Business Times on Aug. 24. "I have also practiced social engineering since the word was first invented and I can very quickly identify gender if given enough emotionally charged words from an individual. The perpetrator's two manifestos provided that."

Interestingly, there have been no comments from Avid Life Media about McAfee's thoughts. That may mean that it is also using one of the basic damage control tactics: Keep an open mind.

By considering all possible scenarios, institutional biases that may blind you may be avoided in the pursuit of a resolution.

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
larryloeb
50%
50%
larryloeb,
User Rank: Author
8/28/2015 | 9:17:28 AM
Re: Getting Attention
in things like this, it's the shock value of the names that hit media mentions.

if you want to check out a neighbor, you do it yourself.
larryloeb
50%
50%
larryloeb,
User Rank: Author
8/27/2015 | 3:38:47 PM
Re: Those responsible
Their values seem to be the whole rationale behind this.
larryloeb
50%
50%
larryloeb,
User Rank: Author
8/27/2015 | 9:03:40 AM
Re: Getting Attention
The drama is sort of the point of it all here.

It's a breach with salaciousness and tons of tut-tutting.

Some figures I have seen say there were 31M guys, 5M girl accounts and only 12K active ladies.

Social engineering on a grand scale, in a lot of ways.

 
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Slideshows
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
News
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Commentary
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll