Ashley Madison Lesson #1: The Internet is Neither Secure Nor Private

Author: Chris Dawson, Fortinet

Internet cheating site, Ashley Madison, is making headlines this week across both mainstream and tech media for the data breach that could expose very intimate personal information for 37 million users. As with the AdultFriendFinder hack we reported on back in May, the potential damage to clients is significant. After all, Ashley Madison's slogan is "Life is short. Have an affair."

A hacking group known as The Impact Team also stole data from Ashley Madison's sister sites Cougar Life and Established Men. The group is threatening to release the entire stolen database if their parent company, Avid Life Media, doesn't shut down both Ashley Madison and Established Men. As Brian Krebs reported,

In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee.

According to the hackers, although the “full delete” feature that Ashley Madison advertises promises “removal of site usage history and personally identifiable information from the site,” users’ purchase details — including real name and address — aren’t actually scrubbed. So that's the background for anyone who hasn't been listening to chuckled news reports or skimming headlines today. What's the real story? Well, for 37 million people, this story is real enough in and of itself. But there's more here than hacktivists and blackmail. Fundamentally, we need to shift the way we think about privacy and security on the Internet.

Some organizations take extraordinary measures to secure their data and their websites. They employ top-notch security pros, regularly test their defenses, and invest in best-of-breed hardware and software. Others, well, don't. As consumers, it's difficult to know who has their security ducks in a row and who is coming up short. Frankly, this isn't even easy in B2B settings where there is inherently more transparency and service providers are more likely to present security as a competitive advantage. Even the savviest of organizations, though, isn't immune to data breaches, sophisticated attacks, disgruntled employees, or that one staffer who falls victim to a spear phishing campaign.

So guess what? Whether it's through new revelations about government spying efforts or the latest hack and whether the attacks are motivated by money, ideology, or espionage, the Internet is neither a terribly secure nor particularly private place to hang out. As Fortinet's vice president of engineering, Hemant Jain, pointed out earlier today, it wasn't designed with security in mind. So what do we do?

Never forget that our digital footprints are bigger than we think. The latest social network is one hack away from delivering your personal information to the highest bidder. Or one publicly posted screen shot away from a total lack of privacy. Just as trusted staffers can become disgruntled employees overnight, and friends can quickly become enemies, databases can easily wind up in the wrong hands.

That's the consumer side of this equation. The business side is that security is becoming a differentiator across the board. It already is a differentiator in many B2B settings, although many organizations are still scrambling to back up their claims of iron-clad security. But this is going to continue trickling down to consumers as well. At least, I hope it does. Bottom line, consumers beware. Your private online activities are rarely (if ever) as private as you think. And businesses, security needs to be job one, no matter what your line of work or who your customers are. Ashley Madison is just the latest warning shot from a cybercrime industry that is already incredibly powerful and sophisticated.

Want to know more?

Why not become a CSO member and subscribe to CSO's mailing list. 

Get newsletters, updates, events and more right here

Join the CSO newsletter!

Error: Please check your email address.

Tags adulteryBrian KrebsFortinetinternet securityprivateAdultFriendFinderdata breachALM dataAshley Madisonsecure

More about AvidCougarCSOFortinet

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Chris Dawson

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts