Thursday, 27 August 2015

Blackmail - The Ashley Madison Affair

I must say that every so often something hits the news that I fell that I really should write about it, and the Ashley Madison hack is one of those things. Well, there are actually quite a lot of things that I could write about, time permitting, but there are a couple of things that I tend to stay away from: Politics (such as the Border Farce) and Economics (such as the China Crash). The reason why I stay away from political posts is simply because while I do hold some strong political views, there are plenty of other people that also write such posts, and once again I really don't have the time to analyse Tony Abbott's blunders (which seem to be occurring on a daily basis). As for economics, I tend to stay away from that sphere because there are restrictions on what you can write about in Australia in regards to financial advice, and since I do have an interest in the markets, it would be quite easy for me to cross that line.

However, while quite a few people have written about the Ashley Madison debarcle, it was something that caught my attention and I felt that I would also throw in my two cents worth. What I intend on doing is simply analysing the events, as opposed to providing any specific Christian advice on what has happened. In any case there are a couple of good articles, such as the one on Desiring God (Life is Short, Love Your Spouse) and Relevant (5 Things we can learn from the Ashley Madison Scandal).

100% Secure

I was actually quite amused when I was looking for some pictures for this post and discovered this one. I'm not sure if it is a joke, or whether it was a real ad, but I suspect that before the data dump, people felt that all of their information was safe. The truth is that in the modern world nothing is safe. As far as I am concerned any computer that is connected to the internet is vulnerable to hacking, no matter how secure the site. I remember back in the 80s I would hang around a group of people at the State Library of South Australia who were all interested in computers. The thing about the State Library was that they had a couple of Commodore 64s, and us teenagers would congregate around them and trade computer games. This is relevant because programmers had been looking for ways to protect their works from copying, but the thing is that with every new copy protection that was produced, the crackers (people who would crack the copy protection and then distribute the game) would always find a way around it. This is still a problem today, and I suspect that online games such as World of Warcraft still are vulnerable to cracks.

Security is a big thing in the age of the internet, and such IT professionals are always going to be in demand. However even the most robust security measures are susceptible to hackers. One form of security that I am familiar with is what I term as the 'rotating password'. This is a form of protection where the system forces you to change your password every month, meaning that if an employee's account is compromised then the hacker has only a short window of opportunity to make use of the breach. Another form I would term as the 'Three Strikes' method (though sometimes it is more than just three). This is where the computer automatically locks you out when you get the password wrong three times in a row (though as I have suggested sometimes it allows you a little more leeway). These days some systems require you to answer multiple security questions in addition to the password, and banks will also send text messages to your mobile device when you attempt to transfer money to an unfamiliar account. However, as I have suggested, despite all of these protections, data that is connected to the web is always going to be vulnerable.

Social Engineering

Many of us picture a hacker as sitting in their room, on their own computer, attempting to breach a security system, however this is rarely, if ever, the case (though I suspect a lot of the teenage hackers continue to operate this way - but that is a sure fire way of getting caught). First of all any hacker that is any good would not use their own internet connection simply because each connection has its own, unique, IP address. Sure, there are ways and means of hiding that address (such as using Onion Servers such a TOR), however the hacker is still vulnerable. I suspect that when hackers actually go about their trade it is not on their own connection. It doesn't even need to be a public connection - they could hack into a private connection (particularly since many private homes are really bad with their passwords). Also hackers tend to use other methods of gaining access to computer systems - a term generally referred to a social engineering.

Social Engineering is where a hacker will garner information about a computer system through persuasion and deceit. One of the common methods is to create a dummy website (such as Ebay), and then send emails out to individuals indicating that there is a problem with their account and they need to click on a link and then enter their password (this actually happened with Ebay). However, when you enter your password you don't actually go to the site, but the hacker gets your password, and can then access your account (this is known as Phishing). I'm sure we have all heard of the Nigerian Email Scam where the person who sends the email endeavours to get you to send them an amount of money in return for much, much more (apparently what they do is that they request your bank details and advise you that you will receive something like $30 million dollars, but for the transaction to go through they will need you to send them, say, $10000  - once they have your bank details, they then make a $30 million dollar deposit that ends up bouncing).

John McAffree has suggested that the Ashley Madison hack was actually an inside job, and I am inclined to agree. While a part of me initially thought that it may have been a dissatisfied customer, or a jilted wife, his arguments in relation to the information that was released, and where it is normally stored on computer systems makes a lot of sense. It also seems that he is very familiar with the hacking community, and a part of me suspects that jilted lovers, and dissatisfied customers, may not necessarily have the knowledge to perform such a hack (though you never know).

Virtual Identities

I've used dating sites in the past, and I have even managed to score a couple of hits in the process. However it is interesting that the hacker suggested that Ashley Madison was little more than a con where males made up 90% of the subscribers. I would also read through reviews of various dating sites to see what people generally said about them. The thing with these review sites is that they generally attract people who didn't seem to have all that much success. While I have played around with the scene (though the main dating site that I used was Okcupid, though I have also played around with Plenty of Fish) I ended up getting bored with them. You do need to spend quite a lot of time on the sites to for them to work, time that I could use doing other things. Anyway, I must admit that I'm really not all that interested in a relationship.

I suspect that there are a lot of dodgy site out there, and those ones are probably hidden behind paywalls (meaning that you can't actually talk to anybody unless you pay for access). However the two sites that I mentioned allow you to chat with people, and even meet up, without actually spending any money. However they do offer premium services if you are willing to fork out the cash (their free service is usually supported by advertising, which means that the premium service will be add free). I must admit that when I first tipped my toe into the world of online dating, I paid for access to a site, and discovered that while there were profiles, none of them seemed to be active (or if they were active, it was because the user was on Facebook). It was only when I had a chat with another friend that he directed me to a couple of legitimate sites.

However, as I mentioned, I'm not really a big fan of online dating namely because I prefer to meet people face to face and get to know them that way. The thing with online dating is that you create what is termed an Avatar - a virtual presence. While I did enjoy reading people's profiles, I suddenly realised that it was actually quite difficult to write messages, particularly since many of the profiles would actually reveal so much that you ended up knowing all about a person and thus there was little more that I could ask them. The thing is that these profiles aren't actually the person whom you are talking to - they are only their online representations, so you aren't actually talking to that person, you are talking to their avatar.

Okay, I still have an active account on Okcupid, and personally I really don't care whether it is leaked or not. It isn't as if I am in a relationship, and while it might be a little embarrassing if it came to light that I was on that site, it isn't as if revealing that would expose some deep, dark secret. Okcupid is, as I have said, a dating site - it isn't like Adult Friend Finder - where the users are only on the look out for sex; or Ashley Madison - which is geared towards married people having affairs.

Secrets Exposed

The one thing that came to mind when the hacked data from Ashley Madison was dumped onto the dark web for everybody to see was that secrets will be exposed. There are many people who had registered for that site, and having affairs, believing that nobody would ever find out. The thing with the data that was stolen is that it was always going to be made public. While this may not have been the biggest hack so far, it is certainly the most publicised. Okay, the Sony Hack, and the Ebay hack in 2014 were also widely publicised, but this particular hack has far greater implications - people's deep dark secrets have been exposed for the world to see.

When I learned about the data dump it reminded me of this Bible verse: For there is nothing hidden that will not be disclosed, and nothing concealed that will not be known or brought out into the open (Luke 8:17). It was obvious that when this data was released there were going to be an awful lot of scalps. Sure, the data theft and its release was a criminal act, but that doesn't make cheating on your partner okay. What is not surprising are the number of prominent Christians who appeared on the list. The problem is that while their names may have appeared on the list, it doesn't necessarily mean that they were active users, or even had an affair. However the question that is raised was why did they go onto that website in the first place? The problem that they face is that even that moment of indiscretion is going to raise questions and cast doubt on their integrity.

To say that Christians have only started having affairs with the rise of the internet is similar to suggesting that they didn't look at porn until the internet came along. That simply is not true, however what the internet does do is that it makes it much easier for them to do so, and do so discretely. However, the thing is that secrets have a really nasty habit of coming to light and being exposed for everybody to see, as happened this past month. While I doubt this is going to stop Christians, or others, from cheating on their spouses, what it does do is that it can make some people think twice about walking down that well travelled, but secret, path.

Creative Commons License
Blackmail - The Ashley Madison Affair by David Sarkies is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.This license only applies to the text and any image that is within the public domain. Any images that are the subject of copyright are not covered by this license. Use of these images are for illustrative purposes only are are not intended to assert ownership. If use wish to use the creative commons part for commercial purposes, please contact me directly.

No comments:

Post a Comment