September 10, 2019
Ashley Madison Breach: Hacktivists or Criminals?
Some activists chain themselves to trees, others publicly protest, rally, and/or march in hopes of bringing about some sort of social change. As technology continues to advance, and more and more information is being stored electronically, activism has reached new heights—hacktivism, a term first coined in an e-mail by a member of the Texas-based computer hacking group Cult of Dead Cow (cDc). In the 1990s, cDc sought “global domination through media saturation,” seeking to “leverage technology to advance human rights and protect the free flow of information.” In the age of the Internet, hacking has been brought to the forefront of technological concerns, creating huge privacy worries for users and corporations alike. One thing is for sure, cyber breaches serve as an excellent reminder that the Internet-connected world is not some anodyne, Disney-esque reality in which things can only be “liked.”
Indeed, if the Internet came with a warning label, it might read like this: “Caution: Internet tricksters may intercept, steal and release everything you say or do online.”
Hacking is certainly not a new concept, as the hacker culture “can by conveniently dated to 1961,” when the Massachusetts Institute of Technology’s Tech Model Railroad Club “TMRC” was “the first to adopt the term `hacker.’” Some notable TMRC members included Bill Gates, Steve Jobs, and Stephen Wozniak. “The ingenuity of TMRC members in manipulating the MIT telephone system, the MIT lock system, and MIT in general, became the stuff of legend.”
But what started out as a sort of practical joke among TMRC members has quickly grown into a serious global concern. In 2011, “LulzSec” attacked the Internet pornsite, www.pron.com, publishing “26,000 email addresses and associated passwords, in an apparent attempt to embarrass users.” Another widely known hacktivist group, Anonymous, targeted the Church of Scientology, “making prank telephone calls to the organization and sending black sheets of paper by facsimile transmission,” followed by “sending multiple simultaneous requests for information to the target website, causing it to crash,” also known as a “denial-of-service” attack or DoS. A DoS can bring about criminal charges under the Computer Fraud and Abuse Act “CFAA,” “as it ‘causes damage’ and can violate a website’s terms of service. In addition to criminal charges, the owner of a site experiencing a DoS attack can file a civil suit citing the CFAA, “if they can prove a temporary server overload resulted in monetary losses.” In 2010, Anonymous attempted a DoS attack on PayPal, Visa, and MasterCard, “after the companies refused to process donations to Wikileaks.” As a result, sixteen alleged Anonymous members were arrested and charged with conspiracy and “intentional damage to a protected computer.” The case is ongoing and these members could face more than ten years in prison and $250,000 in fines.
So what does this mean for hacktivists today? Some activists argue that DoS attacks should be a legal form of protest, “claiming that disrupting web traffic by occupying a server is the same as clogging streets when staging a sit-in.” But is it?
Fast-forward to 2015, a new group of highly competent cyber hackers, dubbed “The Impact Team,” has taken it upon themselves to hack into extramarital websites owned by Avid Life Media, threatening to expose client information, and demanding a cease of operations in return. To understand this questionably heroic act, lets start with the basics: what is Ashley Madison and why would someone extort this website? Ashley Madison is a site for adultery. No, I am not kidding, and it’s a popular site for adultery, hosting 37 million users. The site motto is “life is short, have an affair.” I could not make this stuff up. Okay, so next question: who is Avid Life Media? Avid Life Media is the parent company, owning both Ashley Madison and Established Men. Wait, what is Established Men? I’m sure you’ve guessed it, but Established Men is similar website aimed at “connecting young beautiful women with successful men.”
Now, why is this group of hackers targeting Avid Life Media? A likely guess would be an angry spouse, but alas, The Impact Team has made it clear in its manifesto: “shutting down AM [Ashley Madison] and EM [Established Men] will cost you, but non-compliance will cost you more: We will release all customer records, profiles and all the customers’ secret sexual fantasies, nude pictures, and conversations and matching credit card transactions, real names and addresses, and employee documents and emails. Avid Life Media will be liable for fraud and extreme harm to millions of users.” Wait, what fraud?
The hackers “claimed they did so to expose alleged lies Ashley Madison told customers about a service that allows members to erase profile information for a $19 fee.” Purportedly, Ashley Madison’s ‘full delete’ feature promised “removal of site usage history and personally identifiable information from the site,” providing Avid Life Media with $1.7 million in revenue in 2014. According to the hackers, this promise was “a complete lie,” demonstrating that “[u]sers almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.” Avid Life Media chose not to comply with the Impact Team’s demands, and since the initial hacking and posted threat, large caches of data have been posted online. In response to the leaking of information, the Impact Team offered no apologies, reiterating: “We didn’t blackmail users. Avid Life Media blackmailed them. But any hacking team could have. We did it to stop the next 60 million. Avid Life Media is like a drug dealer abusing addicts.” Avid Life Media responded, “[t]his event is not an act of hacktivism, it is an act of criminality. It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities. The criminal, or criminals, involved in this act have appointed themselves as the moral judge, juror, and executioner, seeing fit to impose a personal notion of virtue on all of society.”
So, the question remains: are the Ashley Madison hackers modern day heroes, or hard criminals? One thing is certain, as one journalist eloquently stated:“[t]he Ashley Madison dating website hack and threatened data release is a perfect illustration of the perils – and promise – of our Internet-connected, hacktivist age.”