The legendary cyber security pioneer with the larger than life persona, John McAfee, just released a video answering the question, “What is the most interesting hack?”. He only waited long enough to give the obligatory disclaimer that “all hacks are terrible affairs,” before continuing without hesitation to say:
Certainly the most interesting that has happened has been the Ashley Madison hack. From any number of standpoints… It appears to be the one hack that we know was done by an insider, that appears to be done by an angry female, and appears to have totally destroyed an entire corporate structure–a multi-billion dollar company. And, at the same time, caused the suicides of many of its users.
The most interesting thing about the Ashley Madison hack were the emails of the CEO of Avid Life Media, which owns Ashley Madison — astonishingly, amazingly intimate emails, foolish emails I might add–plus the fact that, of the thirty-three million users, there were only twelve thousand women. And this was the site for married people looking to have affairs.
Well when you have a 3000 to 1 ratio of men to women, very few people got laid. We know that the CEO got laid because we have his emails. But, other than him I don’t know anyone who did get laid. Because, of these 12,000 women, 6,000 of them were allegedly Ashley Madison employees. And there aren’t that many women employees of Ashley Madison.
So they were clearly robot created profiles. Very strange, very fascinating information. Makes you think about all the dating sites on the web. Are all the women real? What is the real percentage? What is the actual thing that’s being purchased here? Many men had spent thousands of dollars to meet one of these one in three thousand people who happen to be a woman.
When I heard this I wasn’t sure if John was pranking journalists like he did with his “shoot out with Tennessee state troopers,” but with a little more research, it turn out that John was 100 percent spot on. Check out his video.
How Ashley Madison Hacked 30+ Million Men
Ashley Madison was an amazing example of social engineering (aka human hacking) well before any data was released to the public in the “hack”. It appears Ashley Madison employees worked hard to make the millions of women’s accounts appear real. They left these inactive accounts visible to men, showing usernames, photos, bios, and other signs of life as a way to create the illusion of female life on the site.
It appears that Ashley Madison also used bots of some form to send men messages, suggesting that women had indicated an interest in them. Several other kinds of phishing messages appear to be have been sent out perhaps by Ashley Madison, but more likely by spammers, wanting men to send them money or join cam sites.
While I wouldn’t blame Ashley Madison employees for all of these fake accounts and spam messages, a former employee sued Ashley Madison, in Canada, claiming she’d gotten repetitive stress injuries in her hands after the company hired her to create 1,000 fake profiles of women written in Portuguese over a three month time period. She claimed these profiles were aimed to appeal to a Brazilian audience.
While the case was settled out of court, and Ashley Madison has always maintained that woman never made any fake profiles, the evidence suggests otherwise. According to an investigative piece published on Gizmodo, many of the email addressed used by these fake accounts were @ashleymadison.com and seem to have been generated by robots email@example.com, firstname.lastname@example.org ect.
Social engineering in dating services
Dating scams have been around for far longer than the internet. You can probably find evidence of them on cave paintings, but we’re not going back that far. We only have to go back to the 1980s to find a famous mail scam called Church of Love, which used fairly similar tactics to Ashley Madison. Utilizing the offline equivalent of emails, Church of Love founder, Donald S. Lowry, operated a snail mail scam that was beautiful in its simplicity. At one point, 31,000 men were convinced to join the make-shift congregation of parishioners looking for love in all the wrong places.
Donald Lowry’s lonely hearts club plan reached out to men in search of companionship using purchased mailing lists. He created personas of ‘dream women’ and, in an episode of This American Life called, “The Heart Wants What It Wants“, the subtle manipulations used by Lowry were talked about extensively.
The scheme operated for at least 13 years and, during the trial, 1987 federal auditors estimated the Lowry and the other defendants solicited more than $4.5 million from the men from 1982 through 1985 alone. It’s difficult for me not to draw parallels between that provocative pen pal club for only the lonely and the more recent Ashley Maddison hoopla.
I have no idea if anyone at Avid Life Media will, or should, be charged with fraud for running Ashley Madison. But going back to what McAfee said… What is it that people are really buying when they join a dating site or a lonely hearts club? I don’t know, but it does make you think.