Daily Archives: July 7, 2023

Top Suspect in 2015 Ashley Madison Hack Committed Suicide in 2014

Posted on by

When the marital infidelity website AshleyMadison.com learned in July 2015 that hackers were threatening to publish data stolen from 37 million users, the company’s then-CEO Noel Biderman was quick to point the finger at an unnamed former contractor. But as a new documentary series on Hulu reveals [SPOILER ALERT!], there was just one problem with that theory: Their top suspect had killed himself more than a year before the hackers began publishing stolen user data.

The new documentary, The Ashley Madison Affair, begins airing today on Hulu in the United States and on Disney+ in the United Kingdom. The series features interviews with security experts and journalists, Ashley Madison executives, victims of the breach and jilted spouses.

The series also touches on shocking new details unearthed by KrebsOnSecurity and Jeremy Bullock, a data scientist who worked with the show’s producers at the Warner Bros. production company Wall to Wall Media. Bullock had spent many hours poring over the hundreds of thousands of emails that the Ashley Madison hackers stole from Biderman and published online in 2015.

Wall to Wall reached out in July 2022 about collaborating with Bullock after KrebsOnSecurity published A Retrospective on the 2015 Ashley Madison Breach. That piece explored how Biderman — who is Jewish — had become the target of concerted harassment campaigns by anti-Semitic and far-right groups online in the months leading up to the hack.

Whoever hacked Ashley Madison had access to all employee emails, but they only released Biderman’s messages — three years worth. Apropos of my retrospective report, Bullock found that a great many messages in Biderman’s inbox were belligerent and anti-Semitic messages from a former Ashley Madison employee named William Brewster Harrison.

William Harrison’s employment contract with Ashley Madison parent Avid Life Media.

The messages show that Harrison was hired in March 2010 to help promote Ashley Madison online, but the messages also reveal Harrison was heavily involved in helping to create and cultivate phony female accounts on the service.

There is evidence to suggest that in 2010 Harrison was directed to harass the owner of Ashleymadisonsucks.com into closing the site or selling the domain to Ashley Madison.

Ashley Madison’s parent company — Toronto-based Avid Life Media — filed a trademark infringement complaint in 2010 that succeeded in revealing a man named Dennis Bradshaw as the owner. But after being informed that Bradshaw was not subject to Canadian trademark laws, Avid Life offered to buy AshleyMadisonSucks.com for $10,000.

When Bradshaw refused to sell the domain, he and his then-girlfriend were subject to an unrelenting campaign of online harassment and blackmail. It now appears those attacks were perpetrated by Harrison, who sent emails from different accounts at the free email service Vistomail pretending to be Bradshaw, his then-girlfriend and their friends.

[As the documentary points out, the domain AshleyMadisonSucks.com was eventually transferred to Ashley Madison, which then shrewdly used it for advertising and to help debunk theories about why its service was supposedly untrustworthy].

Harrison even went after Bradshaw’s lawyer and wife, listing them both on a website he created called Contact-a-CEO[.]com, which Harrison used to besmirch the name of major companies — including several past employers — all entities he believed had slighted him or his family in some way. The site also claimed to include the names, addresses and phone numbers of top CEOs.

A cached copy of Harrison’s website, contact-the-ceo.com.

An exhaustive analysis of domains registered to the various Vistomail pseudonyms used by Harrison show he also ran Bash-a-Business[.]com, which Harrison dedicated to “all those sorry ass corporate executives out there profiting from your hard work, organs, lives, ideas, intelligence, and wallets.” Copies of the site at archive.org show it was the work of someone calling themselves “The Chaos Creator.”

Will Harrison was terminated as an Ashley Madison in November 2011, and by early 2012 he’d turned his considerable harassment skills squarely against the company. Ashley Madison’s long-suspected army of fake female accounts came to the fore in August 2012 after the former sex worker turned activist and blogger Maggie McNeill published screenshots apparently taken from Ashley Madison’s internal systems suggesting that a large percentage of the female accounts on the service were computer-operated bots.

Ashley Madison’s executives understood that only a handful of employees at the time would have had access to the systems needed to produce the screenshots McNeill published online. In one exchange on Aug. 16, 2012, Ashley Madison’s director of IT was asked to produce a list of all company employees with all-powerful administrator access.

“Who or what is asdfdfsda@asdf.com?,” Biderman asked, after being sent a list of nine email addresses.

“It appears to be the email address Will used for his profiles,” the IT director replied.

“And his access was never shut off until today?,” asked the company’s general counsel Mike Daks.

A Biderman email from 2012.

What prompted the data scientist Bullock to reach out were gobs of anti-Semitic diatribes from Harrison, who had taken to labeling Biderman and others “greedy Jew bastards.”

“So good luck, I’m sure we’ll talk again soon, but for now, Ive got better things in the oven,” Harrison wrote to Biderman after his employment contract with Ashley Madison was terminated. “Just remember I outsmarted you last time and I will outsmart and out maneuver you this time too, by keeping myself far far away from the action and just enjoying the sideline view, cheering for the opposition.”

A 2012 email from William Harrison to former Ashley Madison CEO Noel Biderman.

Harrison signed his threatening missive with the salutation, “We are legion,” suggesting that whatever comeuppance he had in store for Ashley Madison would come from a variety of directions and anonymous hackers.

The leaked Biderman emails show that Harrison made good on his threats, and that in the months that followed Harrison began targeting Biderman and other Ashley Madison executives with menacing anonymous emails and spoofed phone calls laced with profanity and anti-Semitic language.

But on Mar. 5, 2014, Harrison committed suicide by shooting himself in the head with a handgun. This fact was apparently unknown to Biderman and other Ashley Madison executives more than a year later when their July 2015 hack was first revealed.

Does Harrison’s untimely suicide rule him out as a suspect in the 2015 hack? Who is The Chaos Creator, and what else transpired between Harrison and Ashley Madison prior to his death? We’ll explore these questions in Part II of this story, to be published early next week.

from Krebs on Security https://ift.tt/6pNLBP3
via IFTTT

I2P una excelente alternativa a Tor

Posted on by

 

i2p

I2P es una red anónima P2P que protege de la censura, la vigilancia y el monitoreo en línea.

Si eres de aquellos que buscan el anonimato en la red y Tor no te termina de convencer, dejame decirte que I2P puede que sea la opción que estés buscando.

Invisible Internet Project o mejor conocido como I2P, es una «capa de red privada totalmente encriptada» y al igual que Tor, I2P brinda la opción para que los usuarios en línea accedan a internet de forma anónima.

Gracias a esta promesa de anonimato, los usuarios de I2P pueden participar en actividades en línea con protección integrada contra posibles malhechores, como los ciberdelincuentes. Sin embargo, cabe mencionar que I2P no es equivalente a Tor.

Ya que como muchos sabrán Tor implica el uso de capas de cifrado, mientras que por su parte I2P utiliza el enrutamiento «garlic». En este caso, los mensajes se agrupan dentro de un paquete de datos, como un diente de ajo. Mientras que el método de capas de Tor permite que los observadores externos adivinen el tiempo de los mensajes, el método de I2P no lo hace.

Sobre I2P

I2P tiene una capacidad limitada para brindar acceso a la información web superficial. En cambio, sus beneficios radican en la capacidad de la red para crear sitios solo para la Dark Web, es decir, sitios que solo están disponibles si se está conectado a I2P. Estos se llaman eepsites, que son comparables a los sitios de Tor. Por ejemplo, un eepsite en I2P permitiría a un usuario hacer cosas como enviar mensajes seguros u ocultar su geolocalización a los usuarios de Internet externos.

La red está construida en modo P2P y se forma gracias a los recursos (ancho de banda) proporcionados por los usuarios de la red, lo que permite prescindir del uso de servidores controlados centralmente (las comunicaciones dentro de la red se basan en el uso de túneles unidireccionales encriptados entre el participante y los compañeros).

En la red I2P, puede crear sitios web y blogs de forma anónima, enviar mensajes instantáneos y correos electrónicos, intercambiar archivos y organizar redes P2P.

Para construir y utilizar redes anónimas para aplicaciones cliente-servidor (sitios web, chats) y P2P (intercambio de archivos, criptomonedas), se utilizan clientes I2P.

Cabe mencionar que hace poco I2P recibió su nueva versión 2.3.0 junto con el cliente C++ i2pd 2.48.0. La nueva versión resuelve una vulnerabilidad (CVE-2023-36325) que podría usarse para determinar el enrutador a través del cual se conecta un usuario de interés. La vulnerabilidad se origina por un error en la implementación de la estructura de almacenamiento » bloom filter»», utilizado para filtrar mensajes con ID de mensaje duplicados.

El problema es que se usó un filtro Bloom común para los clientes y el enrutador mismo, lo que permitió al atacante enviar un mensaje I2NP con formato especial al usuario con un ID de mensaje único y luego enviar el mismo mensaje directamente al enrutador y, en función de su reacción, determine si un mensaje con el identificador dado pasó a través de él antes (si el mensaje pasó, entonces su identificador ya está ingresado en el filtro Bloom y el enrutador lo descartará inmediatamente debido a la inadmisibilidad de duplicados). Se menciona que el problema se resuelve separando los filtros Bloom para los túneles del enrutador y del cliente.

De los demas cambios en la nueva versión incluyen:

  • Búsqueda optimizada en netDb y limitación de la intensidad de envío de paquetes (rate-limit).
  • Comportamiento mejorado de los enrutadores que operan en modo de inundación.
  • Se agregó un proveedor I2P predeterminado adicional: not_bob .
  • Se ha proporcionado la capacidad de establecer la vida útil máxima de las entradas en la lista negra de direcciones IP bloqueadas.
  • Se agregó una API para cambiar la GUI de DTG de los complementos (por ejemplo, puede agregar elementos al menú del subprograma para la bandeja del sistema)

Finalmente si estás interesado en poder conocer más al respecto, debes saber que el cliente I2P básico está escrito en Java y puede ejecutarse en una amplia gama de plataformas, como Windows, Linux, macOS, Solaris, etc.

Puedes consultar los detalles asi como obtener los paquetes de instalación desde el siguiente enlace.

from Linux Adictos https://ift.tt/nG4IafX
via IFTTT