Ashley Madison hacked: A case of digital Robin Hood?
In the world of hacking, there are good guys and there are bad guys. They both steal information, but the good guys 鈥 the 鈥渨hite hats鈥 鈥 will do it to help pinpoint sites鈥 vulnerabilities so companies can reinforce weak spots. The bad guys 鈥 鈥渂lack hats鈥 鈥 take information to use for their own personal gain.
Is the Ashley Madison hack a case of moral vigilantism 鈥 a sort of white hat hack 鈥 or something else?
Experts say the ethical ambiguities around this hack place it in a different realm.
Ashley Madison, the paid, online service that connects people looking to cheat on their spouses, was hacked, and the thieves stole the names and other information about its 37 million users, 听
The hackers, who identified themselves as The Impact Team, criticized the site鈥檚 owner Avid Life Media (ALM) for continuing to store user data after an account is deleted, and called the users themselves 鈥渃heating dirtbags.鈥 The Impact Team published stolen information from users鈥 accounts and about the site鈥檚 server and finances, threatening to release more data, 鈥渋ncluding profiles with all the customers鈥 secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails,鈥 if ALM did not permanently shut down Ashley Madison and another dating site it owns, Established Men.
ALM chief executive Noel Biderman told KrebsonSecurity late Sunday night that the company was working to take down the information. Regardless of opinions on the morality of the site, he said, the information was still protected under property law.
鈥淲e鈥檙e not denying this happened,鈥 Mr. Biderman said. 鈥淟ike us or not, this is still a criminal act.鈥
Stressing the illegality of the hack, Paul Williams, chief technology officer of security consulting company White Badger Group, says neither hacker hat metaphor is wholly appropriate for committing an "ugly"听act for a good reason.
鈥淭his one is more like 鈥榟acktivism鈥 to me,鈥 Mr. Williams says. 鈥淚t is definitely black hat, but it鈥檚 like Robin Hood robbing from the rich to give to the poor. In this case, these guys are doing a very ugly hack that鈥檚 blatantly against the law, but in the name of doing something good. So it鈥檚 kind of like a crossover of hacktivism and, of course, black hat.鈥
D.E. Wittkower, assistant professor of philosophy at Old Dominion University whose research involves the legal invocation of property rights to protect privacy, adds that since The Impact Team鈥檚 motivation is about morality 鈥 not aiding the company in boosting security or promoting criminal activity 鈥 even the more ambiguous 鈥済ray hat鈥 label听does not fit quite right.
Instead, he says he favors ALM鈥檚 claim that the hack is an act of 鈥渃yber-terrorism.鈥 The term, he says, 鈥渋n some sense, seems way overblown, but as a factual description I think might be pretty accurate, because what they鈥檙e trying to do is to utilize fear in order to bring about a change in company policy.鈥
鈥淚n this case, they want to stop the offering of these products,鈥 Mr. Wittkower says. 鈥淚t鈥檚 not a war against the company. They actually specifically identified a variety of properties and said, 鈥榯hese two should be shut down; the rest can stay up.鈥 So there鈥檚 a very specific political aim that seemed to be based in a moral judgment about those properties. They didn鈥檛 have an issue about the gay dating site. It was the adultery site.鈥
ALM said in a statement Monday morning an investigation had been launched into the breach, but Williams says it is unlikely the 鈥渂rains鈥 will be caught or punished since 鈥渢he Internet doesn鈥檛 really support investigation too well.鈥
Ashley Madison in an email last year 鈥渢he last truly secure space on the Internet,鈥 but apparently has been aware of the catastrophic implications of a security breach. KrebsonSecurity reported that ALM chief technology officer Trevor Stokes, asked what he would 鈥渉ate鈥 to see go wrong, said in one of the leaked documents, 鈥淚 would hate to see our systems hacked and/or the leak of personal information.鈥
The Wall Street Journal presaged the hack in May, after the dating site AdultFriendFinder suffered a similar breach. In a report called potential ALM investors were urged to take the AdultFriendFinder hack as a warning of the risks associated with a security violation.
