Avid Life Media, the parent company of hacked extramarital affairs website Ashley Madison, has placed a bounty on its attackers’ heads. After hackers leaked troves of data about Ashley Madison’s users, Avid Life wants to figure out whodunnit. And it’s prepared to pay hundreds of thousands of dollars for information about the guilty party.
Here’s what you need to know about the Ashley Madison hack and the bounty:
What did hackers take from Ashley Madison and why?
The Ashley Madison hackers have posted personal information like e-mail addresses and account details from 32 million of the site’s members. The group has claimed two motivations: First, they’ve criticized Ashley Madison’s core mission of arranging affairs between married individuals. Second, they’ve attacked Ashley Madison’s business practices, in particular its requirement that users pay $19 for the privilege of deleting all their data from the site (but, as it turns out, not all data was scrubbed).
How money much is Avid Life Media offering for tips?
Ah, cutting to the chase. The sum is $500,000 for information leading to the capture of the perpetrator (or perpetrators). But Avid is a Canadian company, paying out the prize in Canadian dollars. In American greenbacks, that’s about $377,000.
When did the company announce the reward?
Toronto Police Services Superintendent Bryce Evans announced the bounty during a Monday press conference, saying: “Today I can confirm that Avid Life Media is offering a $500,000 reward to anyone providing information that leads to the identification, arrest, and prosecution of the person or persons responsible for the leak of the Ashley Madison database.”
So what do we know about the hackers so far?
We know the person or group calls itself “Impact Team,” which is new to the cybercriminal scene as far as anyone can tell, at least under that monicker. If anyone involved in the investigation has any clue about Impact Team’s true identity, then that information has yet to be publicly disclosed.
Any other leads?
Back in July when the company received its first threats, Avid Life Media CEO Noel Biderman said his team was closing in on the culprit, who he said he believed to be somebody who did contract work with the company.
“We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Biderman had told investigative cybersecurity reporter Brian Krebs. “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”
But Biderman seems to have dropped that narrative — we haven’t heard much in the way of that assertion since.
Has anyone else proposed any theories?
Oh yes. Earlier this week, antivirus software pioneer John McAfee, who has a reputation as a renegade in the security community, laid out his own conclusions, the result of his analysis of the dumped data and Impact Team manifestos. He believes the data was stolen by a former female employee.
Not everyone is convinced by McAfee’s analysis, though. A writer at Gizmodo, for instance, found it to be “subjective,” “offensive,” and “obscenely sexist.” You can read McAfee’s reasoning here.
Ouch. So that’s really all we have to go off of?
There’s another lead I haven’t mentioned. Dan Goodin over at Ars Technica has a good rundown. Basically, we know a few details about the server that was used to host the leaked file containing the emails of Biderman, the company’s CEO. It’s operated by a Dutch Internet service provider called Ecatel Ltd. As Goodin explains, for those with a technical bent:
The box seeding the torrent was located at 220.127.116.11. Police and private investigators working feverishly to identify the people who hacked Ashley Madison and published user profiles, transactions, credit-card data, and a wide range of other sensitive data will almost certainly try to perform a forensic analysis of the physical server. They undoubtedly will want to know how the server was accessed. If the hackers didn’t use Tor or a similar anonymity service, the investigators may be able to collect clues from the IP address used to log in to the box.
You may remember, that’s one of the same ways the FBI concluded that North Korea was behind the Sony hack.
Is there any hope of finding these hackers?
Maybe, but no one can say for sure. Lots of cybercriminals get away with plenty of bad stuff, especially if they’re located far outside the reaches of Western law enforcement. But other bounty programs have seen success, like Microsoft’s
takedown of the infamous Rustock spam email botnet. That came with a $250,000 prize.
Who should we contact when we’ve cracked the case?
This slide from the Toronto police’s presentation should answer that: