Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Privacy Security The Internet

SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge (krebsonsecurity.com) 28

In July 2015, the marital infidelity website AshleyMadison.com was hacked by a group called the Impact Team, threatening to release data on all 37 million users unless the site shut down. In an article published earlier today, security researcher Brian Krebs explores the possible involvement of a former employee and self-describe expert in search engine optimization (SEO), William Brewster Harrison, who had a history of harassment towards then-CEO Noel Biderman and may have had the technical skills to carry out the hack. However, Harrison committed suicide in 2014, raising doubts about his role in the breach. Here's an excerpt from the report: [...] Does Harrison's untimely death rule him out as a suspect, as his stepmom suggested? This remains an open question. In a parting email to Biderman in late 2012, Harrison signed his real name and said he was leaving, but not going away. "So good luck, I'm sure we'll talk again soon, but for now, I've got better things in the oven," Harrison wrote. "Just remember I outsmarted you last time and I will outsmart you and out maneuver you this time too, by keeping myself far far away from the action and just enjoying the sideline view, cheering for the opposition." Nothing in the leaked Biderman emails suggests that Ashley Madison did much to revamp the security of its computer systems in the wake of Harrison's departure and subsequent campaign of harassment -- apart from removing an administrator account of his a year after he'd already left the company.

KrebsOnSecurity found nothing in Harrison's extensive domain history suggesting he had any real malicious hacking skills. But given the clientele that typically employed his skills -- the adult entertainment industry -- it seems likely Harrison was at least conversant in the dark arts of "Black SEO," which involves using underhanded or else downright illegal methods to game search engine results. Armed with such experience, it would not have been difficult for Harrison to have worked out a way to maintain access to working administrator accounts at Ashley Madison. If that in fact did happen, it would have been trivial for him to sell or give those credentials to someone else. Or to something else. Like Nazi groups. As KrebsOnSecurity reported last year, in the six months leading up to the July 2015 hack, Ashley Madison and Biderman became a frequent subject of derision across multiple neo-Nazi websites.

Some readers have suggested that the data leaked by the Impact Team could have originally been stolen by Harrison. But that timeline does not add up given what we know about the hack. For one thing, the financial transaction records leaked from Ashley Madison show charges up until mid-2015. Also, the final message in the archive of Biderman's stolen emails was dated July 7, 2015 -- almost two weeks before the Impact Team would announce their hack. Whoever hacked Ashley Madison clearly wanted to disrupt the company as a business, and disgrace its CEO as the endgame. The Impact Team's intrusion struck just as Ashley Madison's parent was preparing go public with an initial public offering (IPO) for investors. Also, the hackers stated that while they stole all employee emails, they were only interested in leaking Biderman's. Also, the Impact Team had to know that ALM would never comply with their demands to dismantle Ashley Madison and Established Men. In 2014, ALM reported revenues of $115 million. There was little chance the company was going to shut down some of its biggest money machines. Hence, it appears the Impact Team's goal all along was to create prodigious amounts of drama and tension by announcing the hack of a major cheating website, and then let that drama play out over the next few months as millions of exposed Ashley Madison users freaked out and became the targets of extortion attacks and public shaming.

After the Impact Team released Biderman's email archives, several media outlets pounced on salacious exchanges in those messages as supposed proof he had carried on multiple affairs. Biderman resigned as CEO of Ashley Madison on Aug. 28, 2015. Complicating things further, it appears more than one malicious party may have gained access to Ashley's Madison's network in 2015 or possibly earlier. Cyber intelligence firm Intel 471 recorded a series of posts by a user with the handle "Brutium" on the Russian-language cybercrime forum Antichat between 2014 and 2016. Brutium routinely advertised the sale of large, hacked databases, and on Jan. 24, 2015, this user posted a thread offering to sell data on 32 million Ashley Madison users. However, there is no indication whether anyone purchased the information. Brutium's profile has since been removed from the Antichat forum.
Note: This is Part II of a story published last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.
This discussion has been archived. No new comments can be posted.

SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge

Comments Filter:
  • Supposition much? (Score:2, Insightful)

    by DaFallus ( 805248 )

    But given the clientele that typically employed his skills -- the adult entertainment industry -- it seems likely Harrison was at least conversant in the dark arts of "Black SEO," which involves using underhanded or else downright illegal methods to game search engine results. Armed with such experience, it would not have been difficult for Harrison to have worked out a way to maintain access to working administrator accounts at Ashley Madison.

    Was this written by the person who came up with the DARE progr

    • by narcc ( 412956 ) on Thursday July 13, 2023 @11:32PM (#63684479) Journal

      That's pretty standand. SEO is snake oil, so that kind of nonsense isn't uncommon. That boiler room outfit that sent you an unsolicited email doesn't have inside information about Google's continually changing algorithms and they can't make your turn-key drop shipping retail site rank higher than Amazon, no matter how "optimized" your meta tags are or how many keywords you stuff into increasingly awkward copy.

      If you really want to flip the script and learn the SEO secret that will make Google work to optimize their search algorithms for your site, keep reading:

      Just provide unique relevant content. That's all it really takes. This is exactly what search engines are trying to provide, after all. I have quite a few pages that have lingered in the top 3 results for relevant queries for years, without trying, just because no one else was writing about the subjects those pages cover. That naturally leads to lots of of other pages linking to my pages, boosting my other content.

      • Or provide a lot of barely legible, almost-but-not-quite relevant content. That seems to make to the top of most Google search results these days.

    • by sosume ( 680416 ) on Friday July 14, 2023 @01:15AM (#63684595) Journal

      I chuckled at the "downright illegal SEO" part.

    • Armed with such experience, it would not have been difficult for Harrison to have worked out a way to maintain access to working administrator accounts

      Whoa there, that is an olympic quality jump from knowing how to put keywords in HTML where Google can see them better, to suddenly being a master hacker who can maintain admin access to any system against the wishes of the real admins!

      Why would that person ever have had admin access to disable anyway? The need to push his forbidden black-belt SEO optimizati

    • Was going to call that out... Yeah, that immediately made me flag the article as questionable.

  • by dskoll ( 99328 ) on Thursday July 13, 2023 @09:30PM (#63684331) Homepage

    I'm just intrigued that Ashley Madison felt it needed SEO. Are there other cheat-on-your-partner sites out there? (I suppose there must be.)

    They probably got more publicity from the hack than anything else, and I bet it was a net win for them after the dust settled.

    • by keltor ( 99721 ) *
      SEO is similar to radio circuit design in that it's very strange basically black magic. Like it sometimes seem simple, but then suddenly they do stuff that makes no sense. Why are you buying beer brand keywords on Tuesday Afternoons to sell Tea?? (But then they 1000x increase sales during that three hour period.) My wife does this stuff (now assisted with lots of ML) and it doesn't seem sensible more often that.
    • by mjwx ( 966435 )

      I'm just intrigued that Ashley Madison felt it needed SEO. Are there other cheat-on-your-partner sites out there? (I suppose there must be.)

      They probably got more publicity from the hack than anything else, and I bet it was a net win for them after the dust settled.

      AM is not the only site expressly targeted at the unfaithful... They're facing some stiff competition from the likes of Tinder, not to mention lesser known brands seeking to suck up their customers.

      The thing about targeting people who are looking to cheat... well loyalty clearly isn't their thing.

  • by msauve ( 701917 )
    It's supposed to be a summary, not the Cliff's Notes version.
  • The phrase "marital infidelity website" sounds like throwing shade until you think about it for a moment and realize that is the most apt description for the website.
  • by AlanObject ( 3603453 ) on Friday July 14, 2023 @12:21AM (#63684535)

    This thing is still around?

    I never got the point of it in the first place. Why would I want to sign on to a social media platform where obviously 95% of the other users were deluded horny men who never seemed to realize that the other 5% were a) paid models, b) shills with stock photos, or c) legit female looking for payday more than a great time in bed.

    If I were wanting to hook up, illicitly or not, that is about the last place I would want to go.

    On top of that: yes I know that being horny makes guys real dumb but what would make you not expect to be outed as someone who wants to cheat? That's like really asking for it.

    • by _merlin ( 160982 ) on Friday July 14, 2023 @02:10AM (#63684699) Homepage Journal

      I dunno, I created an account on it for lulz, because I thought there would be good trolling opportunities. It ended up being full of two kinds of women: wannabe sugar babies looking for a guy who'll pay them to keep quiet, and women who felt trapped in loveless marriages and just wanted some attention. The latter group you just end up feeling sorry for. I bet a lot of them don't end up ever actually having affairs at all.

      I did get one of the scam e-mails telling me they'd e-mail my wife if I didn't send them bitcoin. Joke's on them - my wife already knew about the account. The never told her anyway, probably didn't even know her e-mail address.

      • The sugar babies you ran into might've been the real women, it turned out that nearly all the women on the site were fakes/bots, who may have been those women trapped in loveless marriages...

      • The[y ...] probably didn't even know her e-mail address.

        Well, assuming you weren't an utter moron when you set up your account (and the email address it was linked to), how the fsck would they be able to find out?

        It's not as if you let your wife access your account on the family computers, is it. Let alone your Work account on your Work computers, Or your personal account on a personal computer that you kept in your document safe at Work.

        • by _merlin ( 160982 )

          Well, assuming you weren't an utter moron when you set up your account (and the email address it was linked to), how the fsck would they be able to find out?

          Yeah, my real-world identity wasn't obvious from my AM profile - I'm not that dumb. They found a bunch of famous and semi-famous people in the data leak though who'd leaked enough details to out themselves. For example they found Jim Bob Duggar (from the TLC show 19 Kids and Counting), didn't they?

          It's not as if you let your wife access your account o

          • For example they found Jim Bob Duggar (from the TLC show 19 Kids and Counting), didn't they?

            I never paid any attention to the actual leaks, since my interest in penises going into holes doesn't extend beyond the end of my own anatomy.

            because their spouse/partner snoops on their smartphone and personal computer(s).

            Now there is a relationship based on utter trust. Destined to never break up. If you've got a spouse like that, and a relationship like that, and your ITSec isn't a lot better than your spouse's,

    • by necro81 ( 917438 ) on Friday July 14, 2023 @06:58AM (#63685127) Journal

      Why would I want to sign on to a social media platform where obviously 95% of the other users were deluded horny men who never seemed to realize that the other 5% were a) paid models, b) shills with stock photos, or c) legit female looking for payday more than a great time in bed.

      As usual, the Simpsons nailed it [youtube.com]

      • legit female looking for payday more than a great time in bed.

        So you get one, she gets another. If only they had a name for that transaction...

        "A whore should be judged by the same criteria as other, professionals offering services for pay--such as dentists, lawyers, hairdressers, physicians, plumbers, etc. Is she professionally competent? Does she give good measure? Is she honest with her clients? It is possible that the percentage of honest and competent whores is higher than that of plumbers and much higher than that of lawyers. And enormously higher than that of p

    • "I'm married and I would like to have sex with somebody else" is about as honest an opener as I can imagine. No wasting time on the idea that the other party will bail if they hear you're attached. It's arguably the most honest dating site out there.

      Everything you say is true... but it's a valid use case.

  • Or slander them.

    Convenient, that. Otherwise this would never have got past Legal.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...