Reports about the Ashley Madison breach are all over the news this week. I’ve rarely seen so much attention given to a data breach. What we know is far is that there are 37 million user records “in the wild” right now that contain personal information including credit card numbers, names, email addresses, and even sexual preferences. It’s intense.
What’s most interesting to me about this breach is that the hackers have gone to great lengths to protect their own identities. According to a BBC Report today, the hacktivist group known as Impact Team made sure they used encryption keys to sign the data. There is no digital footprint so far, although the same BBC report suggested that one of the hackers might have been a contractor.
What worries me most about a hack like this is that it just encourages more hackers to go after more legitimate companies. (Ashley Madison is intended for married people to find partners who are willing to have an affair or to brag about it -- or both.) Security experts keep telling me the main fallout won’t have anything to do with divorces or lawsuits; it will lead to a whole new round of loosely-related phishing scams.
You can imagine how this will work. Hackers will use the news about Ashley Madison to trick even more people into clicking an email that infects their computer. There will likely be even more ransomware ploys that involve stealing data and then promising to expose something if you don’t pay up. The problem with such a major breach like this is that it not only creates headlines, it creates copycats. I’m expecting to see more breaches that follow the “prescription for success” used here.
Here’s the worst part of all. Let’s say the Dark Web does get even darker -- more attacks, more breaches, more lawsuits. Just one quick check at Google News and you can see that this is a huge story. Other hackers have surely noticed. I can’t say much about whether Home Depot is a perfectly legitimate and ethically pure company, but compared to Ashley Madison, they seem like a ma and pa shop that sells lumber and gives you a pat on the back when you leave. Did they really deserve this?
As the Dark Web gets darker, it seems ever more likely that the U.S. Government will get involved and end up splitting the Internet into two channels. There will be the wild and unprotected side used for sites like AshleyMadison.com. This is where you will surf without thinking about the consequences. Then, there will be the “commercial” side where you visit a site like HomeDepot.com. Companies like Verizon will "sponsor" it. You’ll have an expectation of privacy on the commercial side. HomeDepot.com will have an expectation of protection against hacking. Perfect world, right?
The problem is that I’m a big proponent of entrepreneurship. I won’t comment on whether I think Ashley Madison is a legitimate business. When you take sides, you either end up sounding like a deadbeat loser or a pious more-righteous-than-thou Bible thumper. However, I do want to defend the rights of some random dude in Omaha who wants to sell smartphone cables. He won’t have a chance to compete on the “commercial” side of the Internet, so he’ll probably have to create a site on the unprotected second-tier channel, the one that is “free and open” for everyone. Good luck with that.
Is it fair? Is it even (shudder) moral? The commercial side will likely be well-funded, fast, reliable, government-sanctioned, and possibly heavily taxed. The free side will be like drinking water at the local cesspool. In the end, the free and open Internet is that way for a reason. It's not so you can cheat on your wife. Frankly, people will do that with or without the Internet. The "free and open" bit is intended to foster ideas. It's meant to level the playing field. It's meant to help that one guy in Omaha.
What do you think about this? Are hackers essentially paving the way for a Light Web? Is it even darker now? Is there a light at the end of this tunnel? Post in comments.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.