Ashley Madison Hack: Many in Sensitive Positions Open to Extortion

Erik Bernstein crisis management, Crisis Prevention, Crisis Response, cyber security, cyber threats, data breach, reputation management Leave a Comment

Fallout from this case is evidence of dangers from others

As predicted, outed Ashley Madison users are being targeted for extortion. Although the reported cases thus far have been of a widespread spam-based attack, it would take very little digging for someone interested in a more personal attack to find targets.

Case in point, the discovery by AP reporters that hundreds of government employees were among subscribers to the site:

The AP traced many of the accounts exposed by hackers back to federal workers. They included at least two assistant U.S. attorneys; an information technology administrator in the Executive Office of the President; a division chief, an investigator and a trial attorney in the Justice Department; a government hacker at the Homeland Security Department and another DHS employee who indicated he worked on a U.S. counterterrorism response team.

Few actually paid for their services with their government email accounts. But AP traced their government Internet connections — logged by the website over five years — and reviewed their credit-card transactions to identify them. They included workers at more than two dozen Obama administration agencies, including the departments of State, Defense, Justice, Energy, Treasury, Transportation and Homeland Security. Others came from House or Senate computer networks.

If AP can do it to crack a story, criminals motivated by serious financial gain or enemy nation states motivated by gaining an advantage can certainly do the same, and we would be shocked if they aren’t already manuevering in an attempt to do so.

In addition, it’s all but guaranteed that others on the leaked lists include members in positions where they could do a great deal of harm. And, going further, it’s important to remember that signing up for Ashley Madison isn’t the only thing people do online they’d pay dearly to keep secret.

Doing your part educate employees on protocol to keep their private lives and work lives separated, and the consequences of failing to do so, is a must in these cases. Investing in that effort, along with preparing plans to enact should you be affected by such a situation, will help you mitigate as much damage as possible.

Erik & Jonathan Bernstein

Leave a Reply