The Ashley Madison Hack Is a Huge Deal; It’s Also Replete With Bogus Information
36 million users have had their account details published.
Barackhusseinobama@whitehouse.gov, email@example.com, firstname.lastname@example.org, and email@example.com: What do these email addresses have in common? They were all among those leaked by a group of hackers who infiltrated the dating website Ashley Madison. At the risk of stating the obvious, they obviously do not belong to the men whose names they use.
The full dump of user information belonging to Ashley Madison, which advertises itself as a discreet way to have an affair, contains some 36 million accounts, and the gleefully destructive corners of the Internet are now pouring over the database to identify and out public officials. The message board 4chan has compiled and published lists of emails in the dump that appear to belong to government employees. So far, lists of UK and Israeli government emails have been published on the site.
As the huge pile of data — the uncompressed file containing the dump is 9.7 gigabytes in compressed form — is sifted through, it is likely that we will see a flurry of stories about public individuals who were unwise enough to use profile information on the site allowing their real identities to be exposed. (One note: Ashley Madison did not require email addresses to be validated in order for them to be entered into its database, so the presence of an email address is not sufficient to confirm that a person used the site.)
Some U.S. government officials and members of the American military are likely to be among that group. According to a domain analysis carried out by a hacker who goes by the moniker t0x0, the dump includes just over 15,000 users with email addresses with a .gov or .mil domain. Large numbers of those addresses will likely be bogus, and all of the whitehouse.gov emails are all but certainly fakes. Most, if not all, White House staffers have email addresses with domain names specific to the offices in which they work.
Addresses with government domains are sure to be scrutinized in coming days, but as a portion of the total dump and the number of .gov and .mil addresses that exist in the world, they make up a fairly small portion of the 36 million leaked accounts.
But among that trove, there are likely to be some users within the government and armed forces who did use their professional address to sign up for the site. The most common domain among the .mil and .gov domains is us.army.mil with 6,788 entries. Second place is held by navy.mil, with 1,665 entries; usmc.mil comes in third, with 809. Other major agencies included in the dump include the State Department, whose domain includes 33 entries. The Department of Homeland Security has 45 entries. The U.S. Department of Veterans Affairs has 104 entries.
Some of the domains appear to specific U.S. bases or ships. The domain cvn74.navy.mil includes 32 entries. That domain belongs to the aircraft carrier USS John C. Stennis. Bases with large numbers of entries associated with their domain names include Tinker Air Force Base in Oklahoma.
It’s not just federal government emails that are included in the dump. The domain ky.gov, which redirects to kentucky.gov, includes 73 entries, the most of a single state-level domain. Other sub-federal domains to have email addresses in the dump include schools.nyc.gov, which belongs to New York City’s Department of Education and has 27 entries in the dump.
Avid Life Media, the owners of Ashley Madison, said in a statement that it has launched an investigation with forensic experts to determine “the origin, nature, and scope of this attack,” adding that the company is working with law enforcement in Canada and the United States, including the FBI. Carol Cratty, an FBI spokesperson, confirmed the FBI is investigating the breach but declined to provide any details on the probe.
The group responsible for the hack, which calls itself Impact Team, claimed in a statement accompanying the dump that they were acting out of indignation toward the site’s promotion of what the hackers see as immoral practices. “90-95% of actual users are male,” the group said in its manifesto. “Chances are your man signed up on the world’s biggest affair site, but never had one. He just tried to. If that distinction matters.”