Wednesday, August 26, 2015

established men took a richly deserved christian louboutin in the ass...,


ibtimes | Yes, it is true. Ashley Madison was not hacked - the data was stolen by a woman operating on her own who worked for Avid Life Media. The reason that I am so late to the second act of the Ashley Madison affair is that, without a supercomputer, it has taken over a week to finish the analysis of the massive data dumps that the perpetrator has so generously provided us with.

A hacker is someone who uses a combination of high-tech cybertools and social engineering to gain illicit access to someone else's data. But this job was done by someone who already had the keys to the Kingdom. It was an inside job.

In my first IBTimes UK article about Act One of the Ashley Madison Affair, I alleged that the group of hackers claiming responsibility for the "hack" simply did not exist. I gleaned this information from reliable sources within the Dark Web – which have yet to fail me. I also claimed that it was the act of a single person. 

Any adept social engineer would have easily seen this from the wording in the first manifesto published by the alleged hacking group. I was one of the first practitioners of social engineering as a hacking technique and today it is my only tool of use, aside from a smartphone – in a purely white hat sort of way. But if you don't trust me, then ask any reasonably competent social engineer. 

Today, I can confidently claim that the single person is a woman, and has recently worked within Avid Life Media. I have provided IBTimes UK background information and pertinent elements of the woman's data dump to prove both my access to the data and also to confirm elements of my research, under the strict conditions that it is to be referenced and then destroyed. The data I provided included such delicate material as the decoded password hash tables of every Avid Life and Ashley Madison employee, which I have also now destroyed. 

How did I come to this conclusion? Very simply. I have spent my entire career in the analysis of cybersecurity breaches, and can recognise an inside job 100% of the time if given sufficient data - and 40GB is more than sufficient. I have also practiced social engineering since the word was first invented and I can very quickly identify gender if given enough emotionally charged words from an individual. The perpetrator's two manifestos provided that. In short, here is how I went about it.