back to article Ashley Madison hacked potential competitor, leaked emails suggest

Ashley Madison ran a hack attack against a potential competitor three years ago, according to leaked emails. Hackers from the self-styled Impact Team leaked the email archive of Avid Life Media president and CEO Noel Biderman last week, days after separately releasing user database files and other material from the adultery- …

  1. Annihilator

    Pen test

    "Avid Life Media was approached with an offer to partner with Nerve.com in the weeks leading up to this exchange, according to other emails in Biderman's leaked archive."

    The response they've given elsewhere (Guardian - http://www.theguardian.com/technology/2015/aug/25/ashley-madison-discussed-hacking-competitor-site-nerve-com-emails) suggested that this was the case, and that effectively the "hack" was a pen test as part of a due dilligence. The 'other emails' kind of back this up.

    1. anothercynic Silver badge

      Re: Pen test

      If the pen test was not authorised by nerve.com, it's illegal. Simple.

      1. Annihilator

        Re: Pen test

        "If the pen test was not authorised by nerve.com, it's illegal. Simple."

        Implication is that it was authorised though. Could well be a steaming pile of PR though.

        This is the problem with taking emails and reporting them without context. It doesn't give full details of why they were doing it, whether they were allowed, what the outcome was...

        1. Anonymous Coward
          Anonymous Coward

          Re: Pen test

          >This is the problem with taking emails and reporting them without context. It doesn't give full details of why they were doing it, whether they were allowed, what the outcome was...

          No worries I am sure the authorities can get all the context they need.

          1. Anonymous Coward
            Anonymous Coward

            Re: Pen test

            "No worries I am sure the authorities can get all the context they need."

            Built on evidence obtained illegally? Yes, good luck with that.

            1. Yet Another Anonymous coward Silver badge

              Re: Pen test

              It's only a problem if the police obtain the evidence illegally.

              Somebody could trespass and report seeing a murder - the police wouldn't ignore the call because the person was on the property illegally.

            2. Pascal Monett Silver badge
              Coat

              Re: Built on evidence obtained illegally? Yes, good luck with that.

              The NSA is legal.

              We've been told that repeatedly.

              1. Yet Another Anonymous coward Silver badge

                Re: Built on evidence obtained illegally? Yes, good luck with that.

                The US does at least have laws requiring the NSA to be legal.

                In the UK there is no general ban on evidence obtained illegally.

          2. Anonymous Coward
            Anonymous Coward

            Re: Pen test

            Oh look the AM PR hack down voted me. Probably the thought of how that subpoena feels in their hand made them frown. Plenty of legal dirt to be found on these unethical ass clowns. And plenty of class action lawyers smell blood if nobody else.

        2. h4rm0ny

          Re: Pen test

          One of the other emails (given by Krebs' site) has the CEO emailing their CTO before a meeting with Nerve's executives asking "should I tell them about their security problems"? That may or may not be part of an approved pentest (doesn't rule it out, doesn't prove it), but it very strongly suggests that the CEO was regarding it as something other than a exploitative hack attempt of a competitor. Either it was an approved pen test as AM claim and their CEO was just wondering if the stuff was something that should be raised at that level (not being their area, they probably didn't have a good handle on seriousness / appropriateness of raising this stuff at that level); or else the CTO had just taken it upon themselves to go and have a poke around at a potential acquisitions IT sites to get a feel for their quality and the CEO was asking if that was a legitimate thing to bring up with them.

          I have to say that if your company might be entering into an association with another, I am not surprised if technical people within the company go over to the other site and have a look at the front door. Isn't the general attitude on this site historically that hackers who had a look at a site or software and found some flaws and then let the vendor know about it, good guys (white hats)? Has that suddenly changed for Ashley Madison? Seems so. Though as the OP writes, this is just from two emails, there could well be others that support what AM said that it was an approved pentest.

    2. Mark 85

      Re: Pen test

      So they pen tested nerve.com but didn't pen test themselves? This is humor at it's finest.

  2. Belardi

    Its like the owners of Ashley Madison are total dicks.

    Could be worse... they could be News Corp.

  3. BasicChimpTheory

    "Hackers from the self-styled Impact Team"

    Should they have gotten a consultant in?

  4. BigAndos

    They really do sound like a thoroughly horrid company!

    1. Anonymous Coward
      Anonymous Coward

      They really do sound like a thoroughly horrid company!

      Those who live by the pork sword...

      1. I ain't Spartacus Gold badge
        Coat

        Die! By the Pork Sword of Boromir!

        Oh sorry, cultural references clash there I think. Mine was probably from a more specialist source, for the discerning gentleman only.

        I'll get my cloak...

  5. Dadmin

    FACT: Noel IS a douchebag AND and idiot

    "They did a very lousy job building their platform. I got their entire user base,"

    That sums it up very nicely. Bravo, whoever hacked this crap-excuse for a social media web app!

    I heard this dickhead on a talk show a few years back and found him a creep and a possible douchebag. I stand corrected; he is indeed a real-life douchebag and full-time idiot. Let me explain...

    Dear Ashley Maddison Hack,

    I think I'm falling in love with you! I am completely serious and hope you do not take offense until after you hear me out. At first I thought; oh, very good, haha on the cheaters who thought they could go online and remain private FOREVER. No, that was awesome, but it gets SO much better, Dear. No, think of the bravado of the management team who blindly disregard even basic webapp security and go full steam ahead with anything that brings in more idiots users, piss on the security we're MANAGERS for crapping out loud! And what sysadmin in his right mind would stick around at this high-tech brothel for the impending doom that is your hack-crap! No, it gets better still. I am endlessly entertained by any new news items about you, and I soak them up like a dry sponge on a hot beach, Dearest! Holy crap it's a circus of EPIC proportions and it's continuing far beyond the old-style hacks of Target and Home Depot. No, Sweetbaby Hack, you are SPECIAL and never, NEVER, EVER let anyone tell you different. Now, get back out there and make a fool of everyone you touch! I LOVE YOU!!1!

    Your new boyfriend,

    -Dadmin McTVnerd of Clan "Original UK Office not that shite remake series of turds in suits"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like