La filtración de Ashley Madison ha sido un trabajo «desde dentro» y hecho por una mujer, según John McAfee


El caso de la revelación de los datos del sitio web de citas Ashley Madison de la compañía canadiense Avid Life Media no cesa de dar titulares, y está siendo uno de los episodios más representativos de los nuevos peligros, amenazas e incertidumbres éticas y legales que afectan a nuestra sociedad digital. El sitio web que fue hacheado hace ya un mes por un grupo criminal llamado “The Impact Team”, que ha revelado más de 10 GB de información confidencial de la empresa, incluyendo la parte más sensible: las cuentas de los usuarios incluyendo sus direcciones de correo electrónico, datos de sus tarjetas de crédito e incluso de los pagos realizados que certifican el uso de distintos servicios. En las últimas horas, usuarios de California, Texas y otros estados de EEUU han interpuesto demandas colectivas contra el sitio web alegando negligencia, incumplimiento de contrato y violación de la privacidad. Paralelamente, según la Policía de Toronto, la compañía Avid Life Media ha ofrecido 380.000 dólares de recompensa para quien ofrezca información que lleve a la detención de los autores de la filtración de su información que, según el legendario experto en seguridad John McAfee ha sido un trabajo hecho “desde dentro” y, lo más curioso, asegura que ha sido realizado o liderado por una mujer.

Según el experto en seguridad fundador del desarrollador de antivirus que lleva su nombre, “por los datos que han sido revelados, está claro que el autor tenía un conocimiento íntimo del conjunto de tecnologías de la compañía”, ha escrito McAfee. Como en otros grandes ataques como el sufrido por Sony hace unos meses, el análisis revela que fueron con toda probabilidad realizados por un empleado o ex empleado con un gran acceso a los ordenadores de la empresa y que usa la filtración de información como venganza o por su propio beneficio.

Ashley Madison mujer 2

La venganza de una mujer, según McAfee

Sin embargo, lo más controvertido del análisis de McAfee es que el experto asegura que detrás de “The Impact Team” seguramente se encuentra una única empleada y cree que es una mujer basándose en el análisis de ingeniería social. Según McAfee, el hecho de referirse a los hombres como “cabronazos” (scumbags) en el comunicado inicial, una palabra que sólo usan mujeres para referirse a los hombres, y las referencias al día de San Valentín, señalan inequívocamente que el manifiesto the los autores de la filtración ha sido redactado por una mujer.

Por otro lado, al nombrar a uno de los ejemplos que se desvelan en el primer manifiesto de Impact Team, se dice que el usuario “pago por Ashley Madison maliciosamente el día después del Dia de San Valentin”, una referencia que según McAfee apunta a una mujer, ya que cree que para las mujeres éste suele ser un día muy señalado, mientras que es algo en lo que los hombres raramente piensan. “Llamar malicioso a un acto (abrir su cuenta en el site para citas) el día después de San Valentín es un pensamiento que entraría en pocas mentes masculinas. Si esto no te convence (de que el autor del manifiesto es una mujer) necesitas salir de casa más a menudo”.

El comunicado (en inglés) puede encontrarse en distintos enlaces en Internet y dice así:

Avid Life Media runs Ashley Madison, the internet's #1 cheating site, for people who are married or in a relationship to have an affair. ALM also runs Established Men, a prostitution/human trafficking website for rich men to pay for sex, as well as cougar life, a dating website for cougars, man crunch, a site for gay dating, swappernet for swingers, and the big and the beautiful, for overweight dating.
Trevor, ALM's CTO once said "Protection of personal information" was his biggest "critical success factors" and "I would hate to see our systems hacked and/or the leak of personal information"
Well Trevor, welcome to your worst fucking nightmare.
We are the Impact Team. We have hacked them completely, taking over their entire office and production domains and thousands of systems, and over the past few years have taken all customer information databases, complete source code repositories, financial records, documentation, and emails, as we prove here. And it was easy. For a company whose main promise is secrecy, it's like you didn't even try, like you thought you had never pissed anyone off.
Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers' secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.
So far, ALM has not complied.
First, we expose that ALM management is bullshit and has made millions of dollars from complete 100% fraud. Example:
-Ashley Madison advertises "Full Delete" to "remove all traces of your usage for only $19.00"
-It specifically promises "Removal of site usage history and personally identifiable information from the site"
-Full Delete netted ALM $1.7mm in revenue in 2014. It's also a complete lie.
-Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.
-Other very embarrassing personal information also remains, including sexual fantasies and more
-We have all such records and are releasing them as Ashley Madison remains online.
Avid Life Media will be liable for fraud and extreme personal and professional harm from millions of their users unless Ashley Madison and Established Men are permanently placed offline immediately.
Our one apology is to Mark Steele (Director of Security). You did everything you could, but nothing you could have done could have stopped this.
This is your last warning,
Impact Team
We are not opportunistic skids with DDoS or SQLi scanners or defacements. We are dedicated, focused, skilled, and we're never going away. If you profit off the pain of others, whatever it takes, we will completely own you.
For our first release, and to prove we have done all we claim, we are listing *one* Ashley Madison credit card transaction for each day for the past 7 years, complete with customer name and address (oneperday.txt) and associated profile information (oneperday_am_am_member.txt and oneperday_aminno_member.txt, selected rows from our complete dump of the AM databases). We are also releasing a hash dump and zone file for both domains, select documents from your file servers, executives' google drives, and emails, and the Ashley Madison source code repository. Also, since Ashley Madison stopped using plaintext passwords, we're also releasing the swappernet user table, which still has plaintext passwords:!f4smmDCa!YM7eJE2uxDvjGhxPERYk5tgBgeRyZoEYc9d0JMFUCP0
1 example from this dump: "PERNELL GRAZETTE", with profile ID 23288650, who spitefully paid for Ashley Madison the day after valentine's day in 2014, lives at 10 charlotte st. Brockton, MA in the US, with email UPFRONT73@AOL.COM. He is not only married/attached, but is open to a list of fantasies from Ashley Madison's list: |29|44|39|37|7|, a.k.a. "Cuddling & Hugging", "Likes to Go Slow", "Kissing", and "Conventional Sex". He's looking for 'A woman who seeks the same things I seek: passion and affection. If you have such desires then we will get alone just fine','|54|11|9|' which means "Good Communicator", "Discretion/Secrecy", and "Average Sex Drive". He also says "I have only two personal interests on this site. Making sure that You are comfortable with me should I be so fortunate to hold your attention and making sure I take the role of discretion to an artform. I mean isn't this why we are here, to be as discreet as possible?"  From the login table, we know his user ID is 'Heavy73' and password hash is '$2a$12$ndvz/F.EXyJKRYkrErX/w.EDgzF7cNkJcQvNeDGQylEMHRw2COLZO'.
As another, profile ID 48040 is listed as a "paid delete", which means a few of his profile text boxes are gone, but from purchase records we know it is "RICKIE RAMRATTAN" from "5499 Cosmic Crescent" "Mississauga","ON" "L4Z3P8" whose fantasies are |7|40|17|34|33|37|38|48|36|42|43|50|44|32|39|29|49|18|, which includes "Likes to Give Oral Sex", "Likes to Receive Oral Sex", "Light Kinky Fun", "Role Playing", "Erotic Tickling", "Erotic Movies", "Good With Your Hands", "Sensual Massage", and "Dressing Up/Lingerie" among others. You must be glad you paid for your profile to be deleted, huh?
Too bad for those men, they're cheating dirtbags and deserve no such discretion. Too bad for ALM, you promised secrecy but didn't deliver. We've got the complete set of profiles in our DB dumps, and we'll release them soon if Ashley Madison stays online.
And with over 37 million members, mostly from the US and Canada, a significant percentage of the population is about to have a very bad day, including many rich and powerful people.
Well, Noel? Trevor? Rizwan? What's it going to be?


About Author

Periodista especializado con más de 18 años de experiencia en tecnología. He sido director de publicaciones como Macworld (dedicada al mundo Apple) o TechStyle (dedicada a electrónica de consumo) y después he trabajado con como responsable de desarrollo de producto. Actualmente trabajo como Chief Content Officer en GlobbTV.

Leave A Reply