Featured

The Ashley Madison Hack Explained

A few years back, there was a cyber-attack which became well-known even today. This was one of the most dangerous and notorious cyber-attacks in history. This attack was the Ashley Madison Hack, a security breach on a large online adult dating service. This site is all about extramarital affairs.

In 2015, this site suffered from a security breach and there was big news. By the attack, more than 300 GB of user data got exposed and that included user names as well. Along with this, the attack also dragged their credit and debit card information, banking data, and their transactions as well. More than anything, users were worried about their sexual fantasies that got explored. This was one of the worst nightmares of using this site. Because of this attack, his personal information was available on the internet for everyone to see. The consequences of attacks were really worst and it is difficult to imagine such consequences.

Earlier Ashley was just a sleazy site which was questionable. After the attack, the same site has become the best example of security management malpractice.

Hacktivism as an excuse

The impact team was the hacking group. After they successfully attacked this site, they started sending messages to the owners. With their message, they were threatening the owners for bad faith and they were criticizing them for their security. The company didn’t respond to the hackers and that resulted in exposing the personal details of the users by the hackers.

Thousands of user data got breached and hackers justified their actions. They told that Ashley Madison was unable to protect user’s data and they failed to provide proper security. After Ashley Madison offered to delete the users’ accounts by paying some amount. But even when the account was deleted properly, transactions were never deleted. Purchase details remained in the site and that included even the real names of the user along with his/her address.

These are the main reasons, the hacking group finally decided to punish the company. This punishment of exposing the user’s data cost almost $30 million for Ashley Madison as a fine.

Costly consequences

Even though they took all the measures for security, even today people have the opinion that they are still threatened. There are many groups that are not related to the impact team who are sending blackmail messages to this company. These messages are demanding around 500-2000 dollars for not exposing the information hacked from Ashley Madison.

So, the company is continuously putting efforts to strengthen its security measures. Along with the fine, they also went under investigation of the U.S. Federal Trade Commission. This left a void in the market for people interested in affair dating and finding local sex. This opened the door for adult sites and apps like Local Sexfinder and other backpage alternative services.

What should be done?

After the investigation of this case, experts drew some interesting conclusions. These conclusions should be taken into account in each and every company to make sure that security is intact.

Strong passwords

This is most important in a site and the site should implement very strong passwords. Ashley used the Bcrypt hashing algorithm for protecting the passwords. They have also used the MD5 algorithm for some 15 million subsets. This was the main reason behind attacks since this algorithm is very vulnerable mainly to brute force attacks.

Strict Delete

This is one of the most controversial aspects of the entire case of Ashley Madison. Because the hackers and attack users came to know that even after deleting the account, Ashley’s site was holding information about them. The Impact group was dragging the information for a long time. But it is very important for a company to take care of personal information management. Once the user deletes his account, the entire account with all his transactions should be deleted.

Ensuring the Highest Security

Offering and maintaining impeccable security is of utmost importance for an organization. Users believe in security and privacy and the company should take the right measures to maintain the same. It should always implement impeccable practices and protocols when it comes to security.

MD5 protocol used by Ashley Madison was one of the reasons behind this attack. This was clearly a mistake and they would have utilized some strong protocol in its place. Apart from this, the entire platform has a lot of security issues and the reason behind this was the earlier development team. One more thing to focus on is insider threats. There will be some internal users who can result in harms that are irreparable. So, the best way to prevent all these issues is the implementation of strict protocols in all aspects including monitor and log in along with employee actions.

Final Thoughts

After this attack, many organizations started implementing strict protocols and they started strengthening their security measures. Especially when the company deals with a user’s personal information, it should implement the best actions and security measures to protect personal data. Ashley Madison hack should be considered as a case study and organizations should learn from this case.

WHAT IS A VPN?

The term VPN is now widely used in corporate environments. Information for which months had to be spent in the past or were never realized, because of ID barriers, can now be obtained in a jiffy. This is done at no cost of identity to the User and the data itself is acquired over encrypted connections, which provide privacy that is superior to even Wi-Fi Hotspots. VPN stands for Virtual Private Network. It gives the User anonymity and absolute privacy while carrying out a search from public Internet connections. While the name seems to be on most corporate lips in the know, not everyone can answer the question — What is a VPN?

How Does a VPN Work?

vpn diagram

A VPN is a private network that is created virtually on the Internet, which is a public network, in order to connect certain sites or Users together who have barred entry to most enquirers directly. The VPN creates a virtual website with the ability to protect the User’s id and encrypt messages, through private channels. Thus, the ID of the User is protected by a cloak of anonymity while the desired data is extracted from the public network. The VPN can be used to access websites that are restricted, perhaps regionally or even through the creator’s instructions, all the while shielding the Users browsing activity from interference or prying.

Setting up a VPN

To set up a VPN in three steps one must do as follows:

  1. Add a connection on the PC or phone security settings.
  2. Select the type of service and server address of the VPN provider as well as the VPN User name.
  3. Enter authentication information.

The VPN setup is now complete.

Legality

The legality of using a VPN may vary from country to country but is generally acceptable in most advanced democratic countries like the US. However, countries like Russia, China, Belarus, Iraq and North Korea either restrict or ban the VPN. The test of legality involves the reasons for use of the privacy cloak provided by the VPN. Not all VPN are however legal and use of the Darknet is not encouraged. To the question — What is a VPN? — the answer has to be that legal VPNs help to encrypt a User’s connection to the Internet to stop the user being Tracked or Hacked while online. Legally speaking, one should use only the best and most legal VPNs, which are also fast. For example, PureVPN satisfies the legality test perfectly and is also fast.

Some Disadvantages

  • The VPN might monitor User activity and utilize the User’s data.
  • There might be performance issues when using the VPN.
  • User applications might find it difficult to setup a private network.
  • Internet speed may be slowed down.
  • It might be costly to use VPN.
  • The legality of using VPN should be checked in the country it is being used in.

VPNs are therefore useful, and certainly give protection to the user, but their use must be controlled and restricted by legality and reason.