I’ve previously spoken about the criminal mindset and what a criminal needs to possess to be successful. The biggest enemy a criminal faces is regret; whether that regret comes during or after a certain activity, it doesn’t matter.
I believe that the latest events in the Ashley Madison data breach will bring out the criminals who feel no remorse.
There are many crimes that rely on fear to be successful, which makes the Ashley Madison data breach fertile ground for criminals. Below are a few quotes from Ashley Madison members:
I love her very much and don’t want to lose her, I am deeply worried that she will leave and greatly impact my life.
I literally cannot sleep and never met anyone but am terrified as what might happen.
At this point I’m desperate. Worried that something like this could ruin my life/marriage when I was not on that site for anything that I can remember, possibly curiosity/joking with friends, but I can’t recall. I’ve barely slept over the past day due to worry
My stress levels are through the roof, still hoping that by some miracle this will just be forgotten about and no one will want to search me up.
It’s unsurprising that there are millions of people across the globe who are, simply put, scared.
I have as much interest in people’s reasons for joining Ashley Madison as I do in the reasons for having a new brand of soap in the office. But what I do have an interest in is how all this data is being used.
Blackmail and baiting
When the Impact Team released the first dump of customer details, I immediately thought about the blackmail opportunities for criminals and the volume of bitcoins those criminals could get.
It takes very little to send an email to every email address on the leaked list asking for x bitcoins in exchange for not telling their partner. Brian Krebs has already come across such a scam – and it looks like people are paying.
There are also companies out there using the leak as a way of offering their services. Using the news to help market your products and services is fine (we do it), but harvesting email addresses and emailing victims as a method to talk about a service goes too far.
An incredibly important point to remember is that Ashley Madison didn’t have proper email verification, so anybody could have signed up with my email address without me knowing (no I’m not on the list).
If you have your doubts, direct verbal communication is the key – not this:
— T S Farmer (@babygirl_farmer) August 21, 2015
— del (@del_gates) August 21, 2015
What may be juicy gossip to you can be a life-changing event for another. Divorces have already happened, and there are reports of two suicides linked to the leak.
It’s going to get worse
Tom Kellerman, chief cybersecurity officer at Trend Micro, told Brian Krebs that he’s convinced we’ll see criminals leveraging the Ashley Madison data to conduct spear-phishing attacks aimed at delivering malicious software such as ransomware, a different type of extortion threat that locks the victim’s most treasured files with a secret encryption key unless and until the victim pays a ransom (usually in bitcoins).
“There is going to be a dramatic crime wave of these types of virtual shakedowns, and they’ll evolve into spear-phishing campaigns that leverage crypto malware,” Kellerman said. “The same criminals who enjoy deploying ransomware would love to use this data.”