News
Data of over 14,000 Government officials compromised in Ashley Madison breach
August 2015 by Stephen Coty, chief security evangelist at Alert Logic
Stephen Coty, chief security evangelist at Alert Logic has been mining the leaked
data from the Ashley Madison breach and has discovered that over 14,000 government
officials’ information has been compromised.
“With such diversity of individuals, whose information was compromised through the
Ashley Madison hack, you have to wonder what the lasting impact of this breach can
be. What are the implications to the companies these individuals work for? Will
these individuals give in to blackmail to betray their employer, save their marriage
or relationship? What can this data, plus the information from breaches like OPM, be
used for to compromise our national security or trade secrets? These are all
questions employers should be asking themselves.
People will always be a risk to any company’s security strategy. When I was a
penetration tester, I always relied on other people to gain access into an
environment. I would commonly drop USB drives in parking lots, relying on someone to
pick it up and plug it into their workstation just to see, out of curiosity, what
was on the drive. 9 out of 10 times this would always grant me access into the
customer’s environment.
Now with this latest breach, we have an opportunity to use a similar tactic to show
evidence of a individual’s infidelity to motivate them to give me the information
that I want. Once I have this information, I can sell it on the underground to
either a competitor or an overseas start-up for considerably more than I could ever
get by simply blackmailing an individual.
Should employers start locking down their internet and mail services to work
functions only? Should HR and Corporate Security policies be enforced with actual
consequences? These are all challenges that corporate security teams have been
dealing with for years. Should we now start empowering our security teams to do
their jobs efficiently? In order to do that job efficiently, companies need to
invest in the people, process and technologies to build a comprehensive and
effective security strategy. This also means investing in a threat research and
intelligence function that will mine for lost and stolen data to understand and
combat the risk that our employees introduce into our environments.
This is a sample of data to give you the extent of what individuals that used
corporate accounts for their Ashley Madison account profiles. I tried to randomly
hit domains from different countries and different industries.
502839 .uk
134 gov.uk
7245 Army.mil
7015 .gov
13 starbucks.com
46 Whitehouse.gov
150 Shell.com
190 Wellsfargo.com
87 Stanford.edu
16 chs.net
89 aig.com”
