August 21, 2015

People who cheat on their partners are always open to extortion by the parties involved. But when the personal details of millions of cheaters get posted online for anyone to download — as is the case with the recent hack of infidelity hookup site AshleyMadison.com — random blackmailers are bound to pounce on the opportunity.

An extortion email sent to an AshleyMadison user.

An extortion email sent to an AshleyMadison user.

According to security firms and to a review of several emails shared with this author, extortionists already see easy pickings in the leaked AshleyMadison user database.

Earlier today I heard from Rick Romero, the information technology manager at VF IT Services, an email provider based in Milwaukee. Romero said he’s been building spam filters to block outgoing extortion attempts against others from rogue users of his email service. Here’s one that he blocked this morning (I added a link to the bitcoin address in the message, which shows nobody has paid into this particular wallet yet):

Hello,

Unfortunately, your data was leaked in the recent hacking of Ashley Madison and I now have your information.

If you would like to prevent me from finding and sharing this information with your significant other send exactly 1.0000001 Bitcoins (approx. value $225 USD) to the following address:

1B8eH7HR87vbVbMzX4gk9nYyus3KnXs4Ez [link added]

Sending the wrong amount means I won’t know it’s you who paid.

You have 7 days from receipt of this email to send the BTC [bitcoins]. If you need help locating a place to purchase BTC, you can start here…..

The individual who received that extortion attempt — an AshleyMadison user who agreed to speak about the attack on condition that only his first name be used — said he’s “loosely concerned” about future extortion attacks, but not especially this one in particular.

“If I put myself in [the extortionist’s] shoes, the likelihood of them disclosing stuff doesn’t increase their chance of getting money,” said Mac. “I just not going to respond.”

Mac says he’s more worried about targeted extortion attacks. A few years ago, he met a woman via AshleyMadison and connected both physically and emotionally with the woman, who is married and has children. A father of several children who’s been married for more than 10 years, Mac said his life would be “incredibly disrupted” if extortionists made good on their threats.

Mac said he used a prepaid card to pay for his subscription at AshleyMadison.com, but that the billing address for the prepaid ties back to his home address.

“So they have my home billing address and first and last name, so it would be relatively easy for them to get my home records and figure out who I am,” Mac said. “I’ll accept the consequences if this does get disclosed, but obviously I’d rather not have that happen because my wife and I are both very happy in our marriage.”

Unfortunately, the extortion attempts like the one against Mac are likely to increase in number, sophistication and targeting, says Tom Kellerman, chief cybersecurity officer at Trend Micro.

Kellerman is convinced we’ll see criminals leveraging the AshleyMadison data to conduct spear-phishing attacks aimed at delivering malicious software such as ransomware, a different type of extortion threat that locks the victim’s most treasured files with a secret encryption key unless and until the victim pays a ransom (also in Bitcoins).

“There is going to be a dramatic crime wave of these types of virtual shakedowns, and they’ll evolve into spear-phishing campaigns that leverage crypto malware,” Kellerman said. “The same criminals who enjoy deploying ransomware would love to use this data.”

The leaked AshleyMadison data could also be useful for extorting U.S. military personnel and potentially stealing U.S. government secrets, experts fear. Some 15,000 email addresses ending in dot-mil (the top-level domain for the U.S. military) were included in the leaked AshleyMadison database, and this has top military officials just a tad concerned.

According to The Hill, the U.S. Defense Secretary Ash Carter said in his daily briefing Thursday that the DoD is investigating the leak.

“I’m aware of it, of course it’s an issue, because conduct is very important,” Carter told reporters at the briefing, The Hill reported. The publication notes that adultery in the military is a prosecuteable offense under Article 134 of the Uniform Code of Military Justice. Maximum punishment includes dishonorable discharge, forfeiture of all pay and allowances, and confinement for one year. As such, Carter told reporters that service members found to have used adultery website Ashley Madison could face disciplinary action.

Kellerman said attacks against military personnel who used AshleyMadison may well target spouses of people whose information is included in the database — all in a bid to infect the spouse as a way to eventually steal information from the real target (the cheating military husband or wife).

“Something must already be going on for [the Secretary of Defense] to actually have a press conference on that,” Kellerman said. “We may actually see spear-phishing campaigns against spouses of individuals who are involved in this, attacks that say, ‘Hey, your wife or husband was involved in this site, do you want to see proof of that?’

And the proof, in this scenario, would be a a booby-trapped attachment that deploys spyware or malware.

Mac, who’s not a military man, says he doesn’t regret the affair he had via AshleyMadison; his only regret is not finding a way to keep his home address out of his records on the site.

“I regret using my home address and some of my personal information that AshleyMadison didn’t take as good care of as they should have,” he said. “But I really, I’m mad these hackers feel it’s so important to force the hand of people that have a different outlook on life.”

The AshleyMadison data is leaked on various sites, but the data itself is not easily searchable by folks who aren’t familiar with raw database files. However, several sites have since popped up that allow anyone to search by email address to find if that address had an account at AshleyMadison.com. True, AshleyMadison.com did not always verify email addresses, but some of these AshleyMadison search services coming online will indicate whether the associated email address also has a payment record — a marker which could be useful to extortionists.


310 thoughts on “Extortionists Target Ashley Madison Users

  1. Johnny doe

    Hypocrisy aside. Let’s share it or not! No more beating around the bush.

  2. Sanji

    After much digging we can share the following:

    1) we have identified the owner of the AshleyBrother.
    2) we have his name.
    3) we have his address.
    4) we have his email.
    5) we believe we have his phone but still verifying.
    6) we have a Google map of his address.
    7) we have varied screen captures of his website.
    8) we have the sites WhoIs information.
    9) we have the business contact information for the server and domain provider.
    10) we have identified the media contacts in his area.
    11) while we will not share this data on this, or any blog, should the site remain active we will share all this data with the media to shine a spotlight on the misery peddlers that are profiting off the data theft. We are sure those impacted would appreciate knowing who and where the owner of AshleyBrother is. The story will start as local and quickly become national shining a spotlight on one individual.

    1. Sokol L

      Can you please share his information like he is doing with millions or contact him and let him know he has been discovered? Please?

    2. Jupiter

      What is wrong with providing the information of the domain/server company? This can allow others to put pressure on that way to have this removed ASAP. Thanks!

    1. Sokol L

      Is this the guy (Ashley’s brother) with the website @.xyz? Just making sure…Thx

  3. Jonny doe

    Just a thought. The second you publicly out him you are doing the same as him and the website which is presently not followed much will be viewed by many. I would try reason first.

    1. Jupiter

      The site is currently down. He is claiming he is now moving “offshore” – but people here still knows who he is.

      1. Sanji

        We know exactly WHO he is and WHERE he is. If the site reappears everyone will know as well.

        1. DD

          While I would love to see this guy suffer as much as possible I agree w/ Jonny D. It may be best to approach this fool privately. Especially if we know who he is a “preemptive” effort might be helpful

  4. DD

    Well like the sun setting in the west it looks like our “friend” has resurfaced with a new site. Not 100% sure but the manner in which it was “announced’ on one of the other boards and the fact it’s shilling for Bitcoin ‘donations” gives it that all to familiar stink. This guy is a gnat and needs to be swatted.

    1. Johnny Jon

      I think it is down already. It’s funny how the front page had a blackmail being used as a way for a guy who had seen his boss on the list not to fire him. Not to mention some people had medical conditions such if they were hiv + on their profiles along with their names and addresses. Hipa violation? Ftc where are you

          1. Anonymous

            There’s another one now guys. A search one. Can I pm someone? This one looks worrisome.

  5. Johnny Jon

    Almost forgot the most important part. Thank you sanji. Each story is different and I will not bore you with mine but from the bottom of my heart. Thank you

  6. PJ

    Johnny Jon,

    My sentiments exactly. Many of us made a mistake, to varying degrees, by being on that site. I for one live with regret daily for visiting the site. It is what it is and my only wish is to protect my family. Towards that end, all we can do is the following:

    1) While not sharing the site name, do share the domain provider and server provider via WhoIs searches. We can then contact them as we have been.

    2) Hope that folks like Sanji and others can continue to identify the folks behind the sites to expose them to the world. Turning the spotlight on these misguided individuals is good.

    If we do these two things we will be able to protect many families. I realize the information will be “out there” forever but for the sake of the innocent family members of our collective, we must fight the good fight and hope the decency prevails. Ultimately, I still believe in the human spirit and that if given the opportuntity, folks may make mistakes, but will ultimately do the right thing.

  7. Johnny jon

    Sokol l the one I’m talking about had a clear black mail on a boss if the individual that found his bosses name ever gets threatened of being fired and only accepted bit coins. Hope that helps. Please let me know if you see it again so I can take my Xanax.

  8. Anonymous

    The vultures with the blackmailing Bitcoin site are up. Much to my disgust.

      1. Anonymous

        I wish I knew. I went on the Ftc site and let them know but don’t know if or how that will help. It is incredible how they are using future blackmailing of your boss is part of their advertisement on their front page. I wish I knew what else we could do. If anyone know knows, please post. Let’s stay strong Sokol l.

        1. Sokol L

          Go to the comments under “Who Hacked AM” on this same site. There are some folks posting there that may be able to help. Let them know what is happening.

          1. DD

            as I posted yesterday my strong suspicion is the guy with the ‘bitcoin” site is the same tool behind the .xyz and Wednesday site. All were announced in a similar manner on another board and contain a Bitcoin link. If Sanji reads this please reach out to this d-bag and maybe put some sense into him.

            ps. the site is sleazy and attempts to track you the moment it loads. God only knows what other surprises are contained in that mess

            1. Anonymous

              I reported the search site to the ftc. The guy is a coward and deleted all of his contact info from his site but claims it’s still legal in the U.S. I sent another notice to ftc. If anyone knows anything else we can do, please post it here.

        1. DD

          I’m lost and good news so are 99.9999% of the population..that and they don’t care. With the lack of interest, news from courts/LE and likely possibility of being out ted I domt see what’s in it for these guys.

    1. DD

      great but keep an eye on it. If it keeps coming on and then going dark a few times its most likely our “friend” from the other sites. Turning on & off is another part of his M.O. along with the ‘bitcoin”. Hopefully some recent developments will straighten him out.

      1. Anonymous

        I wonder how much longer this will be in the news. I have sent the ftc notices on one site in particular that is worrisome. The one I’m talking about is basically taunting law enforcement. I hope that ftc starts something bc there is definitely a lot of personal identifiable information being sold after it was obtained illegally. In any small town USA that is worrisome.

        1. Smith

          Two lawsuits have been filled now and more coming next week for these websites..just a matter of time for ftc to get involved and try to end the mess.

  9. AC

    Anyone know what to do with an extortion email asking to pay bitcoins to have everything removed?

  10. AC

    …Ashley Madison hacked info. The Impact Team said a specific letter with detailed bank and home address info would be sent. They left a bitcoin link to send money to.

    1. DD

      Ignore it or report it to your local LE. You should also close any email you used on AM

      1. AC

        Thank you for the advice DD. I am working on closing out my email. For people who ignore the threat….have you heard if they have actually mailed letters out to a family’s home (So the souse can receive it)?

Comments are closed.