aNewDomain — It first showed up in the comments section of journalist Brian Krebs’ blog on July 19. Signed by ImpactTeam@AvidDatingLife.com and titled Ashley Madison Hacked, its list of links led to a selection of sensitive-looking docs — PDFs apparently belonging to Ashley Madison’s parent firm, Avid Life Media.
At 11:40 p.m, after confirming the breach with Avid CEO Noel Biderman, Krebs posted his exclusive. The links sent to his blog, he told me, died at around the same time.
By the next morning, the UK tabloid (and paid content) service MailOnline blared the news via its wire feed all over the world. More than 50 international news blogs picked up Krebs’ news and added a captivating and unlikely tale about 1M-plus “panicked” Ashley Madison members who feared hackers would out them in the hack. By noon, NPR, The Washington Post, The New York Times and other media were all over the story. Most either regurgitated Krebs or repeated details from the far fetched tabloid pieces — or both.
But in the quiet pre-dawn hours between Krebs’ posting of the Ashley Madison hack claim and the media deluge a few hours later, a clue appeared.
It was a name that surfaced on Krebs’ blog and also on some out of the way code-sharing sites and communities. The name was Brian Offenheim. It’s also the name of Avid vice president of creative and design.
A KrebsOnSecurity commenter, Rick Braak, pointed out the Offenheim name’s apparent relevance to the hack about 35 minutes after Krebs posted that story. He wrote:
Is Brian Offenheim a person of interest in the Ashley Madison hack investigation now underway by the FBI, the Canadian Mounties, the Toronto Police and other authorities investigating the hack? At the very least, that someone used the name of an Ashley Madison exec in early hack link postings could provide a clue in this hack investigation.
We are still awaiting comment from Offenheim, Avid management and, of course, the various law enforcement agencies investigating the hack with Ashley Madison execs.
In the meantime, I gave the Brian Offenheim clue a closer look.
With the help of the 30GB cache of leaked emails allegedly to and written by Avid CEO Noel Biderman and two Ashley Madison insiders who requested anonymity, I sought perspective. Here’s my report.
The first thing I discovered was surprising: The code-sharing site mentioned in the Krebs comment wasn’t the only one out there. I found five others that had much the same wording, sites that either listed impactteam@avidlifemedia or Brian Offenheim (Brian.Offenheim@outlook.com) as the originator.
They all had that same list of non-working links that Krebs had received that first night.
And all six of them appeared to offer up a second human name, another one that could possibly serve as a clue for anyone diving deeply into the issue of who breached Ashley Madison’s customer lists and internal docs. That name is Dave Horsfall.
Here’s how the Horsfall response on the “Ashley Madison Hacked” note appears on FullDisclosure. Every post on the code sharing sites where the “Ashley Madison Hack” message appears, in fact, seems to be immediately followed by another one — a Horsfall-signed reply that either ridicules the post as “hilarious” or calls Avid’s “moral judgement” into question.
The Horsfall replies all link to Dave’s Cave at Horsfall.org, which in turn links to one David Horsfall of Surrey, UK and Cyprus. According to this piece, he seems to have gotten into some trouble for alleged activities related to loans. It’s circumstantial but worth noting that the address tied to the registrar is just a 15-minute walk from Avid’s Praecellens Ltd. and Pernimus Ltd. shells in Nicosia, Cyprus.
Whether that Dave Horsfall has anything to do with the real Horsfall (pictured at right) — or what the online Brian Offenheim has to do with his real life namesake. for that matter — is of course unknown.
But both names are clues and starting points for figuring out what’s going on here. And they are the only meaty human clues so far.
Meet coder, artist, and senior Avid Life Media design VP, Brian Offenheim
Residing in Toronto with wife, Jen, and two young children — the youngest, an obituary for his late grandmother reveals, is named Ashley — Offenheim leads all of creative for Avid. He’s worked at Avid since way back in 2008, when Avid CEO Noel Biderman arrived from JumpTV.
(Update and retraction: We originally posted that Sandy Offenheim was the mother of Brian Offenheim. This was incorrect and aNewDomain regrets the error.)
Offenheim was and is responsible, leaked emails and former consultants reveal, for all those Ashley Madison images now instantly recognized as a result of all the intense hack coverage since July 20. That includes the now instantly recognizable (and Avid-trademarked) “Hush” image (left) but also the photography and design for the rest of Avid’s extensive portfolio of “dating sites,” dozens of them in English and many more in 14 countries around the world.
These include EstablishedMen.com and CougarLife.com, but also many you probably haven’t heard about, like the harder core listings site, AshleyRNadison.com, DatingMrsRobinson, ManCrunch, The Big & The Beautiful and many more fully owned and co-owned white label sites, such as ArrangementFinders.com.
Offenheim’s also in charge of art, design, decks, ads and videos produced for or about all the Avid portfolio sites and all of the shell companies doing business as Ashley Madison. In Nicosia, Cyprus alone, that’s Praecellens, the revenue arm, and Pernimus, as well as their holding company, based both in Cyprus and the British Virgin Islands. These two do deals with the affiliates, ad firms and paid content divisions of ad agencies and media firms, like Global Mail’s Global Digital, Exoclick, DoublePimp, Diario AS, Times Live, Buzzfeed and many more.
Below right, check out the company org chart. It shows just where Offenheim fits. Below the fold, check out a slide detailing all the shells and what they do, produced for disclosure regarding an Israeli class action filed against Avid’s Praecellens in June — or click here.
Offenheim also captained the necessary landing art, art inventory and all the look-and-feel issues relating to Avid’s huge and profitable direct marketing affiliate network. As we’ve shown, that network pulls in about 30 percent of all Avid revenues, generating about $130K to $150K every single week. Total revenues were upwards of 76 million at the close of 2013 and climbing by 10 to 15 percent annually, so this was a time consuming and even Herculean effort at any startup. The emails I reviewed, however, reveal that Offenheim pretty much stayed calm and in control through most of it.
In addition to all that, Offenheim also had the job of working with and finding the many young models who adorn all these sites and the many profiles of the thousands of “engager” bots so commonly used in adult dating sites, engagers intended to drive new entrants to make purchases and upgrades.
Avid is a company that relies heavily on visuals and a visual mystique, so it’s easy to see why Offenheim sits so high on the org chart.
Moreover, the firm seems to be fast moving along a path to morph itself into more of a content business and data aggegation firm, like what Facebook and Google have.
A stakeholder — and a Dutch Auction participant?
As senior VP of creative, Offenheim is a senior exec ranking higher than almost anyone on the org chart, excepting Biderman and his chairman, Jason DeZwirek.
According to the leaked emails, Offenheim appears senior enough to be noted, repeatedly, among the few senior execs holding a considerable amount of shares in the company.
Offenheim, the emails suggest, was granted another 35,000 shares this year, on top of the ones he owned when he came on board. Employee employment agreements and contracts are easy to find in the leaked email set — here’s Noel Biderman’s employment contract as renegotiated in 2013, for example. So far, a week of searching has not yielded the papers for Offenheim, however.
So, counting just the 35,000 shares, what would this be worth? And what would it be worth if he participated in the April 2015 “Dutch Auction” style stock buyback the board sought from shareholding senior execs, as detailed in this letter penned by board member and chair Jason DeZwirek?
What is Avid really worth and how wealthy are top level execs like Offenheim, really?
That’s not an easy question.
Avid is a private company, which is why CEO Noel Biderman and his European promotions guy, Christoph Kraemer, didn’t appear to have broken even a single law when they told BloombergUK in April that Avid was a $1 billion company that could reasonably seek to raise $200 million on the London Stock Exchange.
These figures appear to have been way, way inflated and, as we’ve shown you, ended up being robotically parroted by more than 90 major media sites around the world, so much so that the rumor later had to be downplayed.
Now, as a private company, Avid truly doesn’t have to tell anyone anything. Biderman does have a legal obligation to be straight with investors, to whom he does owe a duty of candor. And Biderman, from the looks of the leaked emails, seemed to have lived up to that. In the emails, he is up front with his investors and senior staff about the real numbers — as opposed to the ones just for entertainment (and the press).
As a result, I was able to use these leaked emails now publicly available on the Internet as a result of the breach, to get to the real story. I examined emails detailing Biderman’s own communications with top investors, his and the board’s reaction to a fairly recent $100M bid to purchase the firm, as well as and various institutional investor comments that arrived in the days and weeks after BloombergUK’s inaccurate April 15 story.
I’m no financial analyst, but just doing the math based on the far more realistic sounding financial numbers Biderman shared with his board and others internally, we’re looking at about a $200 million company or just less, considering four times EBITDA.
A breach? A stunt? Both? Here’s what sources say Toronto and Cyprus-based Avid employees are whispering …
The theory that the Ashley Madison hack had to have been an insider job was one that rose to the top almost immediately on news of the Ashley Madison breach. Former CEO Noel Biderman actually speculated this to Brian Krebs when Krebs first called him in his office late on July 19. Here’s an excerpt from Krebs’ first Ashley Madison hack post:
ALM CEO Biderman declined to discuss specifics of the company’s investigation, which he characterized as ongoing and fast-moving. But he did suggest that the incident may have been the work of someone who at least at one time had legitimate, inside access to the company’s networks — perhaps a former employee or contractor.
We’re on the doorstep of confirming who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Biderman (told Krebs Sunday night). “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”
But a publicity stunt? Even one that came on the heels, perhaps, of an actual hack, but just used for spin?
It’s a stretch.
Even if you didn’t care about the data or were willing to risk it — even if someone had already hacked you anyway — how could you have planned this?
It’s hard to imagine anyone at Avid, even the promotional content genius of Noel Biderman, to have expected anything like what’s happened. Ask 20 random people anywhere if they’ve heard of Ashley Madison, the slogan, or ask them to detail the trademark image of a sexy girl with one finger over her mouth, and you’ll realize pretty quickly that Avid has achieved the kind of brand recognition only Apple and McDonalds and a few other brands have. What’s that worth? It’s priceless, of course, but you couldn’t plan this. Could you?
MailOnline‘s tabloid piece and its paid content wire feed are probably mostly responsible for the majority of the hyped up Ashley Madison hack coverage that took the story far beyond its roots as a security story on Krebs’ blog, and so quiickly. Yes, The Globe and Daily Mail and its enormous paid content biz at Global Digital and via MailOnline are partners, emails show, of Avid’s. But it’s still extraordinary. The tabloid-ish details are what seemed to captivate so many.
Such partners and others (like TimesLive, Diario AS, Buzzfeed and more) juiced up those details. And, with or without Avid’s help, they sure would’ve had reason to. The contracts we’ve found in the leaked emails show that these firms get paid when anyone opens or clicks a home-bound link in articles about partners like Avid. Avid’s been paying out invoices to such paid-content sites and promoters to the tune of $65K to $1.2M — a month.
Aggressive content marketing could be responsible for most of this. And to be sure, Avid wasn’t the one who fed MailOnline over the top, Hollywood-esque details like the guilty, scared adulterous wives, or a hacker named “Pernell” and the hordes of “Impact Team” hackers who had a score to settle with Avid “dirtbags.”
Avid had seen the media march in lockstep before and just cough up whatever the first line of media wrote up, but nothing to this extent, surely. But who would guess major media would read any of the first stories — here’s an example — and run with it?
Also, would Avid actually leak its own customer lists and all those emails? That’s hard to believe. But then again, one marketing insider at Ashley Madison I talked to said that is exactly the gist of rumors flying around inside the firm.
Think of the Queen of Spain (Sofia), he said. After Avid had posted billboards in the capital city of Madrid, taunting the King for his supposedly adulterous track record. The Queen sued — and the resulting settlement was pure gold. The Queen required an apology, which Avid blasted in any media outlet that would take it. Ashley Madison was known to millions of Spaniards overnight, just after the Ashley Madison launch in that country, of course.
I also found plenty of examples of such promotional guerilla tactics in the emails. After an economic crisis in Cyprus threatened some of Avid’s cash in that country, Biderman told investors he wanted to make lemonade. Who wouldn’t cover a story about Ashley Madison’s parent company losing money in a crisis making headlines around the world.
And after Avid’s competitor, Adult Friend Finder, was hacked in May, Biderman responded to one investor’s question about how he planned to avoid a similar fate with just one word: Opportunity.
But that was Biderman. It wasn’t Offenheim or anyone else leading the charge like this.
My other source, another longtime management consultant who worked closely with execs, had another theory. Perhaps it’s even crazier.
The culprit here? Russian hackers. After all, Russian hackers have reportedly been connected to all kinds of dating site hacks. Maybe whoever breached the system was a Russian hacker and the rest was spin? Or maybe they just wanted to make it look like Russian hackers?
Speculation runs rampant inside Avid and with the folks who are most interested in the question of Who hacked Ashley Madison?
Brian Offenheim’s name and knowledge could well provide a fresh angle of inquiry in determining the culprit or culprits here.
Given that Offenheim’s name — and that of his virtual heckler, Horsfall, are the only human names that have appeared in conjunction with the hack so far, there’s at least a starting point to hang on to.
Anyone who’s serious about figuring out who is responsible for the Ashley Madison hack will dig into this, even if they’ve made the mistake of calling their effort a fanciful, comic book name, like Project Unicorn.
For aNewDomain, I’m Gina Smith.
Below, assorted screens from the leaked Biderman emails and other docs mentioned in this story.
Here is a shot from the comment Krebs’ security blog got from email@example.com. He appears to have been the first person outside Avid to be notified of the hack. The links inside the comment were dead an hour after he received the message.
This is one of the several code-sharing sites with the firstname.lastname@example.org posting. It tracks back to someone using the @mail based email address, Brian.Offenheim@outlook.com
Here is the leaked email showing Biderman’s response to investor questions about whether Ashley Madison was prepared to survive a hack, like that which its competitor Adult Friend Finder had endured on May 22, 2015.
Here’s how Avid CEO Noel Biderman responded when he and his board learned that a Cyprus crisis might compromise the bulk of its cash holdings in its main Barclays Bank account.
The Queen of Spain’s settlement docs with Avid are below.
AshleyMadison: The Queen of Spain Agreement
Here’s the buyback letter Avid shareholders who worked as senior execs for the company — 21 total — received this past April.
Avid Letter to Shareholders (April 2015)-1
Here’s an Avid chart we verified from court docs showing all the various Ashley Madison companies and how they relate.
Avid Life Media: Corporate Chart, All Shells.
A hundred million is just a portion of what Avid told BloombergUK the firm was worth when it leaked the IPO idea in April. But that’s what one firm was willing to pay for the whole package, according to the below LOI widely available on the Internet.
Ashley Madison: Dragon Global Letter of Intent Dated 2.24.14 (EXECUTION COPY)
Here’s an internal financial snapshot of Avid. Note the $75 million in revenues and the EBITDA figures at bottom.
Biderman Employment Agreement: Leaked By Hackers
Developing … September 17, 2015