Who Hacked Ashley Madison? A Peek Behind The Curtain [exclusive]

Ashley Madison
Written by Gina Smith

The Ashley Madison hack is full of theatrics. Sex, romance, betrayal, power, mystery … it’s all there. But take a nice, long look. Ashley Madison is no dating site. It’s part of Avid Dating Life, a giant, rev-churning, adult-targeted direct marketing network that’s right there in plain site.

aNewDomainGina-Smith-anewdomain — I’ve never been so happy to have a delayed airline connection. Here I am, stuck at Gate 52 at Denver International. Could be five hours, the agent says. I’m sleepless. Strung out. And I can’t wait to be alone in my addiction, chasing Ashley Madison hack news like a junkie. cs. I know I should quit. Write about something else for a change.

Just one last time, I tell myself. I settle in and connect up.

You know, some media are calling the Ashley Madison hack “the biggest hack ever.”

It’s also the biggest theatrical spectacle the tech and marketing worlds have ever seen.

Avid Dating Life — dba Avid Life Media, ADL Labs, Established Media Inc., CougarLife Inc, Permimus, Ltd Cypress; ADL Europe, etc. — is no mere “extra marital” dating site, targeted by hackers with funny names.who hacked ashley madison

It’s more than one Ashley Madison, it’s a whole tribe of Ashley Madisons, reskinned over and over to fit every conceivable male fantasy. Always full of guys, bereft of women and filled with the “engager” bots that seem to populate most popular adult entertainment sites online. It isn’t just entertainment, either.

Though it is, for sure, abundantly entertaining. I am sure I am not the only journalist who’s gone all Columbo for this.

I was psyched to stumble into Ashley Madison’s naughty twin sister site a couple days ago, AshleyRNadison.com and what appears to be a naughty showcase/whitelabel site, AshleyBabes.com.

And of course there are the other sites in Avid’s portfolio: DateMrsRobinson.com, BigAndBeautiful.comManCrunch.com, EstablishedMen.com and white labeled sites like ArrangementFinders.comErosDating.comDateBrokeCollegeGirls.com, Japanese site, Meechee.com and more.

Through a tip, I’m able to confirm Avid Life also holds a fat little affiliate network of some 1000 partners worldwide.

Each one, from ma and pa local porn shops, to escort-ish listing and hotel sites, to one multinational publishing company I used to work fWho Hacked Ashley Madisonor, does a revshare with Avid Dating Live or one of the other companies in the family.

No wonder Avid, in a statement, recently said rumors of its demise are “greatly exaggerated.” With or without Ashley Madison, this firm has the rev streams and partnerships to do okay.

 

Cool. But truly, I’m no closer to unraveling the many mysteries of all this than when I started. And, really, I just want to know:

Who hacked Ashley Madison?

From the very beginning, the Ashley Madison hack has been unlike any scandal I’ve covered ever.who hacked ashley madison

For one thing, it’s so Hollywood. It’s replete with sex, love, betrayal, crime, cops, spies, beautiful women (pictures of lots of them, anyway), romance, blackmail, enthusiasm, despair, wronged ex strippers, eccentric millionares and hot-headed Brazilians. Every journalist I know who’s been digging in and analyzing the 20GB email dump can’t get enough. Follow the fortunes of Noel, Avi, Evan, Jason and Trevor …

The day I discover the AshleyRNadison site, a porn site much naughtier than AshleyMadison and easy to find if you just mistype the URL a little, I realized that this hack could keep me busy forever. Like some kind of twisted docudrama, there is always some new detail to uncover just when you thought you understood it all.

ashleyRNadison another sis site to ashleymadisonHell, it’s better than Dynasty.

It would be one hell of an HBO dramatic series. Something Entourage-ish. Nip Tuck-ish. But edgier. Forget Noel Biderman’s screenplay about a marketeer learning the truth about herself while she works for the site. The truth is even juicier.

And this company turns out to be a much, much bigger business than what it seemed to be at the beginning of this escapade.

That’s why those who deride Avid Media or its associated companies as mere smut peddlers miss the point.

It’s in reality a global, adult-themed direct marketing affiliate network with 1000 plus AshleyMadison affiliate member companies, and a central business model linking porn, adult personals, erotic hookups and media pages all over the world. It’s huge.

This is another reason the hack raises all kinds of questions.

ashleybabes.com anotherasheymadison siteWhy, I wonder, did the hackers only focus on Ashley Madison? They could’ve focused on any or all of the other sites — or published the names and deals of all those affiliate properties, which would have been intensely damaging. Avid is for sure much more than one or two websites.

There’s no mention of its MeeChee in Japan, or AshleyRNadison.com or ArrangementFinders or much, if anything, about CougarLife or any of the other sites we now know are properties of Avid Dating Life, CL Inc., EM Inc. or other shells.

Didn’t hackers care?

Didn’t hackers know?

How could they not know?

And meanwhile, the company these “hackers” tried to close down appears to have accomplished the most incredible thing. Two weeks after it announced to reporters it was the victim of the hack, AshleyMadison.com has become a household name …

My bank teller, a terrible technophobe, blew my mind today. He told me he’d heard of Ashley Madison.

Surprised, I asked: What about it?

And he deadpans: “Life is short. Have an Affair. Catchy, huh?”

Two weeks and Ashley Madison is a household name.

Who does this? And in two weeks?

who hacked ashley madisonWhat if your company had this level of name recognition. It’s like a superpower. Want to IPO in London? “Excuse me, Jeeves. Sign here. We’re a household name.”

Want IAC’s Barry Diller? Why not? How many firms could brag to Diller that three fifths of everyone 18-55 has heard the name, knows the URL, could repeat the slogan.

So you’re Avid. Pre hack, the meeting was this: You fly to LA. You do the demo for Barry. Toward the end, he says: “Well, I don’t know. What are these bots? What about privacy? How are you going to get women? Engager bots are so yesterday.”

who hacked amBut post hack? You can just see ADL director Jason Dezwirek’s dad, director Philip Dezwirek, striding in after the pitch, martini pitcher in hand. He pours. Diller expresses those reservations, above. Dezwirek says: “Barry, 90 percent of Americans and 82 percent of Europeans could spit our slogan backwards. How much can I count on you for?”

Clink. Dissolve. Cue ACDC.

Will the hack damage Avid Dating Life in the long haul?

You’d think an insider with some kind of a financial or emotional stake in the company would worry that a hack like this could cripple this company forever. That’s what the Impact Team said it was aiming for.

Now, I don’t know if any customers were materially harmed in the hack — we do know no financial data got out.

And I’m not even sure the hack will cause any lasting damage, provided Avid has insurance. I mean, Ashley Madison and Avid really don’t appear to have been hobbled much if at all.

japanese ashley madison meechee.comThe class actions could get hairy. But that’s not for awhile. And there’s always insurance, presumably.

And think Sony. Or JP Morgan. Two victims of major, devastating hacks. They’re doing okay. If anything the hacks and the resulting fixes make them seem more secure, more hack proof.

In one of the zillions of leaked AM emails, Biderman allegedly made that same point.

It’s 11 now at Gate 52. I check my email — again — still hoping I’ll get a comment or some scrap from one of the execs. And Biderman, I emailed him today a couple of times. No answer. Reading them over, I’m horrified to see my emails sound like  … like they come from some kind of a sleepless, jittery news addict.

ashley madison affiliate form The plane arrives in three hours, they say now.

I smile at the old lady sitting next to me. She’s knitting. Alarmed, she pops up and scurries away. What bugs me? What is it? Like Columbo in a nation of Ashley Madison-inflamed Columbos, I pull it apart …

First, consider the hackers. Do they seem like hackers to you? 

These guys don’t act like hackers. They act like sons of Laurie Anderson.

So maybe The Impact Team is just a screen for the real perpetrators. Insiders of some sort.

John McAfee has suggested this, saying:

The data contains actual MySQL database dumps … this is not just someone copying a table and making [it] into a .csv file.

And … the hack contains a lot of insider information: Employee stock options, the layout of the Ashley Madison offices and the source code of every program ever written by the company’s employees. (Some) statements made by the alleged hackers seem to be hostile towards certain employees … (but) favorable towards others.”

A guy I know on Twitter, he’s one of those veteran piracy guys, tells me it also looks like an inside job. A sloppy one. “They’re no Snowden,” he says, theorizing that the law will be soon be on to anyone who leaves such a mess behind, codewise.

The law here means a powho hacked ashley madisonsse comprised of the Toronto Police, The Ontario Provincial Police, The Royal Canadian Mounties, the FBI, the Department of Homeland Security and the Canadian Ministry of the Attorney General for Criminal Law. Dorkily, it calls itself Project Unicorn.

Skulking tall dark men who whisper urgently into lapel microphones would be a great addition for my movie. And mounties in red jackets …

The ironic thing is, no one does publicity like Ashley Madison.

Ashley Madison’s promo and marketing people are notorious for a long list of far out, edgy publicity campaigns — effective campaigns that get the AM name out there with incredible efficiency. Before Avid entered Spain, it posted giant ubiquitous billboards about the King and his rumored extramarital affairs. The Queen of Spain, Sofia, sued. In settlement, Avid Dating Life was “required” to run apologies in media all over the country. Read it here.

Screen Shot 2015-09-02 at 10.40.23 PMTalk about owning the media.

No wonder Spain, at least according to Alexa, looks like the third highest rev-producing country for Avid Dating Life, Europe.

Then there was the $100,000 reward to get girls to “prove” they slept with avowed American football player/virgin Tim Tebow. And there was the lampooning of Rush Limbaugh, Newt Gingrich and Gene Simmons from Kiss … The list goes on and on. Great publicity.

All cruel. And artful.

But this hack doesn’t seem to have any of that subtlety. Running a wicked campaign that pisses off a royal is not the same as customer names and financial info, even if customers likely never did anything more sinful than signup and the financial info is just the last four digits of a credit card.

And then there’s the issue of the big paid UK article, the one that appeared early on and almost no one questioned as a source. Who placed that?

Here’s a roundup of the top Ashley Madison PR efforts ever …

Then there’s the bizarre Daily Mail piece with 1.2M shares. Who wrote and paid for that?

who hacked Ashley MadisonMore theatre. This piece — one of the first pieces to get widely shared and published just after the hack — is obviously purchased. And people have been quoting from it like crazy from the beginning.

It’s mostly garbage, though. It gives the hackers names, like Vinnie.

But quotes in this piece have been repeated in countless articles since, as if they were real …

Read it. It doesn’t read anything like anything else in that first paper. It doesn’t even make sense. Whoever created this publicity stunt — and it is one, and it’s awful — for sure wrote this silly piece. And someone paid to put it there. Find out who did and you’ll be on the trail of who did this hack. Attn: Mounties, FBI, et al: Add that to your list.

The Daily Mail has yet to return my questions on this article, excerpted at right and below:

“One hacking insider, named only as Vinnie, told Sky News the valuable data will likely be sold on the ‘Dark Web’ to ‘the highest bidder’.

He said: ‘I don’t think they’re going to release them. They have a better chance of selling on to someone else. They’ll profit from this in a big way, especially with the size of this database.’

The cyber criminals have already published a small amount of the information online, and say they will continue divulging the secrets of Ashley Madison’s would-be adulterers until the service is closed for good.

The hackers have claimed that even cheaters who have paid Ashley Madison to delete their information from its files are at risk – making the site millions, but (they) claim these details were never fully deleted.

Ashley Madison believes the hacker may have been helped by an insider.”

And OMG! One of the hackers is named Pernell! How did I miss this! Lol.

It continues:

The Impact Team say (sic) the website wrecks marriages and have told owners they will start publishing intimate details about users unless the site, known as the ‘Google of cheating’, is closed.

Two men – one American and one Canadian – have already been outed to prove their hack was successful.Who hacked Ashley Madison? Me!

Impact Team say(s) Ashley Madison members should not have anonymity because they are ‘cheating dirtbags and deserve no such discretion.’ “

Wait! People call Ashley Madison “the Google of cheating?” What people? Where? Entirely made up and running in a major paper … paid for. Clearly.

But by whom? Why?

All the press has been reposting almost every quote in this ridiculous piece, I see now. Why am I the only person who is bothered by this? I guess I’m getting cranky.

Google: “Ashley Madison Hack Might Be A Hoax”

Notice that two pieces titled “Ashley Madison Hack Might Be A Hoax” that show up. These appeared right after the hack, in a couple of those marketinScreen Shot 2015-09-03 at 11.31.17 AMg spam feeds disguised by editorial feeds. One was WebProNews.

But the articles were taken down, along with any presumed spam value. Why would someone do this? And look at that raw, ugly 404. Someone yanked it.

Also, a Reddit discussion on one of those stories has a zillion deleted comments on it.

The second story just has its body text deleted, but the first sentence and the permalink live on. Maybe it’ll be gone by the time you read this.

I wonder: Will “hackers” do this to my story?

And who the hell is Pete Dushenski?

I dig and dig, rearranging search words like Chinese tile.who hacked ashley madison

After a half hour, I find Qntra.net. It looks like a news site but, while well written, it seems some of the stories are fake. They go back, like, two weeks.

A few authors with strange names seem to do all the work, and they profess to hate journalists, which makes me feel hurt and unwelcome. They have names are Bingo Boingo. And Pete Dushenski.

QNTRA.net tags itself as “a media site about the intersection of Bitcoin, Tech and Politics.” Um, okay. And there’s the centerpiece: “ALM CEO Cries Terrorism After Ashley Madison Hack.” Dated July 21, it has metacode that suggests it was posted just a few days ago. Here’s an excerpt:

Billing itself as a dating site specifically for people in relationships who wish to have an affair, Ashley Madison was recently breached by an entity calling itself The Impact Team. A Gitlab (sic) user of the same name reportedly released a partial database dump containing members’ personal information, including email and physical addresses and real names, though the dump was no longer accessible as of July 21st. In a message left on the site and since removed, the breacher claims to have ‘taken over all systems in (the) entire office and production domains, all customer information databases, source code repositories, financial records, emails.’

… a glut of journalists-in-their-own-minds, who find themselves incapable of basic understanding of the events they propose to cover, have uniformly pointed to the March breach of AdultFriendFinder as a foreboding precedent. Notably, that breacher demanded a large ransom in United States Dollars, making any connection to the release of Fetlife or Ashley Madison user data coincidental at best.”

The above is probably just weird Bitcoin geeks having fun …

ashley madison class action suits california, texas, missouri, canadaI head sadly to the WhoIs listing and find nada. Really nada. Nothing. Rows of zeros. A city, state, country listing called: Panama, Panama, PA. The registration on the site leads indirectly to this site.

And the same domain granter as the one used by both the marketing/content sites mentioned above. Coincidence. Probably.

Also: Why did ex Avid CTO Raja Bhatia say the hack was fake?

He seems to be a very close friend of Biderman. Maybe he’s just being supportive. But why would he say this, presumably, without yet seeing the code? Or did this happen earlier than the media says it did?

Also: Why did Biderman say, before he apparently quit or was fired, that he knew it was an inside job? Or did he really say that? Tons and tons of media have reported this. I have yet to find a direct quote at all, except the obviously bogus one in the obviously bogus UK Daily Mail story I reference above.

Seems everyone knew about the femmebots. But the press …

Here’s what a blog called TheHonestCourtesan had to say about it back in 2011.

In a nutshell, if you’re a woman Ashley Madison is just fine because ten seconds after you sign up the men will be all over you like white on rice.  But if you’re a guy it’s a total scam; you buy “credits” which are needed to do pretty much anything on the site (send a message, receive a message, start a chat, etc).  The agency employs a number of shills and/or robots which bombard male members with fake messages that cost credits to open, and sending messages to the fake “too good to be true” ads costs credits as well and goes nowhere.  If a man lucks out and picks an ad which actually goes to an escort he’ll get laid (after paying her fee, of course), but he could’ve made the same connection on a hooker board, Backpage, etc for free and without the hassle of trying to figure out which ads were for whores, which for fakes and which for real women twenty years and fifty pounds ago.  Everything is set up like a casino or a carnival con game, enticing the poor bastard to keep throwing good money after bad in a futile effort to get something for nothing.”

And look on the review sites and chatboards. That AshleyMadison.com had a ton of “engager” bots on its wasn’t anything new. In fact, most of the “adult” dating sites appear to use the same technique to entertain their hordes of male members …

Is or isn’t Noel Biderman still working at Avid Dating Life or any of the dba properties?

who hacked ashley madisonThe Avid press statement released after dump 3 only said he was no longer CEO. But there are a half dozen companies here. Is he still there?

Ah, sometimes you just want the show to stop. But the drama keeps going …

I wonder now if Biderman is sitting in his office, now guarded by a security detail, still installed there with his buddies in the exec suite of Avid’s Toronto headquarters. Or maybe he’s downing a Molson at the  Absolute Comedy Club with Avi and making fun of my rambling, excited emails?

Paranoid. But possible!

The leaked emails, scads of them, really don’t portray a company that’s loose and careless with security and all about babes and partying. The emails are all over Twitter and the blogs. Look for yourself. The emails portray an efficient, well-run and creative company manned by people who probably work too much.

ashley madison class action ashley madison lawsuitAs for the substandard security standards the “hackers” and the media keep trying to pin on Avid — and that’s the only real basis, it seems, for most of the class action suits we’ve seen — well, do we know anything about that really?

What if Avid had employed the best security standards it could’ve?

Avid’s not talking. This is a closely held company. Its security standards are as secret as Avid wants them to be. So everything, including everything here, is just speculation.

In late May of this year, after adult site AdultFriendFinder was massively hacked, execs talk about security and about whether Ashley Madison is prepared to resist such a terrible hack. In more than a few of the leaked emails, Biderman insisted to his bosses it was, in some detail.

Two a.m. Seven hours later. Ready to board.

No closer to an answer. But the Ashley Madison hack as detailed by the company and reporters sure doesn’t make any sense at all.

Stay tuned. For aNewDomain and our new satire site, SkewedNews, I’m Gina Smith.