Thursday, September 24, 2015 by usafeaturesmedia
(Cyberwar.news) The hack of cheating website Ashley Madison, at first blush, seems like a morality play, but on closer examination, some are concerned that the nation’s security might be at risk.
That’s because included in the lists of those exposed are a number of federal government employees – and the Pentagon, in particular, is worried that some of them may be Defense Department or intelligence community employees whose exposure could potentially lead to a compromise in national security by leaving them susceptible to blackmail.
As reported by the Los Angeles Times, the Pentagon is currently parsing through the names and sexual fantasies revealed in the Ashley Madison hack, in a bid to head off any potential problems and reduce its risk.
“A foreign spy agency now has the ability to cross-check who has a security clearance, via the OPM breach, with who was cheating on their wife via the Ashley Madison breach, and thus identify someone to target for blackmail,” Peter W. Singer, a fellow at the nonprofit New America Foundation and coauthor of the book Cybersecurity and Cyberwar, told the Times.
As noted by the Federal Times, of the 36 million members of the adultery website who were revealed via the hack, 15,000 email addresses went to federal government or military domains.
The unverified totals, which were posted Aug. 20 by Twitter user @t0x0pg and cited by WIRED magazine and other media outlets, include 6,788 addresses ending in “us.army.mil,” another 1,665 ending in “navy.mil,” 809 ending in “usmc.mil” and 206 in “mail.mil.”
In addition, the data dump also includes 875 .gov addresses linked to various federal agencies, including 44 addresses from the White House’s domain. The rest were state and local addresses or obviously fake.
Data experts noted that the mere presence of government email addresses does not necessarily mean the owner participated in the site’s adulterous activities; it may also mean the owner did not sign up in the first place.
“People would put whatever email address on there, and Ashley Madison wouldn’t check it,” Robert Graham, CEO of Errata Security, a cybersecurity consulting company he’s run for the past 10 years, told the Federal Times. “People could lie, and they often did lie.”
Graham added that, though functioning email addresses were not required in order to register at AshleyMadison.com, anyone truly interested in connecting with others was required to pay a membership fee. Therefore, the credit-card payment data and billing addresses – also part of the massive hack and data dump – were more reliable identifiers of specific persons.
“Most of the people that paid money used their real name,” said Graham. “That is a hard data point.”
It wasn’t clear whether the Pentagon will investigate the identities revealed in the data leak. Adultery is a punishable violation of the Uniform Code of Military Justice.