[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.]
It was round 9 p.m. on Sunday, July 19, once I acquired a message via the contact type on KrebsOnSecurity.com that the marital infidelity web site AshleyMadison.com had been hacked. The message contained hyperlinks to confidential Ashley Madison paperwork, and included a manifesto that mentioned a hacker group calling itself the Impression Workforce was ready to leak knowledge on all 37 million customers except Ashley Madison and a sister property voluntarily closed down inside 30 days.
A snippet of the message left behind by the Impression Workforce.
The message included hyperlinks to recordsdata containing extremely delicate info, together with snippets of leaked person account knowledge, maps of inside AshleyMadison firm servers, worker community account info, firm checking account knowledge and wage info.
A grasp worker contact record was among the many paperwork leaked that night. Helpfully, it included the cellphone quantity for Noel Biderman, then the CEO of Ashley Madison father or mother agency Avid Life Media (ALM). To my eternal shock, Biderman answered on the primary ring and acknowledged they’d been hacked with out even ready to be requested.
“We’re on the doorstep of [confirming] who we consider is the wrongdoer, and sadly that will have triggered this mass publication,” Biderman advised me on July 19, simply minutes earlier than I revealed the primary recognized public report in regards to the breach. “I’ve bought their profile proper in entrance of me, all their work credentials. It was undoubtedly an individual right here that was not an worker however actually had touched our technical companies.”
On Aug 18, 2015, the Impression Workforce posted a “Time’s up!” message on-line, together with hyperlinks to 60 gigabytes of Ashley Madison person knowledge. The info leak led to the general public shaming and extortion of many Ashley Madison customers, and to at the very least two suicides. Many different customers misplaced their jobs or their marriages. To at the present time, no one has been charged within the hack, and extremely Ashley Madison stays a thriving firm.
THE CHAOS MAKER
The previous worker that Biderman undoubtedly had in thoughts on July 19, 2015 was William Brewster Harrison, a self-described professional in search engine marketing (web optimization) tips which might be designed to assist web sites enhance their rankings for varied key phrases in Google and different search engines like google and yahoo.
It’s evident that Harrison was Biderman’s high suspect instantly after the breach turned public as a result of — along with releasing knowledge on 37 million customers a month later in August 2015 — the hackers additionally dumped three years value of electronic mail they stole from Biderman. And Biderman’s inbox is stuffed with messages about hate-filled private assaults from Harrison.
A Native of Northern Virginia, Harrison ultimately settled in North Carolina, had a son along with his then-wife, and began a fence-building enterprise. ALM employed Harrison in March 2010 to advertise its varied grownup manufacturers on-line, and it’s clear that considered one of his roles was creating and sustaining feminine profiles on Ashley Madison, and creating blogs that have been made to appear like they have been written by ladies who’d simply joined Ashley Madison.
A selfie that William B. Harrison posted to his Fb web page in 2013 reveals him holding a handgun and carrying a bulletproof vest.
It seems Harrison was working as an affiliate of Ashley Madison previous to his official employment with the corporate, which means that Harrison had already demonstrated he may drive signups to the service and assist enhance its standing within the search engine rankings.
What’s much less clear is whether or not anybody at ALM ever carried out a fundamental background examine on Harrison earlier than hiring him. As a result of if they’d, the outcomes virtually actually would have given them pause. Virginia prosecutors charged the younger 20-something Harrison with a sequence of misdemeanors, together with trespassing, illegal entry, drunk in public, and making obscene cellphone calls.
In 2008, North Carolina authorities charged Harrison with felony extortion, a case that was transferred to South Carolina earlier than in the end being dismissed. In December 2009, Harrison confronted costs of false imprisonment, costs that have been additionally dropped by the native district lawyer.
By the point Ashley Madison formally employed him, Harrison’s life was falling aside. His fence enterprise had failed, and he’d simply filed for chapter. Additionally, his marriage had soured, and after a brand new arrest for driving below the affect, he was at risk of getting divorced, shedding entry to his son, and/or going to jail.
It additionally appears doubtless that no one at ALM bothered to have a look at the handfuls of domains registered to Harrison’s varied Vistomail.com electronic mail addresses, as a result of had they finished in order that they doubtless would have observed two issues.
One is that Harrison had a historical past of making web sites to lambaste firms he didn’t like, or that he believed had slighted him or his household indirectly. A few of these web sites included content material that defamed and doxed executives, similar to bash-a-business[.]com, google-your-business[.]com, contact-a-ceo[.]com, lowes-is-a-cancer[.]com (in accordance with Harrison, the house enchancment chain as soon as employed his spouse).
A background examine on Harrison’s on-line footprint additionally would have revealed he was a self-styled rapper who claimed to be an energetic menace to company America. Harrison’s web site lyrical-gangsta[.]com included a variety of works, similar to “Slim Thug — I Run — Remix Spoof,” that are replete with menacing phrases for unnamed company executives:
[HOOK]
I browse cyberspace all evening n day (the net love thug)
cuz I nonetheless browse cyberspace all evening n day
yuhh I kind for my thoughts, bought sensible for my ego
nonetheless working circles spherical them, what’s good?
cuz I nonetheless surf, the web all evening n day,
I cant keep away.
They don’t make to [sic] many hackers like me
bonafide hustler licensed G
nonetheless pumpin’ the TOP 10 outcomes
for those who bought the appropriate dough!
suppose the outcomes are pretend? sucka Google ME
smarter than executives, larger then Wal-Mart
Nelly strugglin’ with the truth that I’m #1 NOW
road boys know me, ain’t nuttin’ new
about to make my mill, with an all new crew
I-95 execs don’t know what to do, or the place to go
watchin them shares evaporate all their dough
I already left the hood, bought up off the streets
its in my blood im a gangsta until Im deceased
shifting lumber for cash or typin’ in a zone
all evening hackin’ until 6 within the mornin
that shit im focusin’ on, stronger then cologne
you possibly can prolly odor the jealousy
via your LCD display screen
for those who nonetheless broke– higher work for some inexperienced
referred to as them Fortune execs on that authorized bluff
cuz the Feds busy raidin different stuff
Imma run the Web til im six ft below
I’m a depart my mark — no purpose to surprise
(Yea Yea)
Among the anti-corporate rhymes busted by Harrison’s hacker/rapper alter ego “Chaos Canine.” Picture: Archive.org.
The identical theme seems in one other rap (“The Hacker Backstage”) penned by Harrison’s rapper alter ego — “Chaos Canine:”
…this hacker was born to write down
bust off the rhymes and watch em take flight
you already know all about them company jets
and handing out pinkslips with out regrets
outsized firms are the issue
effectively, I’ve bought an answer
It’s referred to as good ol’ long-established retribution
file chapter, boycott you want Boston colonists
Company America cant cease this Eminem type columnist
2pac would have honored my type
Im the subsequent era of hacker inspiration
People don’t desire a company nation
All that DOW Jones shit is a dying sensation
Along with pimping Ashley Madison with pretend profiles and phony person blogs, it seems Harrison additionally went after the corporate’s enemies in the course of the transient time he was an worker. As famous in Half I of this story, Harrison used a number of pseudonymous Vistomail.com electronic mail addresses to harass the homeowners of AshleyMadisonSucks[.]com into promoting or shutting down the positioning.
When the proprietor of AshleyMadisonSucks[.]com refused to promote the area, he and his then-girlfriend have been topic to an unrelenting marketing campaign of on-line harassment and blackmail. It now seems these assaults have been perpetrated by Harrison, who despatched emails from completely different accounts on the free electronic mail service Vistomail pretending to be the area proprietor, his then-girlfriend and their buddies. Harrison even went after the area proprietor’s lawyer and spouse, itemizing them each on his Contact-A-CEO[.]com web site.
TURNABOUT IS FAIR PLAY
Issues began going sideways for Ashley Madison when Harrison’s employment contract was terminated in November 2011. The leaked emails don’t clarify why Harrison was fired, however his mercurial temperament doubtless performed a significant function. In accordance with Harrison, it was as a result of he had expressed some ethical reservations with sure facets of his duties, though he was not particular on that time and none of this could possibly be confirmed.
Shortly after Harrison was fired, the corporate’s executives started noticing that Google was auto-completing the phrases “Jew” and “Jewish” at any time when somebody looked for Biderman’s title. The outcomes returned when one accepted Google’s really useful search on the time stuffed the primary web page with hyperlinks to Stormfront, a far-right, neo-Nazi hate group. The corporate strongly suspected somebody was utilizing underhanded web optimization methods to slander and assault its CEO.
In July 2022, KrebsOnSecurity revealed a retrospective on the 2015 Ashley Madison breach which discovered that Biderman had turn into the topic of accelerating ire from members of Stormfront and different extremists teams within the years main as much as the hack. In accordance with the neo-Nazi teams, Biderman was a worthy goal of their harassment not simply because he was a profitable Jewish CEO, but additionally as a result of his firm was hellbent on destroying Christian morals and households.
Biderman’s leaked emails present that in February 2012 he employed Brian Cuban — the lawyer brother of Mark Cuban, the proprietor of the Dallas Mavericks and one the primary “sharks” on the ABC actuality tv sequence Shark Tank. By means of Cuban, Ashley Madison appealed their case to each Google and to the Anti-Defamation League, however neither was apparently ready or keen to assist.
Additionally in early January 2012, Biderman and different Ashley Madison executives discovered themselves inundated with nameless Vistomail.com emails that have been replete with profanity and slurs towards Jews. Though he used pretend names and electronic mail addresses, Harrison made little effort to cover his id in a number of of those nastygrams.
One significantly ugly message from Harrison even included a hyperlink to a Youtube video he’d put on-line of his younger son taking part in basketball for a faculty staff. That Youtube video was included in an electronic mail whereby Harrison – then separated from his spouse — lamented all of the hours he spent working for Ashley Madison up in Canada as a substitute of spending time along with his son.
Harrison then turned to creating threatening cellphone calls to Ashley Madison executives. In a single incident in March 2012, Harrison referred to as the corporate’s former director of Human Assets utilizing a caller ID spoofing service to make it appear like he was calling from contained in the constructing.
ALM’s legal professionals contacted the Toronto police in response to Harrison’s harassment.
“For Will to have disguised his cellphone quantity as Mark’s strongly recommend he has hacked my electronic mail, authorized counsel for the opposing aspect in a perceived authorized dispute,” ALM VP and normal counsel Mike Dacks wrote in a letter to a detective on the Toronto Police. “Over the months of his many a whole lot of emails he alluded a variety of instances to enterprise cyberattacks towards us and this was famous in my unique report back to police.”
Based mostly on the exchanges in Bidernman’s inbox it seems these appeals to the Toronto authorities have been profitable in having Harrison barred from with the ability to enter Canada.
ALM additionally contacted a detective in Harrison’s house county in North Carolina. However when the native police paid a go to to Harrison’s house to comply with up on the harassment complaints, Harrison fled out his again porch, injuring himself after leaping off the second-story deck.
It’s unclear if the police ever succeeded in interviewing Harrison in response to the harassment complaints from ALM. The Raleigh police officer contacted by ALM didn’t reply to requests for info. However the go to from the native cops solely appeared to embolden and anger Harrison much more, and Biderman’s emails point out the harassment continued after this incident.
HUMAN DECOYS
Then in August 2012, the previous intercourse employee turned blogger and activist Maggie McNeill revealed screenshots from an inside system that Ashley Madison used referred to as the “Human Decoy Interface,” which was a elaborate manner of describing a system constructed to handle phony feminine accounts on the service.
The screenshots appeared to indicate that an awesome many feminine accounts have been in actual fact bots designed to usher in paying prospects. Ashley Madison was all the time free to hitch, however customers needed to pay in the event that they wished to speak immediately with different customers.
Though Harrison had been fired practically a yr earlier, Biderman’s leaked emails present that Harrison’s entry to Ashley Madison’s inside instruments wasn’t revoked till after the screenshots have been posted on-line and the corporate started reviewing which worker accounts had entry to the Human Decoy Interface.
“Who or what’s asdfdfsda@asdf.com?,” Biderman requested, after being despatched a listing of 9 electronic mail addresses.
“It seems to be the e-mail deal with Will used for his profiles,” the IT director replied.
“And his entry was by no means shut off till right this moment?,” requested the corporate’s normal counsel Mike Dacks.
TRUTH BOMBS
Biderman’s leaked emails recommend that Harrison stopped his harassment marketing campaign someday after 2012. A decade later, KrebsOnSecurity sought to trace down and interview Harrison. Discovering no one at his former addresses and cellphone numbers in North Carolina, KrebsOnSecurity wound up talking with Will’s stepmother, who lives with Will’s dad in Northern Virginia and requested that her title not be used on this story.
Will’s stepmom shortly dropped two huge fact bombs after patiently listening to my spiel about why I used to be calling and on the lookout for Mr. Harrison. The primary was that Will was introduced up Jewish, though he didn’t observe the religion: An area rabbi and buddy of the household gave the service at Will’s funeral in 2014.
She additionally shared that her stepson had killed himself in 2014, taking pictures himself within the head with a handgun. Will’s mom found his physique.
“Will dedicated suicide in March 2014,” Will’s stepmother shared. “I’ve heard all these tales you simply talked about. Will was severely mentally unwell. He was in all probability as near a sociopath as I can think about anybody being. He was additionally a paranoid schizophrenic who wouldn’t take his medicine.”
William B. Harrison died on March 5, 2014, practically 16 months earlier than The Impression Workforce introduced they’d hacked Ashley Madison.
Will’s stepmom mentioned she continually felt bodily threatened when Will was round. However she had bother believing that her stepson was a raging anti-Semite. She additionally mentioned she thought the timing of Will’s suicide successfully dominated him out as a suspect within the 2015 Ashley Madison hack.
“Contemplating the date of loss of life, I’m unsure if he’s your man,” she supplied towards the tip of our dialog.
[There is one silver lining to Will Harrison’s otherwise sad tale: His widow has since remarried, and her new husband agreed to adopt their son as his own.]
ANALYSIS
Does Harrison’s premature loss of life rule him out as a suspect, as his stepmom steered? This stays an open query. In a parting electronic mail to Biderman in late 2012, Harrison signed his actual title and mentioned he was leaving, however not going away.
“So good luck, I’m certain we’ll discuss once more quickly, however for now, I’ve bought higher issues within the oven,” Harrison wrote. “Simply bear in mind I outsmarted you final time and I’ll outsmart you and out maneuver you this time too, by holding myself far distant from the motion and simply having fun with the sideline view, cheering for the opposition.”
Nothing within the leaked Biderman emails means that Ashley Madison did a lot to revamp the safety of its laptop programs within the wake of Harrison’s departure and subsequent marketing campaign of harassment — aside from eradicating an administrator account of his a yr after he’d already left the corporate.
KrebsOnSecurity discovered nothing in Harrison’s in depth area historical past suggesting he had any actual malicious hacking abilities. However given the clientele that sometimes employed his abilities — the grownup leisure business — it appears doubtless Harrison was at the very least conversant at the hours of darkness arts of “Black web optimization,” which entails utilizing underhanded or else downright unlawful strategies to recreation search engine outcomes.
Armed with such expertise, it will not have been troublesome for Harrison to have labored out a solution to preserve entry to working administrator accounts at Ashley Madison. If that in actual fact did occur, it will have been trivial for him to promote or give these credentials to another person.
Or to one thing else. Like Nazi teams. As KrebsOnSecurity reported final yr, within the six months main as much as the July 2015 hack, Ashley Madison and Biderman turned a frequent topic of derision throughout a number of neo-Nazi web sites.
On Jan. 14, 2015, a member of the neo-Nazi discussion board Stormfront posted a energetic thread about Ashley Madison within the normal dialogue space titled, “Jewish owned courting web site selling adultery.”
On July 3, 2015, Andrew Anglin, the editor of the alt-right publication Day by day Stormer, posted excerpts about Biderman from a narrative titled, “Jewish Hyper-Sexualization of Western Tradition,” which referred to Biderman because the “Jewish King of Infidelity.”
On July 10, a mocking montage of Biderman pictures with racist captions was posted to the extremist web site Vanguard Information Community, as a part of a thread referred to as “Jews normalize sexual perversion.”
Some readers have steered that the info leaked by the Impression Workforce may have initially been stolen by Harrison. However that timeline doesn’t add up given what we all know in regards to the hack. For one factor, the monetary transaction information leaked from Ashley Madison present costs up till mid-2015. Additionally, the ultimate message within the archive of Biderman’s stolen emails was dated July 7, 2015 — virtually two weeks earlier than the Impression Workforce would announce their hack.
Whoever hacked Ashley Madison clearly wished to disrupt the corporate as a enterprise, and shame its CEO because the endgame. The Impression Workforce’s intrusion struck simply as Ashley Madison’s father or mother was making ready go public with an preliminary public providing (IPO) for buyers. Additionally, the hackers said that whereas they stole all worker emails, they have been solely eager about leaking Biderman’s.
Additionally, the Impression Workforce needed to know that ALM would by no means adjust to their calls for to dismantle Ashley Madison and Established Males. In 2014, ALM reported revenues of $115 million. There was little probability the corporate was going to close down a few of its largest cash machines.
Therefore, it seems the Impression Workforce’s purpose all alongside was to create prodigious quantities of drama and rigidity by saying the hack of a significant dishonest web site, after which let that drama play out over the subsequent few months as tens of millions of uncovered Ashley Madison customers freaked out and turned the targets of extortion assaults and public shaming.
After the Impression Workforce launched Biderman’s electronic mail archives, a number of media retailers pounced on salacious exchanges in these messages as supposed proof he had carried on a number of affairs. Biderman resigned as CEO of Ashley Madison on Aug. 28, 2015.
Complicating issues additional, it seems multiple malicious social gathering might have gained entry to Ashley’s Madison’s community in 2015 or probably earlier. Cyber intelligence agency Intel 471 recorded a sequence of posts by a person with the deal with “Brutium” on the Russian-language cybercrime discussion board Antichat between 2014 and 2016.
Brutium routinely marketed the sale of enormous, hacked databases, and on Jan. 24, 2015, this person posted a thread providing to promote knowledge on 32 million Ashley Madison customers. Nevertheless, there isn’t a indication whether or not anybody bought the knowledge. Brutium’s profile has since been faraway from the Antichat discussion board.
I understand this ending could also be unsatisfying for a lot of readers, as it’s for me. The story I wrote in 2015 in regards to the Ashley Madison hack continues to be the most important scoop I’ve revealed right here (by way of site visitors), but it stays maybe the one most irritating investigation I’ve ever pursued. However my hunch is that there’s nonetheless extra to this story that has but to unfold.
