{"id":22471,"date":"2023-07-13T16:17:04","date_gmt":"2023-07-14T00:17:04","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2023\/07\/13\/news-16201\/"},"modified":"2023-07-13T16:17:04","modified_gmt":"2023-07-14T00:17:04","slug":"news-16201","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/07\/13\/news-16201\/","title":{"rendered":"SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge"},"content":{"rendered":"

Credit to Author: BrianKrebs| Date: Thu, 13 Jul 2023 21:45:02 +0000<\/strong><\/p>\n

[This is Part II of a story published here last week<\/a> on reporting that went into a new Hulu<\/strong> documentary series on the 2015 Ashley Madison hack.]<\/em><\/p>\n

It was around 9 p.m. on Sunday, July 19, when I received a message through the contact form on KrebsOnSecurity.com that the marital infidelity website AshleyMadison.com had been hacked. The message contained links to confidential Ashley Madison documents, and included a manifesto that said a hacker group calling itself the Impact Team<\/strong> was prepared to leak data on all 37 million users unless Ashley Madison and a sister property voluntarily closed down within 30 days.<\/p>\n

\"\"<\/p>\n

A snippet of the message left behind by the Impact Team.<\/p>\n<\/div>\n

The message included links to files containing highly sensitive information, including snippets of leaked user account data, maps of internal AshleyMadison company servers, employee network account information, company bank account data and salary information.<\/p>\n

A master employee contact list was among the documents leaked that evening. Helpfully, it included the cell phone number for Noel Biderman<\/strong>, then the CEO of Ashley Madison parent firm Avid Life Media<\/strong> (ALM). To my everlasting surprise, Biderman answered on the first ring and acknowledged they’d been hacked without even waiting to be asked.<\/p>\n

\u201cWe\u2019re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,\u201d Biderman told me on July 19, just minutes before I published the first known public report about the breach<\/a>. \u201cI\u2019ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.\u201d<\/p>\n

On Aug 18, 2015, the Impact Team posted a \u201cTime\u2019s up!\u201d message online, along with links to 60 gigabytes of Ashley Madison user data. The data leak led to the public shaming and extortion of many Ashley Madison users, and to at least two suicides. Many other users lost their jobs or their marriages. To this day, nobody has been charged in the hack, and incredibly Ashley Madison remains a thriving company.<\/p>\n

THE CHAOS MAKER<\/h2>\n

The former employee that Biderman undoubtedly had in mind on July 19, 2015 was William Brewster Harrison<\/strong>, a self-described expert in search engine optimization (SEO) tricks that are designed to help websites increase their rankings for various keywords in Google and other search engines.<\/p>\n

It is evident that Harrison was Biderman’s top suspect immediately after the breach became public because — in addition to releasing data on 37 million users a month later in August 2015 — the hackers also dumped three years worth of email they stole from Biderman. And Biderman’s inbox is full of messages about hate-filled personal attacks from Harrison.<\/p>\n

A Native of Northern Virginia, Harrison eventually settled in North Carolina, had a son with his then-wife, and started a fence-building business. ALM hired Harrison in March 2010 to promote its various adult brands online, and it is clear that one of his roles was creating and maintaining female profiles on Ashley Madison, and creating blogs<\/a> that were made to look like they were written by women who’d just joined Ashley Madison.<\/p>\n

\"\"<\/a><\/p>\n

A selfie that William B. Harrison posted to his Facebook page in 2013 shows him holding a handgun and wearing a bulletproof vest.<\/p>\n<\/div>\n

It appears Harrison was working as an affiliate of Ashley Madison prior to his official employment with the company, which suggests that Harrison had already demonstrated he could drive signups to the service and help improve its standing in the search engine rankings.<\/p>\n

What is less clear is whether anyone at ALM ever performed a basic background check on Harrison before hiring him. Because if they had, the results almost certainly would have given them pause. Virginia prosecutors charged the young 20-something Harrison with a series of misdemeanors, including trespassing, unlawful entry, drunk in public, and making obscene phone calls.<\/p>\n

In 2008, North Carolina authorities charged Harrison with criminal extortion, a case that was transferred to South Carolina before ultimately being dismissed. In December 2009, Harrison faced charges of false imprisonment<\/a>, charges that were also dropped by the local district attorney.<\/p>\n

By the time Ashley Madison officially hired him<\/a>, Harrison’s life was falling apart. His fence business had failed, and he’d just filed for bankruptcy. Also, his marriage had soured, and after a new arrest for driving under the influence, he was in danger of getting divorced, losing access to his son, and\/or going to jail.<\/p>\n

It also seems likely that nobody at ALM bothered to look at the dozens of domain names registered to Harrison’s various Vistomail.com email addresses, because had they done so they likely would have noticed two things.<\/p>\n

One is that Harrison had a history of creating websites to lambaste companies he didn’t like, or that he believed had slighted him or his family in some way. Some of these websites included content that defamed and doxed executives, such as bash-a-business[.]com<\/strong>, google-your-business[.]com<\/strong>, contact-a-ceo[.]com<\/strong>, lowes-is-a-cancer[.]com (according to Harrison, the home improvement chain once employed his wife).<\/p>\n

A background check on Harrison’s online footprint also would have revealed he was a self-styled rapper who claimed to be an active menace to corporate America. Harrison’s website lyrical-gangsta[.]com<\/strong> included a number of works, such as “Slim Thug — I Run — Remix Spoof<\/strong>,” which are replete with menacing words for unnamed corporate executives:<\/p>\n

[HOOK]<\/em>
I surf the net all night n day (the web love thug)<\/em>
cuz I still surf the net all night n day<\/em>
yuhh I type for my mind, got smart for my ego<\/em>
still running circles round them, what’s good?<\/em>
cuz I still surf, the net all night n day,<\/em>
I cant stay away.<\/em><\/p>\n

They don’t make to [sic] many hackers like me<\/em>
bonafide hustler certified G<\/em>
still pumpin’ the TOP 10 results<\/em>
if you got the right dough!<\/em>
think the results are fake? sucka Google ME<\/em>
smarter than executives, bigger then Wal-Mart<\/em>
Nelly strugglin’ with the fact that I’m #1 NOW<\/em>
street boys know me, ain’t nuttin’ new<\/em>
about to make my mill, with an all new crew<\/em>
I-95 execs don’t know what to do, or where to go<\/em>
watchin them stocks evaporate all their dough<\/em>
I already left the hood, got up off the streets<\/em>
its in my blood im a gangsta till Im deceased<\/em><\/p>\n

moving lumber for money or typin’ in a zone<\/em>
all night hackin’ till 6 in the mornin<\/em>
that shit im focusin’ on, stronger then cologne<\/em>
you can prolly smell the jealousy<\/em>
through your LCD screen<\/em>
if you still broke– better work for some green<\/em>
called them Fortune execs on that legal bluff<\/em>
cuz the Feds busy raidin other stuff<\/em>
Imma run the Net til im six feet under<\/em>
I’m a leave my mark — no reason to wonder<\/em>
(Yea Yea)<\/em><\/span><\/p>\n

\"\"<\/p>\n

Some of the anti-corporate rhymes busted by Harrison’s hacker\/rapper alter ego “Chaos Dog.” Image: Archive.org.<\/p>\n<\/div>\n

The same theme appears in another rap (“The Hacker Backstage”) penned by Harrison’s rapper alter ego — “Chaos Dog:”<\/p>\n

…this hacker was born to write<\/em>
bust off the rhymes and watch em take flight<\/em>
you know all about them corporate jets<\/em>
and handing out pinkslips without regrets<\/em>
oversized companies are the problem<\/em><\/p>\n

well, I’ve got a solution<\/em>
It’s called good ol’ fashioned retribution<\/em>
file bankruptcy, boycott you like Boston colonists<\/em>
Corporate America cant stop this Eminem style columnist<\/em>
2pac would have honored my style<\/em>
Im the next generation of hacker inspiration<\/em>
Americans don’t want a corporate nation<\/em>
All that DOW Jones shit is a dying sensation<\/em><\/p>\n

In addition to pimping Ashley Madison with fake profiles and phony user blogs, it appears Harrison also went after the company’s enemies during the brief time he was an employee. As noted in Part I of this story, Harrison used multiple pseudonymous Vistomail.com email addresses to harass the owners of AshleyMadisonSucks[.]com<\/strong> into selling or shutting down the site.<\/p>\n

When the owner of AshleyMadisonSucks[.]com refused to sell the domain, he and his then-girlfriend were subject to an unrelenting campaign of online harassment and blackmail. It now appears those attacks were perpetrated by Harrison, who sent emails from different accounts at the free email service Vistomail<\/strong> pretending to be the domain owner, his then-girlfriend and their friends. Harrison even went after the domain owner’s lawyer and wife, listing them both on his Contact-A-CEO[.]com website.<\/p>\n

TURNABOUT IS FAIR PLAY<\/h2>\n

Things started going sideways for Ashley Madison when Harrison’s employment contract was terminated in November 2011. The leaked emails do not explain why Harrison was fired, but his mercurial temperament likely played a major role. According to Harrison, it was because he had expressed some moral reservations with certain aspects of his duties, although he was not specific on that point and none of this could be confirmed.<\/p>\n

Shortly after Harrison was fired, the company’s executives began noticing that Google<\/strong> was auto-completing the words “Jew” and “Jewish” whenever someone searched for Biderman’s name. The results returned when one accepted Google’s recommended search at the time filled the first page with links to Stormfront<\/strong>, a far-right, neo-Nazi hate group. The company strongly suspected someone was using underhanded SEO techniques to slander and attack its CEO.<\/p>\n

In July 2022, KrebsOnSecurity published a retrospective on the 2015 Ashley Madison breach<\/a> which found that Biderman had become the subject of increasing ire from members of Stormfront and other extremists groups in the years leading up to the hack. According to the neo-Nazi groups, Biderman was a worthy target of their harassment not just because he was a successful Jewish CEO, but also because his company was hellbent on destroying Christian morals and families.<\/p>\n

Biderman’s leaked emails show that in February 2021 he hired Brian Cuban<\/strong> — the attorney brother of Mark Cuban<\/strong>, the owner of the Dallas Mavericks and one the main “sharks” on the ABC reality television series Shark Tank<\/strong>. Through Cuban, Ashley Madison appealed their case to both Google and to the Anti-Defamation League, but neither was apparently able or willing to help.<\/p>\n

\"\"<\/p>\n

Also in early January 2012, Biderman and other Ashley Madison executives found themselves inundated with anonymous Vistomail.com emails that were replete with profanity and slurs against Jews. Although he used fake names and email addresses, Harrison made little effort to hide his identity in several of these nastygrams.<\/p>\n

One particularly ugly message from Harrison even included a link to a Youtube video he’d put online of his young son playing basketball for a school team. That Youtube video was included in an email wherein Harrison – then separated from his wife — lamented all the hours he spent working for Ashley Madison up in Canada instead of spending time with his son.<\/p>\n

Harrison then turned to making threatening phone calls to Ashley Madison executives. In one incident in March 2012, Harrison called the company’s former director of Human Resources using a caller ID spoofing service to make it look like he was calling from inside the building.<\/p>\n

ALM’s lawyers contacted the Toronto police in response to Harrison’s harassment.<\/p>\n

“For Will to have disguised his phone number as Mark\u2019s strongly suggest he has hacked my email, legal counsel for the opposing side in a perceived legal dispute,” ALM VP and general counsel Mike Dacks wrote in a letter to a detective at the Toronto Police. “Over the months of his many hundreds of emails he alluded a number of times to undertaking cyberattacks against us and this was noted in my original report to police.”<\/p>\n

Based on the exchanges in Bidernman’s inbox it appears those appeals to the Toronto authorities were successful in having Harrison barred from being able to enter Canada.<\/p>\n

ALM also contacted a detective in Harrison’s home county in North Carolina. But when the local police paid a visit to Harrison’s home to follow up on the harassment complaints, Harrison fled out his back porch, injuring himself after jumping off the second-story deck.<\/p>\n

It is unclear if the police ever succeeded in interviewing Harrison in response to the harassment complaints from ALM. The Raleigh police officer contacted by ALM did not respond to requests for information. But the visit from the local cops only seemed to embolden and anger Harrison even more, and Biderman’s emails indicate the harassment continued after this incident.<\/p>\n

HUMAN DECOYS<\/h2>\n

Then in August 2012, the former sex worker turned blogger and activist Maggie McNeill<\/strong> published screenshots from an internal system that Ashley Madison used called the “Human Decoy Interface<\/strong>,” which was a fancy way of describing a system built to manage phony female accounts on the service.<\/p>\n

The screenshots appeared to show that a great many female accounts were in fact bots designed to bring in paying customers. Ashley Madison was always free to join, but users had to pay if they wished to chat directly with other users.<\/p>\n

Although Harrison had been fired nearly a year earlier, Biderman’s leaked emails show that Harrison’s access to Ashley Madison’s internal tools wasn’t revoked until after the screenshots were posted online and the company began reviewing which employee accounts had access to the Human Decoy Interface.<\/p>\n

\u201cWho or what is\u00a0asdfdfsda@asdf.com<\/strong>?,\u201d Biderman asked, after being sent a list of nine email addresses.<\/p>\n

\u201cIt appears to be the email address Will used for his profiles,\u201d the IT director replied.<\/p>\n

\u201cAnd his access was never shut off until today?,\u201d asked the company\u2019s general counsel Mike Dacks.<\/p>\n

TRUTH BOMBS<\/h2>\n

Biderman’s leaked emails suggest that Harrison stopped his harassment campaign sometime after 2012. A decade later, KrebsOnSecurity sought to track down and interview Harrison. Finding nobody at his former addresses and phone numbers in North Carolina, KrebsOnSecurity wound up speaking with Will’s stepmother, Tena Nauheim<\/strong>, who lives with Will’s dad in Northern Virginia.<\/p>\n

Nauheim quickly dropped two big truth bombs after patiently listening to my spiel about why I was calling and looking for Mr. Harrison. The first was that Will was brought up Jewish, although he did not practice the faith: A local rabbi and friend of the family gave the service at Will’s funeral in 2014.<\/p>\n

Nauheim also shared that her stepson had killed himself in 2014, shooting himself in the head with a handgun. Will’s mother discovered his body.<\/p>\n

“Will committed suicide in March 2014,” Nauheim shared. “I’ve heard all those stories you just mentioned. Will was severely mentally ill. He was probably as close to a sociopath as I can imagine anyone being. He was also a paranoid schizophrenic who wouldn’t take his medication.”<\/p>\n

William B. Harrison died on March 5, 2014, nearly 16 months before The Impact Team announced they’d hacked Ashley Madison<\/em>.<\/p>\n

Nauheim said she constantly felt physically threatened when Will was around. But she had trouble believing that her stepson was a raging anti-Semite. She also said she thought the timing of Will’s suicide effectively ruled him out as a suspect in the 2015 Ashley Madison hack.<\/p>\n

“Considering the date of death, I\u2019m not sure if he\u2019s your guy,” Nauheim offered toward the end of our conversation.<\/p>\n

[There is one silver lining to Will Harrison’s otherwise sad tale: His widow has since remarried, and her new husband agreed to adopt their son as his own.]<\/p>\n

ANALYSIS<\/h2>\n

Does Harrison’s untimely death rule him out as a suspect, as his stepmom suggested? This remains an open question. In a parting email to Biderman in late 2012<\/a>, Harrison signed his real name and said he was leaving, but not going away.<\/p>\n

“So good luck, I’m sure we’ll talk again soon, but for now, I’ve got better things in the oven,” Harrison wrote. “Just remember I outsmarted you last time and I will outsmart you and out maneuver you this time too, by keeping myself far far away from the action and just enjoying the sideline view, cheering for the opposition.”<\/p>\n

Nothing in the leaked Biderman emails suggests that Ashley Madison did much to revamp the security of its computer systems in the wake of Harrison’s departure and subsequent campaign of harassment — apart from removing an administrator account of his a year after he’d already left the company.<\/p>\n

KrebsOnSecurity found nothing in Harrison’s extensive domain history suggesting he had any real malicious hacking skills. But given the clientele that typically employed his skills — the adult entertainment industry — it seems likely Harrison was at least conversant in the dark arts of “Black SEO,” which involves using underhanded or else downright illegal methods to game search engine results.<\/p>\n

Armed with such experience, it would not have been difficult for Harrison to have worked out a way to maintain access to working administrator accounts at Ashley Madison. If that in fact did happen, it would have been trivial for him to sell or give those credentials to someone else.<\/p>\n

Or to something<\/em> else. Like Nazi groups. As KrebsOnSecurity reported last year, in the six months leading up to the July 2015 hack, Ashley Madison and Biderman\u00a0became a frequent subject of derision across multiple neo-Nazi websites.<\/p>\n

On Jan. 14, 2015, a member of the neo-Nazi forum Stormfront posted a lively thread about Ashley Madison in the general discussion area titled, \u201cJewish owned dating website promoting adultery.\u201d<\/p>\n

On July 3, 2015,\u00a0Andrew Anglin<\/a>, the editor of the alt-right publication\u00a0Daily Stormer<\/a>, posted excerpts about Biderman from a story titled, \u201cJewish Hyper-Sexualization of Western Culture,\u201d which referred to Biderman as the \u201cJewish King of Infidelity.\u201d<\/p>\n

On July 10, a mocking montage of Biderman photos with racist captions was posted to the extremist website\u00a0Vanguard News Network<\/a>, as part of a thread called \u201cJews normalize sexual perversion.\u201d<\/p>\n

Some readers have suggested that the data leaked by the Impact Team could have originally been stolen by Harrison. But that timeline does not add up given what we know about the hack. For one thing, the financial transaction records leaked from Ashley Madison show charges up until mid-2015. Also, the final message in the archive of Biderman\u2019s stolen emails was dated July 7, 2015 \u2014 almost two weeks before the Impact Team would announce their hack.<\/p>\n

Whoever hacked Ashley Madison clearly wanted to disrupt the company as a business, and disgrace its CEO as the endgame. The Impact Team’s intrusion struck just as Ashley Madison’s parent was preparing go public with an initial public offering (IPO) for investors. Also, the hackers stated that while they stole all emplyee emails, they were only interested in leaking Biderman’s.<\/p>\n

Also, the Impact Team had to know that ALM would never comply with their demands to dismantle Ashley Madison and Established Men. In 2014, ALM reported revenues of $115 million. There was little chance the company was going to shut down some of its biggest money machines.<\/p>\n

Hence, it appears the Impact Team\u2019s goal all along was to create prodigious amounts of drama and tension by announcing the hack of a major cheating website, and then let that drama play out over the next few months as millions of exposed Ashley Madison users freaked out and became the targets of extortion attacks and public shaming<\/a>.<\/p>\n

After the Impact Team released Biderman’s email archives, several media outlets pounced on salacious exchanges in those messages as supposed proof he had carried on multiple affairs. Biderman resigned as CEO of Ashley Madison on Aug. 28, 2015.<\/p>\n

Complicating things further, it appears more than one malicious party may have gained access to Ashley’s Madison’s network in 2015 or possibly earlier. Cyber intelligence firm Intel 471<\/a>\u00a0recorded a series of posts by a user with the handle \u201cBrutium<\/strong>\u201d on the Russian-language cybercrime forum\u00a0Antichat<\/strong>\u00a0between 2014 and 2016.<\/p>\n

Brutium routinely advertised the sale of large, hacked databases, and on Jan. 24, 2015, this user posted a thread offering to sell data on 32 million Ashley Madison users. However, there is no indication whether anyone purchased the information. Brutium\u2019s profile has since been removed from the Antichat forum.<\/p>\n

I realize this ending may be unsatisfying for many readers, as it is for me. The story I wrote in 2015 about the Ashley Madison hack is still the biggest scoop I’ve published here (in terms of traffic), yet it remains perhaps the single most frustrating investigation I’ve ever pursued. But my hunch is that there is still more to this story that has yet to unfold.<\/p>\n

https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: BrianKrebs| Date: Thu, 13 Jul 2023 21:45:02 +0000<\/strong><\/p>\n

[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.] It was around 9 p.m. on Sunday, July 19, when I received a message through the contact form on KrebsOnSecurity.com that the marital infidelity website AshleyMadison.com had been hacked. The message contained links to confidential Ashley Madison documents, and included a manifesto that said a hacker group calling itself the Impact Team was prepared to leak data on all 37 million users unless Ashley Madison and a sister property voluntarily closed down within 30 days.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[16740,19109,11740,14851,27099,16696,29753],"class_list":["post-22471","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-a-little-sunshine","tag-ashley-madison-hack","tag-data-breaches","tag-hulu","tag-impact-team","tag-neer-do-well-news","tag-william-webster-harrison"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/22471","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=22471"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/22471\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=22471"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=22471"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=22471"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}