Friday, August 28, 2015

I Soon Found Out It Can Get You Into Trouble but it Can't Get You Out

"the devil's right hand, the devil's right hand; mama says the pistol is the devil's right hand...."

I have to tell you that today's post is really the result of a song that has stayed with me for about a year since hearing a friend's bluegrass band play it at a party.   The song is gripping and it is an intriguing story.  The line in the title above is just something I had to work into a post and of course inspiration wielded itself this week in a rather titanic fashion.

The Devil's Right Hand is a track off Steve Earle's 1988 album Copperhead Road.  Many of you have probably heard of the title track to the album.  Copperhead Road is Earle's highest charting hit, telling the tale of man who returns to his home in Tennessee and in the face of little opportunity decides to turn the family Moonshine business into selling marijuana.

The story of a young man running afoul of the law is a common theme in the Outlaw country world of Johnny Cash, Merle Haggard, etc and Steve Earle is/was a disciple.  Like Copperhead Road, the Devil's Right Hand tells of a flawed yet not particularly evil person who gives into temptation and suffers for it.

Suffering for temptation seems to be a common theme this week.  For weeks we have heard of the Ashley Madison hack by a group calling themselves the Impact Team.  About a week ago the individuals who were part of that hack finally released their Ashley Madison member files onto sites where the stolen data could be found.

It's not actually clear what the true motivations of the group are.  It certainly is not clearly evident that they are against cheating per se.  It is more likely that they are looking to out Ashley Madison and it's users as frauds.  The data may affirm the assertion that Ashley Madison is a fraudulent business model with an inordinate number of men and on the female side mostly prostitutes, fake profiles, and scammers.  On the user side the motivation may largely be a desire to out government officials, celebrities, or just those who they feel are hypocritical (such as preachers or hapless bloggers).  It is also likely that there is ultimately a monetary angle associated with extortion.  Regardless, the actions have created a firestorm of public curiosity and fear among those Ashley Madison users potentially identified within the data.

In the wake of this scandal Ashley Madison CEO Noel Biderman has resigned his position effective immediately.

The big question is then, what to do now?  I am certainly not the person to answer that question but given what I have been writing about here for 4+ years I guess I should say something (as I play Steve Earle's mantra on the other screen).

As with many things the actual data set provides no direct proof of anything and it exists on something called the "Dark Web."  The problem is that it is there and people know it and once people know something it is proverbially "the devil's right hand" and can be used to identify moral turpitude, to seek out a partner, or to just be mean.  More likely it becomes that wreck on the side of the road that nobody can turn their sight from.

Has Ryan been outed you ask?  The answer is as muddled as the story.  Yes my e-mail has been posted not just on the Dark Web but also on a local "do-good'er" site on the very accessible "public web."  As with Impact Team, the local site states it's purpose is to identify government officials. Thankfully I followed Riff's advise several years ago and used a unique "mischief" yahoo e-mail for my AM business.  Also, I never used my hometown on my AM profile.  I have a fairly common name and go by a nickname rather than my real name in life.  Bottom line is that you would have to be made aware of the do-good'er site, look for my name over pages of data, recognize my real name, and come to the conclusion that it could be me even though the town is 30+ miles away.  All that is not too likely.  Would Shannon scrutinize the available sites to identify Ryan, well that would require Shannon to think about me for over 20 minutes; something she hasn't done for over 10 years.

But don't get too comfy as it's fairly easy to manipulate and find data within the database if you know what to look for.  Within the local do-good'er site one can simply press "alt F" and search for something specific; a name, an address, etc.  Again, if you know what to look for it's right in front of you.

The ultimate question for you will be, who would be looking, why, and how evident will it be that the data is you even if it doesn't directly say so.

Troy Hunt - IT Blogger
I think the best information I have seen to understand what has been done, how it was done, and what to do in response is provided by the IT guru/blogger Troy Hunt (see his links below).

This is a really thorough and concise article about what is going on and how it has impacted lives.

Here is another article that talks more specifically about the data breach.

What seems to be apparent from Hunt's blog is that you should not go seeking the database even if you can acquire access to and know how to use a Tor browser.  First, you will open yourself up to malware.  Second, you will be handling stolen data and your search could open yourself up to being further compromised.  Even if you get the data, as Hunt says, "this simply isn't data that's consumable via your average person."

Hunt does offer a site "--have i been pwned?" that can let you know if your e-mail has been compromised by a hack (the Ashley Madison hack or others).  There are other sites that will offer this to you.  Do understand though, most of these sites (not Hunt's) have been launched in hopes of finding people who's addresses have been compromised and then offer them some form of "hoped for" security for a price.  In most cases they probably can't deliver the security you are hoping for.

So what is the advice?

Even though I am not qualified to render an opinion here are some things to consider:

*     Assume you can be found given the time and the inclination by a motivated individual.
*     That being said you may need to panic or you may not need to panic.  Let's face it, for some out there you may have permission or nobody may care what you may be doing on AM.
*     If you used a "real" e-mail from work or one your spouse, partner, or friends will recognize for your AM membership it may be time to have that "come to Jesus" discussion with those that may very well find out.  That holds true if you used your home in your profile and your home is small enough or your name distinctive enough to make your membership easily evident.  However, understand you will never be able to put that Genie back in the bottle so take a lot of time to consider your decision.  Perhaps you have anonymous friends out here on the bloggosphere you can go to for advice and support.
*     Is there a really good reason for people to find you and identify you either because of your position in life or because they don't like you?  How proactive will such individuals be to find you?
*     Don't worry so much about what is on the Dark Web but be vigilant in finding local "public web" sites that may have extracted the data and are now displaying as sorted information.
*     You may want to go ahead and cancel that AM membership and any associated e-mail addresses.  Certainly, if you keep your AM profile change to a different town.
*     Can I get rid of data on the web?  The best analogy I've seen speaking to this is that data on the web is like pee in a pool.  In theory you may be able to reacquire some data and get it contained.  However data, like pee, dissipates into the vast web (water of the pool) and realistically cannot be contained or resealed (or unpeed).  The best you can hope for is that the data (or pee) will be dissipated and immersed into the quantity of the pool.  At some point only someone seeking the data (or pee) will be able to find that data.  And they will have to have a black light, for the pee that is!
*     Most importantly - review why you are still on AM.  I will always affirm that not all people on AM are wrong, we all have a story.  But if you have been on for some time is this still serving a need?  If it is only treating a symptom consider trying to cure the disease that led you there.  Times like this are always good to reassess, my best advice is to use this time and this event thusly.

Some notes on Ashley Madison:

*     Running through comments on the local "do-good'er" site I see people are misinterpreting the data.  The do-good'er site displayed all "paying" AM members.  Comment after comment affirmed the belief that AM is all men.  Of course the unknowing don't know that AM only takes payment from men so if you sort data on paying members you will only yield men.  This event will produce a lot of misinformation.  However, this does feel like a seminal moment for social media.  While it may blow over for the rank and file member, I can't see the fear rolling back out to sea.  It won't stop cheating and it's prevalence on the web, but I certainly can see some retrenchment on sites that brazenly advertise, advocate for, and coin phrases such as "married dating."  Hubris draws attention and Ashley Madison was quite brazen.  Of course as I have found out AM is not just men and certainly not only prostitutes.  It is full of stories, full of good and bad people, and full of people looking for hope in an easy "turn-key" package.  Is it the best place for that?  Probably not.  But it is what it is.  For me I have clutched this proverbial pistol, the Devil's Right Hand, as much as anyone and now I don't find it as adventurous as it once was.

But as I consider the fate of those on Ashley Madison and consider the other news of the day yesterday, I think the pain of our Devil's Right Hand pales in comparison to the tragedy that occured to the south of us.

Of course Earle's true meaning in "the Devil's Right Hand" is not to simply avoid temptation but to properly respect, if not fear, the pistol.  For in the hands of the wrong individual the pistol, the Devil's Right Hand, not only turns the tempted to tragedy but often drags the innocent along for the painful ride.

So as much as the AM hack is fascinating we might pause and consider the innocent and assess how we might best advocate for them.

If there are any IT guru's out there I would love to get your comments, not only for myself but for other readers.

What seems to be Hunt's biggest criticism of Ashley Madison is their lack of support to customers.  They have a bounty over the hackers and I'm sure they will seek legal retribution if they hackers are found (and if there is a court in Canada that will hear the case).  But I think if I were to make a philosophical comment on Ashley Madison right now it would be:

"I soon found out it can get you into trouble but it can't get you out!"

While Steve Earle's version is wonderful I have to say I like Johnny Cash's version just a bit better.  The rich rawness Carter brings to a song, illuminates the stark reality of the story.  The bluegrass version is even better but I guess I better not post a video of my friends band!  :)

"my very first pistol was a cap and ball Colt
Shoot as fast as lightnin' but it loads a might slow
Loads a might slow and I soon found out
It can get you into trouble but it can't get you out.....

Oh well here is Steve Earle's version as well:

1 comment:

vimax said...

woow...ramai skrng dibicarakan situs perselingkuhan yg datanya di bobol hacker. Search : Ashley Madison
Ada solusi utk Anda yg ingin sex tahan lama :
Dan solusi lainnya utk kontol Anda biar cepat tumbuh dewasa