"I hope the Chinese aren't collating the Ashley Madison data with their handy federal list of every American with a security clearance."

[Read the post]

They are. Only an idiot would not.

10 Likes

The question isn’t so much can/are they doing this now. The question is did they do this already? Who is to say that the hackers exposing this list are the FIRST people to hack this information from their servers? It would not be surprising to find out that the Chinese (or other intelligence agencies) did this before. And they would NOT want this information public. You can’t effectively blackmail people with information that is public knowledge. In fact, it isn’t farcical to imagine that this was leaked by OUR intelligence agencies to minimize the effect of a previous, unacknowledged hack of Ashley Madison by foreign intelligence.

14 Likes

Tinfoil? I can do you a nice mumetal bowler with a DU liner and chrome plating. Rejects anything from audio spectrum all the way to UV, absorbs neutrons. It’s a bit heavy though.

7 Likes

Line it with ferrite pyramids inside. Classical tinfoil hats were found to be resonant chambers. To work properly they should be made anechoic inside.
The liner to cushion the ferrite pyramids could be made with paraffin or polyethylene loaded with carbon black (to further attenuate the RF) and boron (for the neutrons - carbon to moderate the fast ones, boron to absorb them).

12 Likes

Looks like we have a product to pitch to Elon Musk. All we need to make it perfect is a slot for your iPhone and a drop-down chainmail Faraday cage for when you need that all-over EM protection.

With all those AM users currently trying to hide from the Internet, it should be a winner.

4 Likes

In such a hypothetical situation, would they leak the whole thing (to prevent a counter-leak revealing the selective nature of this leak, which would raise the question about why the leaked data didn’t include certain people) or would they “filter” the leaked information to remove those certain individuals and hope that no one performed the counter-leak I described?

1 Like

what he’s suggesting is not really that outlandish at all…?

4 Likes

Hope the American Security agencies are doing the same. I would be really embarrassing if say 5 years from now someone on the lists would have been blackmailed for 5 years and they just scratched their heads saying we had no idea.

2 Likes

Given that the data is basically public now, what would be the point? You can’t blackmail someone with public data. It would be like trying to pressure George Takei by threatening to out him as gay.

4 Likes

The next level inquiry is why didn’t the vast NSA/security apparatus detect this leaky source first, and yank clearances before this was ever made public.

3 Likes

So: the Chinese know everybody in the US government who corresponds to an email address registered with AM.
This makes those people apparently liable to blackmail.
He seems to suggest that the answer is to release all the data. What does that achieve exactly?
→ a whole lot of government people now are liable to the suspicions of their families and colleagues.
→ so are a lot of other people.
→ Chinese can still blackmail them by threatening to contact their nearest and dearest personally with the information, giving 100% chance of a problem versus the much smaller chance that the N&D will go to the bother of finding out.

Wouldn’t the logical thing to do be to go to AM and demand the list, use the big data engine to look for matches, and inform all of those people that the Chinese have this data, that the US Government proposes to disregard it (so that they cannot be blackmailed) and in fact if the respondents have any problems with family or colleagues they can ask for an official government letter saying the account is fraudulent.
…only don’t be so silly next time, people.

You’ve just ensured their loyalty, obtained their gratitude, and there’s no scandal.

7 Likes

Are we certain that they didn’t?

1 Like

The data that is public is incomplete. It is going to be easy for a lot of the people implicated to claim someone somehow got credentials for their emails and the AM stuff just disappeared into their own junk mail. Or whatever. From the information we have about the male/female ratio we can speculate that AM is just really about escort-level prostitution, and that the great majority of users have never, as it were, used it in anger. At the moment it’s mostly at the level of watercooler rumours.
But if you have the data and, I don’t know, a national level intelligence service, you can use it as a filter to identify targets of interest and then you can go and get the goods on them.
It’s like the attempts to discredit Jeremy Corbyn in the UK: Oh, he was photographed sitting next to some bad guy. But it makes a huge difference if he was there because he’d arrived at the meeting five minutes before and grabbed the only vacant seat (likely in this case) or whether they arrived together after plotting a rocket attack on Tel Aviv, or whatever. Investigation will turn up one or the other. If it was the latter, depending on who had the data, it might be used for public exposure or for blackmail.
Summary: The AM leak is a medium grade source of potential intelligence to identify targets for blackmail; the fact people are in it will often be deniable without further data gathering.

1 Like

I’d wager the US security clearance apparatus isn’t that competent. The system has had a huge backlog for years.

Not that I’m disagreeing with you–it’s probably true for the most part–but I did some Googling when the news broke and found a really interesting GQ article from two years ago that interviewed several women who were legit users of the service (by which I mean, married women looking for affairs, rather than thinly-veiling prostitutes).

Since reading that, I’ve become awfully ambivalent about the entire mess. Sure, some of the people exposed will be heartless douchebags who deserve everything they get, but some of them will be perfectly honest swingers whose reputations and careers will be ruined if their legitimately open relationship is exposed. Some of them will be seeking solace from a loveless or abusive relationship that they aren’t in a position to leave.

3 Likes

Even easier than that - Ashely Madison had NO verification process whatsoever. You could have signed up barak.obama@whitehouse.gov, and they would have never known - but “they” would have had an Ashley Madison account.

I’ll bet you dollars to doughnuts that a majority of the high profile people on the list are that type of fake.

2 Likes

Fine, but credit card transactional details have also leaked, such as for that Duggar guy, and these are extremely unlikely to be fake.

2 Likes

It’s also got meatspace addresses and last 4 credit card digits, though. For that last one in particular, someone close to the person in question will be able to verify it. I suppose the victim could claim that their CC was lifted from some other site and maliciously inserted, but no one would have thought to do that before the hack, and if they did it after the hack it wouldn’t appear in the data dump. The hackers themselves provided a checksum to verify the authentic dump, so people attempting to distribute false copies with a few enemies added should be easy to detect.

Not nessissarily. It’s got those for people who provided them, but looking at the data so far, it seems most did not. Very, very few, practically none of the high profile ones I’ve found so far have any of those details. I can’t confirm addresses, either, but I’ve found quite a few randomly selecting that lead back to bars, stores, or simply places that don’t exist, not counting the obviously fake ones.

Not a case of “Oh, they’re claiming the card numbers are fake”, no, they’re just not present in the first place. Most of the high profile accounts have little if any data associated with them, and most of those that have any amount at all attached have very publically available information used, stuff that comes up trivially with googling.

And yes, I am looking at the correct data dump, and no, nobody I can find is claiming the dump is fake. The dump itself isn’t the problem - it’s AM’s behavior of never verifying anything, barring that your credit card works, and that people have been dumping fake information into it for a long time.

You can make up fake arguments to defeat all day, it doesn’t change the simple fact of the matter - even the a very cursory dig through the data shows that the vast majority of accounts attached to high-profile people are more likely than not - almost certainly in fact - fake, and had nothing to do with the people in question.