Searching For Email Addresses In Ashley-Madison Data

Your JoeDog was recently asked about the Ashley-Madison email list. Could he use his nerd-powers to find a particular email address?

“Yeah, sure, but that data dump is huge, I’ll need some time.”

Before he could act, Your JoeDog’s IM was filled with curse words. His contact found the address she was looking for in a website that lets you to search the Ashley-Madison data.

“Okay, but let’s see what’s in the actual data.”

Getting your hands on that data is no easy task. As soon as it’s posted, it’s deleted because no hosting company wants it on its severs. Pastebin is Your JoeDog’s first stop for this sort of thing. An “ashley-madison” search returns many links that point to deleted data. Strike one.

Unable to find it on pastebin, he turned to the gray web, specifically Kickass Torrents. There he found the data available for download … all 23 gigs of it. Can you imagine trying to download 23 gigs over torrent? That’s not going to happen.

Fortunately, Torrent allows you to look at the contents within the zip file. Your JoeDog found a list of files with names like member_email.dump.gz If he could pull down just the parts he wanted, then the download would be quite manageable.

He searched for ‘member_email.dump.gz’ and hit pay dirt. A site had the files listed on Torrent along with their PGP signatures for verification. The hackers posted the verification so you could ensure the files came from them.

As it turns out, the email address she found on that website was NOT in the actual Ashley-Madison data. It was a scam.

Be careful out there. The internets are a scam machine. Sites like the one she used are filled with spammer’s email lists in the hope of extracting payment for scrubbing addresses from the database. People are also using the data to extort money. “Hey, I found your email address in the Ashley-Madison dump. Be a shame if your wife found out.”

In order to determine with certainty if an email address is in the Ashley-Madison database, you will need a quality nerd. But before you find that nerd, ask yourself this: do you really want to know?

NOTE: Even if an email address and a credit card is in the database, there’s still no guarantee the person used that site. Accounts could be opened with stolen cards. Again, Your JoeDog urges caution. Do you really want to confront your significant other only to learn they were the victim of theft? Be careful out there.

Hackers Have Your Ashley-Madison Account Information

It’s a bad time for cheaters. Two months after Adult Friend Finder was compromised, Ashley-Madison was also hacked. The online infidelity broker was breached by a group known as “The Impact Team.” They now have account information for all of Ashley-Madison’s thirty-seven million users. Unless the website is permanently shut down, the “group” plans to release this information to the public:

Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails. The other websites may stay online.

How many members do you think comprise “The Impact Team”? Their demand sounds like it was prompted by scorn. It sounds like a guy whose woman hooked-up on Ashley-Madison. He’s bitter and he wants the site removed. Your JoeDog will answer that question with his guess: it’s a team of one.

Ashley-Madison is a multi-million dollar industry. There’s no chance that Avid Life Media shuts down the site. The Impact Team will soon release that data and we’ll be treated to a lively news cycle. The list probably includes a sitting Senator or two….

Note: You can find the Adult Friend Finder database information here.

[Krebs: Online Cheating Site Ashley-Madison Hacked]

Did The St. Louis Cardinals Hack Into Another Team’s Database?

Get A Brain! Morans - Did St. Louis Hack the Astro's databaseYour JoeDog roots for the Pittsburgh Pirates. They are a major league baseball team in the same division as the St. Louis Cardinals. On June 16, the New York Times broke a bombshell story about the Cardinals. They were under investigation by the FBI for breaking into a Houston Astros database.

That seems like an odd choice, right? At the time of the 2013 breach, the Astros weren’t particularly good. They weren’t even in the same division as the Cardinals. Yet they did have something with which St. Louis was familiar, a General Manager named Jeff Luhnow. He worked with the Cardinals before he was hired by Houston in 2011.

When Luhnow was with the Cardinals, he built a computer system known as Redbird. It was a large database filled with scouting information and player analysis. In Houston, he built a similar system called Ground Control. It was basically Redbird under a different name. So St. Louis was familiar with the system but by 2013 they didn’t have Luhnow’s updated information. Did they breach Houston’s computers in order to obtain it? The FBI thinks that’s possible.

One of FBI’s supoenas sought information on the IP addresses from which the attackers logged into Ground Control. It is believed those addresses point directly to the Cardinals or Cardinals’ personnel. The breach itself wasn’t particularly sophisticated. The attacker just stone cold logged in with a password. Again, this takes us back to St. Louis.

Remember, Luhnow used to work with the Cardinals. He brought several Cardinals’ employees with him to Houston. There’s a pretty good chance they had dormant accounts back in St. Louis. Those accounts had login credentials. If any of those former Cardinals employees reused their credentials in Houston, St. Louis had everything it needed to break in.

In the worst case for computer security, St. Louis stored its passwords in the clear (or an employee left a sticky note on his desk). With this information, all they needed to do was log in. If passwords were stored in a secure hash, then St. Louis could have downloaded a password cracker like John The Ripper to get the goods.

This goes beyond anything Tom Brady did. This is no Deflategate. If the accusations hold, then people in St. Louis committed wire fraud, computer hacking, corporate espionage and theft of trade secrets. Those crimes are punishable with incarceration. The guilty won’t find a low level equipment manager to take the fall for this one. The stakes are way too high for that.

US Government: We Suck At Security; Trust Us With Your Records

navalwarcollegehackers_168457_372093-300x193Your JoeDog is not one of those knee-jerk anti-gub’mint guys but god damn sometimes they test his patience.

By now you’ve heard of that database breach in which the Chinese allegedly stole the personal information of approximately 4 million government employees. About half of those records represent current employees, the rest are for previous workers. According to an unnamed US “official,” the data goes back to 1985.

CNN interviewed “experts” who told the network that the Chinese appear to be building a large database of Federal employees which will help them model the organization and setup insider attacks.

One-third of Your JoeDog’s visitors are from China and we’re starting to feel like an abused spouse. We give you free software and you break down the door and steal our records. Thanks, China. Thanks, a lot.

But here’s the real kick in the ass: US government officials cite this breach as a reason to pass a host of legislature which will, among other things, put more personal information into the hands of government. Information-sharing clauses in these bills will essentially channel more personal data from businesses to the Federal government. That makes Your JoeDog’s head explode. The government is essentially saying, “We can’t secure our own records so give us more records.”

The chairpersons of the select committee on cybersecurity have their hair on fire. They predict dire consequences if we don’t grant them more personal data: “Business and industry leaders warned us of the growing threats during various hearings, and this attack shows why the Senate needs to move quickly on a cyber bill.”

The shittier a bill is the quicker is must be passed, people. Don’t worry your pretty little heads about its contents.

Funny thing: Newton’s Third Law applies to politics as well as physics. For every asshole, there’s an equal and opposite anti-asshole. Are you from Oregon, Dear Reader? Then pat yourself on the back because your senator is our anti-asshole.

I believe sharing information about cyber-threats is a worthy goal, it is unlikely that information sharing by private companies would have made any significant difference in protecting federal employee data. That’s why cybersecurity experts say that passing a bill like this will do little to reduce security breaches.

“This is a bad excuse to try and pass a bad bill.”

Amen, Senator Anti-asshole. Amen.

Ransomware Creator: Sorry About That

By now you’ve probably heard of ransomware. It’s a form of malware that encrypts your files and demands a payment for the decryption keys. The whole concept of ransomware says a lot about humans, huh? It says we’re quite clever but we’re also basically dicks.

Last week a new strain of human dickishness was unleashed on an unsuspecting public. Locker is a form of ransomware known as a sleeper. That’s a variant that lies dormant until the administrator wakes it up. Last week the alarm rang. The program rolled out of bed and encrypted files on thousands of PCs.

Now this week an internet user who claims to be the author apologized for that whole making-your-life-suck thing. To prove his sincerity, he released this statement on PasteBin:

I am the author of the Locker ransomware and I’m very sorry about that has happened. It was never my intention to release this.

I uploaded the database to containing ‘bitcoin address, public key, private key’ as CSV. This is a dump of the complete database and most of the keys weren’t even used. All distribution of new keys has been stopped.

He went on to say that automatic decryption will begin today. If your files are already borked by this program, then I suppose you don’t have much choice but to trust the author. Try to decrypt the files with the keys he provided. If that fails, make sure your computer is connected to the internet so you can receive the task signal.

Al Qaeda’s Porn

al qaeda steganographyIn 2011, an al Qaeda operative named Maksud Lodin was arrested in Berlin. Among his possessions was a memory card that contained, among other things, a porn video called KickAss. While that may have raised eyebrows — “a religious holy warrior is carrying beat-off material?” — it wasn’t what authorities were after. To them the “good stuff” is actionable intelligence. According to die Zeit, they found it. Federal police recovered al Qaeda documents that were hidden on the card. Where? The were embedded in the film.

In total, the Germans recovered 141 separate text documents hidden within a .mov file. The discovery confirmed a long-standing hunch that al Qaeda used steganography to hide its information in plain sight. The public was outraged and horrified. “OMG! Al Qaeda is embedding shit inside our porn!!11!1!!”

Your JoeDog was reminded of al Qaeda’s porn when he stumbled across timeshifter. It’s a small utility that lets you to embed messages in regular network traffic. How does it work? By modifying the time intervals between packets, @anfractuosus is able to hide messages in plain site. The system relies on binary encoding. A short delay means 0 and a long delay means 1. By sending messages in this manner, the transmission is unlikely to arouse suspicion.

To implement this system, you’ll need the libnetfilter_queue library and the ability to set iptables rules. All the code is available along with detailed instructions. Check it out.

[anfractuosity: Timeshifter]

The Security State

Shopping tripSo imagine — because why the hell not — you returned to your vehicle after a concert in Washington D.C. Police are everywhere. Your windows are bashed in and your new cookware is exploded into little tiny pieces. That would be odd, huh? Well, that’s what happened to an Alexandria man this week. He returned to his car and found his shit was destroyed by local law enforcement.


Your JoeDog read many accounts of this incident. As best as he can tell this is what happened: Around 5:00 p.m. on Sunday, officers on foot noticed a vehicle that they characterized as “suspicious in nature.” It was parked along a public street. What made it suspicious? The vehicle contained a pressure cooker and other “items of concern.”

What’s not clear is how those items were stored. Were they in bags or out in the open? Was this the result of a shopping trip or something more nefarious? The investigation continued and officers became more suspicious. An “odor of gasoline was detected.” Interesting. A vehicle with an internal combustion engine omitted an odor of gasoline. So then what happened?

The bomb squad arrived and police broke into the vehicle and blew up all the shit inside. Catastrophe averted! The country remains safe and sound. So what did they protect us from? After destroying everything in the car, police conducted a thorough investigation to determine exactly what they saved us from. They conducted  thorough “hand search” of the vehicle and concluded their investigation “with negative results and nothing hazardous found.”

In other words, they saved us from a shopping trip.

Nice Computer – Shame If Something Happened To It

LabMD is a cancer testing center in Atlanta, GA.  In 2010, someone compromised its security and pulled its medical records. Soon after the break-in, LabMD was contacted by Tiversa, a cyber security firm who offered to sell them emergency incident response services. LabMD refused. Tiversa told the firm they’d notify the FTC unless the company hired its services. Again, LabMD refused.

Tiversa made good on its promise and contacted the FTC. The government agency pursued the measure to its fullest. LabMd was sucked into a lengthy legal battle which eventually bankrupted the company. There’s just one problem with this story: the hack never happened.  Tiversa made the whole thing up….

Cyber Threats Against Surgical Robots

Robot Surgeon

Things that would suck for one thousand, please, Alex.

Imagine — and why the hell not? — that you need an emergency appendectomy. Yours is about to explode because why-do-we-even-have-those-things? You are rushed into the operating room and placed on a table beneath a curious apparatus. “Get me a nerd, stat!” Somebody shouts.

A man in surgical clothing greets you. “Relax,” he says. “I’ve done a million of these.” He pushes a button and mask drops and smothers your face. The man’s credentials don’t match what your parents expected from their emergency room staff. The “doctor” is a computer operator, a Microsoft Certified Surgeon from ITT Tech. Your procedure begins when he selects “Appendectomy” from a drop-down menu. It is performed by a robot that immediately goes to work, carving into your body in search of an inflamed appendix.

Suddenly the robot orders silicon. Unexpected noises fill the room as the augmentation unit fires up. “WTF?” the operator types into his IRC session. “This thing’s going haywire.” Everyone in the channel responds in a similar manner: “LOL!” they type back. “This is serious shit!!!1!1!”, he anger-types. “ROTFLMAO!” they reply.

The robotic knives withdraw from your abdomen. The apparatus glides on tracks as it works its way towards your chest. It starts to make cuts around your nipples. The operator is agog; his jaw drops and he’s unsure what to do. The augmentation unit descends and attaches to your chest. Silicon starts flowing. The operator starts smashing his keyboard. “Why does this shit always happen on a Friday afternoon??!!” he screams. “LOL!” the IRC channel says.

So what happened? The hospital didn’t keep its goddam software up-to-date. The surgical robot was hacked. And now you have lady tits because 4Chan was in need of some afternoon LOLz.

Sound far-fetched? A team of researchers at the University of Washington in Seattle just hijacked a teleoperated surgical robot and documented its security vulnerabilities in a new white paper. Great! As if surgery wasn’t stressing enough, here’s one more thing to think about.

At least the guys at 4Chan gave you big ones. (They’re a little obsessed with breasts over there…)

HTTPS Happy Nice Time

As you may have noticed, here at JoeDog Enterprises Incorporated Ltd ESQ Inc., we switched from http to https last weekend. Exciting!

We warned you that such a move could be accompanied by unintended consequences. But keep in mind, not all side effects are bad. Just like painkillers can provide a little glow along with relief, some changes can provide unintentional benefits. Here’s the story of one of them.

This morning we noticed skiddie activity. That’s not unusual. Every morning we notice skiddie activity. Some asshole from  in Williamsville, NY is running an attack right now. Our http logs are filling with this activity: - - [20/Apr/2015:08:32:35 -0400] "POST /xmlrpc.php HTTP/1.1" 
302 213 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"

See that 302? That means our http virtual host is issuing a redirect to https. Here’s the thing: He doesn’t appear in the https logs. That means his stupid skiddie script is too dumb to follow the redirect. For the past hour he’s done nothing but causing meaningless redirects …

… and now he’s blocked.

UPDATE: Those 302s are now 301s as per Tim Funk’s recommendation. If skiddie can’t follow 302, he can’t follow 301 either….

UPDATE: That’s weird. My linky text is recommendation — as in “Tim Funk’s recommendation” — but magic is turning it into “Tim Funk’s 1 comment.”