National Post - Financial Post Magazine
Hacktivists are on the rise and Ashley Madison is only the latest victim.
Avid Life Media Inc.’s failed attempt to go public this year was not its first crack at an IPO. In 2010, the Toronto-based company, best known for helping married folks break wedding vows through its Ashley Madison hookup service, announced plans to go public via a reverse takeover after completing a $60-million private placement offering. As Bay Street jokers said at the time, the deal was doomed from the start because no male fund manager wanted to go home and tell his wife, “I liked Ashley Madison so much that I decided to buy the company.” The latest IPO attempt faced similar challenges. But it was the release of stolen customer data by a group of hackers called the Impact Team that put Avid Life’s flotation plans on hold indefinitely. According to the company, the attack was a simple criminal act, not hacktivism. But, as pointed out by Bill Buchanan, head of the Centre for Distributed Computing, Networks and Security at Edinburgh Napier University, the Impact Team certainly appears to have had “a moral agenda, adding another dimension to the factors that motivate cybercriminals, and therefore something else for overburdened security professionals to consider.” Hacktivism does not yet pose as big a threat to your average company as for-profit hackers. Attack stats complied by Hackmageddon. com show cybercrime regularly ranks as the top motivation behind major acts of hacking. In May, for example, cybercrime accounted for 68.5% of all hacker attacks, followed by hacktivism (22.5%) and cyberespionage (9%). But the gap between the top two motivations was smaller in April, when a hacktivism agenda was responsible for almost a third of all hacker attacks. As a result, the time has come for all organizations to take the threat posed by hacktivists more seriously. And it isn’t just the so-called moralist hacker that needs to be worried about. Keep in mind that the Impact Team was also driven to assault Avid Life for the company’s inability to live up to its billing as the best place to have a secret fling, not to mention its disclosed-but-questionable practice of populating Ashley Madison with fake female profiles. These are essentially customer service complaints, and that should scare any company that fails to deliver on expectations. Welcome to the new age of customer-focused hack attacks, which very few companies are prepared to face. “Hacker technology and knowledge is growing and improving faster than the response ability of most corporations,” says noted IT and corporate governance expert Ryn Melberg. And since nobody can be safe relying on traditional response methodologies, Melberg says companies must deploy skilled data guards that can develop real-time protection strategies that are far more holistic, agile and adaptive — just as the hackers do.