Pegasus Research Consortium

 ;D ;D ;D

oh boy  this is going to be some fun...I can't believe anyone would think their info was safe on line


Associated Press
By JACK GILLUM and TED BRIDIS, Associated Press
2 hrs ago




WASHINGTON (AP) — Hundreds of U.S. government employees — including some with sensitive jobs in the White House, Congress and law enforcement agencies — used Internet connections in their federal offices to access and pay membership fees to the cheating website Ashley Madison, The Associated Press has learned.

The AP traced many of the accounts exposed by hackers back to federal workers. They included at least two assistant U.S. attorneys; an information technology administrator in the Executive Office of the President; a division chief, an investigator and a trial attorney in the Justice Department; a government hacker at the Homeland Security Department and another DHS employee who indicated he worked on a U.S. counterterrorism response team.

Few actually paid for their services with their government email accounts. But AP traced their government Internet connections — logged by the website over five years — and reviewed their credit-card transactions to identify them. They included workers at more than two dozen Obama administration agencies, including the departments of State, Defense, Justice, Energy, Treasury, Transportation and Homeland Security. Others came from House or Senate computer networks.


© AP Photo/Lee Jin-man, File FILE - A June 10, 2015 photo from files showing Ashley Madison's Korean web site on a computer screen in Seoul, South Korea. Hackers claim to have leaked a massive database of users from Ashley Madison, a...
The AP is not naming the government subscribers it found because they are not elected officials or accused of a crime.

Hackers this week released detailed records on millions of people registered with the website one month after the break-in at Ashley Madison's parent company, Toronto-based Avid Life Media Inc. The website — whose slogan is, "Life is short. Have an affair" — is marketed to facilitate extra-marital affairs.

Many federal customers appeared to use non-government email addresses with handles such as "sexlessmarriage," ''soontobesingle" or "latinlovers." Some Justice Department employees appeared to use pre-paid credit cards to help preserve their anonymity but connected to the service from their office computers.

"I was doing some things I shouldn't have been doing," a Justice Department investigator told the AP. Asked about the threat of blackmail, the investigator said if prompted he would reveal his actions to his family and employer to prevent it. "I've worked too hard all my life to be a victim of blackmail. That wouldn't happen," he said. He spoke on condition of anonymity because he was deeply embarrassed and not authorized by the government to speak to reporters using his name.

The AP's analysis also found hundreds of transactions associated with Department of Defense networks, either at the Pentagon or from armed services connections elsewhere.

Defense Secretary Ash Carter confirmed the Pentagon was looking into the list of people who used military email addresses. Adultery can be a criminal offense under the Uniform Code of Military Justice.

"I'm aware it," Carter said. "Of course it's an issue because conduct is very important. And we expect good conduct on the part of our people. ... The services are looking into it and as well they should be. Absolutely."

The AP's review was the first to reveal that federal workers used their office systems to access the site, based on their Internet Protocol addresses associated with credit card transactions. It focused on searching for government employees in especially sensitive positions who could perhaps become blackmail targets. The government hacker at the Homeland Security Department, who did not respond to phone or email messages, included photographs of his wife and infant son on his Facebook page.

One assistant U.S. attorney declined through a spokesman to speak to the AP, and another did not return phone or email messages.

A White House spokesman said Thursday he could not immediately comment on the matter. The IT administrator in the White House did not return email messages.

Federal policies vary for employees by agency as to whether they would be permitted during work hours to use websites like Ashley Madison, which could fall under the same category as dating websites. But it raises questions about what personal business is acceptable — and what websites are OK to visit — for government workers on taxpayer time, especially employees who could face blackmail.

The Homeland Security Department rules for use of work computers say the devices should be used for only for official purposes, though "limited personal use is authorized as long as this use does not interfere with official duties or cause degradation of network services." Employees are barred from using government computers to access "inappropriate sites" including those that are "obscene, hateful, harmful, malicious, hostile, threatening, abusive, vulgar, defamatory, profane, or racially, sexually, or ethnically objectionable."

The hackers who took credit for the break-in had accused the website's owners of deceit and incompetence, and said the company refused to bow to their demands to close the site. Avid Life released a statement calling the hackers criminals. It added that law enforcement in both the U.S. and Canada is investigating and declined comment beyond its statement Tuesday that it was investigating the hackers' claims.

___

Associated Press writers Alicia Caldwell and Lolita C. Baldor in Washington and Raphael Satter in London contributed to this report.




;) ;) ;) ;) ;) ;) ;) ;) ;) ;) ;) ;) ;)

https://www.ashleymadison.com/

;) ;) ;) ;) ;) ;) ;) ;) ;) ;) ;) ;) ;)


http://www.wired.com/2015/08/happened-hackers-posted-stolen-ashley-madison-data/
hackers finally post stolen  data


.........................


http://www.usatoday.com/story/tech/2015/08/20/ashley-madison-database-hack-cheating-vatican/32052195/

More Ashley Madison files published

vid at link
After hackers said they released nearly 10 GB of data from users of the marital affair website Ashley Madison, Gawker said they found an account opened with the credit card of embattled '19 Kids and Counting' star Josh Duggar. VPC


SAN FRANCISCO — For some cheaters, life has gotten even worse.

On Thursday, the group who hacked last month into Ashley Madison, doubled down, posting what appears to be another 20 gigabytes of data — including the CEO's emails.

On Tuesday, the attackers, who call themselves the Impact Team, had posted a 10-gigabyte file purporting to be from the popular website for married people looking for affairs.

The latest release onto the dark Web includes more customer data files and what are said to be email boxes from several of the company's top executives, Wired magazine reported.
The company has called the posting "an act of criminality."

"It is an illegal action against the individual members of AshleyMadison.com, as well as any freethinking people who choose to engage in fully lawful online activities," the company said in a statement.

The Impact Team had demanded that the site's owner, Avid Life Media, take the site down. When it didn't, it posted the 10-gigabyte file containing databases that include 28 million unique email addresses.

The posting Thursday included more internal company data including a file named noel.binderman.mail.7z, which seems to be the email of Avid Life CEO Noel Binderman, Wired reported.

Analysis of the email addresses in the databases show that most come from webmail providers, said Robert Hansen, vice president of WhiteHat Labs at the computer security company WhiteHat Security, which independently studied the data.







USA TODAY

Josh Duggar admits to Ashley Madison account


The top most-used domains were Gmail.com, with 8.7 million, Yahoo.com with 6.6 million, Hotmail with 6.2 million and Aol.com with 1.2 million, Hansen found.

Surprisingly, there were at least 13,000 addresses from military and government emails with .mil and .gov addresses.

The military services are investigating reports that troops may have used the online service Ashley Madison to arrange extramarital affairs, Defense Secretary Ash Carter said Thursday.

The issue is important to the Pentagon, he said, because the military expects "good conduct" from servicemembers. Military law prohibits extramarital affairs.

The Army is looking into potential abuses related to the Ashley Madison website, said Lt. Col. Jesse Stalder, an Army spokesman.

"Army professionals voluntarily incur an extraordinary moral obligation to uphold the Army values, which apply to all aspects of our life," Stalder said. "Online misconduct is inconsistent with Army values and we are committed to ensuring that online-related incidents are prevented, reported and addressed."

A far lower number of addresses came from Fortune 500 companies In a sampling, Hansen found just 804 from microsoft.com, 313 from apple.com and 76 from bankofamerica.com.

Hansen found two emails from usatoday.com and four from gannett.com, USA TODAY's parent company.

The information available for each user was extensive.

"It's everything from their name, age, interests, whether they smoke or drink, down to very detailed sexual fantasies, what they enjoy having done to them and what they want to do to others," said Adam McNeil, a malware intelligence analyst at Malwarebytes Labs, a Santa Clara, Calif.-based computer security firm who has inspected the database.

Though it's probably the least of users' worries, the site did encrypt their credit card data. That makes it more difficult, though not impossible, to access. So far the credit card information hasn't showed up for sale on the dark Web, McNeil said.

The median age of the users was 46, with few under 30, an analysis posted online by data scientist Klara Jonsson found.

Gender was very skewed, though the database only identified users as either belonging to Gender 1 and Gender 2. Gender 1 made up 13.9% of users and Gender 2 was 86.1%.

"I'm no genius, but I would say I am pretty sure Gender 2 is male," Jonsson said in her analysis,

There are clearly multiple fake entries, probably created by people seeking to mask their own identities. For example, Hansen found more than a dozen using the name Barack Obama, all with different email addresses.

The Ashley Madison site didn't appear to check to make sure that email addresses were valid before they were stored in its database "so all of this data should be taken with a grain of salt," Hansen said. "This is just a great example of how personal data becomes a liability for companies unless they can guarantee safeguards."

The release of the data is going to unleash a flood of phishing attacks on unsuspecting users, security experts warn. Anyone who wants can now go and download millions of email addresses and use them to send out "phishing" messages that contain malicious software that the unwary or the worried might open, said Ken Westin, senior security analyst at Tripwire, a Portland, Ore.-based security company.

He's also anticipating a wave of emails with links purporting to "fix" the leak for those with guilty consciences. But instead the websites they lead to will download malware onto the users computer.

"I'm sure hackers are writing them right now," he said.

Follow USA TODAY reporter Elizabeth Weise @eweise