Ashley Madison's Betrayal Story

Presented at ToorCon San Diego 17 (2015), Oct. 25, 2015, 11 a.m. (20 minutes).

Ashley Madison was a deeply risky proposition for its client, yet the clients took a risk and trusted the site with their most important asses, their dignity. Unfortunately, it was found that Ashley Madison was on operating on risky grounds, since it overlooked various aspects of their network and system security infrastructure. Ultimately these loose business practices led to a disaster, ironically Ashley Madison betrayed its own loyal clients. In the media, Ashley Madison hack has published a lot, but no full account of technically how the system was exploited and timeline has been presented at this time. This is a shame since a lot can be learnt from Ashley Madison compromise. My talk will provide the technical story behind the exploit, compromise timeline and present the lessons learnt.

Presenters:

• Omer Farooq
  I am a seasoned software and System engineer with over 12 yrs of experience. My industry experience has been towards cyber and crypto information security, data analytics, software defined radio, SATCOM, and avionics. I was the software team lead for one of most used software encryption ASIC chips in the world. My contribution powered the encryption engine and managed the data/keys for large number of applications. I am also a Phd candidate at University of Maryland, 12 yrs, Information assurance analyst experience. My dissertation is focused on deep embedded adversary attack model for IoT device using data analytics.