Computing Devices and/or interfaces used
In this particular case, the primary devices and interfaces used were computers, servers, and the internet. While the data that was dumped was related to users of a website, the data was obtained by remotely accessing ALM’s servers through hacking passwords. In an email interview, the hackers said, “We worked hard to make fully undetectable attack, then got in and found nothing to bypass.” The hackers went on to say that the security was, “bad.” They said, “Nobody was watching. No security. Only thing was segmented network. You could use Pass1234 from the internet to VPN to root on all servers (Cox, 2015).”
Beyond not implementing security measures to prevent unauthorized remote access to their systems, ALM used “MD5 hash” protocol to protect users’ passwords. The MD5 hashing algorithm is a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length digest value to be used for authenticating the original message. While MD5 can be used to secure passwords, it is more commonly used to check the integrity of files. Additionally, the Ashely Madison site suffered from a design error where passwords were hashed with both MD5 and “bcrypt,” which led to 11 million passwords being hacked (Hackett, 2015; Mansfield-Devine, 2015; Tuttle, 2015).
The hackers also made use of a website referred to as Pastbin to disseminate the data dumps. Pastebin is a website that allows users to share plain text through public posts called “pastes.” There are many similar web applications, known as “pastebins” or “paste sites,” that have developed since the original Pastebin was launched in 2002. Users use Pastebin to share plain text blocks with others using a that allows other users to access and easily access and edit the shared text. While paste sites mainly support innocuous text-sharing, they have also become popular platforms for illegal activities, such as sharing dangerous source codes and leaking breached data (Lord, 2017; Rouse, 2011).
At the end of the day, all of ALM’s websites suffered from serious security problems that were revealed in a systems security audit after the breach. The auditors found that ALM had not resolved security problems that had been previously discovered as a result of the work done by a previous development team (Mansfield-Devine, 2015).
Beyond not implementing security measures to prevent unauthorized remote access to their systems, ALM used “MD5 hash” protocol to protect users’ passwords. The MD5 hashing algorithm is a one-way cryptographic function that accepts a message of any length as input and returns as output a fixed-length digest value to be used for authenticating the original message. While MD5 can be used to secure passwords, it is more commonly used to check the integrity of files. Additionally, the Ashely Madison site suffered from a design error where passwords were hashed with both MD5 and “bcrypt,” which led to 11 million passwords being hacked (Hackett, 2015; Mansfield-Devine, 2015; Tuttle, 2015).
The hackers also made use of a website referred to as Pastbin to disseminate the data dumps. Pastebin is a website that allows users to share plain text through public posts called “pastes.” There are many similar web applications, known as “pastebins” or “paste sites,” that have developed since the original Pastebin was launched in 2002. Users use Pastebin to share plain text blocks with others using a that allows other users to access and easily access and edit the shared text. While paste sites mainly support innocuous text-sharing, they have also become popular platforms for illegal activities, such as sharing dangerous source codes and leaking breached data (Lord, 2017; Rouse, 2011).
At the end of the day, all of ALM’s websites suffered from serious security problems that were revealed in a systems security audit after the breach. The auditors found that ALM had not resolved security problems that had been previously discovered as a result of the work done by a previous development team (Mansfield-Devine, 2015).