Advertisement

Ashley Madison data dump blunts blackmail danger, ex-CSIS agent says

ashley madison
A memo to government of Manitoba employees sent August 21 makes note of "recent media coverage regarding questionable use of government email addresses.". Getty Images

Last week, hackers leaked details of millions of people using ashleymadison.com, a dating service for people who want to make arrangements to cheat on a spouse.

Necessarily, the leak will have spread fear and dread among those who wanted to keep infidelity, or plans for infidelity, secret. However, from the point of view of people who worry about protecting government secrets for a living, the leak has a silver lining.

It’s a harsh but logical calculation: many people who were vulnerable to blackmail when the data was secret (if the hackers had sold the data to a foreign intelligence service, or organized crime) aren’t as vulnerable now that it’s not.

“The moment that you have something to hide, you put yourself into a state of vulnerability,” explains Michel Juneau-Katsuya, a former senior intelligence officer at the Canadian Security Intelligence Service.

As Global News reported on Wednesday, over 600 federal government e-mail addresses appeared on Ashley Madison accounts data. Some of the people behind the addresses seem to have secrets to keep  and responsibilities to safeguard: 163 email addresses used the @forces.gc.ca domain assigned to the military, and at least 62 addresses assigned to Canadian police forces, with 11 from Ontario’s Peel Regional Police and seven from the Toronto police.

Story continues below advertisement

“This has the potential to be exploited by people against individuals who might have something to lose, if their name is found in that pool of individuals,” Juneau-Katsuya warns.

Over 100 addresses trace to Ontario’s Ministry of the Attorney General, which administers the province’s courts.

Three addresses correspond to Crown prosecutors in an online Ontario government directory.

“Accessing the Ashley Madison website using a Government of Ontario email address would be considered a misuse of government IT resources,” wrote Brendan Crawley, a spokesperson for the ministry. “In light of recent events, a memo reminding … staff of this policy has been circulated to all Ontario Government employees.”

Many people on the list will have dangerous secrets to keep, or heavy responsibilities like the authority to stop a criminal prosecution. Add a shameful personal secret and a blackmailer to the mix, and you have a danger to the community – to the integrity of police decisions, or the administration of justice.

READ MORE: Complete coverage of the Ashley Madison hacking scandal

“Blackmail also has limitations,” Juneau-Katsuya says. “It can stop, if the person wants it to stop. There will be a price, there will be consequences, but if the person is ready to deal with the consequences, the blackmail will stop right there.”

“It’s very harsh,” says former Ontario information and privacy commissioner Ann Cavoukian. “Factually, (that is) probably correct – it minimizes the likelihood of blackmail, because it’s already out in the open, so the threat of opening it up is no longer there. But it’s a harsh outcome, that all this information was outed.”

Story continues below advertisement

“What were they thinking, using those addresses? This is the troubling part for me.”

Tweet This

“Blackmail cannot be ruled out, which drives home the point – I can’t imagine that Crown prosecutors would use their real identifiers, and their real emails. At least that’s what I choose to believe – that these would not be individuals who would not subject themselves to that kind of risk. I may be completely wrong.”

A person confronted with a blackmail attempt can start to blunt it by reporting it, Juneau-Katsuya says.

“The easiest way to defuse possible blackmail is by revealing it. People who are in a sensitive position, like public servant employees, or political employees, or something of that nature, other than the public embarrassment of being revealed, could defuse the situation by simply revealing to their boss, or to their security officer.”

“The one who wants to act like it didn’t show up, or didn’t appear anywhere, doesn’t exist, might have something that will bite them, if an entity would like to exploit that.”

Tweet This

Juneau-Katsuya at one point had a counterintelligence role at CSIS.

Unavoidably, though, an attempt to cheat on a spouse will lower the organization’s opinion of them:

“There’s a question of trust. If you have the psychological profile that you’re ready to cheat on your spouse, what does that mean about the integrity that you demonstrate in your work, as well? What does it say about the personality, the integrity and the morale of the person who would get involved in that kind of thing?”

Story continues below advertisement

If the blackmailer’s threat is to tell the person’s spouse, of course, that only solves part of the problem.

“As the security officer, we would suggest to them that they should probably come clean with their spouse as well. I will say: The glass is 50 per cent full. I am aware of it, my organization is aware of it, and now we can manage the risk.”

“If you still select the option of not telling your spouse, it can always backfire.”

Tweet This

“It’s your option, your decision, it’s a personal matter, but you understand that we are going to have to deal with that matter if it blows up in your face at some point. But the risk of being blackmailed, having it used against you, because you came forward, is significantly reduced.”

However, people in sensitive jobs who choose to join sites like Ashley Madison need to be very disciplined about security, Cavoukian warns.

“I don’t like the deception that is involved, obviously. I’m not in support of that at all. If you choose to parktake in sites like this, and I say that without any judgement, then at the very least protect your identity, don’t use your real name, protect your identity in terms of facial image.”

“Let’s assume for a moment that some portion of those individuals really used their ID – their government ID, their police ID, their army ID, whatever.”

Story continues below advertisement

“What you want to say to the public is: never, ever, ever do that.”

Tweet This

“What you want to say, in my view, is that you have to protect your identity, especially in the context of what could be considered a compromising way in which it may appear on a site like Ashley Madison.”

Over 15,000 addresses in the Ashley Madison data are linked to U.S. federal, state or local government agencies. They include 6,788 U.S. Army addresses, and U.S. Navy addresses linked to specific warships – 18 sailors aboard the amphibious assault ship USS Kearsarge apparently used the service.

On Thursday, an Associated Press investigation found a number of people with sensitive U.S. government jobs in the Ashley Madison database, including ” .. at least two assistant U.S. attorneys; an information technology administrator in the Executive Office of the President; a division chief, an investigator and a trial attorney in the Justice Department; (and) a government hacker at the Homeland Security Department.”