[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.]
In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com, a service that sold access to billions of passwords and other data exposed in countless data breaches. KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom, was hired in late 2014 as a developer for the marital infidelity site AshleyMadison.com. Bloom resigned from AshleyMadison citing health reasons in June 2015 β less than one month before unidentified hackers stole data on 37 million users β and launched LeakedSource three months later.
Jordan Evan Bloom, posing in front of his Lamborghini.
On Jan. 15, 2018, the Royal Canadian Mounted Police (RCMP) charged then 27-year-old Bloom, of Thornhill, Ontario, with selling stolen personal identities online through the website LeakedSource[.]com.
LeakedSource was advertised on a number of popular cybercrime forums as a service that could help hackers break into valuable or high-profile accounts. LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals.
The RCMP arrested Bloom in December 2017, and said he made approximately $250,000 selling hacked data, which included information on 37 million user accounts leaked in the 2015 Ashley Madison breach.
Subsequent press releases from the RCMP about the LeakedSource investigation omitted any mention of Bloom, and referred to the defendant only as Defiant Tech. In a legal settlement that is quintessentially Canadian, the matter was resolved in 2019 after Defiant Tech agreed to plead guilty. The RCMP declined to comment for this story.
The Impact Team, the hacker group that claimed responsibility for stealing and leaking the AshleyMadison user data, also leaked several years worth of email from then-CEO Noel Biderman. A review of those messages shows that Ashley Madison hired Jordan Evan Bloom as a PHP developer in December 2014 β even though the company understood that Bloomβs success as a programmer and businessman was tied to shady and legally murky enterprises.
Bloomβs recommendation came to Biderman via Trevor Sykes, then chief technology officer for Ashley Madison parent firm Avid Life Media (ALM). The following is an email from Sykes to Biderman dated Nov. 14, 2014:
βGreetings Noel,
βWeβd like to offer Jordan Bloom the position of PHP developer reporting to Mike Morris for 75k CAD/Year. He did well on the test, but he also has a great understanding of the business side of things having run small businesses himself. This was an internal referral.β
When Biderman responded that he needed more information about the candidate, Sykes replied that Bloom was independently wealthy as a result of his forays into the shadowy world of βgold farmingβΒ β the semi-automated use of large numbers of player accounts to win some advantage that is usually related to cashing out game accounts or inventory. Gold farming is particularly prevalent in massively multiplayer online role-playing games (MMORPGs), such as RuneScape and World of Warcraft.
βIn his previous experience he had been doing RMT (Real Money Trading),β Sykes wrote. βThis is the practice of selling virtual goods in games for real world money. This is a grey market, which is usually against the terms and services of the game companies.β Hereβs the rest of his message to Biderman:
βRMT sellers traditionally have a lot of problems with chargebacks, and payment processor compliance. During my interview with him, I spent some time focusing in on this. He had to demonstrate to the processor, Paypal, at the time he had a business and technical strategy to address his charge back rate.β
βHe ran this company himself, and did all the coding, including the integration with the processors,β Sykes continued in his assessment of Bloom. βEventually he was squeezed out by Chinese gold farmers, and their ability to market with much more investment than he could. In addition the cost of βfarmingβ the virtual goods was cheaper in China to do than in North America.β
The gold farming reference is fascinating because in 2017 KrebsOnSecurity published Who Ran LeakedSource?, which examined clues suggesting that one of the administrators of LeakedSource also was the admin of abusewith[.]us, a site unabashedly dedicated to helping people hack email and online gaming accounts.
An administrator account Xerx3s on Abusewithus.
Abusewith[.]us began in September 2013 as a forum for learning and teaching how to hack accounts at Runescape, an MMORPG set in a medieval fantasy realm where players battle for kingdoms and riches.
The currency with which Runescape players buy and sell weapons, potions and other in-game items are virtual gold coins, and many of Abusewith[dot]usβs early members traded in a handful of commodities: Phishing kits and exploits that could be used to steal Runescape usernames and passwords from fellow players; virtual gold plundered from hacked accounts; and databases from hacked forums and websites related to Runescape and other online games.
That 2017 report here interviewed a Michigan man who acknowledged being administrator of Abusewith[.]us, but denied being the operator of LeakedSource. Still, the story noted that LeakedSource likely had more than one operator, and breached records show Bloom was a prolific member of Abusewith[.]us.
In an email to all employees on Dec. 1, 2014, Ashley Madisonβs director of HR said Bloom graduated from York University in Toronto with a degree in theoretical physics, and that he has been an active programmer since high school.
βHeβs a proprietor of a high traffic multiplayer game and developer/publisher of utilities such as PicTrace,β the HR director enthused. βHe will be a great addition to the team.β
PicTrace appears to have been a service that allowed users to glean information about anyone who viewed an image hosted on the platform, such as their Internet address, browser type and version number. A copy of pictrace[.]com from Archive.org in 2012 redirects to the domain qksnap.com, which DomainTools.com says was registered to a Jordan Bloom from Thornhill, ON that same year.
The street address listed in the registration records for qksnap.com β 204 Beverley Glen Blvd β also shows up in the registration records for leakadvisor[.]com, a domain registered in 2017 just months after Canadian authorities seized the servers running LeakedSource.
Pictrace, one of Jordan Bloomβs early IT successes.
A review of passive DNS records from DomainTools indicates that in 2013 pictrace[.]com shared a server with just a handful of other domains, including Near-Reality[.]com β a popular RuneScape Private Server (RSPS) game based on the RuneScape MMORPG.
Copies of near-reality[.]com from 2013 via Archive.org show the top of the communityβs homepage was retrofitted with a message saying Near Reality was no longer available due to a copyright dispute. Although the site doesnβt specify the other party to the copyright dispute, it appears Near-Reality got sued by Jagex, the owner of RuneScape.
The message goes on to say the website will no longer βencourage, facilitate, enable or condone (i) any infringement of copyright in RuneScape or any other Jagex product; nor (ii) any breach of the terms and conditions of RuneScape or any other Jagex product.β
A scene from the MMORPG RuneScape.
Near Reality also has a Facebook page that was last updated in 2019, when its owner posted a link to a news story about Defiant Techβs guilty plea in the LeakedSource investigation. That Facebook page indicates Bloom also went by the nickname βAgentjags.β
βJust a quick PSA,β reads a post to the Near Reality Facebook page dated Jan. 21, 2018, which linked to a story about the charges against Bloom and a photo of Bloom standing in front of his lime-green Lamborghini. βAgentjags has got involved in some shady shit that may have compromised your personal details. I advise anyone who is using an old NR [Near Reality] password for anything remotely important should change it ASAP.β
By the beginning of 2016, Bloom was nowhere to be found, and was suspected of having fled his country for the Caribbean, according to the people commenting on the Near Reality Facebook page:
βJordan aka Agentjags has gone missing,β wrote a presumed co-owner of the Facebook page. βHe is supposedly hiding in St. Lucia, doing what he loved, scuba-diving. Any information to his whereabouts will be appreciated.β
KrebsOnSecurity ran the unusual nickname βAgentJagsβ through a search at Constella Intelligence, a commercial service that tracks breached data sets. That search returned just a few dozen results β and virtually all were accounts at various RuneScape-themed sites, including a half-dozen accounts at Abusewith[.]us.
Constella found other βAgentJagsβ accounts tied to the email address ownagegaming1@gmail.com. The marketing firm Apollo.io experienced a data breach several years back, and according to Apollo the email address ownagegaming1@gmail.com belongs to Jordan Bloom in Ontario.
Constella also revealed that the password frequently used by ownagegaming1@gmail.com across many sites was some variation on βniggapls,β which my 2017 report found was also the password used by the administrator of LeakedSource.
Constella discovered that the email eric.malek@rogers.com comes up when one searches for βAgentJags.β This is curious because emails leaked from Ashley Madisonβs then-CEO Biderman show that Eric Malek from Toronto was the Ashley Madison employee who initially recommended Bloom for the PHP developer job.
According to DomainTools.com, Eric.Malek@rogers.com was used to register the domain devjobs.ca, which previously advertised βthe most exciting developer jobs in Canada, delivered to you weekly.β Constella says eric.malek@rogers.com also had an account at Abusewith[.]us β under the nickname βJags.β
Bidermanβs email records show Eric Malek was also a PHP developer for Ashley Madison, and that he was hired into this position just a few months before Bloom β on Sept. 2, 2014. The CEOβs leaked emails show Eric Malek resigned from his developer position at Ashley Madison on June 19, 2015.
βPlease note that Eric Malek has resigned from this position with Avid and his last day will be June 19th,β read a June 5, 2015 email from ALMβs HR director. βHe is resigning to deal with some personal issues which include health issues. Because he is not sure how much time it will take to resolve, he is not requesting a leave of absence (his time off will be indefinite). Overall, he likes the company and plans to reach out to Trevor or I when the issues are resolved to see what is available at that time.β
A follow-up email from Biderman demanded, βwant to know where heβs truly goingβ¦.,β and itβs unclear whether there was friction with Malekβs departure. But ALM General Counsel Avi Weisman replied indicating that Malek probably would not sign an βExit Acknowledgment Formβ prior to leaving, and that the company had unanswered questions for Malek.
βAneka should dig during exit interview,β Weisman wrote. βLetβs see if he balks at signing the Acknowledgment.β
Bloomβs departure notice from Ashley Madisonβs HR person, dated June 23, 2015, read:
βPlease note that Jordan Bloom has resigned from his position as PHP Developer with Avid. He is leaving for personal reasons. He has a neck issue that will require surgery in the upcoming months and because of his medical appointment schedule and the pain he is experiencing he can no longer commit to a full-time schedule. He may pick up contract work until he is back to 100%.β
A follow-up note to Biderman about this announcement read:
βNote that he has disclosed that he is independently wealthy so he can get by without FT work until he is on the mend. He has signed the Exit Acknowledgement Form already without issue. He also says he would consider reapplying to Avid in the future if we have opportunities available at that time.β
Perhaps Mr. Bloom hurt his neck from craning it around blind spots in his Lamborghini. Maybe it was from a bad scuba outing. Whatever the pain in Bloomβs neck was, it didnβt stop him from launching himself fully into LeakedSource[.]com, which was registered roughly one month after the Impact Team leaked data on 37 million Ashley Madison accounts.
Mr. Malek declined a request for comment. A now-deleted LinkedIn profile for Malek from December 2018 listed him as a βtechnical recruiterβ from Toronto who also attended Mr. Bloomβs alma mater β York University. That resume did not mention Mr. Malekβs brief stint as a PHP developer at Ashley Madison.
βDeveloper, entrepreneur, and now technical recruiter of the most uncommon variety!β Mr. Malekβs LinkedIn profile enthused. βAre you a developer, or other technical specialist, interested in working with a recruiter who can properly understand your concerns and aspirations, technical, environmental and financial? Donβt settle for a βhackβ; this is your career, letβs do it right! Connect with me on LinkedIn. Note: If you are not a resident of Canada/Toronto, I cannot help you.β
Mr. Bloom told KrebsOnSecurity he had no role in harming or hacking Ashley Madison. Bloom validated his identity by responding at one of the email addresses mentioned above, and agreed to field questions so long as KrebsOnSecurity agreed to publish our email conversation in full (PDF).
Bloom said Mr. Malek did recommend him for the Ashley Madison job, but that Mr. Malek also received a $5,000 referral bonus for doing so. Given Mr. Malekβs stated role as a technical recruiter, it seems likely he also recommended several other employees to Ashley Madison.
Bloom was asked whether anyone at the RCMP, Ashley Madison or any authority anywhere ever questioned him in connection with the July 2015 hack of Ashley Madison. He replied that he was called once by someone claiming to be from the Toronto Police Service asking if he knew anything about the Ashley Madison hack.
βThe AM situation was not something they pursued according to the RCMP disclosure,β Bloom wrote. βLearning about the RCMPβs most advanced cyber investigative techniques and capabilities was very interesting though. I was eventually told information by a third party which included knowledge that law enforcement effectively knew who the hacker was, but didnβt have enough evidence to proceed with a case. That is the extent of my involvement with any authorities.β
As to his companyβs guilty plea for operating LeakedSource, Bloom maintains that the judge at his preliminary inquiry found that even if everything the Canadian government alleged was true it would not constitute a violation of any law in Canada with respect the charges the RCMP leveled against him, which included unauthorized use of a computer and βmischief to data.β
βIn Canada at the lower court level we are allowed to possess stolen information and manipulate our copies of them as we please,β Bloom said. βThe judge however decided that a trial was required to determine whether any activities of mine were reckless, as the other qualifier of intentionally criminal didnβt apply. I will note here that nothing I was accused of doing would have been illegal if done in the United States of America according to their District Attorney. +1 for free speech in America vs freedom of expression in Canada.β
βShortly after their having most of their case thrown out, the Government proposed an offer during a closed door meeting where they would drop all charges against me, provide full and complete personal immunity, and in exchange the Corporation which has since been dissolved would plead guilty,β Bloom continued. βThe Corporation would also pay a modest fine.β
Bloom said he left Ashley Madison because he was bored, but he acknowledged starting LeakedSource partly in response to the Ashley Madison hack.
βI intended to leverage my gaming connections to get into security work including for other private servers such as Minecraft communities and others,β Bloom said. βAfter months of asking management for more interesting tasks, I became bored. Some days I had virtually nothing to do except spin in my chair so I would browse the source code for security holes to fix because I found it enjoyable.β
βI believe the decision to start LS [LeakedSource] was partly inspired by the AM hack itself, and the large number of people from a former friend group messaging me asking if XYZ person was in the leak after I revealed to them that I downloaded a copy and had the ability to browse it,β Bloom continued. βLS was never my idea β I was just a builder, and the only Canadian. In other countries it was never thought to be illegal on closer examination of their laws.β
Bloom said he still considers himself independently wealthy, and that still has the lime green Lambo. But he said heβs currently unemployed and canβt seem to land a job in what he views as his most promising career path: Information security.
βAs Iβm sure youβre aware, having negative media attention associated with alleged (key word) criminal activity can have a detrimental effect on employment, banking and relationships,β Bloom wrote. βI have no current interest in being a business owner, nor do I have any useful business ideas to be honest. I was and am interested in interesting Information Security/programming work but itβs too large of a risk for any business to hire someone who was formerly accused of a crime.β
If you liked this story, please consider reading the first two pieces in this series:
SEO Expert Hired and Fired by Ashley Madison Turned on Company, Promising Revenge
Top Suspect in 2015 Ashley Madison Hack Committed Suicide in 2014
[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.]
It was around 9 p.m. on Sunday, July 19, when I received a message through the contact form on KrebsOnSecurity.com that the marital infidelity website AshleyMadison.com had been hacked. The message contained links to confidential Ashley Madison documents, and included a manifesto that said a hacker group calling itself the Impact Team was prepared to leak data on all 37 million users unless Ashley Madison and a sister property voluntarily closed down within 30 days.
A snippet of the message left behind by the Impact Team.
The message included links to files containing highly sensitive information, including snippets of leaked user account data, maps of internal AshleyMadison company servers, employee network account information, company bank account data and salary information.
A master employee contact list was among the documents leaked that evening. Helpfully, it included the cell phone number for Noel Biderman, then the CEO of Ashley Madison parent firm Avid Life Media (ALM). To my everlasting surprise, Biderman answered on the first ring and acknowledged theyβd been hacked without even waiting to be asked.
βWeβre on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,β Biderman told me on July 19, just minutes before I published the first known public report about the breach. βIβve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.β
On Aug 18, 2015, the Impact Team posted a βTimeβs up!β message online, along with links to 60 gigabytes of Ashley Madison user data. The data leak led to the public shaming and extortion of many Ashley Madison users, and to at least two suicides. Many other users lost their jobs or their marriages. To this day, nobody has been charged in the hack, and incredibly Ashley Madison remains a thriving company.
The former employee that Biderman undoubtedly had in mind on July 19, 2015 was William Brewster Harrison, a self-described expert in search engine optimization (SEO) tricks that are designed to help websites increase their rankings for various keywords in Google and other search engines.
It is evident that Harrison was Bidermanβs top suspect immediately after the breach became public because β in addition to releasing data on 37 million users a month later in August 2015 β the hackers also dumped three years worth of email they stole from Biderman. And Bidermanβs inbox is full of messages about hate-filled personal attacks from Harrison.
A Native of Northern Virginia, Harrison eventually settled in North Carolina, had a son with his then-wife, and started a fence-building business. ALM hired Harrison in March 2010 to promote its various adult brands online, and it is clear that one of his roles was creating and maintaining female profiles on Ashley Madison, and creating blogs that were made to look like they were written by women whoβd just joined Ashley Madison.
A selfie that William B. Harrison posted to his Facebook page in 2013 shows him holding a handgun and wearing a bulletproof vest.
It appears Harrison was working as an affiliate of Ashley Madison prior to his official employment with the company, which suggests that Harrison had already demonstrated he could drive signups to the service and help improve its standing in the search engine rankings.
What is less clear is whether anyone at ALM ever performed a basic background check on Harrison before hiring him. Because if they had, the results almost certainly would have given them pause. Virginia prosecutors charged the young 20-something Harrison with a series of misdemeanors, including trespassing, unlawful entry, drunk in public, and making obscene phone calls.
In 2008, North Carolina authorities charged Harrison with criminal extortion, a case that was transferred to South Carolina before ultimately being dismissed. In December 2009, Harrison faced charges of false imprisonment, charges that were also dropped by the local district attorney.
By the time Ashley Madison officially hired him, Harrisonβs life was falling apart. His fence business had failed, and heβd just filed for bankruptcy. Also, his marriage had soured, and after a new arrest for driving under the influence, he was in danger of getting divorced, losing access to his son, and/or going to jail.
It also seems likely that nobody at ALM bothered to look at the dozens of domain names registered to Harrisonβs various Vistomail.com email addresses, because had they done so they likely would have noticed two things.
One is that Harrison had a history of creating websites to lambaste companies he didnβt like, or that he believed had slighted him or his family in some way. Some of these websites included content that defamed and doxed executives, such as bash-a-business[.]com, google-your-business[.]com, contact-a-ceo[.]com, lowes-is-a-cancer[.]com (according to Harrison, the home improvement chain once employed his wife).
A background check on Harrisonβs online footprint also would have revealed he was a self-styled rapper who claimed to be an active menace to corporate America. Harrisonβs website lyrical-gangsta[.]com included a number of works, such as βSlim Thug β I Run β Remix Spoof,β which are replete with menacing words for unnamed corporate executives:
[HOOK]
I surf the net all night n day (the web love thug)
cuz I still surf the net all night n day
yuhh I type for my mind, got smart for my ego
still running circles round them, whatβs good?
cuz I still surf, the net all night n day,
I cant stay away.
They donβt make to [sic] many hackers like me
bonafide hustler certified G
still pumpinβ the TOP 10 results
if you got the right dough!
think the results are fake? sucka Google ME
smarter than executives, bigger then Wal-Mart
Nelly strugglinβ with the fact that Iβm #1 NOW
street boys know me, ainβt nuttinβ new
about to make my mill, with an all new crew
I-95 execs donβt know what to do, or where to go
watchin them stocks evaporate all their dough
I already left the hood, got up off the streets
its in my blood im a gangsta till Im deceased
moving lumber for money or typinβ in a zone
all night hackinβ till 6 in the mornin
that shit im focusinβ on, stronger then cologne
you can prolly smell the jealousy
through your LCD screen
if you still brokeβ better work for some green
called them Fortune execs on that legal bluff
cuz the Feds busy raidin other stuff
Imma run the Net til im six feet under
Iβm a leave my mark β no reason to wonder
(Yea Yea)
Some of the anti-corporate rhymes busted by Harrisonβs hacker/rapper alter ego βChaos Dog.β Image: Archive.org.
The same theme appears in another rap (βThe Hacker Backstageβ) penned by Harrisonβs rapper alter ego β βChaos Dog:β
β¦this hacker was born to write
bust off the rhymes and watch em take flight
you know all about them corporate jets
and handing out pinkslips without regrets
oversized companies are the problem
well, Iβve got a solution
Itβs called good olβ fashioned retribution
file bankruptcy, boycott you like Boston colonists
Corporate America cant stop this Eminem style columnist
2pac would have honored my style
Im the next generation of hacker inspiration
Americans donβt want a corporate nation
All that DOW Jones shit is a dying sensation
In addition to pimping Ashley Madison with fake profiles and phony user blogs, it appears Harrison also went after the companyβs enemies during the brief time he was an employee. As noted in Part I of this story, Harrison used multiple pseudonymous Vistomail.com email addresses to harass the owners of AshleyMadisonSucks[.]com into selling or shutting down the site.
When the owner of AshleyMadisonSucks[.]com refused to sell the domain, he and his then-girlfriend were subject to an unrelenting campaign of online harassment and blackmail. It now appears those attacks were perpetrated by Harrison, who sent emails from different accounts at the free email service Vistomail pretending to be the domain owner, his then-girlfriend and their friends. Harrison even went after the domain ownerβs lawyer and wife, listing them both on his Contact-A-CEO[.]com website.
Things started going sideways for Ashley Madison when Harrisonβs employment contract was terminated in November 2011. The leaked emails do not explain why Harrison was fired, but his mercurial temperament likely played a major role. According to Harrison, it was because he had expressed some moral reservations with certain aspects of his duties, although he was not specific on that point and none of this could be confirmed.
Shortly after Harrison was fired, the companyβs executives began noticing that Google was auto-completing the words βJewβ and βJewishβ whenever someone searched for Bidermanβs name. The results returned when one accepted Googleβs recommended search at the time filled the first page with links to Stormfront, a far-right, neo-Nazi hate group. The company strongly suspected someone was using underhanded SEO techniques to slander and attack its CEO.
In July 2022, KrebsOnSecurity published a retrospective on the 2015 Ashley Madison breach which found that Biderman had become the subject of increasing ire from members of Stormfront and other extremists groups in the years leading up to the hack. According to the neo-Nazi groups, Biderman was a worthy target of their harassment not just because he was a successful Jewish CEO, but also because his company was hellbent on destroying Christian morals and families.
Bidermanβs leaked emails show that in February 2012 he hired Brian Cuban β the attorney brother of Mark Cuban, the owner of the Dallas Mavericks and one the main βsharksβ on the ABC reality television series Shark Tank. Through Cuban, Ashley Madison appealed their case to both Google and to the Anti-Defamation League, but neither was apparently able or willing to help.
Also in early January 2012, Biderman and other Ashley Madison executives found themselves inundated with anonymous Vistomail.com emails that were replete with profanity and slurs against Jews. Although he used fake names and email addresses, Harrison made little effort to hide his identity in several of these nastygrams.
One particularly ugly message from Harrison even included a link to a Youtube video heβd put online of his young son playing basketball for a school team. That Youtube video was included in an email wherein Harrison β then separated from his wife β lamented all the hours he spent working for Ashley Madison up in Canada instead of spending time with his son.
Harrison then turned to making threatening phone calls to Ashley Madison executives. In one incident in March 2012, Harrison called the companyβs former director of Human Resources using a caller ID spoofing service to make it look like he was calling from inside the building.
ALMβs lawyers contacted the Toronto police in response to Harrisonβs harassment.
βFor Will to have disguised his phone number as Markβs strongly suggest he has hacked my email, legal counsel for the opposing side in a perceived legal dispute,β ALM VP and general counsel Mike Dacks wrote in a letter to a detective at the Toronto Police. βOver the months of his many hundreds of emails he alluded a number of times to undertaking cyberattacks against us and this was noted in my original report to police.β
Based on the exchanges in Bidernmanβs inbox it appears those appeals to the Toronto authorities were successful in having Harrison barred from being able to enter Canada.
ALM also contacted a detective in Harrisonβs home county in North Carolina. But when the local police paid a visit to Harrisonβs home to follow up on the harassment complaints, Harrison fled out his back porch, injuring himself after jumping off the second-story deck.
It is unclear if the police ever succeeded in interviewing Harrison in response to the harassment complaints from ALM. The Raleigh police officer contacted by ALM did not respond to requests for information. But the visit from the local cops only seemed to embolden and anger Harrison even more, and Bidermanβs emails indicate the harassment continued after this incident.
Then in August 2012, the former sex worker turned blogger and activist Maggie McNeill published screenshots from an internal system that Ashley Madison used called the βHuman Decoy Interface,β which was a fancy way of describing a system built to manage phony female accounts on the service.
The screenshots appeared to show that a great many female accounts were in fact bots designed to bring in paying customers. Ashley Madison was always free to join, but users had to pay if they wished to chat directly with other users.
Although Harrison had been fired nearly a year earlier, Bidermanβs leaked emails show that Harrisonβs access to Ashley Madisonβs internal tools wasnβt revoked until after the screenshots were posted online and the company began reviewing which employee accounts had access to the Human Decoy Interface.
βWho or what isΒ asdfdfsda@asdf.com?,β Biderman asked, after being sent a list of nine email addresses.
βIt appears to be the email address Will used for his profiles,β the IT director replied.
βAnd his access was never shut off until today?,β asked the companyβs general counsel Mike Dacks.
Bidermanβs leaked emails suggest that Harrison stopped his harassment campaign sometime after 2012. A decade later, KrebsOnSecurity sought to track down and interview Harrison. Finding nobody at his former addresses and phone numbers in North Carolina, KrebsOnSecurity wound up speaking with Willβs stepmother, who lives with Willβs dad in Northern Virginia and asked that her name not be used in this story.
Willβs stepmom quickly dropped two big truth bombs after patiently listening to my spiel about why I was calling and looking for Mr. Harrison. The first was that Will was brought up Jewish, although he did not practice the faith: A local rabbi and friend of the family gave the service at Willβs funeral in 2014.
She also shared that her stepson had killed himself in 2014, shooting himself in the head with a handgun. Willβs mother discovered his body.
βWill committed suicide in March 2014,β Willβs stepmother shared. βIβve heard all those stories you just mentioned. Will was severely mentally ill. He was probably as close to a sociopath as I can imagine anyone being. He was also a paranoid schizophrenic who wouldnβt take his medication.β
William B. Harrison died on March 5, 2014, nearly 16 months before The Impact Team announced theyβd hacked Ashley Madison.
Willβs stepmom said she constantly felt physically threatened when Will was around. But she had trouble believing that her stepson was a raging anti-Semite. She also said she thought the timing of Willβs suicide effectively ruled him out as a suspect in the 2015 Ashley Madison hack.
βConsidering the date of death, Iβm not sure if heβs your guy,β she offered toward the end of our conversation.
[There is one silver lining to Will Harrisonβs otherwise sad tale: His widow has since remarried, and her new husband agreed to adopt their son as his own.]
Does Harrisonβs untimely death rule him out as a suspect, as his stepmom suggested? This remains an open question. In a parting email to Biderman in late 2012, Harrison signed his real name and said he was leaving, but not going away.
βSo good luck, Iβm sure weβll talk again soon, but for now, Iβve got better things in the oven,β Harrison wrote. βJust remember I outsmarted you last time and I will outsmart you and out maneuver you this time too, by keeping myself far far away from the action and just enjoying the sideline view, cheering for the opposition.β
Nothing in the leaked Biderman emails suggests that Ashley Madison did much to revamp the security of its computer systems in the wake of Harrisonβs departure and subsequent campaign of harassment β apart from removing an administrator account of his a year after heβd already left the company.
KrebsOnSecurity found nothing in Harrisonβs extensive domain history suggesting he had any real malicious hacking skills. But given the clientele that typically employed his skills β the adult entertainment industry β it seems likely Harrison was at least conversant in the dark arts of βBlack SEO,β which involves using underhanded or else downright illegal methods to game search engine results.
Armed with such experience, it would not have been difficult for Harrison to have worked out a way to maintain access to working administrator accounts at Ashley Madison. If that in fact did happen, it would have been trivial for him to sell or give those credentials to someone else.
Or to something else. Like Nazi groups. As KrebsOnSecurity reported last year, in the six months leading up to the July 2015 hack, Ashley Madison and BidermanΒ became a frequent subject of derision across multiple neo-Nazi websites.
On Jan. 14, 2015, a member of the neo-Nazi forum Stormfront posted a lively thread about Ashley Madison in the general discussion area titled, βJewish owned dating website promoting adultery.β
On July 3, 2015,Β Andrew Anglin, the editor of the alt-right publicationΒ Daily Stormer, posted excerpts about Biderman from a story titled, βJewish Hyper-Sexualization of Western Culture,β which referred to Biderman as the βJewish King of Infidelity.β
On July 10, a mocking montage of Biderman photos with racist captions was posted to the extremist websiteΒ Vanguard News Network, as part of a thread called βJews normalize sexual perversion.β
Some readers have suggested that the data leaked by the Impact Team could have originally been stolen by Harrison. But that timeline does not add up given what we know about the hack. For one thing, the financial transaction records leaked from Ashley Madison show charges up until mid-2015. Also, the final message in the archive of Bidermanβs stolen emails was dated July 7, 2015 β almost two weeks before the Impact Team would announce their hack.
Whoever hacked Ashley Madison clearly wanted to disrupt the company as a business, and disgrace its CEO as the endgame. The Impact Teamβs intrusion struck just as Ashley Madisonβs parent was preparing go public with an initial public offering (IPO) for investors. Also, the hackers stated that while they stole all employee emails, they were only interested in leaking Bidermanβs.
Also, the Impact Team had to know that ALM would never comply with their demands to dismantle Ashley Madison and Established Men. In 2014, ALM reported revenues of $115 million. There was little chance the company was going to shut down some of its biggest money machines.
Hence, it appears the Impact Teamβs goal all along was to create prodigious amounts of drama and tension by announcing the hack of a major cheating website, and then let that drama play out over the next few months as millions of exposed Ashley Madison users freaked out and became the targets of extortion attacks and public shaming.
After the Impact Team released Bidermanβs email archives, several media outlets pounced on salacious exchanges in those messages as supposed proof he had carried on multiple affairs. Biderman resigned as CEO of Ashley Madison on Aug. 28, 2015.
Complicating things further, it appears more than one malicious party may have gained access to Ashleyβs Madisonβs network in 2015 or possibly earlier. Cyber intelligence firm Intel 471Β recorded a series of posts by a user with the handle βBrutiumβ on the Russian-language cybercrime forumΒ AntichatΒ between 2014 and 2016.
Brutium routinely advertised the sale of large, hacked databases, and on Jan. 24, 2015, this user posted a thread offering to sell data on 32 million Ashley Madison users. However, there is no indication whether anyone purchased the information. Brutiumβs profile has since been removed from the Antichat forum.
I realize this ending may be unsatisfying for many readers, as it is for me. The story I wrote in 2015 about the Ashley Madison hack is still the biggest scoop Iβve published here (in terms of traffic), yet it remains perhaps the single most frustrating investigation Iβve ever pursued. But my hunch is that there is still more to this story that has yet to unfold.
mi-1200
s3-ep137-feat-1200