No Ashley Madison, you weren't burgled by terrorists

BurglaryI'm not a big fan of the phrase "cyber terrorism".

Like "cyberwarfare" it's a term that tends to be bandied around a lot, and used in ways which are likely to belittle the grief, trauma and loss experienced by the true victims of real-life terrorism and war.

It's the kind of term you expect to hear politicians use in an attempt to scare the public into believing that their internet-enabled fridge will blow up unless intelligence agencies are given the power to snoop upon private communications.

When someone smashed my car window years ago and pinched my radio, I didn't report it to the authorities as possible terrorist activity. I just rang up the local cop shop who (to be honest) didn't do anything.

Which was surprising - because isn't it possible that a terrorist wanted my car radio? I guess that's possible... just highly highly unlikely.

Hacked adultery site Ashley Madison certainly feels a bit free-and-easy when it comes to the right way to describe whoever breached its systems and stole company records, an archive of emails and customer records:

Terrorism claims Ashley Madison

"Any and all parties responsible for this act of cyber–terrorism will be held responsible."

Cyber terrorism? *Really* Ashley Madison?

Nope you just suffered a burglary. And the burglars clearly don't like your company, and want to do your business harm.

I'm sorry that your company got hacked. No business deserves to get hacked. It may not be the case that everyone approves of what your company does, but that shouldn't give anyone a green light to hack you.

And I'm even more sorry for people who registered on your site, and have had their personal information fall into the hands of hackers. It's deeply unfortunate that you only gave your users a free way to delete their accounts after the horse had already bolted.

Ashley Madison, you got burgled. Badly.

But that doesn't mean the burglars are terrorists.

Further reading:

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, ,

7 Responses

  1. Joey Lee

    July 21, 2015 at 3:33 pm #

    Very true and I haven't seen the leaked data myself, however there is a chance that within that data set there will be high value/political targets who will be prime for blackmail…

  2. Anonymous

    July 21, 2015 at 6:14 pm #

    Calling hackers, "cyber-terrorists", is the same card the Cult of Scientology played back in 2008.

  3. Coyote

    July 21, 2015 at 9:46 pm #

    No, this isn't cyber-terrorism; this is trying to cover up (rather, shift the attention elsewhere) their blunder. I'm quite enjoying it, too; of all the places that should not fail to cover things up properly, it is this. It is more amusing they are using sensationalism and fear. Perhaps it is my dark, twisted sense of humour (and personality) but I am thoroughly enjoying the visual of just how terrified the members are at this time. The fact they're calling this terrorism only adds to this amusement exponentially.

  4. Coyote

    July 21, 2015 at 9:56 pm #

    "It's the kind of term you expect to hear politicians use in an attempt to scare the public"

    Well, to be fair, the members that might as well be public (now), are probably quite scared. The fact they're scared of something else is besides the point. But yes, you would expect politicians to spread fear, wouldn't you? If they can get what they want, they'll have no problem scaring others (even when they don't get what they want, they have no problem here). Incidentally, terrorism is spreading fear, and you can terrify people without blowing things or people up[1]. It is quite easy as long as you know what scares (them) and the best (most effective) way of provoking (them). Add to that that emotion interferes with logic (therefore decreasing defences in place), and it is more potent.

    [1] Need proof? Then look at laws in various countries that take away liberties (e.g. right to privacy), all in the name of 'protecting' the citizens (actually does the opposite). Fear is contagious (much like other emotions tend to be) and it isn't about what causes the fear, it is how the fear affects the victims. After all, if it didn't bother anyone, would they care as much (if at all)?

    • Danny in reply to Coyote.

      July 22, 2015 at 10:12 am #

      Being scared of something doesn't make it a terrorist. My mother-in-law is scared of spiders…

      The FBI's definition (which I'd expect to be quite paranoid) is essentially this:
      "International terrorism" means activities with the following characteristics:
      Appear to be intended (i) to intimidate or coerce a civilian population; (ii) to influence the policy of a government by intimidation or coercion; or (iii) to affect the conduct of a government by mass destruction, assassination, or kidnapping;

      Hacking a site for adulterors (who may or may not be politically exposed people – bit like *any* site really) doesn't qualify.

  5. Norbert (Bob) Gostischa

    July 22, 2015 at 1:22 pm #

    Wonder if ex Congressman Wiener is on that long list of customers. Since he didn't learn from his first mistake, I wouldn't be surprised if he was. You would think that by now Folks would have figured out that there is no privacy on the internet. Today's secret becomes tomorrows headline.
    Stay safe, be Free and keep your privates private.

  6. RanmaMOJ

    August 26, 2015 at 1:25 am #

    Maybe Graham Cluley needs do get a clue (pun not intended…) A terrorist act, by definition, is an act designed to instill fear for the purpose of causing social or political change. Guess what… When a group demands that a site is taken down because its morally wrong and threatens to release the information if the group owning the site does not do remove the site, thereby instilling fear for the purpose of a social change, they are IN FACT by definition cyber terrorists and their actions are IN FACT cyber terrorism. What matters in whether or not something is simply a crime (like breaking into someone's car to steal their radio) or terrorism is INTENT. The intent, as stated by the hackers themselves, was to FORCE A CHANGE, not to do something for their personal gain.

Leave a Reply