Fembots land Ashley Madison in hot water with the FTC

Have you been flirting with a computer program behind your wife’s back?

Fembots land Ashley Madison in hot water with the FTC

"Life is short, have an affair" was the slogan of infidelity website Ashley Madison, which was famously hacked in 2015.

What they didn't say was that you might be having a strictly online affair with a fake female profile, designed to trick you into entering your credit card details, under the misapprehension that you were chatting with a real woman rather than an algorithm.

Now Reuters reports that Ashley Madison's parent company Avid is being investigated by the US Federal Trade Commission (FTC) after class action law suits were filed in the United States and Canada on behalf of customers whose details were exposed following the hack, and amid allegations that fake female profiles were used by the site to manipulate users:

An Ernst & Young report commissioned by Avid and shared with Reuters confirmed that Avid used computer programs, dubbed fembots, that impersonated real women, striking up conversations with paying male customers.

Avid shut down the fake profiles in the United States, Canada and Australia in 2014, and by late 2015 in the rest of the world, but some U.S. users had message exchanges with foreign fembots until late in 2015, according to the report.

Ashley Madison had been planning to IPO before it was royally hacked. You have to imagine that it would have found itself in even hotter water if it had successfully floated on the stock market only to have it later revealed that it had been less than transparent with investors about its true (human) membership numbers.

The controversial dating site is under new management following the departure of CEO Noel Biderman (who has since been busy trying to clean the internet of references to his past with Ashley Madison), and the site has a brand new look which de-emphasises having an affair and claims it "is about so much more than infidelity."

Ashley madison new site

New bosses Rob Segal and James Millership tell Reuters that the firm is spending millions on security and privacy improvements.

But that, of course, is going to be little comfort for those have already been burnt by Ashley Madison - having had their personal information exposed, and in some cases found themselves on the receiving end of blackmail letters or even driven to suicide.

The greatest irony of all is that some men have had their lives ruined and privacy invaded, when their chances of having an affair were close to zero, because they were speaking to a computer program rather than a flirting female.

Further reading:

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, ,

58 Responses

  1. Aleric

    July 5, 2016 at 1:20 pm #

    These sites have been running rampant for years as the FCC has been more concerned with trying to shut down and monitor conservatives on the web than actually doing their job.

    • HorusMaximus in reply to Aleric.

      July 6, 2016 at 4:43 am #

      Of course there's also the probability that the FCC runs some of these sites to build up blackmail databases.

  2. David Behar

    July 5, 2016 at 1:40 pm #

    I support the death penalty for hacking and for online fraud, over $6 million, th value of a human life. We should pass legislation allowing trials in absentia. The death sentences may be carried out around the world with drones. The government should be immunized for all collateral damage to family members of the hackers and major fraud people.

    • Dave Mowers in reply to David Behar.

      July 5, 2016 at 3:11 pm #

      How about life in prison for C.E.O.'s that cost consumers 100 million or more in losses?

    • Lookatthisguy in reply to David Behar.

      July 5, 2016 at 3:34 pm #

      Lol Youre a special kind of idiot aren't you?

      • David Behar in reply to Lookatthisguy.

        July 5, 2016 at 4:19 pm #

        You are a special kind of supporter of criminals, aren't you? Why would anyone protect a criminal? That one is easy. The criminal generates worthless government make work jobs for members of the left. So, by protecting criminals, they are protecting jobs, at the expense of victims.

        You need to disclose the fraction of your income or that of your employer coming from government.

        • coyote in reply to David Behar.

          July 5, 2016 at 11:27 pm #

          Hypocrite. Calling someone a supporter of crime (with no evidence either[1]) when you're in favour and full support using drones to carry out executions in other nations…

          [1] Your blessed country also outlaws libel and slander. So you're hypocritical there too.

          • Valerie in reply to coyote.

            July 7, 2016 at 11:01 am #

            Actually a human life is worth a lot less on terms of insurance coverages. The gling rate for a lost life with education and kids younger than college is 2 Million

    • coyote in reply to David Behar.

      July 5, 2016 at 11:22 pm #

      'over $6 million, th [sic] value of a human life.'

      Was this a typo ? Did you really just suggest a human life is only $6m USD? In any case, to the Americans that whine about the world seeing the US a world police, maybe you should look at David Behar. Death sentences across the world via drones? The suggestion is extremely disgusting even for humans. 'The government' itself is also scary. You know it has almost happened before and the US acts like it in many respects. You talk about criminals whilst simultaneously supporting something that is against international law – unless of course the US is the judge (but of course it's also the executioner). It also is unethical, hypocritical and absolutely disgusting. No trial? Kangaroo court? What's the difference in the end? Just murder people across the world for supposedly breaking into computer networks (which for all you know might not be legally questionable in their location). While you're at it murder people across the world for breaking national laws (the fact you're breaking international laws in the process doesn't matter because it's the USA!). Let's just simplify it: murder people across the world for existing. Drones are for cowards and your suggestion is extreme cowardice.

      On the subject of drones… I suppose you're also of the mind that the many hospitals that have been hit by drone strikes and all the many civilians who were killed are insignificant and just part of war. Did you ever hear of the law of war? Did it ever occur to you that the US isn't at war with the world – at least not technically?

      You're no better than paramilitaries who have gone beyond their (usually) legitimate purpose (i.e. they turn into thugs); in fact you're worse since you are okay with it from afar. Bloody coward.

      • BigFan in reply to coyote.

        July 6, 2016 at 2:24 am #

        I think he's referring to old OSI data from the seventies, under Director Oscar Goldman, where they estimated the value of a man at six million dollars. HOWEVER< in that event, they actually only replaced one arm, two legs, and an eye, so the actual value would be higher, especially when you adjust for inflation.

      • David Behar in reply to coyote.

        July 6, 2016 at 4:07 am #

        The $6 million is an overestimate from the Environmental Protection Agency. They used the market valuation method rather than my preferred method, the lifetime earnings. If one uses lifetime earnings, the value of life is more like $3 million, the value placed on it by buyers of services. What the EPA did was to ask, working in a restaurant requires about the same skill as working on an oil rig. The latter is more dangerous. What premium are workers requiring to do the same level of skilled work, but with more risk. They came up with the value of life of around $6million. What is the value of a hacker in some foreign land that has generated a $100 million cost for a company to remedy a breach of their customer records? Is it infinite?

        When you destroy that $6 million, you have murdered an economic person, i.e. the value of a person to the rest of us. Life has infinite value to the person, and to those that love the person. However, an infinite value is excessive in a policy discussion.

        Much of the hacking has state sponsorship, funding, and encouragement. If a nation lobbed mortar rounds over your border, you have every right under international law to send in an air strike over the border to attack it. This basic normative value is codified for states in the UN Charter Article 51. Article 51 is an exception to the Charter’s general prohibition on the use of force found in Article 2(4).

        If a state extradites a hacker for an in person public trial, it is better because it will deter others more. Upon a guilty verdict, the execution should be on the spot, again, to deter.

        As to cowardice or bravery, we are discussing what will work to decrease the amount of hacking now taking place.

  3. Lance

    July 5, 2016 at 1:43 pm #

    I'm still getting blackmailing e-mails. Fortunately, the first one let me know which credit card to cancel.
    And, unless you're a dolt, the 'bots' are easy enough to avoid.
    But as far as adult sites go, AM is better because you use your credits one at a time, rather than having to pay for every time segment (1 month, 6 months, 1 year, etc). I like that, as one can go dormant (for whatever reason) and re-start later with the same amount of credits you had before.

    • Anonymous in reply to Lance.

      July 5, 2016 at 1:54 pm #

      Kill yourself you filthy degenerate.

      • David Behar in reply to Anonymous.

        July 5, 2016 at 4:21 pm #

        What is your real name anonymous? I want to report your remark to your family.

      • Johnny Knoxville in reply to Anonymous.

        July 5, 2016 at 8:41 pm #

        Why do you care what he spends his money on? He doesn't tell you to kill yourself for gorging on poptarts, greasy Bar-B-Que and cheap beer

      • coyote in reply to Anonymous.

        July 5, 2016 at 11:52 pm #

        Graham, you know I know you're trying to keep this as open as possible but I would ask you to think on this one. I would never hurt anyone except in self defence (or protecting others) and lack of ethics and morals is something I find inexcusable (and clearly hurting someone you supposedly love is an extreme example). But telling someone to kill themselves no matter the circumstances is also inexcusable and absolutely unethical.

        I leave the judgement up to you in the end, of course, but with my history of mental illness I find that comment extremely disturbing (and I would say that anyone who has suffered from mental illness would also agree – and some who haven't suffered would also agree). And what many might not understand is maybe someone is going through a very rough time and they need help rather than condemnation (and we all have good and bad in us). Suicide is a complex thing just like life in general and it is a combination of things which push someone to end their life.

        I'm not talking about Lance even; telling someone to commit suicide is always a very serious problem and that is what I am getting at.

  4. krm

    July 5, 2016 at 2:16 pm #

    No shame or remorse! Doesn't matter whether or not they were talking to bots, they were CHEATING! There's the main theme! Deceiving and being deceived! What a vile and perverse generation!!

    • Mark Matis in reply to krm.

      July 5, 2016 at 2:52 pm #

      How do they differ from government in the US today?

      Or most corporate policies, for that matter?

      • coyote in reply to Mark Matis.

        July 5, 2016 at 11:39 pm #

        The problem is mankind. Nothing else. Entity type matters not.

    • A Sage in reply to krm.

      July 5, 2016 at 3:54 pm #

      Judge not, lest ye be judged.

    • Lance in reply to krm.

      July 5, 2016 at 4:34 pm #

      Whoa, baby. I'm unmarried. 'Life is short – have an affair' is simply their hook. There are thousands of single men & women on there.

      • Graham Cluley in reply to Lance.

        July 6, 2016 at 12:28 am #

        Personally I'm baffled why anyone would still be using Ashley Madison rather than any of the many many other dating sites available online.

        And no, I don't believe AM when they say they have over 46 million members…

    • Johnny Knoxville in reply to krm.

      July 5, 2016 at 8:43 pm #

      You wouldn't happen to be a member of Westboro Baptist Church would you?

      • Graham Cluley in reply to Johnny Knoxville.

        July 6, 2016 at 12:29 am #

        I like to think that the Westboro Baptist Church has its own dating website where members can find like-minded souls.

        In fact, that probably *is* the case. Dangerous thing in-breeding…

    • Graham Cluley in reply to krm.

      July 6, 2016 at 12:27 am #

      Actually, not everyone whose details were leaked by the Ashley Madison hack was cheating.

      See here for an example: https://www.grahamcluley.com/author/anonymous/

      Furthermore, there were – no doubt – single people using the site, and folks who might be in an open relationship etc etc.

      We shouldn't be too quick to judge.

  5. WhisperinPints

    July 5, 2016 at 2:28 pm #

    My laptop pc does lap dances for free.

  6. Mark Matis

    July 5, 2016 at 2:51 pm #

    How many people have "had their lives ruined and privacy invaded' for even less, thanks to the IT security failures of not only business, but government as well? At least with AM, SOME of the possibilities of dalliance were real.

  7. Kim

    July 5, 2016 at 3:00 pm #

    Don't cheat. They can't get you if you don't play.

    • Jennr8r in reply to Kim.

      July 5, 2016 at 11:05 pm #

      Unless someone steals your identity.

    • Graham Cluley in reply to Kim.

      July 6, 2016 at 12:31 am #

      Although in the case of Ashley Madison people did have their private details exposed even if they didn't cheat.

      Simple curiousity could have resulted in them becoming victims of the Ashley Madison hack, and the subsequent blackmail attempts.

      It's easy to imagine how some may have briefly been a member of the site years before they entered a steady relationship, only to have it haunt them later on because of Ashley Madison's sloppy security and data practices.

  8. Dave Mowers

    July 5, 2016 at 3:10 pm #

    No equal justice under the law exists in America; if you are a corporation or have lots of money you are above the law.

    Americans need to start rioting and tear this government apart.

    Enough with the modern Wall Street fraud business model.

    • Truth in reply to Dave Mowers.

      July 5, 2016 at 6:39 pm #

      If your Hillary Clinton the law certainly doesn't apply.

      • coyote in reply to Truth.

        July 5, 2016 at 11:30 pm #

        And contractions don't apply either…

  9. Ads

    July 5, 2016 at 3:36 pm #

    if you cannot tell the difference between live and virtual woman then you deserve what you get.

    • Gary in reply to Ads.

      July 5, 2016 at 5:59 pm #

      Real women are often much worse or insufferable so I agree. Marry a whale and cheat with fembots. Seems logical.

  10. No Sympathy

    July 5, 2016 at 4:02 pm #

    Maybe it's just me, but I have trouble feeling any sympathy for some asshole who was deliberately out to f*** around on his wife that got caught in some kind of scam. Serves you right. Either stay at home where you belong or get a divorce.

    • Jeff in reply to No Sympathy.

      July 5, 2016 at 11:21 pm #

      Have the affair. Women in this day and age aren't worth the aggravation of marriage.

  11. Jason

    July 5, 2016 at 4:17 pm #

    Fake profile's. …I've never heard of such lunacy.

  12. Michael Richards

    July 5, 2016 at 4:47 pm #

    We will find out a lot of these sites are doing this type of thing, and not just for this type of situation, but sites that offer home improvements, any type of professional services for weddings and parties, all types of things where a professional pays to submit bids to computer generated customers in the hopes of winning business. Only to find out when they never receive a response, their money was wasted giving bids or quotes to computer generated people who do not exist.

    • Dilberto in reply to Michael Richards.

      July 6, 2016 at 1:48 am #

      Likely 75-85% of adult dating sites are like that. Or they pay people to send e-mails, you sign up, then find it's some BS. Yes, it's all too common.

  13. Shoreliner

    July 5, 2016 at 6:38 pm #

    My question is what type of dumb@ss believes that there are all these women desperately looking for hookups online, given that any female who doesn't look totally repulsive can hang out in a bar and pick or choose among the guys hanging around her hoping to hook up?

    • Henry in reply to Shoreliner.

      July 6, 2016 at 11:17 pm #

      Yes, but online is the only place the repulsive ones can make a living at it.

  14. Dirk Manly

    July 5, 2016 at 6:53 pm #

    (((Biderman))) … creates a company that operates on fraud, now wants his past hidden. So typical.

  15. Bourgeois

    July 5, 2016 at 7:13 pm #

    Ya reap what ya sow boys . . . be sure your sin will find you out.

  16. Levi

    July 5, 2016 at 8:18 pm #

    So you use a site that's Based on Lying and expect it to be legally bound to telling you the customer the truth hahaha. I'm glad that the people using Ashlee Madison lives got ruined, it's a good thing, they make it impossible for honest people to trust anyone. The users of this site Names should be all listed on a website, with their addresses, so everyone can know who's a complete degenerate. hahaha Losers were talking to A.I Bots.

    • coyote in reply to Levi.

      July 5, 2016 at 11:37 pm #

      Yeah, except the fact that they didn't verify emails. Besides, as one woman (at least) said the fact her husband confessed was enough for her. I don't agree with being unfaithful to someone you supposedly love but even in cases where the law says otherwise it really shouldn't be your business which means you should let them solve their own problems. That is, of course, IF there is a problem at all.

  17. Spicoli

    July 5, 2016 at 8:44 pm #

    If there is money involved with human interaction and there is an angle that can be shot, it will be shot. This much I know.

  18. Flirp

    July 5, 2016 at 10:31 pm #

    AM needs to do what Gawker did. Close up shop and leave with the grains of dignity it has left. As for the clientele, sucks that the ones that got caught with the hands in the cookie jar got repercussions for wanting to fool around on their spouses like a coward.

    IF YOU ARE NOT HAPPY IN YOUR MARRIAGE BE A BIG BOY/GIRL AND END IT. FOR YOURSELF AND THE SPOUSE, GIVE THEM A CHANCE TO FIND SOMEONE WHO WILL ACTUALLY APPRECIATE THEM AND NOT WASTE THEIR LIVES ON A LIE!

    • Graham Cluley in reply to Flirp.

      July 6, 2016 at 12:33 am #

      Easy on the capslock. Thanks.

  19. john stallings

    July 6, 2016 at 12:33 am #

    here is the logic algorithm. Put up and tune out the "I just havent lost my baby fat although junior is 18, hire a hooker, or get a blowup doll.the last 2 are far cheaper, perform better, and little complaint

  20. chuck

    July 6, 2016 at 1:33 am #

    These stories are like stories about gangbangers whacking each other in Chicago. You have to join the gang, and that ain't nobody's fault but your own dumb ass.

  21. Chi_Sam

    July 6, 2016 at 2:11 am #

    Ashley Madison has created this image of its user as a playboy catting around behind his wife or girlfriend's wife.

    Now that they have been exposed as a complete fraud, yet remain in operation, I'm inclined to believe their user base is nothing more than a bunch of losers that are the type that name their blow-up doll.

  22. Defiant

    July 6, 2016 at 3:11 am #

    LOL! Let the buyer beware! It serves these guys right for being dogs…

  23. Sammi

    July 6, 2016 at 5:11 am #

    AI prick tease, news at 11

  24. Giuseppie

    July 6, 2016 at 5:23 am #

    Any man who's ever dabbled in the online dating world of ant sort, and who is smart, knows damn well that "fembots" are above and beyond the norm.

    Seriously, as an example, go and peruse the rating-comments for Tinder in the Apple App Store. A large chunk of them are from men, complaining of the overwhelming amount of obviously fake profiles.

  25. PNC Charley McSmith ZCG

    July 6, 2016 at 7:16 am #

    Why would anyone pay to get "catfished" on a site like A.M., when they can get the same treatment for free on C.L., or any number of dating sites, or even F.B.? Heck, for that matter, if you're going to spend dough on online fantasy why not just put up the earnest money for that dude that sent you an email from the lottery commission from the Prince of the Zanzabarian Congo of Gusavia?

  26. Metoo

    July 6, 2016 at 11:47 am #

    Do it the old fashion way….go to a bar.

Leave a Reply