If you know who is behind The Impact Team, the hacker or hackers who broke into the adultery-dating website Ashley Madison last month and dumped the data online last week, you can collect a reward of 500,000 Canadian dollars (roughly $377,730 in U.S. dollars, at an exchange rate of 76 U.S. cents per one Canadian dollar).
BBC News reported today that Ashley Madison's Canadian parent company Avid Life Media offered the reward for information – along with the more somber news that police in Toronto say two people “associated with” the leaked data have committed suicide.
Bryce Evans of the Toronto police said, in an address intended for The Impact Team, that “I want to make it very clear to you your actions are illegal and we will not be tolerating them. This is your wake-up call.”
Possible leads, but not promising
On Saturday, Ars Technica reported a possible mistake that the hackers made. They hope that it might help investigators track them down. Whoever posted the 200,000 internal emails from the hacking apparently forgot to cover their tracks at first: “A Web interface for administering the BitTorrent server was left exposed to the Internet without a password, making it possible for outsiders to access. … The box seeding the torrent was located at 18.104.22.168.”
So can't investigators simply trace that IP address and find the hackers? Not necessarily. Also on Saturday, the Toronto Star (Ashley Madison's hometown newspaper) ran a piece on “Why the Ashley Madison hackers probably won't get caught” and pointed out that determining responsibility for a hack attack is extremely difficult, because even if you can trace an attack to a given computer, that doesn't mean the computer's owner/operator was behind it – that computer itself could've been hacked into.
Indeed, among the many different malware variants that can infect your computer, one type is called “zombie” software because it essentially takes over your device and turns it into a zombie, mindlessly and unknowingly obeying the malware-writers' commands. A botnet, sometimes called a “zombie army,” is a network of private computers all infected with zombie malware and working toward some common goal for the malware writer.
If you've ever had your email spoofed – and didn't know about it until your friends asked “Hey, why are you sending me these weird spammy emails?” – then you've suffered a mild case of zombification or been ensnared in a botnet yourself. The Ashley Madison hackers may have left a few footprints last weekend, but it's still too early to tell if those footprints lead to their house.