I want a "Red Teaming"
Michael Schneider
The data from cheating portal AshleyMadison.com contains, after cleaning it up, 55’839 Swiss e-mail addresses, 19 of which are directly associated with the Swiss government, ending in admin.ch. But the leak contains so much more. Time to analyse the data.
Before I go and mention numbers, I have something important to write down: The analysis of the data did not happen for the purposes of public shaming. The privacy of Ashley Madison users has been intact at every turn of the investigation. Data that was transmitted to media did not contain names or other unique identifiers. Neither scip AG nor any of its employees has or will name names or release any data – be it address, payment details or sexual preferences – that could lead to identification of Ashley Madison clients. Privacy is a core value of scip AG and is thus something we take seriously. Therefore, the analysis has been kept superficial and was done without involving any personal data.
The goal of the analysis was to find out how much damage the Impact Team’s leak can do. Can third parties make credit card purchases with the leaked data? Which authentication and verification mechanism are used by Ashley Madison? What user data did Avid Life Media (ALM), parent company of Ashley Madison, collect? These are the questions that drove our research and led to this article. It was not the question whether or not an acquaintance or a public figure was or is a client.
The Swiss users of Ashley Madison number – after removing duplicates and addresses spelled in upper and lower caps – 55’839, if we go by e-mail addresses ending in .ch. This data was collected in order to find out which companies or private persons owning mail servers have been affected.
Provider | Number of Addresses |
---|---|
bluewin.ch | 13’473 |
hotmail.ch | 5’537 |
bluemail.ch | 1’181 |
gmx.ch | 22’970 |
freesurf.ch | 65 |
hispeed.ch | 1’565 |
sunrise.ch | 1’136 |
protonmail.ch | 128 |
swissonline.ch | 376 |
Other | 8’938 |
The most exact way of determining the origins of ALM’s clients is most likely the analysis of credit card data. Anyone can sign up to an ALM service using any mail address, but credit cards are hard to steal. We’ve used this data to extrapolate where in Switzerland ALM’s clients come from.
Canton | Percent |
---|---|
ZH | 26.84% |
VD | 9.67% |
BE | 9.62% |
AG | 8.41% |
GE | 8.37% |
SG | 6.38% |
LU | 3.97% |
SZ | 3.05% |
TI | 2.80% |
ZG | 2.66% |
FR | 2.51% |
BS | 2.32% |
TG | 2.27% |
SO | 2.18% |
BL | 1.89% |
VS | 1.74% |
SH | 0.97% |
GR | 0.87% |
NE | 0.77% |
AR | 0.63% |
NW | 0.53% |
OW | 0.39% |
GL | 0.39% |
JU | 0.34% |
UR | 0.24% |
AI | 0.10% |
Unknown | 0.10% |
These numbers allow for the following conclusions:
Credit card data would not be complete without a look at how much people spent.
We are going to monitor the digital underground for you!
Michael Schneider
Marisa Tschopp
Michèle Trebo
Andrea Covello
Our experts will get in contact with you!