Ashley Madison address is no smoking gun, experts say

Ashley Madison address is no smoking gun, experts say
© Ashley Madison

Don’t start divorce proceedings just yet.

Internet users scouring through the leaked Ashley Madison data shouldn’t assume that they’ve caught a cheater in the act, experts say.

While numerous websites have sprung up offering searchable databases of email addresses from the “have an affair” website, many of the registrations are likely to be fraudulent.

ADVERTISEMENT

That’s because Ashley Madison doesn’t authenticate email addresses when users sign up, deliberately giving users the “plausible deniability” of membership.

The lack authentication means anyone could use an email address of a friend, co-worker or relative without the person ever knowing, since no confirmation email would ever be sent to the account.

“[Ashley Madison] didn’t put any security measures [like authentication] in there,” said Ali Manouchehri, CEO at cybersecurity firm MetroStar Systems. “They were trying to be as anonymous as possible and that backfired on them.”

The key to uncovering whether a leaked email address is associated with a real user is the form of payment used.

“The proof of this pudding is in the credit card that paid for the subscription in this club,” said Rachel Ehrenfeld, director of the American Center for Democracy. “Thus, a more careful examination should be conducted before calling the divorce lawyer.”

But even matched credit card data isn't firm proof. While it would require more skill and knowledge of the dark Web, it is certainly possible for someone to have registered under an email address and credit card account that was either stolen or purchased illegally, Manouchehri said.

For legitimate users registering under their own identity, Manouchehri said it’s relatively easy to avoid leaving a digital paper trail by buying a disposable debit card, which can be easily purchased at the grocery store.

Even with that precaution, however, there are ways to link an Ashley Madison account with an individual’s computer.

The Associated Press matched Internet connection details from credit card transactions with government network IP addresses to uncover hundreds of federal employees who accessed the site and paid membership fees using their federal Internet connection.

The AP did not out individual users, but said it had identified paying users from more than two dozen administration agencies — including the departments of State, Defense, Energy, Treasury and Transportation, as well as individuals using House and Senate computer networks.

The Defense Department is investigating the plethora of military email addresses registered to the site because, Secretary Ash Carter said, “conduct is very important.”

Military members can be prosecuted for adultery under Article 134 of the Uniform Code of Military Justice.

And as to whether membership is enough to prove infidelity?

Not necessarily, marriage experts say. An exposed individual could claim to be “just browsing.”