Privacy Extortion - This privacy sensitivity occurred innocently in the physical world on a beautiful avenue. But, privacy sensitivity can be even more critical in the virtual world.

Privacy Extortion

A new type of cyber-crime: From kindergarteners to adulterers

A year ago I was walking on a sunny day with my daughter in Frankfurt near the Alte Oper. We saw a group of kindergarten kids walking hand in hand with their teacher. They were lovely. We couldn’t take our eyes off of them, and my daughter couldn’t resist taking their picture. She instinctively raised her smartphone to photograph them, but the teacher immediately waived her hands, and in a firm tone said: “You are not allowed to breach these kids’ privacy. Please do not take any pictures.”

This privacy sensitivity occurred innocently in the physical world on a beautiful avenue. But, privacy sensitivity can be even more critical in the virtual world. The cyber world, in a way, knows more about our inner life, desires, passions, relationships and challenges than we perhaps know ourselves. Revealing this information about an individual can cause enormous damage to his or her professional and personal well-being. As we all have seen, the cyber world, unlike my daughter with the kindergarteners, is also less respectful with an individual’s sensitive information.

Uncovering the Dirt

Millions of Ashley Madison members certainly felt a breach into their private lives recently. I’ll bet they panicked when they found out that the entire Ashley Madison database was stolen, perhaps to be publicly revealed.

Unfortunately, stealing confidential data is not new to us. Bigger services have suffered from data theft before, and while stealing credit card data is harmful, the damage is basically repairable. The potential fallout from the breach to the Ashley Madison online adultery service is quite different. Brought to light, Ashley Madison membership reflects in a profoundly negative fashion on the individual, painting their reputation starkly in black, and risking everything from their family relationships to their social status and even their career.

Because the Ashley Madison site facilitates adultery, the security breach has mostly caused a titillated public to react with a combination of moral judgment and humorous quips. But, this breach is a cyber-security crime that requires us all to take notice. The personal details and other juicy descriptions identified in the Ashley Madison breach create a new kind of cyber security threat: the potential for massive blackmail. According to the attackers themselves, the Ashley Madison hack is targeted at the service provider. It also heralds a new, very dangerous and troubling form of cyber-crime: the disclosure of personal secrets, which comes with all kinds of other risks, such as extortion.

For the hackers, this is an outrageously lucrative business model. Most (probably all) of the Ashley Madison customers would be happy to pay a reasonable price to avoid having their online profile made public. Even if the price were $50 to keep member profiles private, it would turn the hackers into multimillionaires.

Storing Personal Information

Of course, Ashley Madison is not the only site storing sensitive personal information. It doesn’t take long to consider other sites where the registered users wouldn’t want their private lives to be exposed: medical records and social chatting, to start.

All of us are subject to a “dark secret” in our inner life that we wouldn’t want to fall into the hands of bad guys. No longer is this just about big corporations and credit card theft; this is deeply personal with a Pandora’s Box aura as once the information is public, it remains so. This is a wake-up call for service providers to improve the security of their services in the interest of protecting their users’ secrets.

Security strategies have traditionally revolved around protecting the endpoints and the network. However, hackers are increasingly targeting service providers’ databases that reside within the data center. Databases and web applications in the data center are open to new attack methods that require a better approach for protection. For example, web applications, designed to be open and used by anyone from anywhere, are by definition openly accessible.

Protecting a user’s highly-private information calls for strong encryption as well as secure cryptographic keys. Today, cryptographic keys are kept on servers that can be easily breached, and once breached, the keys can be stolen and the user’s secrets exposed. By overlooking the utmost protection of users’ privacy, including protecting the keys that encrypt users’ private information, the service provider runs the risks of putting their users in harm’s way and losing their own businesses. This far-reaching threat has the dubious distinction of giving the kindergarteners and the adulterers a common cause.

This article originally appeared in the November 2015 issue of Security Today.

Featured

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services
  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.