Ashley Madison’s CEO is quoted as saying that the recent incident which exposed very personal information about its 32 million users was an inside job. Your first reaction might have been: of course they are going to say it was an inside job, they don’t want to expose the fact that their security systems were not adequate to stave off an attack.

A review of the data set by ThreatSTOP Labs indicates they may be telling the truth. This type of attack typically results from a SQL injection which breaks down the data set’s table structures and returns lines of data. The tables in the Ashley Madison data set, widely available on the Internet, is nicely organized in its original tables with the proper table names. This suggests that the person who grabbed the data files, which compressed come out to 9.9 gigabytes, likely had legitimate network credentials and was able to dump the data intact, complete with indices and foreign keys. These types of very large data dumps are more typical of the sort of activities of an Edward Snowden or Bradley Manning who used locally attached hard drives to exfiltrate data.

Another data point to support this claim is that the mere size of the data dump would have set off myriad service-level alerts indicating large amounts of data were gushing out the door. Not to mention the outbound traffic would have slowed network operations to a crawl. BTW: Impact Crew claims to have the image files as well, and has yet to make those available on the Internet. Those files will make the data dump exponentially larger and harder to distribute.

While not a network level hack, this does demonstrate hacking the human (in this instance, the HR team) is still highly effective.