By Ed Silverstein, From Legaltech News

‘The tech evidence supports the assertion it was done with local access as opposed to remotely,’ says ThreatSTOP Inc. CEO Tom Byrnes

Canadian authorities continue to investigate the publication of leaked personal data from as many as 40 million users that were taken from Ashley Madison, an adultery website. But, one angle that continues to get attention is that the breach may have been an inside job.

“Whoever did this had local level access,” ThreatSTOP Inc. CEO Tom Byrnes told Legaltech News. It was “more like a Bradley Manning or Edward Snowden,” type event, and adds it was likely “done with file system level access.”

Byrnes said that in this case, evidence in the data “tends to support” that it was someone or more than one person “who had physical access through their work.”

“The tech evidence supports the assertion it was done with local access as opposed to remotely,” he added.

“There is no explicit evidence of how the data was exfiltrated,” Byrnes said. “These are very large data sets.” Given the size of the data set, it would have sent out alerts and would have slowed down the site, and would have been noticeable, Byrnes said.

Meanwhile, Ashley Madison is offering a $500,000 reward for information on the possible hackers. Toronto Police, Royal Canadian Mounted Police, and the FBI are also investigating the breach.

Byrnes says officials will likely be looking at every log and every person at Ashley Madison. He says that those employees who appear to be “trying to cover their tracks,” may be of special interest. “People leave a lot of breadcrumbs on social media these days,” Byrnes said. “You have to investigate all paths,” Byrnes adds. Whether it was remote or local, “you’re still going to look at the same logs,” he said.

There could have been a conspiracy in the breach, as well. “I’m not sure this was done by one person,” Byrnes said.

The breach has led to lawsuits and two possibly related suicides.

The events began last month when employees at Avid Life Media (Ashley Madison’s parent company) found an online message from suspected hackers regarding AshleyMadison.com and EstablishedMen.com. A group called “The Impact Team,” released a statement on July 20 saying that it gained access to the databases.

The company’s CEO has suggested it was an inside job – perhaps by a former employee or contractor. “It was definitely a person here that was not an employee but certainly had touched our technical services,” Avid Life Media CEO Noel Biderman told Mike Krebs of Krebs on Security.

“Maybe they’re telling the truth for once. From a business standpoint, they’re toast anyway,” Byrnes added. “The company is shot.”

From the point of view of other companies, Byrnes identified some takeaways: Do background checks on employees and contractors, trust but verify, require proper log-in credentials.

“Most of these attacks will get caught if you properly monitor your network,” Byrnes said. That means looking at the speed and performance of file systems. Security is closely related to network traffic management, too. “Do the basics and the rest will tend to follow,” Byrnes advises.

For more on this story go to: http://www.legaltechnews.com/id=1202735853357/Could-the-Ashley-Madison-Hack-Have-Been-an-Inside-Job#ixzz3kPLBDrkw