Security giant Trend Micro has discovered that several dozen email accounts associated with some of its honeypots have been used in Ashley Madison profiles, corroborating allegations that the under-fire firm paid people to create fake profiles.
Honeypots are designed to passively attract attackers in order to generate data for researchers like those at TrendLabs, not enroll themselves on adultery sites – so Trend Micro threat research manager, Ryan Flores, took a closer look.
He claimed in a blog post that the profiles associated with honeypot emails were “quite complete” – containing all required fields including height, weight, hair color and a country/city matching the IP address given.
In total he found 130 accounts which share the same sign-up IP with Trend Micro honeypot accounts. In fact, several were created from the same IP, with time stamps “only minutes apart.”
“Furthermore, it looks like the creator is a human, as opposed to being a bot. The date of birth (dob field) is repeated (bots tend to generate more random dates compared to humans),” Flores explained.
“Another clue we can use is the usernames created. Example 2 shows the use of ‘avee’ as a common prefix between two usernames. There are other profiles in the sample set that share similar characteristics. Two usernames, ‘xxsimone’ and ‘Simonexxxx’, were both registered from the same IP, and both have the same birthdate.”
However, it’s not 100% certain Ashley Madison was behind the fake profiles, because only 10% of them were female. Instead, they could have been the handiwork of forum and comment spammers.
“These forum and comment spammers are known to create website profiles and pollute forum threads and blog posts with spam comments. The more advanced ones are able to send direct message spam,” argued Flores.
“Seeing that Ashley Madison does not implement security measures, such as account activation email and CAPTCHA to ward off these spammers, it leaves the possibility that at least some of the profiles were created by these spambots.”
The second data dump from the Impact Team at the end of August revealed internal emails from the now infamous adultery site appearing to show that it was paying people to create fake women’s profiles and to chat with men on the site.