Security researcher may have solved Ashley Madison hack

$500,000 to the winner

Ashley Madison

One security researcher could be in line for the Ashley Madison CA$500,000 (around £244,000, $377,000, or AU$527,000) bounty after providing the most credible suspect yet for the hack.

Brian Krebs, on his Krebs on Security site, has been hard researching one particular Twitter user that he thinks either took part in the hack or has detailed knowledge on the Impact Team group that carried it out.

Thadeus Zu, who Krebs has tracked across Facebook and Twitter, first came to the attention of the researcher just after the blogger broke the news of the hack after retweeting the very same cache of data that had been exclusively sent to him. Whilst this isn't that surprising, Krebs' suspicions were raised because no other sites had posted the cache.

Everything kicked up a notch when AC/DC were brought into play by Avid Life Media, the owner of Ashley Madison. A press conference called by the Toronto Police, in the city that Avid Life calls home, explained that the firm knew of the hack around a week before it was made public when a threatening message flashed up on computers accompanied by AC/DC track Thunderstruck.

Krebs got to work on Zu's extensive Twitter history and found a reference to Thunderstruck in a tweet threatening a computer security firm in the Netherlands back in 2012. He even referred to the same band in another Tweet that confirmed he'd hacked the Australian Parliament.

"Parliament of Australia bit.ly/NPQdsP Oi! Oi! Oi!….T.N.T. Dynamite! Listen to ACDC here," it read.

The plot thickened when a tabbed browser window posted by Zu in relation to releasing the Ashley Madison data showed, yes you've guessed it, a YouTube tab containing the offending song once again.

Zu also tweeted the "Time's Up" link containing the data cache 24 hours before other news outlets and, if Krebs is to be believed, then Zu could well know a lot more than he's been tweeting about.

Cheaters turning to suers?

News of the Ashley Madison hack first broke on July 20 when The Impact Team claimed to have stolen the details of millions of users, which has around 37 million worldwide and 1.2 million in the UK.

The hackers eventually dumped the information onto the Dark Web after failing to get the site to shut down and Avid Life Media will hope that the CA$500,000 (around £244,000, $377,000, or AU$527,000) reward will persuade people to come forward with information. The users of the site, meanwhile, could adopt suing over cheating as their activity of choice and things are likely to get even tougher for AM.

Article continues below