By Josephine Mason
TORONTO, Aug 24 (Reuters) - Larry Flynt, a defender of free
speech and sexual freedom if there ever was one, has this advice
for anyone worried by the hack of infidelity site Ashley
Madison: Muzzle yourself.
"Don't do or say anything you wouldn't want to read about on
the front page of the New York Times," said the founder of
Hustler magazine and owner of businesses that sell sexually
explicit videos online.
It might be too late for many people who, lured by a
supposed cloak of digital anonymity, have shared their innermost
wishes, fetishes and fantasies on hook-up and porn sites. And
those companies know that their digital troves of secrets are
exactly what make them a target for emboldened hackers.
In exposing the Ashley Madison accounts of as many as 37
million users, hackers released a cache of potentially
embarrassing and damaging data. The dump contained email
addresses for U.S. government officials, UK civil servants, and
workers at European and North American corporations, taking
already deep-seated fears about Internet security and data
protection to a new level.
"This represents a scary precedent" because of the scope and
depth of intrusion into people's private lives, said Ajay Sood,
Canada general manager at cyber security company
FireEye/Mandiant FEYE.O . "Ashley Madison wasn't the first, but
it's the one."
The data dump made good on the hackers' threat last month to
leak customers' nude photos, sexual fantasies, names and credit
card information from the Canadian website with the slogan,
"Life is short. Have an affair."
The hackers, who have not been identified, appear to bear a
grudge against the company and want to undermine it by exposing
users to public scrutiny.
The prospect of attacks by non-financially driven hackers
pursuing publicity, blackmail or moral judgments sends shivers
through the online dating and sex industry.
Reports that blackmailers armed with the data dump are
contacting Ashley Madison members for extortion will reinforce
concerns.
For the online adult entertainment segment, which accounts
for more than 10 percent of Internet traffic, the trend is
particularly worrisome.
"I don't know anyone that's prepared for something like
this," said Joanna Angel, a famous punk porn entrepreneur who
owns and sells adult films on the website Burning Angel.
'TRADE IN SECRETS'
The online sex industry has long been aware it is more
vulnerable to a cyber attack than most companies because some
people find it offensive. It also thrives on ensuring privacy.
As a result, it has toughened up its defenses over the
years, as global retailers and health insurers have fallen
victims to hackers. The problem is, security experts say, there
is very little else they can do to keep hackers out.
"There are always extra layers of security," said Diane
Duke, chief executive officer of the Free Speech Coalition, the
trade association for the adult entertainment industry.
"However, you build a widget; someone breaks it."
Angel, 34, who has starred in and directed hundreds of
films, believes she has robust security on her website, but
worries it may not be enough to ward off ever-more sophisticated
hackers.
She hired outside experts to run her online security after
hackers shut her site down for five days, costing her money and,
temporarily, customers.
Angel said the Ashley Madison affair and release of people's
names might curb customers' willingness to disclose personal
information, although she had not seen any evidence of this.
"It could end up affecting a company like mine," she said.
"It will make people more paranoid."
The Ashley Madison hack is the second high-profile attack on
a no-strings attached solicitation site this year. In March,
Adult FriendFinder was the victim of a massive data breach, with
hackers publishing details of 4 million subscribers on the Web.
Adult sites, among the first Internet companies to accept
credit card payment, tend to have robust security to combat
fraud. But their systems for securing non-financial client data
are not as strong, cyber experts said.
One large cyber security provider has seen an uptick in
business from companies that "trade in the secrets" of clients,
an executive said.
"It's hard for these types of companies to see what's going
on and not want to take a closer look at their security," said
the executive, who was not authorized to publicly discuss client
enquiries.
Many have already hired top-class security talent to keep
tabs on their websites, said Mikko Hypponen, chief research
officer at Finland-based cyber security company F-Secure.
And users are probably getting wiser about using work email
addresses, posting risqué photos or divulging potentially
embarrassing information on dating sites, he added.
Flynt, who fought in the courts for freedom of speech, said
anyone surprised at the invasion of people's privacy is naive.
"Privacy no longer exists," he said, "and it hasn't for some
time."