Come Again? Second Thoughts on My Ashley Madison Affair

My Ashley Madison affair, for lack of a better way of putting it, began innocuously enough.

“Have you seen Larry Wilmore’s hilarious segment on Ashley Madison?” my wife asked a couple of weeks ago.

“Who’s Ashley Madison?” I replied.

I am not, as you may have gathered, the one in our family to turn to for knowledge of current cultural happenings. But it didn’t take long before I, like Larry Wilmore and the rest of the world—or, at any rate, the rest of the world minus 37 million people, some portion of their spouses, and a minority of souls with well developed senses of compassion—was chuckling at the expense of the multitude of adulterers and would-be adulterers who used the site. Over the next few days, my wife, who as a professor of family law had a professional as well as prurient interest in the story, sent me links to one preposterous new development after another. With some exceptions, like the case of the woman in Sydney who learned on a talk show that her husband’s email was among the 37 million, the tales were droll, just the sort of thirty-second diversion from work we have come to expect from the shallowest reaches of our shallowest medium.

It was with similar bemusement that I opened an email that arrived last week under the subject line “Urgent Lonely Blonde Request.” Urgent lonely blondes do not usually make requests of me. Nor do they usually make it through my spam filter. The blonde in question was a putative Vickie Greer, who explained in a couple of admirably concise sentences that she was young, erotically aroused, in ardent need of a certain portion of my anatomy, and would like to come over right now. She did not explain what a lass with an email address at a German domain was doing just then in Boulder, Colorado. She encouraged me to examine a photo of her physique by clicking on a link to a website registered in Hong Kong. Miss Greer, evidently, got around. I didn’t click. Instead I forwarded the email to my wife with a note that read, “Am I receiving this because of the ‘research’ you’ve been doing on Ashley Madison from our home IP address?”

“Hmmm,” she wrote back. “Maybe I should check whether you’re in the database.”

We laughed over that one that night.

Not long later, however, I came across a story about the blackmail emails that some Ashley Madison members were getting—“sextortion” is the clever neologism. One cyber-security expert quoted in the piece said members could also expect to be bombarded with email solicitations for sexual services and that those services might be remarkably targeted because the targets’ sexual tastes were in the leaked data. “They are not only going to act like a potential love interest,” the expert said of the people behind these emails. “They are going to act like your exact type. If you like brunettes, they are going to be brunette. If you like blondes, they are going to be blonde.”

I have no special partiality to blondes, but the juxtaposition of that comment with the email from the urgently blonde Miss Greer got me thinking. I opened the spam folder of my email account and there found three more throbbing entreaties from the Misses Annette Alexander, Isabel Pope, and Wilma Hamilton. I felt a little bad for Miss Pope and Miss Hamilton, whose given names hadn’t suggested “come hither” to a lonely swain since the Truman Administration; it must have been a trial to labor under so great a professional handicap. Still, like Miss Greer, these girls got around, their emails having originated in Germany and France, their photos in Russia, China, and Arizona.

It seemed an awfully unlikely coincidence to be getting these missives just as the Ashley Madison data were released, and yet I emphatically did not have an Ashley Madison account, so couldn’t be on the cheat sheet. Or could I? I dismissed the thought, but it recurred, and not long later I found myself at one of the newly arisen websites that let people check whether an email address is in the Madisonian data dump. I typed in my address but vacillated before clicking Enter. It felt sullying just to associate myself with the affair, like going to a pawn shop in a bad part of town to retrieve a stolen watch. Eventually I clicked.

“Honey,” I found myself telling my wife when she walked in the door a few minutes later, “I have a not-so-funny Ashley Madison update for you.”

I have since read accounts of the moment when other innocents broke the news to their partners. Most of them describe feeling guilty despite having done no wrong. My own feeling was slightly different, less one of culpability than of responsibility. It was precisely the feeling I had had on the three occasions I told my wife I needed reconstructive knee and ankle surgeries. The surgeries were not my fault, merely my misfortune, but because of me she would have to do all the cooking, cleaning, driving, parenting, and much else for many months. I had become a headache.

Happily, unlike others in our unfortunate cohort, one headache we did not have to deal with was suspicion. My wife’s belief in my fidelity was, as it were, unadulterated, as mine would have been in hers had she been on the list. (She is not.) It’s that kind of marriage.

“Also,” she said, “am I supposed to believe that an investigative reporter who has tracked down undercover spies is dumb enough to use his own email address for an affair? Or that I would have stayed married to such a dolt all these years?”

But we of course faced the one headache that all victims of the scandal face: the possibility of public approbation. We didn’t worry that many of our family, friends, or acquaintances would question my constancy, but surely one or two who were suspicious enough to check my email would harbor doubts no matter what we said. I dislike gossip, at least when it’s about me, but I was more worried about whether my wife might have to endure unsought pity (for having such a lout of a husband), contempt (for gullibly believing him), or censure (for failing to “satisfy his needs at home,” in the common phrase). And things could get worse. Some zealots have talked of posting online the names and emails of the sinners, by zip code, so that everyone can see the philanderers in their midst. Come the day, we might as well spray a scarlet A on the front door, put sackcloth on the dog in the manner of Jonah, and roll about in ashes. My laughter at Larry Wilmore’s segment looked a little less nuanced now.

Naturally, my wife and I wanted to know how I got into Ashley Madison’s dump at all. We had hypotheses. One was that identity thieves put me there. As everyone knows by now, a great many female “members” of Ashley Madison were fabricated to balance the site’s cockeyed male-to-female ratio. Less widely reported is that some security experts think Ashley Madison may have bought thousands of email addresses in bulk from marketing companies and used them to create the fake accounts. The appropriated addresses needn’t have been outwardly feminine—JohnDoe@_____.com would do just as well as JaneDoe@______.com—because addresses on Ashley Madison aren’t displayed in members’ public profiles. Some men (and their spouses) have reported their emails were used in just this manner. Of the scandal’s many lessons, one is that we can no longer assume, if we ever could, that an electronic deed was done by its purported doer.

I shouldn’t have needed Ashley Madison to teach me that. In recent years, my and my wife’s identities have been stolen and used, at widely dispersed intervals by apparently unconnected thieves, to buy concrete in the Yucatan, a flat-screen TV in Illinois, a burger in Maryland, and much else between. When we went to file our tax return this year, we found that someone else already had—and had received a refund check from the IRS for their pains. (The IRS is still investigating that one, and our real refund waits in federal purgatory.) In just the last few days, I learned at the website HaveIBeenPwned.com that my username, password, and password hint were compromised in a hack of Adobe in 2013, about which Adobe never told me. (For those as uninitiated as I was till now, pwn is leetspeek for own, in the sense of conquer or appropriate; leetspeek is a form of web slang in which letters of a word are replaced with other letters or characters, as in “@$$” for “ass,” or “l33t” for “leet.”) Such problems can only get worse as stolen identities only get easier to buy. Already there are eBay-like exchanges where identities are trafficked for less than a dollar apiece (although a chap by the name of OsamaBinFraudin, touting his identities’ 720-plus credit ratings, asks a cool $454.05).

Another possibility for how I ended up on the list was simple spite: someone who didn’t care for me used my email address when setting up his own account. I have, in fact, been victimized by just this sort of thing. Last year pirates posted free, downloadable copies of one of my books on several torrents around the web. I emailed the hosts with demands they take down the book and was uniformly ignored, or so it seemed until a day or two later when my inbox began to overflow with all manner of spam, mostly from European domains. The flow, diminished but not desiccated, continues to this day. Clearly a peeved pirate had sent my email to some sort of spam central. I also sometimes draw spectacularly enraged replies and even the odd threat of bodily harm for my political writings. And not to boast, but there are FBI officers and CIA agents who wouldn’t mourn if life became difficult for me. In short, I have enemies. And yet the tribe must be a tiny one indeed whose constituents would be so outraged by a writer of slender renown that when wracking their addled brains for a fake email to put on their dirty-weekend accounts, they would choose his rather than that of a more famous target or a target nearer to hand: the arrogant boss, a flippant ex-lover, the uncle with repulsive politics and a lecherous eye, the neighbor who runs his lawnmower at dawn on Saturday. The media haven’t said much about such innocents, but surely they populate the Ashley Madison database in numbers not trivial.

Another hypothesis was that, just possibly, I did sign up for Ashley Madison. Some years ago I wrote a book about the CIA’s illegal kidnapping and torture of an alleged terrorist in Italy. Over several years, I tracked down ten or so of the clandestine operatives behind the crime, largely by comparing scraps of data they scattered about Italy with similar data on the web. If a spy used a pseudonym to check into a hotel in Milan, and the pseudonym matched a username on a chat board for Corvette buffs, I went to the site and paged through the relevant posts, then went to similar sites and did the same. A lot of those sites required users to set up accounts before viewing their pages, and many were far more shadowy than chat boards for car enthusiasts. One disturbingly violent paramilitary site remains graven in my memory—a reason to look forward to Alzheimer’s. But that grotesque was an exception. Of the scores of accounts I’ve set up over the last decade for the CIA job and subsequent work, I deleted nearly all after a few minutes or days, and they fled my memory soon thereafter. Although I’d think I’d remember a site as thematically arresting as Ashley Madison, in fairness to the company—the very words pain my fingertips to type—it is conceivable I subscribed briefly and have forgotten. Another writer has found herself on the list of shame for similar occupational reasons.

It is also possible I signed up not with Ashley Madison but with a different outpost of Avid Life Media, Ashley Madison’s parent company, on whose libidinous empire the sun never sets. Avid Life, it turns out, caters to a wide variety of erotic appetites through sites like ManCrunch.com, CougarLife.com, AdultFriendFinder.com, and EstablishedMen.com, to name but the most prominent. Data from some of those sites are reportedly in the dump. But the reporting has been so thin that few people know about it, and fewer still know that such sites have nothing to do with, at least nothing necessarily to do with, adultery. They’re just places where people, single or not, gay or straight, can arrange to meet for sex or its antecedents. The media have done them a cruel harm by prattling endlessly about liars and adulterers, thereby tarring everyone in the dump with villainy, even though the only crime some of these people committed was to express a desire for sex with another unmarried adult.

The cruelest harm, of course, rests with the hackers who published their data in the first place. To this righteous lot, I put a few questions: If a nineteen-year-old lesbian in Lubbock is contemplating suicide because you outed her to her evangelical parents, is that worth having exposed ten million cheaters? And what of the gay Saudi Arabian at risk of being stoned to death? Or the wife who was indeed untrue—because her husband was abusive and she craved affection from someone who didn’t beat her—and who, thanks to your handiwork, may be getting the crap kicked out of her just now? This all stopped being even a little funny long ago.

In the end, my wife and I, like others in our situation, tried to learn more about my (or “my”) account by logging on to the various Avid Life sites, but at each we were told no account was linked to my email. If one existed, it had since been deleted. Had we been braver or more foolhardy, we might have ventured into the murk of the dark web and tried to access the raw data that could, perhaps, have told us which website my email was attached to, when the account had been opened and closed, from which IP addresses it had been accessed, and whether one of my passwords or credit cards had been compromised. But the ominous threats of ruinous malware lurking in the dark deterred us, as did the idea of possessing stolen goods, which, apparently, is a prerequisite since you have to download everyone’s stolen data to have a look at your own.

Another option open to us was to use the services of the one company, Trustify, that has offered to do the dark-web work for the worried or the curious. But Trustify charged $268 for a typical Ashley Madison inquiry, which seemed ridiculously high for what amounted to copying and pasting—technically skillful copying and pasting, but copying and pasting all the same. More odiously, when someone used Trustify’s email search feature and discovered an address was in the Ashley Madison pile, Trustify sent a note to the tainted address that said, in effect, Someone has discovered you’re among the disgraced, and wouldn’t you like to pay us to learn which predilections and peccadillos of yours will soon be abroad? Trustify’s spokespeople have said they’re just benevolently telling people they’re being checked out—wouldn’t you want to know?—but since they tell only people who come up “dirty,” not those who come up “clean,” you could be forgiven for thinking the company’s motives are more financial than informational.

The one company that could quite easily have gotten us the information we were seeking, the company whose ludicrously ramshackle security got us into this mess (a company, need I add, that took twenty bucks off a lot of marks to permanently delete their data—then forgot to hit the Delete key), has done nothing whatsoever to help victims. Indeed, just the opposite: even now, Ashley Madison’s homepage touts the superiority of the site’s security and the certainty that your liaison will be “100% discrete.” The avidity from which Avid Life Media takes its name is surely for its bottom line.

My wife and I ultimately decided we could wait. To know more wouldn’t alter what we needed to do, which was change our passwords, scrutinize our credit card bills, and attend to the other rituals of our age of internet insecurity. In a month or so, we would poke around again. By that time, the frenzy having faded, Trustify might have dropped its prices (and found a sense of decency), competitors might have cropped up, or, quite possibly, the data in all its tawdry glory might have been posted on the workaday net.

In the meantime, we look forward to more stimulating emails. Even as I edit this piece, I have received three. Miss Myrtle Nelson and Miss Hazel Davidson have written with, respectively, a Hot MILF Teacher Request and a Horniest Wife Request, while Trustify writes to say that one person using its search function has learned of my shame. I give thanks, almost sincerely, to this foursome. They keep fresh in my mind that my chuckling at unfortunates might be better supplanted by a measure of compassion, at least now and then. I exempt from this principle unfortunate bastards like the imploding Avid Life Media and their hunted hackers.

Steve Hendricks is the author, most recently, of  A Kidnapping in Milan: The CIA on Trial. His website is SteveHendricks.org.