All we can say is Bye Ashley
It seems like the Ashley Madison thing won’t go away quietly after all, so I can finally write a bit about the steps I took to investigate allegations that local government employees were using the site on taxpayer time. It’s a salacious allegation to be sure, one stoked initially by the right-leaning news outlet, Capitol Connection, a subsidiary of
the John Locke Foundation The Civitas Institute. The site reported on Aug. 21 the story “Almost 100 local and state government emails among Ashley Madison hack.” Of course I clicked on it that Friday afternoon. It was definitely in the prurient interest.
The story, accord to the theory, was that government employees were so dumb that they would put their own job-related email account into a spouse-cheating website in order to troll for a hook up. Now I’m no government apologist, but you’d have to be on the far side of stupid to do that. But the skeptic in me was interested and by the time I had my Friday supper I was back online trying to find out how to download the database, reported to be 9 gigabytes.
After about an hour of research, I turned to a friend who just happens to be an IT security expert employed by a private university in the region. He’d already downloaded the database, he told me via Facebook message, because the school had a half-dozen or so email accounts in the hacked database. Eric, we will call him, had to download the hack to search for any password or other security breaches. The university had no prohibitions on Internet usage, he said, because as a private research institution they frowned upon limits.
But he’d spoken with HR and with each of the named employees, suggesting they change their email password and be more careful next time.
Eric explained how to find the data torrent and download it. He also explained what line editor I would need to search the data. After two hours of downloading and an hour trying to open the file, I asked Eric if he would do it for me for a nominal fee.
I wanted to search just a handful of local government domains identified by Capitol Connection to see if any real government employees actually did use their own email account to access the site. Along the way, I had heard that anyone could enter someone else’s email account to gain access to the site, which did not send a confirmation email to the user. That explained why the president’s White House email account was in the database. It would also explain why the Eden city manager’s email account was there as well, I supposed.
A few things, including six emails from the Rockingham County Schools, three from the City of Greensboro, and three from Winston- Salem/Forsyth County Schools, piqued my interest. We also searched for one email from the City of High Point, one from Guilford County, and one from Guilford County Schools.
As of this week, all have replied to the request to identify the employee associated with the email account except for Guilford County Schools.
Rockingham County Superintendant Rodney Shotwell called the day after I sent the request. The six email accounts in the Ashley Madison database were student email accounts, he said, two of which belonged to students who had graduated. Two of the accounts had yet to be activated and two were for current students. There was no indication that students used school resources to access the spouse-cheating website.
The account belonging to a Guilford County address belonged to a public health educator that retired two years ago. The one in High Point to a meter reader.
The City of Greensboro responded in a day or two. One of the employees with an email in the Ashley Madison database resigned four years ago. Two were for current employees. I had a lengthy phone interview with Assistant City Manager Mary Vigue, who reported that no activity that would violate city policy had been discovered.
The city was mostly concerned about security leaks, Vigue said, adding that the city’s network is constantly under attack from hackers. Just recently, city IT staff spent a great deal of energy fending off probes from hackers in Russia.
As for Ashley Madison, Vigue said they had spoken with the employee and their supervisor to make sure there were no breaches or policy violations. The inquiry included IT and email searches on city networks to look for inappropriate activity. None was found.
The state’s Office of IT services had alerted the city that several emails from city employees had been found in the Ashley Madison hack. From there, Vigue and the city IT staff looked into the matter.
“Based on an initial search we have done, we have not found anything in terms of a policy violation or a security compromise,” Vigue said. “We have to be very diligent about our system. We are forever fighting viruses and things people are trying to send in. Much like any entity, we are forever dealing with IT security issues.”
City spokesperson Donnie Turlington credits the city’s IT staff for regularly reminding employees of policy and security concerns.
“On a regular, if not daily basis, our government website is under some form of scrutiny from outside entities trying to get into it,” Turlington said. “That’s why we have a very professional IT staff and their job is to secure it, which they do frequently.”
Earlier this week, WS/FC schools responded to our inquiry with the names of the employees whose emails were found in the Ashley Madison database. Two of the three are no longer employed by the system, according to Chief of Staff Theo Helm. No policy violations were found related to the current employee.
All in all, it was much ado about nothing and a far cry from what Fran DeLuca of the Civitas Institute called “a blatant abuse of NC taxpayer resources.”
Much like Fran’s apoplectic overreaction, many conservative bloggers latched onto the situation as evidence of a morally corrupt government.
Much like Ice Cube’s dismissive retort in the film Friday, all we can say is “Bye Ashley.” !