State reviews government email addresses that may be connected to Ashley Madison hack
WASHINGTON — Hundreds of U.S. government employees — including some with sensitive jobs in the White House, Congress and law enforcement agencies — used Internet connections in their federal offices to access and pay membership fees to the cheating website Ashley Madison, The Associated Press has learned.
The AP traced many of the accounts exposed by hackers back to federal workers. They included at least two assistant U.S. attorneys; an information technology administrator in the Executive Office of the President; a division chief, an investigator and a trial attorney in the Justice Department; a government hacker at the Homeland Security Department and another DHS employee who indicated he worked on a U.S. counterterrorism response team.
The Connecticut Judicial Branch released a statement on their investigation:
“The Judicial Branch is currently reviewing the list of Judicial Branch e-mail addresses that may have been used to register with Ashley Madison to determine if any policies or procedures were violated, and what if any action should be taken.”
“We are reviewing the matter and will take appropriate action as warranted,” said the Connecticut Department of Children and Families in a statement.
Few actually paid for their services with their government email accounts. But AP traced their government Internet connections — logged by the website over five years — and reviewed their credit-card transactions to identify them. They included workers at more than two dozen Obama administration agencies, including the departments of State, Defense, Justice, Energy, Treasury, Transportation and Homeland Security. Others came from House or Senate computer networks.
The AP is not naming the government subscribers it found because they are not elected officials or accused of a crime.
Hackers this week released detailed records on millions of people registered with the website one month after the break-in at Ashley Madison’s parent company, Toronto-based Avid Life Media Inc. The website — whose slogan is, “Life is short. Have an affair” — is marketed to facilitate extramarital affairs.
Many federal customers appeared to use non-government email addresses with handles such as “sexlessmarriage,” ”soontobesingle” or “latinlovers.” Some Justice Department employees appeared to use pre-paid credit cards to help preserve their anonymity but connected to the service from their office computers.
“I was doing some things I shouldn’t have been doing,” a Justice Department investigator told the AP. Asked about the threat of blackmail, the investigator said if prompted he would reveal his actions to his family and employer to prevent it. “I’ve worked too hard all my life to be a victim of blackmail. That wouldn’t happen,” he said. He spoke on condition of anonymity because he was deeply embarrassed and not authorized by the government to speak to reporters using his name.
The AP’s analysis also found hundreds of transactions associated with Department of Defense networks, either at the Pentagon or from armed services connections elsewhere.
Defense Secretary Ash Carter confirmed the Pentagon was looking into the list of people who used military email addresses. Adultery can be a criminal offense under the Uniform Code of Military Justice.
“I’m aware it,” Carter said. “Of course it’s an issue because conduct is very important. And we expect good conduct on the part of our people. … The services are looking into it and as well they should be. Absolutely.”
The AP’s review was the first to reveal that federal workers used their office systems to access the site, based on their Internet Protocol addresses associated with credit card transactions. It focused on searching for government employees in especially sensitive positions who could perhaps become blackmail targets. The government hacker at the Homeland Security Department, who did not respond to phone or email messages, included photographs of his wife and infant son on his Facebook page.
One assistant U.S. attorney declined through a spokesman to speak to the AP, and another did not return phone or email messages.
A White House spokesman said Thursday he could not immediately comment on the matter. The IT administrator in the White House did not return email messages.
Federal policies vary for employees by agency as to whether they would be permitted during work hours to use websites like Ashley Madison, which could fall under the same category as dating websites. But it raises questions about what personal business is acceptable — and what websites are OK to visit — for government workers on taxpayer time, especially employees who could face blackmail.
The Homeland Security Department rules for use of work computers say the devices should be used for only for official purposes, though “limited personal use is authorized as long as this use does not interfere with official duties or cause degradation of network services.” Employees are barred from using government computers to access “inappropriate sites” including those that are “obscene, hateful, harmful, malicious, hostile, threatening, abusive, vulgar, defamatory, profane, or racially, sexually, or ethnically objectionable.”
The hackers who took credit for the break-in had accused the website’s owners of deceit and incompetence, and said the company refused to bow to their demands to close the site. Avid Life released a statement calling the hackers criminals. It added that law enforcement in both the U.S. and Canada is investigating and declined comment beyond its statement Tuesday that it was investigating the hackers’ claims.