Tweets About AC/DC Establish Ashley Madison Hack Suspect
As you probably already know if you’ve been within a ten foot radius of a newspaper or a device with internet in the past month or so, the online dating site for married people Ashley Madison (slogan: “Life is short. Have an affair.”) was recently targeted by a hack leaking sensitive data on its users. A few days ago, a press conference held by Toronto police revealed that Ashley Madison employees first learned of the security breach when they logged into their computers on 7/12 and were greeted with a threatening message soundtracked by AC/DC’s “Thunderstruck.” Now, it seems that that bizarre detail may actually be a crucial clue to the hacker’s identity.
As The Washington Post reports, security blogger Brian Krebs noticed that a Twitter user named Thadeus Zu (@deuszu) had posted a link to Ashley Madison’s stolen proprietary source code before it was made public. Intrigued, Krebs downloaded five years’ worth of tweets from the same account, and when he looked through them, he found boasts of simple hacks and website defacements along with references to “Thunderstruck.” For example, after hacking Dutch computer security response team KPCN-CERT, Zu had tweeted this to alert them:
CERT Nederlands | KPN Blacklist Next time, it will be Thunderstruck. #ACDC #schoolboyriff #hackaday pic.twitter.com/x4SxcJWv
— Thadeus Zu (@deuszu) August 4, 2012
And after breaching the Australian Parliament’s website, he tweeted this:
Parliament of Australia http://t.co/nWEcs5mM Oi!Oi!Oi!…T.N.T Dynamite! Listen to ACDC here.
— Thadeus Zu (@deuszu) August 3, 2012
On the morning of 7/19, about 12 hours before someone calling themselves the Impact Team sent Krebs and other news sites word of the Ashley Madison hacking, Zu tweeted this:
Settle down, amigo. We are setting up a replication server so we can get that show started. pic.twitter.com/J9gbVf7Vie
— Thadeus Zu (@deuszu) July 19, 2015
The screenshot, if you look closely, includes a browser tab opened to AC/DC’s “Thunderstruck” on YouTube.
Thadeus Zu’s identity remains unclear — all of his profile photos are just stock images of male models, and he’s careful to protect himself. But according to Krebs: “Thadeus Zu — whoever and wherever he is in real life — may not have been directly involved in the Ashley Madison hack … But one thing is clear: If Zu wasn’t involved in the hack, he almost certainly knows who was.”
Read Krebs’ full analysis here, and listen to “Thunderstruck” below.