In a post on his blog, Krebs on Security, he focuses on a Twitter user and self-identified hacker, Thadeus Zu (@deuszu) who he believes may at least have ties to Impact team. Krebs first noticed Zu after receiving the link to the manifesto threatening to leak the stolen information. Zu had tweeted the same link after it had been sent to Krebs anonymously before he had run his story, and before any other news source had published the link.
Krebs returned to Zu’s Twitter account after Avid Life announced the bounty, and was able to draw some notable parallels between Zu and the attack. His Twitter mentions a number of hacks and attacks he was involved in, and repeatedly mentions AC/DC songs. When the Ashley Madison employees came into the office on the day of the hack, their computers were playing Thunderstruck, and Zu had posted a screenshot 12 hours before the hack with the same video on Youtube in another tab while tweeting about servers and getting started.
Zu himself is a bit of a mystery, and Krebs points to his odd social media behavior as a reason that it’s hard to tie him to anyone else. Zu tweets hundreds of times every day, and despite responding to, and being part of, conversations on Twitter, he rarely tags other users. Instead, his stream is simply like listening to someone talk on the phone without knowing who they’re talking to or what the other person is saying.
All of this doesn’t mean that Zu was responsible for the attack, or even part of a group working together, but Krebs does say that if Zu isn’t behind the attack, he certainly knows who was.
