CEDAR CITY – Utah authorities are investigating a website allegedly created by a Cedar City resident who published personal information of Southern Utah residents whose names were part of a 2015 website hack.
According to four search warrants unsealed last week in 3rd District Court, a Facebook page and a website called AM Southern Utah “disclosed customers’ names, physical and email addresses for the Southern Utah area,” who had allegedly registered with Ashley Madison.
The warrants stem from a Utah investigation conducted by the State Bureau of Investigations and is part of a larger FBI investigation into the hack. No one has been charged with a crime in either investigation.
According to the warrants and supporting affidavits, the SBI investigator believes there has been a violation of Utah’s Computer Crimes Act, Utah Code 76-6-703. Specifically, the violation “has occurred, ‘without authorization (the suspect) gains…access to and…discloses…computer data…and thereby causes damage to another.’ The damage in this case was to the reputation of the individuals whose information was listed on amsouthernutah.com.”
The AM Southern Utah website reportedly had 20,000 views before it was taken offline and later returned as amsouthernutah2.com, which only enjoyed about half the views of the first one, court documents state.
Ashley Madison is a website created in 2001 for married couples who want extramarital affairs. It was hacked in July 2015 with millions of users having their information leaked online. During that time, the BYU newspaper, The Daily Universe, reported the website contained over 150,000 Utah-based memberships with Salt Lake City the “4th most unfaithful city in America.”
The information on the Utah site and Facebook page, both created in August 2015, allegedly came from data hacked from the Toronto-based Ashley Madison website. Both AM Southern Utah sites and the Facebook page have since been taken down.
Affidavits sworn by SBI Investigator Scott Pugmire in support of the warrants show investigators traced the Southern Utah website to the Cedar City business Initrode Logistics LLC. A search of the state Division of Corporations and Commercial Code records indicates the business has been active since 2013 and is registered to Cedar City resident Henry Hugh Hill. Likewise, the Cedar City address and phone number associated with the business is also the same as the one linked to the amsouthernutah.com domain registration.
The four warrants, signed by Iron County 5th District Judge Keith Barnes in January, were for property and/or evidence at several locations: Squarespace, a New York web-hosting company, Twitter in San Francisco, Microsoft Corporation in Washington, and the UPS Store in Cedar City, where Henry Hill allegedly rented the P.O box associated with the domain.
During an interview with Cedar City News Tuesday, Tommy Hill, Henry Hill’s Brother, confirmed the P.O. box and phone number listed on the domain registration belongs to his younger brother. However, he said, his brother did not create the website.
Arguing his point, Tommy Hill said if the site had been created by his brother, any information linking Henry Hill to it would not be publicly available.
“Why would it (the domain) be set up like that, why would you not go for privacy and try to hide it? It just doesn’t make any sense,” he said. “It’s like somebody did it and they were extremely negligent in doing any of this. Henry has a great skill set, so do I. We would not have made something that is so blatantly obvious to everybody. I mean why would you put your information out there.”
He believes, Tommy Hill said, the site may have been created by one of his enemies who is trying to get back at him through his brother. Henry Hill’s site registration information is publicly available, he said, and would be easy to access by anyone wanting to hurt them.
He found it strange, Tommy Hill said, that the second website’s privacy features were such that the registrant’s personal information was not disclosed.
“Why is the second one hidden and the first one isn’t,” he said. “The first one is a huge, huge breadcrumb and the second one isn’t? I don’t know. There’s just a lot of things that just don’t add up.”
The elder brother said Henry Hill has been contacted by authorities; but since he was not present at that encounter, Tommy Hill said, he could not comment on what transpired.
Tommy Hill spoke to Cedar City News on behalf of Henry Hill, he said, because his brother “is too upset to talk to anyone.”
A Google search by investigators of the email email@example.com listed on the domain registration returns a Twitter user name Henry @feebleweasel. The profile picture shows a man whose face is partially concealed by a baseball cap with the words “blackhat,” according to the affidavits in support of the warrants.
“The term blackhat commonly refers to a computer hacker involved in nefarious activities,” the affidavits state.
In one of the tweet conversations @feebleweasel tags @SquarespaceHelp and comments “just trying to figure out why my entire site,” amsouthernutah.com, “was nuked.”
Tommy Hill did not admit or deny whether the Twitter account or the profile picture associated with that account belong to his brother. He did confirm, however, Henry Hill was a guest speaker for the SaintCon hacking conferences held in October at Weber State University where he goes by the nickname “Blackhat.”
SBI would not answer any questions but the public relations director for the Department of Public Safety, of which SBI is a division, prepared a small statement concerning the warrants.
“Our cyber unit has an investigation in Southern Utah related to the Ashley Madison hack, it is not an investigation looking into the actual website,” Marissa Villaseñor wrote in an email to Cedar City News. “Because it is currently an active investigation we are not able to provide more details at this time.”
Ed. Note: Cedar City News | CedarCityUtah.com is a counterpart to St. George News | StGeorgeNews.com.
Copyright St. George News, SaintGeorgeUtah.com LLC, 2016, all rights reserved.