Craig Lebrau
Craig Lebrau

Israelis personal information threatened by hacker group

The rise of technology means that increasingly valuable information is being stored on the internet. Social media and databases from companies are vulnerable to hackers and are constantly getting threats or hackers trying to get through their security system in order to steal personal information from their patrons and clients. 

One of the biggest problems faced with stolen information is that people would use the stolen information to create fake ids and steal someone else’s identity in order to do it. Modern technology like holograms can prevent these IDs from being valid but even these technology is being replicated by fake ID makers, which renders it almost useless but the silver lining is that the technology being used by the authorities is still too advanced to replicate perfectly. 

Early in September, CITY4U was allegedly hacked. Open to 12 cities in Israel, the platform is used by millions to process payments including property taxes, fines, utility bills, etcetera. According to official sources, if these claims are true, “the hack would be one of the most severe breaches of privacy in Israel’s history.”

The hacker called himself Sangkancil which is reminiscent of a children’s story popular in Indonesia and Malaysia, about a cunning mouse deer which escapes and thwarts enemies which are several times larger than itself, alluding to the fact that he is several times stronger than his adversaries. However, due to the popularity of the fable in the South Eastern countries, many people suspect that the hacker is from either one of the two countries where the story is popular in, which may not be the wisest move. Following that, his Telegram account strongly suggests that he is from Malaysia. It could be argued that the attacker only did that to serve a higher purpose such as to throw the scent off him since the devil is in the details and by projecting his presence into a different country, the authorities may not bother to seek him out within Israel itself.

Sangkancil leaked several images onto social networks with the details blurred as evidence that he has successfully acquired these information. He also went on a Telegram channel to announce that he possesses a database of information stolen from a number of local authorities in Israel have. The database that he is attempting to sell includes real estate documents of more than 90 percent of all Israelis which amounts to seven million records with attached documents, detailing their identity and property which constitutes as vulnerable information if leaked.

However, according to current investigations by the National Cyber Directorate, the information which was stolen was highly likely to be outdated information, which doesn’t invoke a panic, especially since the latest statement released to be public ensured that the hacker oversold his achievements, and that, “The new automation company is investigating allegations of leaking information from the City4U system since it was first published on the eve of the holiday, and is in constant contact with the national cyber system. In tests conducted so far, no intrusion into the system has been detected. City4U holds data of a few hundred thousand Israelis at most, and not in the order of magnitude mentioned by the attacker in his announcement.”

They go on to further clarify, “The new automation invests a lot of resources in information security and is certified to the information security standard ISO 27001. The company regularly conducts risk surveys and intrusion tests, and conducts regular inspections of the intrusion of its systems into cyber hacks. We continue to investigate the incident and update as we have new findings.”

It has been more than a month without updates from either party, which means that they have likely called his bluff and moved on. On the other hand, most likely having nothing to force the hand of Israeli authorities, the hacker has not been able to follow up on his surprises, which was what he called his first announcement which was posted prior to Rosh Hashanah, the Jewish new year. If he was trying to continue the trend of revealing information prior to high holy days, he has missed his chance as the second holy event took place in the middle of September.

As there hasn’t been anymore leaks and sweeps on the dark web have confirmed that there hasn’t been any dealings with anyone called Sangkancil for the alleged information that he has on millions of Israelis. It is very likely that the attacker is in fact, a conmen, who is privy to certain information such as how the Israeli database looks like from the backend, and is attempting to make a quick return from naive buyers on the digital black market. In the digital world where everything is possible, thieves will not hesitate to strike at every opportunity.

About the Author
Craig Lebrau is the Director of Cato Media. A former programmer, Craig is interested in Israel's startup ecosystem and aims to share his insights learnt from expanding to and managing business in Israel.
Related Topics
Related Posts