"You Should Worry": The Danger Behind the Leak of the Paybox Database and the Notepad
In recent weeks, the Paybox database has been partially leaked, as has the voter notebook that leaked in full through the Likud party's Elector app. Together, it's a destructive combination. Lotem Finkelstein, Head of Cyber Intelligence at Check Point, writes about the huge potential damage
"You Should Worry": The Danger Behind the Leak of the Paybox Database and the Notepad
Video Editing: Nir ChenIn the video: Mikey Levy on scams at Wetsap
Great potential damage. (Photo: PR)
paybox (photo: screenshot, screenshot)
People in the world of information security report daily cases around the world where information comes into the wrong hands and creates harm. Funds that fail to reach their destination, important information that falls into the wrong hands and becomes encrypted, machines that are paralyzed and dysfunctional - all these and others are examples of the damage this new cyber warfare field is causing everywhere.
The common perception is that cyber criminals - hackers - are forced to exert great efforts, and often have great resources to obtain the information they need to make a successful attack. Each individual identifies such as a full name, residence address, e-mail address, ID, date of birth, recent credit card digits and more - taking the attacker one step further in reaching the destination. If you think for a moment, you'll understand very quickly why. Many of us choose passwords based on one of these identifying details. Most of the digital services we use are personally identifiable through them. Today, in the connected world we live in, this information is the key to entering our lives.
More in Walla! NEWS More in Walla! NEWS"Bibi and bribery trio, fraud and breach of trust": The network responds to "Bibi and the trumpets" video
To the full articleTherefore, the fact that such sensitive databases, such as Paybox on the one hand and the electoral register that was in Elector on the other hand, leak to the web and reach hands that should not be held - should be of utmost concern to us. This is not just an annoying negligence - it is a real risk that is imposed on a huge proportion of the citizens of the country for their wrongdoing. Let's try to illustrate this in everyday terms. When we call an important service provider such as a bank, credit card company, cellular company or even some government service, we are asked to be identified by identifying details.
More in Walla! NEWS
Watch out! A new fraud has been found exploiting the Corona virus starting at NIS 3,499: Samsung launches Galaxy S20 series Have you seen the pictures of the Corona virus in Israel? Here is the real story behind which research has revealed that 3.5 million Israelis are eligible for Portuguese citizenship and European passport promoted contentFull name, father or mother name, last four digits on credit card, residential address and more. The reason this data is used to identify us is because it is information that should not be present in others and difficult to change. Except, that's exactly the kind of information that has been in the lists that have leaked to the network in recent weeks. Crossing these lists - a very simple technical matter nowadays - achieves a long and impressive list of identifying details about each and every one of these people. In professional terms - digital identity.
Leaking "Elector" and "FiBox" repositories should worry us all. (Photo: Reuben Castro)
The eighth candle of Likud activists' Hanukkah candle with Prime Minister Netanyahu and his wife, Dan Panorama Tel Aviv, December 29, 2019 (Photo: Reuven Castro)
Assuming that these databases fall into the wrong hands, the scope of the damage that can be created is an outgrowth of the type of attacker who obtains the information. If it's a cyber criminal looking for money - he can use one of these details to call you service providers, identify with the information in his hands from these lists, and place on your behalf - at your expense - various orders or make money transfers to unknown sources. A state or state player can use the information to map important people's residential addresses or use the identifying information to conduct a targeted attack on a person using their own ID (which naturally increases trust in the person's receiving and increases the likelihood that they will act according to what they ask for From it). The range of possibilities that opens up here is really huge, and it's really not theoretical.
The steps that every user should take
You need to look at your accounts and see if there are any charges you don't know. As mentioned, chances are that once personal information such as the last four digits of the credit card has leaked. It is useful to exchange passwords based on information that existed in these lists - thus reducing the risk of negative factors knowing your passwords. We recommend that you change the identification questions you use to identify you with no leaked information and use wherever possible 2-step verification on the services that matter to you. In case one of these descriptions happened to you - it is important to update the police (hotline 100) or the National Cyber Array (hotline 119) what happened so that they can check if the information from these databases is used and warn the public accordingly. So much information leakage is "one too many", and when it comes to two, you can't be too careful.
The writer is Lotem Finkelstein, head of cyber intelligence at Check Point.
