Former executives believe that with the information stolen from the insurance company you can know what a person works for, where he lives, what car he has, and who his relatives are.
Licenses and IDs were leaked
Photography:
Reuters
So what does the information stolen from Shirbit mean?
Former senior members of the defense establishment believe that with this information it is possible to know what a person works for, where he lives, what vehicle he has, who his relatives are, and even when and where he is flying.
Dr.
"What we know at the moment is that there is an unidentified hacker group here that is covered by another name, which is probably a cover for a state factor, most likely Iran. And there is the implementation of three levels of cyber attack with lots of consequences. First there is information from the system. All of Shirbit's insured, here it should be said that Shirbit also won the tender of the Accountant General and therefore her organizations and senior people are insured.
"A senior judge and other personalities are already known. Here it is very important to understand what was leaked, whether car insurance or the person's home and property insurance. Because if it is property insurance then it is possible to physically reach that person and harm him, then one will have to think about building a suit. Protection.That is, the intrusion into Shirbit's system, which has a lot of different databases for different bodies, allows for valid physical information about people where they live, their vehicles, information about properties and maybe also about different organizations. Therefore it will be necessary to understand exactly what is taken here ".
"We also need to check whether the insurance company's databases have launched into the databases of the companies and entities it works with and the attackers have infiltrated these entities through Shirbit. In that case the damage is greater and we need to examine these things and see what the state factor took from us here."
"Beyond that, there is another stage here, and that is the shutdown of a system. The Iranians have intensified their shutdown attacks on computers and servers and organizations in the country. We attack them in Syria and perhaps elsewhere, and give them blows that they have no way to respond to." "Attacking Israeli computer infrastructures means that these are not just attacks to take information but attacks aimed at harming Israel as revenge for what is happening in Syria and the assassinations in Iran itself. There is a cyber attack here that the Iranians have not usually succeeded in to date, whose purpose is to tarnish its name."
"The third level of the incident is its publication on the net. This publication means going out. Usually no attack is published, but here it comes to strengthen the consciousness inside Iran. According to foreign publications, we attacked ports and all sorts of factors through cyber, and they do not. "It has been such a success to date and that is why such publicity has a purpose of being proud of success. It is also a desire to make us experience failure and encourage ourselves."
"I think after this attack we need to do a general damage control, find out what was exposed, how it was exposed, who was exposed and then our cyber walls need to be further raised to prevent such a thing in the future, and repair or address any factors that could harm or threaten exposure." .
"Not just an insurance company attacked"
A very senior source in the cyber field states in a conversation with "Israel Today" that it was not by chance that the attack was on insurance companies or banks, and that the information that can be collected constitutes real depth damage.
"First, these hackers who broke out are part of a group that is backed by a very well-known enemy state, or maybe even some such countries. This enemy state tried to attack Shirbit this time and it managed to infiltrate. Now people do not understand, but the defense companies in Israel and around the world "You know where a person lives, what insurance he took out, how many times he insured himself when he went abroad, where he flew to, how long he was at the destination and also about his family members who are insured with him in one agreement or chain."
"For example, if I want to get information about Israeli scientists who work in all kinds of fields, entering their insurance material will bring me pure gold - I will know which conferences they go to, how they travel, what they suffer from, who their relatives are, and that's just a first step. Let's say I put a hand on a hundred thousand insurances, there are insurances of people of several types and sometimes the same person is mentioned elsewhere under another name when it is stated that the name is classified. For example I have insurance as a pensioner from a particular organization in my country. I was told that it is not possible to write on the computer that this group of workers is classified as security. That is, the state hides people who work in a security organization, but below the surface those who dig a little very quickly get information about people who have some insurance, some people have insurance without detailing their work. "Only a connection to a government ministry, let's say the Ministry of Education or the Prime Minister's Office, and that way the hacker can very quickly understand important information about this man."
"In fact, once you have insurance databases, you cross-reference the information with other databases you have, and that's how you build an information suit for a person that no intelligence person can reach on their own. I'm not talking about property insurance or all sorts of places of interest to an enemy state." Somewhere we ourselves have penetrated many repositories and I can tell you that very quickly you discover treasures because a person always makes mistakes, and when you have the software that knows how to scan a huge amount of information, it will discover the mistakes will cross this information and reveal whole worlds to you. ".
"By the way, they did not just attack an insurance company or banks, because they know in advance that insurance companies are weaker in their security. Although it is no secret, you can also enter banks when there is a real desire to do so. Bottom line, Shirbit itself has a weapon in its name. Revealing details, about invasion of privacy. But it's marginal. In depth I can identify 100 people whose type of work is not defined, or who are in my area of interest and then actually accumulate information about them that will expose them and their families on another level. This is how you steal from several sources "And you get to depths that are hard to believe. You actually know everything about the person, family, loved ones, medical issues, vehicles, life routine, jobs, flights abroad, favorite hotels, time spent abroad, favorite countries surgeries and so on." .