A source in the insurance market said that the company still does not know what is the motive for breaking into its servers.
The Shirbit company building, in Netanya, last week
Almost a week after hackers broke into Shirbit's website and servers, an insurance market source told Israel Today that the insurance company is still negotiating with the burglars, and that its senior officials are trying to understand the purpose of the attack - the desire for money or the desire to create panic in the Israeli market.
According to the source, the fact that the hackers did not publish everything offered to them by the company indicates that they are not necessarily interested in the money.
"On the face of it, there seems to be a factor here for a different purpose: it could be an employee who wants revenge, a business competitor who wants to harm a company or a foreign country that wants to wreak havoc in the country," the source told Israel Today.
"It is not possible now to find out what and who it is, it is too early for everything, but the feeling is that the other side does not want money."
"The company has been active in Israel for 20 years, and as far as the Supervisor of Insurance in Israel is concerned, it is stable and in good financial condition - its capital stands at NIS 324 million with a surplus of 188 million, and it also passed the supervision last year," the source added.
He noted that this is an important figure, because that way the company's customers can be calm that it is a company that is going through a crisis when its situation is stable.
It also became clear to the source that the crisis began last Monday, a day before the announcement of the break-in to the company.
He noted that Shirbit officials who conducted the negotiations found out very quickly that the fact that these are not routine negotiations, during which secret payment methods are usually presented and the matter comes to an end very quickly, indicates that there may not be a breakthrough due to economic demand. Elsewhere in Israel, she paid eight figures for a cyber attack, so that anyone who wants money knows how to do it.
It is a bright red light that the purpose here is different, "the source said.
When asked about the rumors that Iran is behind the attack, the source in the insurance market jokingly replies that "the one who broke everything, to track him down now is a real port of call. So to say at the moment that Iran is responsible for this, or to say at all that it is possible, is not serious. "Those who know what is happening and how long it takes to conduct such an investigation, know that no possibility can be ruled out at the moment."
Beyond monitoring the break-in, Shirbit involved the National Cyber Authority and the GSS, and also filed a complaint with the police. At the same time, various analysts began examining the documents released so far. Since this is a company that mainly insures vehicles, most exposures should focus on this area. Analysts noted that "so far 2,000 documents have been published in three 'waves', mainly copies given to the customer at the end of the year on the condition of his car insurance, for example whether he is a careful driver or not.
However, there were also 100 photos of IDs and three credit cards, one of which was active.
In this area, we can mention that already today, the national cyber system asked anyone whose ID card was exposed to come and replace it. "In addition, analysts also estimate that Shirbit has already contacted all customers whose information was leaked and that it treated a customer whose active credit card was exposed.
Sources in the field believe that the reason why the insurance company is delaying publicizing what happened in an attempt to interrupt the storm is in progress, is because the investigation is still in progress.
"A week's cyber investigation is really a small investigation, there is a lot of work to do here so the company probably does not publish anything. However, all its activities, except the operation of the site, are already on the air. I estimate that the site will return in the coming days," says the same source.
Sources also estimate that the company is not yet publishing the event itself to keep to itself the possibility of creating a dialogue with the hackers and to estimate the damage done to them to the end.
An industry source said, referring to the fact that "it seems to me that they want to know by the end what was stolen from them. It is already clear that the credit cards were not stolen for the most part. So in this situation, the company just does not want to tell hackers what it knows and what not. The public, "he said.
"Once it is made public, if Sharbit offers money, then the whole world will offer money in such future cases and it will cause several times greater damage."
But the public is frightened as well.
"It's true that the company is not talking, but it seems to want to fully understand all the details of the hack. In terms of cyber intrusion, the investigation is just beginning. Sometimes what seems to the public to be silence is actually a decision to minimize damage."
The source concluded by saying that although there were allegations of poor activity in the company's cyber security, everything was controlled in terms of Sharbit.
"Everything is checked all the time, an investigation will be conducted here as well. To say that there was negligence is wrong and serious."