technology
Privacy and security
Hacker claims: I obtained information about 7 million Israelis
A hacker identified as SANGKANCIL began leaking information from Israeli citizens in the Telegram group - and claims: I broke into the CITY4U website - which is used by municipalities to collect payments.
all the details
Tags
hackers
Yinon Ben Shoshan
Tuesday, 07 September 2021, 15:30 Updated: 16:09
Share on Facebook
Share on WhatsApp
Share on general
Share on general
Share on Twitter
Share on Email
0 comments
(Photo: Screenshot, Walla system!)
An anonymous hacker named SANGKANCIL, who apparently originated in Malaysia, claims that he managed to break into the website of the local authorities CITY4U - which is used by municipalities for various payments - and steal data from about 7 million Israeli citizens.
The information in the possession of the cyber criminal began to leak in the Telegram group - along with a threat to publish entire databases later.
Among the documents published by the hacker are ID photos, driver's licenses, receipts, property tax bills, water bills and phone numbers - in a method similar to the attack on the insurance company Shirbit last December.
In addition, the attacker offers the database for sale, but has not yet specified what the asking price is.
More on Walla!
Simple, effective, successful: the right way to do an urban renewal project
To the full article
Hacker claims: I managed to steal data from about 7 million Israeli citizens (Photo: ShutterStock)
"It's too early to analyze exactly how the attack was carried out and in truth, it does not change or advance us anywhere," says Einat Miron, an expert in assessing and dealing with cyber attacks in the business aspects in a conversation with Walla! technology. "What does matter to those people ID photo was published for many it is the fact that their right to privacy was violated and hurt and if this is not new information, it is totally irrelevant. They were injured and must not accept it with equanimity,"
"When I'm working with organizations in the assessments dealing with Realizing such a risk I ask why they keep the ID photos and do not look for another process that will be a little more complex to exploit and realize it.
According to Meron, companies need to identify their customers and ID photography is definitely an effective way: "There is no real reason to keep these photos, as simple image files when you can think a little more creatively and put approval and identification processes in sequence, Stiffer permissions, implement encryption and more. "
"The approach vector or the identity of the attacker is less important, more essential to understand that the risk of realizing the cyber attack is first and foremost in the organizational processes and although there is a body in the country trusting to prevent such incidents with binding standards from May 2018, this body abandons us time and time again. Our information is news for tomorrow. "
Share on Facebook
Share on WhatsApp
Share on general
Share on general
Share on Twitter
Share on Email
0 comments
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/FNGPJSHXQZC2BCMQTEUWCUOKDY.jpg)
