Suspected Iranian Hack Strikes Israeli LGBT Site; users fear the leak of personal information
An LGBT-focused Israeli dating service was one of many websites targeted by a hack on an internet hosting company, worrying users about a potential data breach that could expose those still in the closet.
“Atraf,” a location-based dating service as well as a nightlife index, is a popular app and website in the Israeli LGBT community, especially in the Tel Aviv area.
Hackers, apparently linked to Iran, said on Friday they entered the servers of Israeli internet hosting company Cyberserve, bringing down a number of widely used websites.
The Black Shadow group, which the Hebrew-language media reported was Iranian, warned the Israeli company that it was in possession of data that could be leaked. The group has not confirmed being backed by Tehran.
“Hello again! We have news for you,” the hackers wrote in a social media post Friday night. “You probably couldn’t log into many websites today. Company ‘Cyberserve’ and its customers [were] struck by us. You may ask what about the data? As always, we have a lot of them. If you do not want your data to be disclosed by us, contact us promptly.
It was not clear what data the hacker group would disclose, but with the sensitive personal information on Atraf, users who did not exit were concerned their names would be leaked, according to Hebrew media reports.
“I’m shaking with fear,” an anonymous user of the app told the Ynet news site. “I’m a gay man in the closet, I use the app a lot and have personal photos in there… I don’t know what to do or who to turn to. ”
The Aguda Association for LGBT Equality in Israel on Saturday called on the National Directorate of Cyber Security to “act urgently to prevent data leaks”, adding that such disclosure of such personal information is “a danger to [the users’] Mental Health.”
Management said on Saturday it had warned Cyberserve several times over the past year that the internet hosting company was vulnerable to such attacks. The National Cyber Security Directorate also advised Israelis whose personal data was included to change their passwords, enable two-factor authentication, and stay alert for suspicious emails and messages.
Black Shadow stole a vast mine of information from Israeli insurance company Shirbit last year, then sold it on the dark web when the company refused to pay a ransom.
Cyberserve customers include public transport companies Dan and Kavim, the Children’s Museum of Holon, travel company Pegasus and the blog of the public broadcaster Kan.
The websites of a number of Cyberserve customers were down on Saturday afternoon.
Last year, Black Shadow attacked insurance company Shirbit and opened ransom negotiations, but the company said it would not pay, which led to the dark web selling of stolen information. to the firm.
Many of Shirbit’s clients are from the public sector, and the images of private documents released included the vehicle registration and credit card details of an employee of the President’s Residence, as well as personal correspondence and a certificate of marriage, as well as the president’s personal details. of the Tel Aviv District Court.
Anonymous Israeli officials told Channel 12 at the time of the attack that they believed a state was behind the Black Shadow attack. However, they did not name the country.
Israel and Iran have been engaged in a shadow war for years, with Israel reportedly directing most of its efforts – including multiple alleged cyberattacks – to sabotage the Islamic Republic’s nuclear program.
This week, an unprecedented cyberattack destroyed Iran’s subsidized fuel distribution system.
Abolhassan Firoozabadi, a senior official at Iran’s Supreme Cyberspace Council, told state broadcaster IRIB that the attack was apparently carried out by a foreign country, although it is too early to name any suspects. He also linked the attack to another that targeted Iran’s rail system in July.
The next day, an Iranian official tweeted in Hebrew that “the enemy’s goal” of fomenting unrest through gas shortages had been thwarted.
Numerous suspected Iranian cyber attacks against Israel have been reported in recent years, including one targeting its water infrastructure in 2020.
Microsoft said this month that Iran has quadrupled its hacks against Israel in the past year.
“Microsoft has detected an increased concentration of a growing number of Iranian groups targeting Israeli entities … and with that concentration has come a series of ransomware attacks,” the company’s annual digital defense report said.
Google has also warned of an increase in the number of state-backed hackers, with a report focusing on “notable campaigns” by a group linked to the Iranian Revolutionary Guard Corps.