05 Jul 2012

New Hacking Twist in Arab-Israeli Conflict; Leaked Data Exposes Israeli Cosmeticians, Hairdressers

Hundreds of stolen e-mail addresses and passwords were published on the Anonymous Arab website following a successful hacking attack targeting a yet-unidentified Israeli web site, according to haaretz.com.

"It isn't clear yet which site or forum it is, but going over the list shows that most of the people appearing on it are connected to the fields of cosmetics, hairdressing and alternative therapies", stated Roni Bachar, manager of the cyber-attack department of a major Israeli distributor of electronic components, as quoted by Haaretz. Given the small number of personal data exposed, Bachar also expressed disbelief in the hypothesis that the incident stemmed from a Facebook hack.  However, the leaked data, most probably obtained through sheer brute force, may have been snatched from a forum or another web property requiring e-mail based authentication.

The exposed passwords appeared to be “inspired” from identity card and phone numbers, a supposition confirmed by the quick check run by Haaretz. Oddly enough, some phone numbers were quite old, and actually belonged to the hack victims’ parents, expanding the circle of collateral victims.

Following a series of Arab and Israeli cyber-attacks and counterattacks earlier this year, the Law, Information and Technology Authority of the Israeli Justice Ministry set tougher security standards for Israeli databases.

"In many cases there is no need for the collection of official identification information, and its collection causes a national data security problem. Organizations that do require such sensitive information must responsibly safeguard that information in a way that corresponds with the danger of it being stolen", stated at the time Yoram Hacohen, head of the Authority for Technology and Information Law.