Text size

Two or three hackers are seen responsible for exposing the details of an estimated 15,000 Israeli credit cards on Monday, in what the authorities are calling an "unprecedented criminal action that has nationalist aspects."

On Monday, a message ostensibly posted to a website by a Saudi hacker claimed that the personal information of 400,000 Israelis, including credit card details, had been revealed.

According to Maglan Information Defense Technologies, one of the hackers is from Kuwait and a second is a Saudi national, with a possible third partner from Croatia. The Israeli company said 15,000 credit cards had been affected.

Shai Blitzblau, Maglan founder and managing director, said on Tuesday that the hackers - known as Group-XP - have hacked into websites around the world. These include Islamic ones, which undermines the claim that their primary aim was to damage the Israeli economy.

The first message allegedly from the hackers said, "We decided to give the world a gift for New Year's - the personal information of 400 thousand Israelis." It added: "It will be so fun to see 400,000 Israelis stand in line outside banks and offices of credit card companies to complain that their cards had been stolen. To see banks shred 400,000 cards and reissue them. To see that Israeli cards are not accepted around the world, like the Nigerian cards."

Maglan said most of the security breaches were carried out in the past few days and involved the sale365.co.il and bizmakebiz.co.il sites.

Representatives of both websites stressed that no confidential information had been exposed. Local credit card companies said that all affected customers had been notified, that all the affected cards had been blocked and that cardholders will not be responsible for any transactions billed illegally to their accounts.

The Israeli Law, Information and Technology Authority, a unit of the Justice Ministry whose responsibilities include protecting the personal data of Israeli citizens, has begun investigating the security breaches. The agency's head, Yoram Hacohen, said six investigators and supervisors were assigned to the case. He admitted that it would be very difficult to prosecute the perpetrators, who are apparently foreigners.

"There is a fairly clear unprecedented criminal action that has nationalist aspects," Hacohen said. He noted that the compromised information did not come directly from the credit card issuers, which comply with international data security standards, but rather involved businesses that accept payment through credit cards.

"It appears that someone saved more information than they should have," Hacohen said. "Organizations that manage information must realize that in addition to the cost savings of electronic commerce money must be spent on data security, and those who do not do this pay a much higher price in the end."

For their part, officials in the Israel Police anticorruption division said they were not surprised by the hacking incident. One senior official recalled a recent case in which the computer system of a hotel in the center of the country was tampered with, exposing the credit card details of past guests.

In another case investigated by one police unit, a group of Romanian nationals in Israel used a device costing a few hundred shekels to copy the credit card details of thousands of Israelis.

The group returned to Romania, where they made thousands of fake credit cards using the stolen numbers and credit card blanks. They were apprehended at the airport when they tried to return to Israel to use their homemade credit cards.