An Israeli hacker group leaked on Wednesday morning details of four million people listed in the Palestinian population registry, a move that was in retaliation to the coordinated anti-Israel cyberattack by the Anonymous hacker collective on Tuesday, codenamed #OPIsrael.
- Anti-Israel Cyberattack Launched
- 'Anonymous' Vows 'Electronic Holocaust'
- 'Israeli Army Networks Hacked by Cyber Spies'
The group, Israeli Elite Force, also promised to publish information on hackers who participated in Tuesday's attack.
The Israeli hacker group, who have in the past already revealed information of hackers suspected of participating in previous OPIsrael attacks, has been very active in recent days in what it named #OpIsraeliRetaliate in response to OPIsrael. The group carried out cyber attacks against websites and organizations in the Palestinian Authority, Syria and other countries, along with the publication of details of businesses owned by Israeli Arabs.
The leaking of the population registry is similar in extent to that of the population registry in Israel, which has been published by hackers in the past. An examination conducted by Hacked-DB Security indicates that the database contains information about more than 4 million Palestinian citizens, including the full name, the name of the mother and father and grandfather, in addition to date of birth, ID number and address. The most recent date of birth in the database is March 2008, so it is reasonable to assume that this is not the latest version of the registry.
In addition the group leaked the database of the Palestinian Authority unemployment office containing 38,000 names, which includes information that is even more sensitive, and another database of 700 job holders in the PA, including members of the Palestinian administration and journalists.
Oren Yaakobi of Hacked-DB noted that the information from the database can only be reached by hacking into the PA's Unemployment Office. The hackers did not necessarily break in to a Palestinian database to get the population registry information, however, since Israeli authorities also have a copy of the registry.
According to Yaakobi, if the file really was obtained from the Palestinian Interior Ministry, this is an unprecedented event. "I don't recall such a sensitive break-in ever," he said. "This is a level of cyber war between a country and a country of sorts."
As part of the reaction campaign IEF hackers attacked various websites, headed by that of OPIsrael. But, as with the Palestinian population registry, some of their targets had a very loose connection – if any at all - to the OPIsrael attacks. These included a list of subscribers to what is apparently a Syrian news site, data from a vehicle company and other sites. In another instance they attacked a PA professional training site supported by USAID, MercyCorps, and Save the Children, and wrote: "This is a website for teaching and training terror organizations in Gaza."
One of the more extreme examples was that the group hacked websites and published information about businesses belonging to Israeli citizens in the Arab towns of Taibe and Baka al-Garbiyeh.
Jonathan Klinger, an attorney who deals extensively with technology issues, sees the activity of the Israeli hackers, which was praised in the media, as very problematic. Klinger said the information leak could end up endangering Israelis.
"In legal terms, the leaks constitute a blow to privacy, just like a leak of information about citizens. That's particularly problematic when we're talking about a file managed by an Israeli authority," he said.
Klinger also noted that "there are quite a few things that criminals can do with the Palestinian registry, and there is considerable security risk for Israeli citizens as well." For example, he says, a terrorist can use the information in the registry to impersonate a Palestinian citizen without relatives who have a history with Israeli security forces in order to avoid being flagged.