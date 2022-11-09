Three text messages were sent from the same Israeli phone number within a few weeks. One called for keeping kosher and respecting the Sabbath. Another offered various drugs for erectile dysfunction. The third message reminded the recipient that he or she can purchase cannabis and have it delivered to their home “anywhere in the country.”

At first glance, these messages seem to be completely unrelated. But they are, in fact, part of a wave of spam messages sweeping Israel, the result of a black market few knows exist. Text messages offering medical marijuana “delivered to your door” have become almost as common as robocalls and texts sent from political parties before election day.

An examination by Haaretz has revealed that these text messages offering illegal drugs via messaging platforms like Telegram are linked to another illicit market – the black market for personal data.

The “Telegrass,” as it’s become known in Israel, was launched back in 2017 as a relatively secure platform for dealing and buying marijuana. A number of groups that operated under the Telegrass brand name over the Telegram app turned the instant-messaging service into a marketplace for sellers and potential buyers anonymously.

Over the years, “Telegrass” became a generic name for hundreds of groups and drug-dealer accounts of all sorts who sell their merchandise in digital stores on Telegram with the help of chatbots – a software application used to conduct an on-line chat conversations or sales. Today, there’s no drug you can’t buy through these groups.

Side-by-side with these drug-trading groups, another black market has arisen trading in merchandise as valuable as gold – data, which has become the most valuable commodity in the world.

The data market is a massive one. Financial information for example is sold but corporations such as Reuters and Bloomberg, ship registries like Lloyds, consumer information providers like Acxiom and Nielsen, and more. However, at the very bottom of this giant market, in the dark corners of the internet, there is a “the Telegrass of data,” groups where you can buy various kinds of data, illegally and in bulk.

Its product list includes telephone numbers and government identification numbers, Facebook account information and parsed Excel files broken down by area, population and national origin. As well as raw and processed data, you can buy business leads, mass messages, likes, clicks, sponsored ads and promoted content, bots and even a service to eliminate competitors’ Instagram accounts.

Data for free

The lowest and cheapest level of this data market revolves around open or wellknown data sets.

Groups offer this service for free and it allows users to send queries to search what experts in the field call OSINT (open source intelligence) sources. Through an automatic interface reminiscent of Telegrass’ automatic menus for buying cannabis, a bot in these kinds of groups enabled the user to search stolen databases and hacks illegally leaked online. Access to these databases were once limited to hackers and people with technical backgrounds. But today with just a click on Telegram, anyone can type in a search string, and get a result back instantly.

So, for example, you can browse the Elector application database – which was leaked from the Likud and Yisrael Beiteinu in 2020 and included sensitive personal information on close to a million Israelis, including identity and telephone number, as well as their political affinities. Another option is to search a database of Israeli Facebook accounts that was leaked illegally in 2018 or the Israeli population registry, which was leaked years ago.

A sample check by Haaretz found the personal details of two high-level Israeli figures in the fields of national security and law, including their ID numbers, their parents’ and childrens’ names, and their complete addresses.

“OSINT databases are used mainly by private investigators, check cashers, lawyers and also journalists,” explains an expert on legal and illegal data markets. “They have the addresses and phone numbers of the majority of Israelis. On the face of it, it’s sensitive information, but it leaked out years ago.”

But cybersecurity and privacy experts say the information can also help criminals to engage in fraud and identity theft.

‘Numbers of Russians’

One level above this are groups that trade in more segmented and parsed databases.

“Welcome. Here you can get a wide range of databases under the following categories: Name, telephone number, address, identity number, family status, credit card affiliation, ethnic affiliation and any other kind of categorization,” explains one such group. The group also verifies messengers for Telegram traders, but its main activity is in the field of database trading.

“Does anyone have data on [people] age 40+ from all over the country?” asks one user in the group. “I want to trade. I have data on young people.”

“How much do you need?” answers one of the dealers, meaning how much data (measured in gigabytes) does he want to buy.

Most of the data on sale has been hacked or leaked from legal databases. In one of the groups, one of the lists on sale is data identifying 30,000 Israelis that was leaked from a local radio station’s website, a list of phone numbers that was leaked from a medical Institute and a complete database that was stolen from the gay dating site Atraf – including the details of 13,000 Israelis who had canceled their accounts. The information includes their full names, emails, telephone numbers, a list of their sexual preferences and even personal messages they sent through the service. A random check showed that the phone numbers remained active and still belonged to the person the database links them to.

“Anyone who needs a database of students should contact me privately. Telephone numbers, broken down by city, were leaked from 2021,” offers one dealer.

Sometimes the same database will be sold to several people and sometimes on an exclusive basis. In the same chat, the student database was offered for sale to four different customers, for 1,800 shekels each– while a second dealer intervened in the conversation and offered it exclusively for 2,000 shekels. “These are quality numbers of the highest degree,” he promised.

Open gallery view Anything from full names to ID numbers is available through the black market.

Others are looking for email addresses: “Interested in buying an email database of donors to nonprofits” or “the emails of Israeli Facebook users.” In response, the buyers received an offer for one million Israeli Facebook users. Others are looking for more precise data, for example “information on Russian speakers in the north” or “[phone] numbers of Russians.”

Like Telegrass of yesteryear, these groups of buyers and sellers need to undergo a verification process – by sending a picture of themselves next to their ID card to the group’s administrator. These are saved inside the system. In the event a deal goes bad, the details of the seller or buyer are displayed on a “wall of shame” in order to warn others off from doing business with him or her.

These groups are mostly intended for wholesalers, not for one-off personal consumption: The customers for the most part work in advertising and are looking for data on target groups for their clients – for instance, for a foreign currency or cryptocurrency trading platforms.

There are also private customers who want to increase the number of followers they have online. As a result, you can find in these groups dealers in ancillary products such as likes, clicks and bots. One dealer offered targeted elimination services against competing businesses or influencers’ Instagram accounts (probably by using bots to mass report the account as “offensive content”).

Data merchants in these groups are mostly hackers who know how to break in and steal from databases like these. Others are heavy users who are knowledgeable about scouring the dark corners of the internet and can obtain data that had already been stolen and released, for instance, as part of a ransom-ware attack that went bad (the wave of cyberattacks on Israeli companies last year gave new life to the black market for local data).

There are also casual suppliers who by chance got ahold of data worth money, for instance the mailing list of a local synagogue to inform members of Shabbat times.

These groups are not only about databases for sale: Inside these groups you can find people selling hacking services who will steal information to order.

‘Negative campaign - 60 cents a pop’

Political databases are also sold in these groups, shedding a little light on the ways parties collect up-to-date information before election time. “Election special: Data on all Likud voters, including telephone numbers and complete addresses,” wrote a dealer on one of these groups following the party’s primary several months ago.

“I work with the party and am looking for numbers,” responded a potential customer.

For the most part, the buyers are people providing promotional services for companies or parties that don’t know how to purchase information for themselves. “It’s not the parties themselves doing it but those who supply services like telephone marketing and campaign management,” explains one source who knows the market well. The price for the information, like in any market, varies according to supply and demand. The price for telephone numbers, for example, went up as Election Day grew near.

While the law allows a person to demand that a business or organization that approaches him or her to reveal where it got the information, experts told Haaretz that there’s no way of verifying who is really behind an election-campaign text that reaches your phone.

An offering price obtained by Haaretz from a provider of party campaign messages sheds light into how the market operates and how suppliers ensure they remain anonymous even to their customers – the ones who are circulating the messages.

“Our services advantages: ‘The ability to conduct surveys and export them to Excel’ and ‘waging a negative campaign – without anyone being able to identify the sender.’ The price: A million messages at a cost of a few agorot per message (without a charge for numbers no longer in use) and afterwards 90 agorot for each additional message.”

In order to provide this service, the seller deals in black market databases, obtaining phone numbers of potential voters for its clients.

“It’s an insanity that reaches its peak on Election Day,” explains one source who is active in the black market for data. “Usually, people worry about sending messages over and over because of the spam law, but political parties are exempt from it. And because no sanctions are imposed on the parties their suppliers buy data illegally and likewise use it in violation of the law.”

