Hackers Who Hit Leading Israeli Insurance Firm Trying to Sell Details Online

Experts have said that the hackers’ reluctance to negotiate for the data’s release indicated that the attack could have been the work of a group with ideological and anti-Israel motives

Omer Benjakob
Omer Benjakob
Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
A defensive cyber course trains in Israel
A defensive cyber course trains in IsraelCredit: Alon Ron
Omer Benjakob
Omer Benjakob

The hackers behind the cyberattack on Israeli insurance company Shirbit are trying to capitalize on the information they stole by selling personal details of Israelis online.   

In early December, Shirbit, a mid-sized insurance company that provides policies for Israeli companies and government offices, was targeted by a group called Black Shadow. The attack came to light over a number of weeks and roused concern in Israel, considered a world leader in cyber defense. 

Why Bibi could play ball with Biden over Iran. Listen to Alon Pinkas

-- : --

The hackers managed to breach Shirbit’s computer network and steal large amounts of data from the company’s servers. They got their hands on employee pay slips, claims filed by customers – including insurance appraisers’ reports and hospital records, for example – as well as a large number of customer I.D. documents.

The hackers demanded money from the company, but despite the attack's seemingly financial motivations, cybersecurity experts who spoke to Haaretz said at the time that a state actor – or at least ideologically motivated “hacktivists” – could actually have been behind it. 

At the time, the experts said that the hackers’ reluctance to actually negotiate for the data’s release indicated that their goals were not strictly financial. It seemed, the experts said, that the attack could have been the work of a hacking group with ideological and anti-Israel motives. When the hackers discovered that they had hit the jackpot in the form of an insurance company, they may have launched what seemed to be a classic ransom attack as a diversion tactic. 

Over the weekend, Black Shadow, which some experts have even said was a front for government actors, published the stolen data on a site called RaidForums, which allows hackers to post and trade their loot. 

Ido Naor, a cybersecurity expert who leads Security Joes, which found the data on RaidForums, told Haaretz that they followed the hackers from the outset of the attack, including their attempts to get a ransom for the data they stole.

However, he says, “according to what we’ve seen and what we know, the attackers were never actually interested in getting a ransom payout, but rather wanted to leak information for propaganda and public relation purposes.” 

In other words, the hacktivists – or ideologically motivated hackers – only wanted to “humiliate” Shirbit and perhaps even Israel as a so-called cyber-powerhouse. The data for sale, according to the post on the website, includes I.D. cards, medical documents, insurance policies and car licenses and registrations. According to past reports, this trove may also include the personal information of senior Israeli officials like judges, whose state-owned vehicles are insured by the company. 

Naor explains that while the forum is a "clearing house for hackers," the low price they set for 50 gigabytes of personal information – about $1,000 in Bitcoin – "shows that there is no real value in the information. Moreover, they are not even promising exclusivity and this data may be already available online, significantly lowering its value even more.”

“The Shirbit event is behind them and the company is now focused on fixing the underlying problem and protecting its clients,” Naor says. Although Israelis may feel newly exposed by the sale of the data, Naor explains that some of this information has been available for some time via the hacking group's Telegram channel while Black Shadow was trying to gain leverage in negotiations during the initial attack. This means the sale itself is an attempt to rub salt in the wounds and tarnish both the insurance company and Israel.

Click the alert icon to follow topics: