Hackers Who Hit Leading Israeli Insurance Firm Trying to Sell Details Online

Experts have said that the hackers’ reluctance to negotiate for the data’s release indicated that the attack could have been the work of a group with ideological and anti-Israel motives

Omer Benjakob
Omer Benjakob
Send in e-mailSend in e-mail
A defensive cyber course trains in Israel
A defensive cyber course trains in IsraelCredit: Alon Ron
Omer Benjakob
Omer Benjakob

The hackers behind the cyberattack on Israeli insurance company Shirbit are trying to capitalize on the information they stole by selling personal details of Israelis online.

In early December, Shirbit, a mid-sized insurance company that provides policies for Israeli companies and government offices, was targeted by a group called Black Shadow. The attack came to light over a number of weeks and roused concern in Israel, considered a world leader in cyber defense.

Why Bibi could play ball with Biden over Iran. Listen to Alon Pinkas

The hackers managed to breach Shirbit’s computer network and steal large amounts of data from the company’s servers. They got their hands on employee pay slips, claims filed by customers – including insurance appraisers’ reports and hospital records, for example – as well as a large number of customer I.D. documents.

The hackers demanded money from the company, but despite the attack's seemingly financial motivations, cybersecurity experts who spoke to Haaretz said at the time that a state actor – or at least ideologically motivated “hacktivists” – could actually have been behind it.

At the time, the experts said that the hackers’ reluctance to actually negotiate for the data’s release indicated that their goals were not strictly financial. It seemed, the experts said, that the attack could have been the work of a hacking group with ideological and anti-Israel motives. When the hackers discovered that they had hit the jackpot in the form of an insurance company, they may have launched what seemed to be a classic ransom attack as a diversion tactic.

Over the weekend, Black Shadow, which some experts have even said was a front for government actors, published the stolen data on a site called RaidForums, which allows hackers to post and trade their loot.

Ido Naor, a cybersecurity expert who leads Security Joes, which found the data on RaidForums, told Haaretz that they followed the hackers from the outset of the attack, including their attempts to get a ransom for the data they stole.

However, he says, “according to what we’ve seen and what we know, the attackers were never actually interested in getting a ransom payout, but rather wanted to leak information for propaganda and public relation purposes.”

In other words, the hacktivists – or ideologically motivated hackers – only wanted to “humiliate” Shirbit and perhaps even Israel as a so-called cyber-powerhouse. The data for sale, according to the post on the website, includes I.D. cards, medical documents, insurance policies and car licenses and registrations. According to past reports, this trove may also include the personal information of senior Israeli officials like judges, whose state-owned vehicles are insured by the company.

Naor explains that while the forum is a "clearing house for hackers," the low price they set for 50 gigabytes of personal information – about $1,000 in Bitcoin – "shows that there is no real value in the information. Moreover, they are not even promising exclusivity and this data may be already available online, significantly lowering its value even more.”

“The Shirbit event is behind them and the company is now focused on fixing the underlying problem and protecting its clients,” Naor says. Although Israelis may feel newly exposed by the sale of the data, Naor explains that some of this information has been available for some time via the hacking group's Telegram channel while Black Shadow was trying to gain leverage in negotiations during the initial attack. This means the sale itself is an attempt to rub salt in the wounds and tarnish both the insurance company and Israel.

Click the alert icon to follow topics:

Comments

SUBSCRIBERS JOIN THE CONVERSATION FASTER

Automatic approval of subscriber comments.
From $1 for the first month

Already signed up? LOG IN

ICYMI

Charles Lindbergh addressing an America First Committee rally on October 3, 1941.

Ken Burns’ Brilliant ‘The U.S. and the Holocaust’ Has Only One Problem

The projected rise in sea level on a beach in Haifa over the next 30 years.

Facing Rapid Rise in Sea Levels, Israel Could Lose Large Parts of Its Coastline by 2050

Prime Minister Yair Lapid, this month.

Lapid to Haaretz: ‘I Have Learned to Respect the Left’

“Dubi,” whose full name is secret in keeping with instructions from the Mossad.

The Mossad’s Fateful 48 Hours Before the Yom Kippur War

Tal Dilian.

As Israel Reins in Its Cyberarms Industry, an Ex-intel Officer Is Building a New Empire

Queen Elizabeth II, King Charles III and a British synagogue.

How the Queen’s Death Changes British Jewry’s Most Distinctive Prayer