A group of hackers purportedly linked to Iran said on Monday that they had succeeded in hacking into the system used to transfer money between Israeli banks and through it entered into people’s personal accounts. However, Israel’s National Cyber Directorate and the Bank of Israel, which operates the network, said they found no indication of any kind of hacking into any banking network.
“Several hours ago, a video was released that alleged to show that Israeli banks had been penetrated,” the directorate and the central bank said in a statement. “The issue was examined by the cyber directorate, the Bank of Israel and the banks themselves and as of now there have been no indications any banking system was compromised.”
The video, which was uploaded by the group “Hackers of Savior,” claims to show them having access to the central bank’s Zahav system, a wire system for securely transferring money between commercial banks in real time. Launched 15 years ago, the system enables money to go between bank accounts quickly enough that it becomes available almost immediately.
The system has access to everyone who has an account at any Israeli bank. Nevertheless, it isn’t usually used by private customers, among other reasons because the fees for using it are high. The Bank of Israel says Zahav is used primarily for important transactions, for example, those involving large amounts of money, for transactions involving the sale of assets, like a house or car, or transactions where there is doubt the payer’s ability to meet his financial obligations.
“Hackers of Savior” began its activities about two years ago in the framework of #OPJerusalem, a campaign marking “Iranian Jerusalem Day” (“International Al-Quds Day”) at the end of Ramadan. This week, Israel’s cyber authority had warned that it expected there would be hacker attacks this year as part of #OPJerusalem.
“Hackers of Savior”’s first attack occurred in April 2020 with a relatively unsophisticated distributed denial-of-service (DDoS) attack. Last January, the group took responsibility for an attack on the Israeli logistics company Gold Bond. The hack led to a brief interruption in the company’s systems used for storing container cargo and freight terminals adjacent to Israeli ports.
In the video that the group uploaded on Monday, it appears that the hackers succeeded in remotely connecting the IP address system, which an examination by Haaretz shows belongs to the government of Israel (e-government operations) and is connected to the Bank of Israel. Then, they show what appears to be a server with databases of all the banks in Israel, including those containing information on bank accounts and credit cards.
- Spy vs. Spy, Drone vs. Cyberattack: Israel and Iran’s War Is Raging
- After Mossad Chief Hack, Iranian Hackers Taunt Israel
- Israeli Government Sites Crash in Cyberattack
Later, the video shows the hackers entering three online bank accounts, one of them at Bank Leumi and two others at First International Bank of Israel. At the end, the hacker explains how they used the funds to make a donation to a Palestinian charity using the credit card of the last account holder.
The dates on the account indicate that the video was filmed in the past month over several days at least. The first hack into the account was done on Saturday, April 16 and that two other accounts were penetrated, as was the donation to the Palestinian charity, occurred on April 19.
Haaretz’s examination of the IP address the hackers entered is not accessible on the web right now. According to the Shodan search engine, which lets users search for various types of servers connected to the internet, the address “was last seen on 19 April.”
The proximity of the times suggests a connection between the two, hinting that the system was taken down after the hack that revealed it was exposed. However, both the cyber directorate and the Bank of Israel said late Monday that they uncovered no evidence of hacking. Knowledgeable sources stressed that internal servers that resided at the same IP address had not been hacked.
Outside experts who have looked at the video and asked not to be identified are skeptical about the “Hackers of Savior”’s claims. The most common view is that it was faked in order to create panic. But it appears that the attackers exploited impressive video editing skills, and may have phished or recycled databases that had previously leaked to the web.