A pro-Hezbollah hacker published personal information and credit card details of
dozens of Israelis Wednesday night, all of it apparently stolen from the online
storage company Webgate.
The hacker identified himself as a member of the
group “Remember Imad,” in reference to Hezbollah military commander Imad
Mughniyeh, who was killed in a car bomb in downtown Damascus in 2008. Hezbollah
and Iran blame the Mossad for carrying out the attack.
In contrast to
previous hacking attacks, the published information included photocopies of
checks, identity cards and even Facebook passwords, according to Channel 10
News, which first reported the incident.
The group published the numbers
of thousands of credit cards issued by Isracard, Leumi Card and Cal (Israel
Credit Cards). The three companies responded with separate statements saying
that fewer than 100 of these cards belonged to active customers, and promised to
notify the relevant card-holders immediately and issue new cards as soon as
possible.
Isracard said that a file containing 1,500 records was exposed,
of which 49 were identified as being active cards belonging to the
company.
It said concerned customers could log into its website to see if
their cards were affected, and promised to take responsibility for all damage
caused by credit card abuse.
Leumi Card said that 30 active credit cards
belonging to the company were published.
It further stated that
information security personnel acted quickly to restrict use of the cards, and
that while no damage was caused, the cards are completely insured in any
case.
Cal said 18 of its cards were published, and it too stated that
these cards were immediately blocked and that new ones would be issued to
affected customers. It notified concerned customers to log into the company
website to find out if their card was exposed, and also promised to take
complete responsibility for any damage caused.
Remember Imad has been
active since the start of 2012 and has been responsible for attacks against a
number of Israeli websites, according to Israeli information security consulting
firm Avnet. It said the group carries out its attacks via several methods, some
of which have been published on international hacker websites in the past few
months.
“The group has probably divided responsibilities between several
activists,” Avnet said. “The activist responsible for operating their email
address uses a passport number as the password restoration
question.
However, at this stage he probably won’t be able to restore his
password, given that it has been the target of several brute force
attacks.”
Avnet stated that the web hosting company that operates
Remember Imad’s site is based in Los Angeles, but that it cannot take action to
obtain more information about the hackers as that would involve breaking the
law. It further warned that the hackers most probably stole “extensive
information,” and that it is difficult to estimate the amount of damage they
could cause in the future.
Roni Bachar, manager of Avnet’s cyber-attack
department, advised websites affected by hackers to conduct penetration tests
every three months, in order to evaluate the security of their networks from
outside attack.
He also recommended securing the network code via
filters, and becoming familiar with the OWASP list of top 10 web application
security risks.
In January, Saudi hackers hit Israel with its
largest-ever financial Internet attack, leaking details of 14,000- 15,000 active
credit cards issued by Isracard, Leumi Cards and Cal.
The Bank of Israel
assured customers at the time that the bank would bear responsibility for
fraudulent use of their cards, clarifying that they would be protected under the
Debit Card Law.