Pro-Hezbollah hacker leaks Israeli credit card info

Group called "Remember Imad," in honor of Hezbollah commander allegedly slain by Israel, threatens larger data leak.

By JPOST.COM STAFF
August 8, 2012 23:50
3 minute read.
hacking hackers computer hacking [illustrative]

hacking hackers computer hacking [illustrative]_370. (photo credit: Thinkstock/Imagebank)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later Don't show it again

A pro-Hezbollah hacker published personal information and credit card details of dozens of Israelis Wednesday night, all of it apparently stolen from the online storage company Webgate.

The hacker identified himself as a member of the group “Remember Imad,” in reference to Hezbollah military commander Imad Mughniyeh, who was killed in a car bomb in downtown Damascus in 2008. Hezbollah and Iran blame the Mossad for carrying out the attack.

Be the first to know - Join our Facebook page.


In contrast to previous hacking attacks, the published information included photocopies of checks, identity cards and even Facebook passwords, according to Channel 10 News, which first reported the incident.

The group published the numbers of thousands of credit cards issued by Isracard, Leumi Card and Cal (Israel Credit Cards). The three companies responded with separate statements saying that fewer than 100 of these cards belonged to active customers, and promised to notify the relevant card-holders immediately and issue new cards as soon as possible.

Isracard said that a file containing 1,500 records was exposed, of which 49 were identified as being active cards belonging to the company.

It said concerned customers could log into its website to see if their cards were affected, and promised to take responsibility for all damage caused by credit card abuse.

Leumi Card said that 30 active credit cards belonging to the company were published.



It further stated that information security personnel acted quickly to restrict use of the cards, and that while no damage was caused, the cards are completely insured in any case.

Cal said 18 of its cards were published, and it too stated that these cards were immediately blocked and that new ones would be issued to affected customers. It notified concerned customers to log into the company website to find out if their card was exposed, and also promised to take complete responsibility for any damage caused.

Remember Imad has been active since the start of 2012 and has been responsible for attacks against a number of Israeli websites, according to Israeli information security consulting firm Avnet. It said the group carries out its attacks via several methods, some of which have been published on international hacker websites in the past few months.

“The group has probably divided responsibilities between several activists,” Avnet said. “The activist responsible for operating their email address uses a passport number as the password restoration question.

However, at this stage he probably won’t be able to restore his password, given that it has been the target of several brute force attacks.”

Avnet stated that the web hosting company that operates Remember Imad’s site is based in Los Angeles, but that it cannot take action to obtain more information about the hackers as that would involve breaking the law. It further warned that the hackers most probably stole “extensive information,” and that it is difficult to estimate the amount of damage they could cause in the future.

Roni Bachar, manager of Avnet’s cyber-attack department, advised websites affected by hackers to conduct penetration tests every three months, in order to evaluate the security of their networks from outside attack.

He also recommended securing the network code via filters, and becoming familiar with the OWASP list of top 10 web application security risks.

In January, Saudi hackers hit Israel with its largest-ever financial Internet attack, leaking details of 14,000- 15,000 active credit cards issued by Isracard, Leumi Cards and Cal.

The Bank of Israel assured customers at the time that the bank would bear responsibility for fraudulent use of their cards, clarifying that they would be protected under the Debit Card Law.

Related Content

Riot
August 31, 2014
Rioting resumes throughout east Jerusalem Saturday night

By DANIEL K. EISENBUD