Justice Ministry cracks case of massive information theft

Government employee sells identification numbers, addresses and other details of 9 million Israelis.

By BEN HARTMAN, JOANNA PARASZCZUK
teudat zeut israeli id (photo credit: Ariel Jerozolimski)
teudat zeut israeli id
(photo credit: Ariel Jerozolimski)
Investigators from the Justice Ministry announced on Monday that they have cracked a massive information theft case, in which a former employee of the Ministry of Social Affairs and Social Services stole and copied the personal details of over nine million Israelis, and sold the data to a private buyer.
The theft included the publication of detailed personal information on the millions of victims, including many minors, deceased persons and citizens living abroad. The information, which is accurate as of 2006, includes full names, ID numbers, addresses, dates of birth, family status, names of siblings and other information. It also includes an extensive search engine and allows the user to determine all of the extended family relations of any Israeli in the database.
RELATED:Biometric ID database to be launched in November Biometric passports – how will spies cope? The database could also represent a serious security threat in that it affords anyone who accesses it online the ability to look at the place of residence and next of kin of all types of people in the political and military echelon, whose personal data is otherwise classified.
At the moment there are six suspects involved, and the Tel Aviv Magistrate’s Court has placed a travel ban on all six, barring them from leaving the country.
The theft took place in 2006, when a contract worker hired by the Ministry of Social Affairs and Social Services made a copy of the database after taking it home from work. The employee, who was responsible for safeguarding the database, is then believed to have given a copy to a friend of his, who later passed it to a classmate from his Jerusalem yeshiva.
That classmate allegedly sold the data to a businessman who collects personaldata databases for a rather nominal fee of a few thousand shekels. The businessman who bought the data then allegedly gave it to a programmer who built a program called “Agron 2006,” that included all of the stolen material.
Shortly thereafter, a different computer technician crossed paths with the database, and according to the Justice Ministry, uploaded it to the Internet, where it could be accessed in its entirety by anyone in the world.
The technician then allegedly launched a website with a step-by-step guide on how to download a copy of the database and how to use it. The technician, who operated under the name “aRi,” also found ways to mask the IP address of the computers he used and cover his tracks at nearly every turn, the ministry said.
In 2009, following a police investigation that yielded no results, the Law, Information and Technology Authority of the Justice Ministry began probing the case. Over the course of the investigation they compiled mountains of evidence from hard drives, hard discs and cloud-computing storage.
Altogether the investigation compiled six terabytes of data, roughly 6,000 gigabytes.
Investigators said they were particularly dismayed by the discovery that the former employee had a copy of the Ministry’s adoption database for the Jerusalem and Tel Aviv area. The database is considered one of the most sensitive in the country, and includes specific information on the parents of adopted children.
Investigators said they have found no evidence that the document was leaked. The investigation also reportedly turned up data related to national security, as well as voter-registration lists.
According to a statement by the Justice Ministry on Monday, the uploading of the database “will make it easier to carry out forgery and fraud, and provide the necessary information to carry out identity theft. It helps create fraudulent documents that appear authentic, therefore allowing people to bypass security systems. It could also have an effect on the democratic processes in elections, in that it makes it easier for someone to impersonate someone else in the voting booth.”
Following the Justice Ministry’s announcement regarding the population database leak, and ahead of Interior Ministry plans to pilot a biometric database next month, civil rights lawyers warned on Monday of “irreversible damage” should biometric data be leaked.
Leaked biometric data, including fingerprints, could greatly increase the risk of identity theft, according to civil rights lawyer Avner Pinchuk, head of the Association for Civil Rights in Israel’s Privacy and Information project.
“The leak of the population database is a warning to all citizens of Israel not to give their fingerprints to those who don’t know how to secure sensitive personal data,” said Pinchuk.
Pinchuk noted that the Interior Ministry admitted recently that any biometric data leakage could cause “irreparable damage” to citizens, while assuring the public it is capable of securing its planned biometric database.
“The ministry is conducting a misleading campaign to promote its biometric database pilot and for years has refrained from issuing quality ID cards that are impossible to fake so that it could ‘sell’ the public on the idea of a biometric database,” said Pinchuk. “But this database will only serve to greatly increase the risk of identity theft, just as experts have warned.”
Speaking to The Jerusalem Post from New York on Monday, CEO of the IT firm Green Armor Solutions Joseph Steinberg said that the theft should encourage efforts to create more stringent means of identification.
“One of the things I’ve been arguing for a long time is that any information that’s public, or not difficult for the public to obtain, shouldn’t be used to authenticate anyone,” said Steinberg. “The government is going to have to come up with more stringent means to prove someone’s identity. Having just your date of birth or ID number won’t be sufficient [in Israel] because now it’s common knowledge that anyone has access to this.”


Related Tags
Theft