LGBT dating site permanently removed from Internet in fight against Black Shadow

Two weeks ago, Black Shadow announced its hack of Cyberserve, which hosted Atraf, and the hackers have been exposing personal information of LGBTQ clients of the website in waves.

 Hacker (illustrative) (photo credit: PXFUEL)
Hacker (illustrative)
(photo credit: PXFUEL)

The state prosecution announced on Thursday that it had succeeded in getting the Atraf website for LGBTQ dating permanently removed from the Internet as part of its ongoing battle against attempts by the Black Shadow hacker group to expose the private, personal information of the website’s users.

The website had been temporarily disabled since Black Shadow started posting some of the personal data it hacked.

On November 3, the Authority for the Defense of Privacy announced it was probing the Atraf website for faulty cyberdefenses that might have led to its recently being hacked.

If the probe leads to real consequences, it could prove to be a game-changer in the cyber arena in motivating companies to take stronger measures regarding cyberdefense.

Two weeks ago, Black Shadow announced its hack of Cyberserve, which hosted Atraf, and the hackers have been exposing the personal information of LGBTQ clients of the website in waves during the course of this week, threatening to disclose more until they are paid a ransom.

Hackers and cybersecurity (credit: REUTERS)
Hackers and cybersecurity (credit: REUTERS)

The authority said at the time that it was no coincidence that the website has been down since the hacking and that it may remain down indefinitely due to the website owner’s lack of cyber protection of their clients’ personal data.

In addition, the authority noted efforts of other state agencies to block search engines and social media sites from being able to display the personal information, warning that anyone who displays such information could themselves be guilty of a crime.

In fact, the Cyber Unit at the Office of the State Attorney obtained an even wider and more open-ended order from the Tel Aviv Magistrate’s Court last week to block material related to the hack (related both to Atraf and to the Machon Mor and Pegasus websites) so that it would not have to return repeatedly to the court for enforcement.

Moreover, the authority said last week that it had instructed Atraf to provide immediate and exact details to clients about what information was hacked and leaked, something that hacked companies often try to delay doing due to embarrassment.

To date, the authority has been seen as weak, and its investigation of the Likud Party from February 2020 to this February was widely panned for failing to protect the details of 6.4 million Israeli citizens.

The outcome of the probe was a low-grade fine of the Likud with no criminal charges.

However, the latest wave of cyberattacks may be a new opportunity for the authority to flex its muscles.  

While much of the attention has been about whether Black Shadow is a front for Iranian cyberattacks on Israel under the veil of being a criminal ransomware outfit, these latest developments shine public attention back on the companies that have sometimes failed to patch holes in their digital infrastructure despite warnings from the Israel National Cyber Directorate.