Iran and other foreign intelligence agencies may already have access to the private cellphone numbers and other information of top Israeli intelligence officials, after a “disastrous” Likud Party cyber error, a former cyber official of the Shin Bet (Israel Security Agency) told The Jerusalem Post on Monday.
Harel Menashri, a founder of the Shin Bet’s cyber department, said that the incident was, “an embarrassment in terms of how bad it is. The real personal information of every citizen above the age of 18” has been exposed.
Menashri, currently the Head of Cyber at the Holon Institute of Technology, said that, “many parties, like foreign intelligence agencies, may have access to top officials of the Likud Party, to the head of the Shin Bet, the head of the Mossad and others. There are also many private companies who will also want the information.”
Sunday night, Haaretz reported that the personal information of 6,453,254 Israelis was leaked, after the Likud Party uploaded the entire Israeli national voter registry to an application.
The leaked information includes names, identification numbers, phone numbers and addresses.
Political parties in Israel receive the information of Israeli voters before the elections, must protect their privacy and cannot copy, erase or transfer the registry.
The voter registry was uploaded to the Elector application which the Likud Party uses on Election Day. A breach in the application allowed for the leaking of the registry, which could then be downloaded on a computer.
How did cyber forensic experts know that the leak came from the Likud?
Menashri explained that the list which was leaked to others had additional telephone numbers which were added to the state’s list with notes from Likud activists.
For example, there were notes indicating people who had changed their party affiliation.
“Whoever built the system didn’t think about security at all. Getting in was very easy. You go to the website from Google Chrome or another browser and you can easily get to the code of the website. Then you get an immediate link to all of the information,” said the former Shin Bet official.
MENASHRI CRITICIZED the Likud about the breach, especially since the information of around 100,000 party members was hacked in April 2019. He said it was inconceivable that the people who built the application and who used it learned nothing from that incident.
It is not even clear whether the damage is fully repairable.
Asked if top Israeli intelligence and political officials could wholesale switch their cellphones, Menashri said that the access the leak gave could reach these officials’ children and even second and third-degree connections they have.
He explained that the problem here is “not just a cyber-defense problem. It is probably also a defense-of-privacy problem. The state’s registry list is protected under privacy laws, but there is nothing real in place to defend it.”
In fact, he said the biggest problem is Israeli culture and social attitudes toward such incidents and invasions of privacy.
Menashri said that the broader public “will forget it” and that “it will go under the radar like other incidents.”
According to Menashri, the problem is not the absence of laws imposing duties and punishments on those who are callous with other people’s personal information.
“We have a 2018 law about privacy which regulates everyone, including my barber,” imposing duties that they must guard personal information they get through payments or otherwise. “So what? Does someone enforce punishments? We need a [society-wide] decision to deal with this,” he stated.
“If the state was working properly… if they [law enforcement] caught you [failing to defend personal data], you would have problems… The problem is the culture of ‘so what?’”
Menashri said that a 2006 leak of data, which occurred when two state employees stole the population registry and sold it for money, was even worse than this one, but that it was frustrating that the lesson was not learned that time.
Leading up to the April 2019 election, there was also a hack of Blue and White Party leader Benny Gantz’s cellphone, which brought about criticism of his party’s data security policy.
In January 2019, current Shin Bet director Nadav Argaman warned that a foreign cyber power, universally assumed to be Russia, was working hard to hack aspects of Israeli elections.
Russia has also been accused by US intelligence of interfering in the 2016 American presidential election.