State probing LGBTQ Atraf website for faulty cyberdefenses

Last weekend, Black Shadow announced its hack of Cyberserve, which hosted Atraf, and the hackers have been exposing personal information of LGBTQ clients of the website.

Computer hacking (illustrative) (photo credit: REUTERS)
Computer hacking (illustrative)
(photo credit: REUTERS)

The Authority for the Defense of Privacy announced on Wednesday that it is probing the Atraf website for LGBTQ dating for faulty cyberdefenses that may have led to its recently being hacked.

If the probe leads to real consequences, it could prove to be a game-changer in the cyber arena in motivating companies to take stronger measures regarding cyberdefense.

Last weekend, Black Shadow announced its hack of Cyberserve, which hosted Atraf, and the hackers have been exposing personal information of lesbian, gay, bisexual transgender and queer clients of the website in waves during the course of this week, threatening to disclose more until they are paid a ransom.

The authority said it is no coincidence that the website has been down since the hacking and that it may remain down indefinitely due to the website owner’s lack of cyber protections of their clients’ personal data.

In addition, the authority noted other state agencies’ efforts to block search engines and social media sites from being able to display the personal information, warning that anyone who displays such information could be themselves guilty of a crime.

VISUAL DEPICTION OF A HACKER (credit: VIA WIKIMEDIA COMMONS)VISUAL DEPICTION OF A HACKER (credit: VIA WIKIMEDIA COMMONS)

In fact, the state prosecution’s cyber unit obtained from the Tel Aviv Magistrate’s Court on Wednesday an even wider and more open-ended order to block material related to the hack (related both to Atraf and to the Machon Mor and Pegasus websites) so that it would not have to return repeatedly to the court for enforcement.

Moreover, the authority said it has instructed Atraf to provide immediate and exact details to clients about what information was hacked and leaked, something that hacked companies often try to delay doing due to embarrassment.

To date, the authority has been seen as weak, and its investigation of the Likud Party from February 2020 to February of this year for failing to protect the details of 6.4 million Israeli citizens was widely panned.

The outcome of the probe was a low-grade fine of the Likud with no criminal charges.

However, the latest wave of cyberattacks may be a new opportunity for the authority to flex its muscles.

While much of the attention has been about whether Black Shadow is a front for Iranian cyberattacks on Israel under the veil of being a criminal ransomware outfit, these latest developments shine public attention back on the companies that have sometimes failed to patch holes in their digital infrastructure despite warnings from the Israel National Cyber Directorate.