Pro-Hezbollah hacker leaks Israeli credit card info

Group called "Remember Imad," in honor of Hezbollah commander allegedly slain by Israel, threatens larger data leak.

By JPOST.COM STAFF
hacking hackers computer hacking [illustrative]_370 (photo credit: Thinkstock/Imagebank)
hacking hackers computer hacking [illustrative]_370
(photo credit: Thinkstock/Imagebank)
A pro-Hezbollah hacker published personal information and credit card details of dozens of Israelis Wednesday night, all of it apparently stolen from the online storage company Webgate.
The hacker identified himself as a member of the group “Remember Imad,” in reference to Hezbollah military commander Imad Mughniyeh, who was killed in a car bomb in downtown Damascus in 2008. Hezbollah and Iran blame the Mossad for carrying out the attack.
In contrast to previous hacking attacks, the published information included photocopies of checks, identity cards and even Facebook passwords, according to Channel 10 News, which first reported the incident.
The group published the numbers of thousands of credit cards issued by Isracard, Leumi Card and Cal (Israel Credit Cards). The three companies responded with separate statements saying that fewer than 100 of these cards belonged to active customers, and promised to notify the relevant card-holders immediately and issue new cards as soon as possible.
Isracard said that a file containing 1,500 records was exposed, of which 49 were identified as being active cards belonging to the company.
It said concerned customers could log into its website to see if their cards were affected, and promised to take responsibility for all damage caused by credit card abuse.
Leumi Card said that 30 active credit cards belonging to the company were published.
It further stated that information security personnel acted quickly to restrict use of the cards, and that while no damage was caused, the cards are completely insured in any case.
Cal said 18 of its cards were published, and it too stated that these cards were immediately blocked and that new ones would be issued to affected customers. It notified concerned customers to log into the company website to find out if their card was exposed, and also promised to take complete responsibility for any damage caused.
Remember Imad has been active since the start of 2012 and has been responsible for attacks against a number of Israeli websites, according to Israeli information security consulting firm Avnet. It said the group carries out its attacks via several methods, some of which have been published on international hacker websites in the past few months.
“The group has probably divided responsibilities between several activists,” Avnet said. “The activist responsible for operating their email address uses a passport number as the password restoration question.
However, at this stage he probably won’t be able to restore his password, given that it has been the target of several brute force attacks.”
Avnet stated that the web hosting company that operates Remember Imad’s site is based in Los Angeles, but that it cannot take action to obtain more information about the hackers as that would involve breaking the law. It further warned that the hackers most probably stole “extensive information,” and that it is difficult to estimate the amount of damage they could cause in the future.
Roni Bachar, manager of Avnet’s cyber-attack department, advised websites affected by hackers to conduct penetration tests every three months, in order to evaluate the security of their networks from outside attack.
He also recommended securing the network code via filters, and becoming familiar with the OWASP list of top 10 web application security risks.
In January, Saudi hackers hit Israel with its largest-ever financial Internet attack, leaking details of 14,000- 15,000 active credit cards issued by Isracard, Leumi Cards and Cal.
The Bank of Israel assured customers at the time that the bank would bear responsibility for fraudulent use of their cards, clarifying that they would be protected under the Debit Card Law.