[Security Weekly] Personal Information of All 6.5 Million Israeli Voters Exposed
2nd Week of February 2020
1. Personal information of 6.5 million Israeli voters exposed before the national election
Three weeks before Israel’s national election scheduled for March 2, personal information of all 6.5 million Israeli voters was exposed due to a software flaw. The list included VIPs like government officials, lawmakers, and military personnel, all of the significant interests of hostile states. Information contained the voters’ names, national identity numbers, addresses, and phone numbers.
First discovered by a researcher named Ran Bar-Zick last Sunday, the flaw existed on a mobile app called Elector, used by incumbent Prime Minister Benjamin Netanyahu and his ruling party to promote his campaign and communicate with voters. According to the researcher, all someone needed to do was to click on the “view source” button, which would expose all the admin login details; after using the details to log in, a full list of all registered voters would be available to view.
Israel’s Privacy Protection Authority stated that they will be looking into the matter, without promising a full investigation. The incident has raised significant concerns for the possibilities of identity threat and election manipulation.
More and more frequently, government databases around the world get compromised. Stolen personal information can be used for election manipulation, potentially damaging our societies. Many even suggested that governments should keep their hands off from new technologies.
According to Infosecurity, two-factor authentication would have avoided this incident. Rather than avoiding new technologies, using the latest cybersecurity technologies to protect the database would indeed be a better investment. [Certified by the Korean National Intelligence Service, Penta Security’s ISign+ offers multi-factor authentications with a single sign-on system. Learn more at ISign+.]
2. Nationwide cyberattack forced 25% of Iran’s internet to shut down
On the morning of February 8, Iran’s telecommunication networks experienced severe interruptions, where nationwide network connectivity fell to 75% of the normal rate. The disruption was first discovered and reported by NetBlocks, an NGO that monitors internet freedom in real-time.
The attack was said to have lasted for a few hours. The sudden decrease in internet connectivity was not directly caused by the attack. It was a result of Iranian cybersecurity authorities activating their so-called “Digital Fortress” defense mechanism to isolate the violated networks, in order to protect the country’s infrastructures from damage.
Landline and mobile network providers were both affected. Internet connectivity resumed to normal after seven hours, when a spokesperson from Iran’s Telecommunication Infrastructure Company announced that a DDoS attack had been successfully normalized by the Digital Fortress.
DDoS attacks are a very commonly used weapon by state-sponsored attackers, where massive traffic gets injected into the network to flood the servers. Iran has also activated the Digital Fortress back in December 2019.
3. Estee Lauder exposes 440 million records containing email addresses and network info
Earlier on Tuesday, security researchers discovered that more than 440 million customer data and internal IT logs of cosmetics giant Estee Lauder were exposed online. The data were said to be leaked from a Microsoft Azure cloud database that had no password protection.
The exposed customer data contained a massive amount of email addresses. Luckily, no payment information was leaked. However, it is the exposure of IT logs that could cause more trouble. These logs included the company’s IP addresses, ports, pathways, as well as middleware used to connect different software for data management. Middleware contains information on the specific versions of software applications. Hackers could potentially use such information to map out the LAN and launch attacks on the company’s network.
Estee Lauder responded to the issue immediately by securing the database with a password. Companies must be careful in setting permissions and authentications on the cloud.
4. Puerto Rican government agency loses $2.6 million due to email phishing scam
The U.S. territory has disclosed an email phishing scam where $2.6 million was stolen by the attackers.
This all started on January 17, as Puerto Rico Industrial Development Company (PRIDCO), a state-owned corporation in charge of stimulating private capital inflow, reportedly received an email notifying of an update of remittance account information. The email claimed that the current bank account for remittance is no longer in use, and provided a new bank account for remittance. The company made the payment because the email and banking information seemed legitimate.
Email phishing scams are a common form of cyberattack as they require relatively low technical skills. Always be extra cautious when receiving emails asking for money transfers or personal information.
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Cloud-Based Web Security Service: Cloudbric
Car Security: AUTOCRYPT