Halloween is supposed to be a spooky time, but for a number of people on the Israeli dating site Atraf, the real nightmare didn’t unfold until their data was leaked two days later. On the 31st of October, the hacking group Black Shadow demanded $1 million (approximately 3.14 million Israeli Shekels) from the Israeli government.
If their ransom was not met, they would release data that they had collected from CyberServe, a company designed to protect sensitive information belonging to their clients, including Atraf, two bus companies, and Pegasus, a tour booking company. Atraf is designed specifically for the LGBT+ community.
The Israeli government refused to comply, as did CyberServe. Black Shadow switched tactics and said that they would accept donations from members of the public and the information would be ‘safe’ if the total reached $1 million. The government responded by asking the people to notify the police if they were contacted and make sure that they did not give Black Shadow any money.
The black shadow hacking group said
Black Shadow claims to have received an offer of $500,000 from CyberServe, which they did not accept. CyberServe denies the accusation. On the 2nd of November the group released the full dating site information as well as the medical records for nearly 300,000 people. This included information on pregnancies, vaccinations and blood tests, and the HIV status of some of the users of the Atraf app.
Black Shadow has been linked to Iran and Iran and Israel have been accused of having a ‘shadow war’ involving cyber attacks on each other. This is not the first time something like this has happened and, given the danger and violation caused by Black Shadow’s actions, it’s worth monitoring the Israeli government’s response and looking out for any potential counter-attacks.
The most notable event in the shadow war came in 2010, when the Stuxnet virus infected Iran’s nuclear program and interfered with the production of uranium. It’s believed that Israel was behind the attack. The shadow war has apparently been extremely profitable for Black Shadow, as they apparently extorted $1 billion from Israeli companies in 2020 alone.
Cyberserve is responsible for the development
A Cyber Security consultant interviewed by the Jerusalem Post has argued that Iran may not be behind the attack, explaining that it would make more sense for them to target key infrastructure instead of dating sites. However, transport and health records are vital for a functioning society. Individual Israelis may well be extremely concerned that their data is not secure for anyone. A commenter said that it’s best to assume that there is no such thing as online privacy, especially for the people of Israel.
It’s horrifying to think that this might discourage people from using sites like Atraf and drive many members of the LGBT+ community back in fear. There are also serious issues with medical information being leaked because that means that people are less likely to confide important but private things to their doctors, possibly preventing them from getting the correct care.
The Israel Internet Association has recommended that Internet users should change their online usernames and use strong passwords. Many Israeli people may feel that this is not enough. The events of the past few days are extremely concerning. It seems that this attack is not the first, although for many of the victims, it will be the worst yet.
The money and the notoriety that the Black Shadow has managed to collect will, doubtless, empower them and allow situations like this to become more common unless they can be stopped, but as the experts at CyberServe will confirm, it’s not that easy.