After several days of credit card breaches and payback hack attempts, Anonymous chimes in, releasing access credentials and URLs for Israeli industrial control systems.
A war of words and website hacks is escalating in Israel over the purported hack of credit card data by a hacker from Saudi Arabia.
Last week, a hacker known as xOmar 0, who claimed to be part of the Saudi hacking group Group-XP, released credit card numbers and other sensitive information he’d stolen, saying it affected 400,000 Israelis. The Israeli banks affected, however, said the total number of people involved was only about 14,000.
The hack led Israel’s deputy foreign minister, Danny Ayalon, to declare Sunday that such breaches of Israeli cyberspace should be treated as terrorism, and would be grounds for Israel to use its cyber strike-back capabilities. “No agency or hacker will be immune from a response,” said Ayalon.
In retaliation for the Group-XP hack, a group of Israeli hackers said Monday that they’d hacked into multiple Saudi e-commerce websites and stolen credit card details on thousands of customers. “At the moment, we’re holding on to the information and waiting for the right moment to publish it,” according to a statement released by the group. But it said that “if the leaks continue, we will cause severe damage to the privacy of Saudi citizens,” reported China Radio International.
By Tuesday, however, Ayalon’s warning against anyone who hacked Israeli organizations had led a group of self-described Arab hackers–one hailing from the “Gaza HaCKeR Team”–to deface Ayalon’s personal website Tuesday with protest images, reported China’s official Xinhua news service, based on an interview with Ayalon’s media advisor, Ashley Perry. Perry said the non-defaced site was restored in less than an hour.
Interestingly, the Israeli credit card details may have been stolen by a 19-year-old hacker who’s not from Saudi Arabia, but rather the United Arab Emirates, and who’s now based in Mexico and works in a cafe when he’s not studying computer science at a local university. At least, that’s the theory of Israeli blogger Amir Fadida, reported Haaretz Newspaper in Israel. “The not-so clever hacker, to put it mildly, made many mistakes,” said Fadida on his blog, detailing how he’d traced the attacks back to an individual based in Mexico.
In other Israel-related information security news, an Anonymous and AntiSec affiliate Tuesday purportedly released password details for 10 Israeli supervisory control and data acquisition (SCADA) systems. APastebin post purporting to be “from Anonymous with love” listed the URLs of what it says are 10 SCADA systems based in Israel, and said that they could be accessed using default credentials, with the password in question being “100.” While the veracity of that assertion couldn’t be fully verified, at least one of the provided IP addresses resolved to an Edimax wireless broadband router that listed its default credentials on the log-in screen, and which appeared to be located near Tel Aviv, Israel.