Oct 242011
 

Okay, this is not a great headline to wake up to.  The Jerusalem Post reports:

Information was used to create searchable database with sensitive information of every Israeli, living and deceased; computer technician put the database on the Internet for anyone in the world to access.

A contract worker from the Ministry of Labor and Welfare was charged with stealing the personal information of over 9 million Israelis from the Population Registry, the Justice Ministry announced Monday after a media ban was lifted.

The worker electronically copied identification numbers, full names, addresses, dates of birth, information on family connections and other information in order to sell it to a private buyer.

The information was also given to another individual who used it to design a software program called “Agron 2006”, which exploited the database to allow queries of all Israeli citizens, allowing information to be illegally sold based on various parameters. Those parameters could include familial relationships of the entire Israeli population, over several generations.

[…]

A copy of the software program, devoid of any protection mechanisms, was later obtained by a computer technician who uploaded it to the Internet. He even created a website with detailed instructions explaining how to download and use the Argon program with Israeli citizens’ personal information.

Read more on Jerusalem Post. This is not the first time we’ve seen an entire country’s information breached, but it’s still staggering and a reminder of the insider threat.

Update: More media is now covering the breach. Aviad Glickman reports that the Agron program was widely downloaded and shared and could be found in many Israeli homes.   Tomer Zorchin provides more background on the contractor and sequence of events:

According to the investigative details released on Monday, it was a former Welfare Ministry contracted employee who stole the information in 2006 from the Population Registry, which he had access to through his job.

The employee stored the database in his home and even updated it sporadically in accordance with the Interior Ministry’s updates. He was later sacked for other criminal-related reasons and passed on the information from the database to a business client, who subsequently uploaded the details onto his computer server.

Over the course of several months, the registry exchanged hands in the ultra-Orthodox community until it fell into the possession of a man named Ari, who used it extensively and uploaded it to the internet. He used internet protocol addresses based outside of the country, worked in internet cafes, and used other methods of subterfuge in order to prevent his own identity from being discovered.

At some point, the registry was sold for the paltry sum of only a few thousand shekels, and it is likely that it was used for malevolent purposes. Since the start of the investigation, Israeli agents have attempted to track down every copy of the registry and remove it from the internet.

One copy of the registry was tracked to an obsessive collector of Israeli databases, who was found to have an enormous trove of them. One of the databases that was found in his possession was a list of adopted children in Tel Aviv and Jerusalem.

Over the course of the investigation, six people were arrested, including the contractor and the man named Ari, and they were subjected to various arrest conditions.

[…]

Read more on Haaretz.com

Sorry, the comment form is closed at this time.