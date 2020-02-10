The Israel Privacy Protection Authority said it was investigating what it called a "serious,quot; security period by the creator of an application promoted by Prime Minister Benjamin Netanyahu and his Likud party that led to the exposure of personal data of 6.5 million eligible voters in Israel, including full names and identity card numbers.
The defective website for the application, called Elector, could not secure personal data in the voter registry, which also included the address and gender of each voter, even those who did not use it, and in some cases also the numbers of phone, the Haaretz The newspaper reported for the first time on Sunday, expressing concern about identity theft and foreign interference.
The creator of Elector did not immediately respond to a request for comments by email, but in a statement issued to the Israeli media, he sought to minimize the possible consequences, describing the leak as a "single incident that was treated immediately,quot; AND saying that since then it had reinforced the security of the site.
The data did not essentially require hacking skills to access, and it was unknown how many people had downloaded the registry.
Netanyahu had encouraged supporters to download the application, which offers news and information related to the March 2 elections, the third in less than a year after the first two failed to provide an absolute winner and efforts to form a coalition fell short.
In a statement issued in response to Sunday's reports, the Privacy Protection Authority, a unit of the Ministry of Justice, said the responsibility for complying with the Israeli privacy law that involves the use of voter registration "rests with the own parts. "
However, he failed to announce a full investigation, and said he could not give more details at this stage.
Ran Bar-Zik, a Verizon Media developer who wrote the story that Haaretz published on Sunday, was alerted to the violation over the weekend.
In an interview on Monday, he said he had received a notice about the violation of the Elector website on Friday night. The message was sent in English to Cybercyber, a Hebrew podcast that he directs and presents with two colleagues. As evidence, the informant included the details of Mr. Bar-Zik and those of his wife and son.
"It was creepy," Mr. Bar-Zik said.
Explaining the ease with which voter information could be accessed, Mr. Bar-Zik He wrote in a blog post that visitors to the application's website could right-click to "see the source," an action that reveals the code behind a web page.
The code revealed the usernames and passwords of the site administrators, and the use of those credentials would allow anyone to log in and download voter information.
Mr. Bar-Zik said he chose the administrator of the Likud and “Jackpot! Everything was in front of me!
"When we talk about piracy, we imagine people with sweatshirts that do technical things," said Bar-Zik. But in the case of Elector, he added, a hacking technique was not necessary.
An Israeli website said it had been able to access Mr. Netanyahu's personal information, among others; his wife Sara; the chief of staff of the Israeli army, Aviv Kochavi; and Nadav Argaman, head of Shin Bet, the national security agency of Israel.
It was believed that the leak was the largest disclosure of information from Israeli voters since 2006, when an employee of the Interior Ministry stole the population register and then published it.
Exposure of the Israeli voter database could have significant consequences. Databases that list personal information of private citizens can be exploited for various purposes, including criminals seeking to earn money through identity theft or state-backed foreign hackers seeking to spy on Israeli voters before a critical election. .
"This is a treasure for foreign countries with geostrategic interests in Israel," Tehilla Shwartz Altshuler, head of the Media Reform Project at the Israel Democracy Institute, a nonpartisan group of experts in Jerusalem, told Channel 12.
Massive voter databases are one more reason why cybersecurity officials worldwide have warned that the best technology is kept out of the reach of election officials and political parties.
Most recommend that new technologies, including voting machines and applications used by political parties, be tested for months or even years before they are implemented for the general public.
Cybersecurity experts specializing in electoral technology have begun holding specialized sessions at the world's largest annual hacker conference, DefCon. During the sessions, they hack voting machines and other technologies used during elections around the world in an effort to expose their vulnerabilities.
Last week, an application submitted by the Iowa Democratic Party to help count the votes during the Iowa caucus He failed the day of the vote, throwing the first national contest into chaos.
The application, which had been developed privately for the party and had not been tested by independent cybersecurity experts, was kept secret until the weeks before the vote.
When it was finally released, many had trouble downloading and using it. Cybersecurity experts quickly discovered that the application was plagued with potential errors and vulnerabilities.