The personal information of nearly all Israeli voters has been exposed online a day before the general election, financial daily Calcalist reported Tuesday. According to the report, the information derived in the leak, which includes registered voters’ addresses, phone numbers, and dates of birth, dates back to a leak that took place in 2020. The data was exposed following threats made against Elector Software, which operates the voter-prompting Elector app, used by Likud and several other parties. According to Calcalist, hackers threatening to expose the information contacted the company directly and also threatened to leak the personal information on the company’s CEO Tzur Yemin, and his family unless the app ceases operating. “This is an extortion attempt and I have filed a complaint to the police,” Tzur told the daily. The Elector app sustained a cyberattack last week and hackers had threatened to expose Israel’s full voter registry. The hackers demanded Elector Software take the app down as it was not secure. There has been no indication that the app was breached in the current election cycle. “Elector representatives said that the hackers concurrently sent direct messages to the company, with one of them saying, ‘You don’t have long left until information about your family is exposed too,'” the report said, adding that while the files the hackers released seem encrypted, the hackers have threatened to release the password unless the app was shut down. Did they so on Monday.
Israel: Over 70% of ‘coronavirus voters’ cast their ballots in special stations | Maayan Jaffe-Hoffman/The Jerusalem Post
More than 70% of the 5,600 citizens who were placed under quarantine due to fear of possible exposure to the coronavirus turned out to vote on Monday at special polling stations set up to allow them to safely cast their ballots. Sixteen special booths were originally set up across the country and were scheduled to be open from 10 a.m. to 5 p.m. But long lines and frustrated voters led the Central Elections Committee (CEC) to open additional booths in Kfar Saba and Tel Aviv and to extend voting time until 7 p.m. Israelis in quarantine were asked to come to the stations in private vehicles and not to stop on the way. When they completed voting, they were asked to return straight home. The voters were met by trained paramedics dressed in full head-to-toe protective gear, including gloves and masks. Votes were collected in a specially lined ballot box and were to be counted by election officials also dressed in protective gear. “MDA volunteers enlisted for the mission, operating at the special polling stations, and will be protected at the highest level, with dedicated anti-infection kits,” said MDA director-general Eli Bin. “Magen David Adom works in full cooperation and coordination with the Health Ministry, the Central Elections Committee and other parties, and will continue to do everything possible to assist in the national effort of preventing the spread of the coronavirus in Israel.”
Israel: Voter Data of Every Israeli Citizen Leaked by Election Management Site | Scott Ikeda/CPO Magazine
While most of the attention of international media was on the voting snafus in the Iowa Democratic caucus earlier this month, a much more serious incident was developing in Israel. The registration data of all of Israel’s 6.5 million voters was leaked thanks to a faulty download site for the Likud party’s election management app. The breach included full names, addresses and identity card numbers for all users. The culprit in this breach was not a faulty app, but the public-facing website that directed interested parties to the app downloads. An app called Elector was used by Prime Minister Benjamin Netanyahu’s Likud party to deliver election-related news to supporters. However, in Israel each party is given access to the government’s database of basic contact information for all registered Israeli voters regardless of their party affiliation. The app’s official website leaked the administrative username and password via an unprotected API endpoint listed in the homepage source code. This did not require any hacking acumen to access; anyone who cared to view the source code for the page would see the admin login credentials listed in plaintext by simply clicking through the “get-admin-users” link.
Israel: Benjamin Netanyahu’s election app potentially exposed data for every Israeli voter | Steve Hendrix /The Washington Post
An election app in use by Israeli Prime Minister Benjamin Netanyahu’s political party potentially exposed sensitive personal information for the country’s entire national voting registration of about 6.5 million citizens, according to Israeli media reports. The cellphone-based program, identified as the Elector app, is meant to manage the Likud party’s voter outreach and tracking for the country’s March 2 election, according to the Haaretz newspaper. But an independent programmer reportedly spotted a breach over the weekend that potentially exposed the names, addresses, ID numbers and other private data for every registered voter in the country. There was no immediate indication that any of the information had been downloaded before the breach was repaired, the paper said. The app’s developer told Haaretz that the flaw was quickly fixed and that new security measures were implemented. But a person close to Likud, who spoke on the condition of anonymity to discuss sensitive matters, said the party was braced for the possibility that information could have leaked, with worrying consequences. The comprehensive list of voters would have included personal details, including home addresses, for military leaders, security officials, government operatives and others of potential interest to Israel’s enemies.
Israel: Data of All 6.5 Million Voters Leaked | Daniel Victor, Sheera Frenkel and Isabel Kershner/The New York Times
A software flaw exposed the personal data of every eligible voter in Israel — including full names, addresses and identity card numbers for 6.5 million people — raising concerns about identity theft and electoral manipulation, three weeks before the country’s national election. The security lapse was tied to a mobile app used by Prime Minister Benjamin Netanyahu and his Likud party to communicate with voters, offering news and information about the March 2 election. Until it was fixed, the flaw made it possible, without advanced technical skills, to view and download the government’s entire voter registry, though it was unclear how many people did so. How the breach occurred remains uncertain, but Israel’s Privacy Protection Authority, a unit of the Justice Ministry, said it was looking into the matter — though it stopped short of announcing a full-fledged investigation. The app’s maker, in a statement, played down the potential consequences, describing the leak as a “one-off incident that was immediately dealt with” and saying it had since bolstered the site’s security. The flaw, first reported on Sunday by the newspaper Haaretz, was the latest in a long string of large-scale software failures and data breaches that demonstrated the inability of governments and corporations around the world to safeguard people’s private information, protect vital systems against cyberattacks and ensure the integrity of electoral systems.
Israel: Preventing electoral interference – the next frontier for the National Cyber Directorate? | Tamir Libel/Jerusalem Post
In recent years, the threat of foreign interference in elections by governmental and non-governmental actors alike became prominent in public discourse due to the alleged actions taken by Russians and others in various Western election campaigns, such as the 2016 US presidential elections. Such interferences, or “influence operations,” are not limited to the formal election period itself; they are often preceded by the lengthy establishment of large networks for message dissemination and resonance. Even in cases where the interference operation was either unsuccessful or did not take place at all, the mere possibility of such influence becomes a polarizing point in and of itself. The threat of electoral interference should therefore be avoided, especially in contested societies like Israel, necessitating the appointment of a national authority tasked with the observation, disruption and prevention of influence operations.
t the conclusion of the April 9 election, an Israeli watchdog group exposed a network of hundreds of social media accounts, many of them fake, used to smear opponents of Prime Minister Benjamin Netanyahu and to amplify the messages of his Likud Party. Shortly before that, in January, it was reported that Iranians had been using hundreds of fake accounts on Israeli social media pages, in an effort to sow social division and influence the then upcoming Israeli election. Now right before Israelis go to the polls, due to the proximity of the two elections as well as the immediacy and scale of the threats, it is highly doubtful that Israel has built a digital defense against cyberattacks this time around either, said Dr. Gabriel Weimann, a professor of communications at the University of Haifa. He told The Jerusalem Post that this Israeli election is likely to be marred by online election interference just like the last election, something that will only be fully understood after Tuesday. #url#
Tears could be seen on the face of Orly Adas, the director of the Central Elections Committee, two weeks ago, when she began speaking at a meeting to discuss the final election results. The tears were an expression of the enormous tension and frustration felt by members of the committee during the period between Election Day and the release of the results. “We were under ferocious attack,” says Adas, referring to efforts by the New Right party to undermine the validity of election results that put them just 1,500 votes short of the threshold to enter the Knesset. That said, one must not cast aside claims made on social media by voters unaligned to a particular political party, who cite examples of distortions in the vote count. In the end, the question is whether there a way to improve the voting system and the count, both of which have barely been modified since the establishment of the State of Israel in 1948, despite the enormous technological improvements made in the past decades?
Israel: Can Israel’s election count be tampered with? An official explains the process | The Times of Israel
Last Thursday, two days after the elections, New Right party leader Naftali Bennett learned that his party was about 1,380 votes shy of earning any seats in the Knesset and demanded a recount, hinting at possible foul play. Sources in his party went so far as to allege that the elections were being “stolen” via a corrupted count. On Sunday, the Central Elections Committee granted Bennett access to the original “double-envelope” ballots — the “extra” votes from soldiers and diplomats on whose votes New Right had pinned its hopes of making it into the Knesset — so that he could confirm for himself that the count was honest. At the same time, the committee chastised his party for its insinuations of wrongdoing. In addition to New Right, several parties, including United Torah Judaism and Meretz, were in touch with the committee in the days immediately after the election over what they believed were mishandled ballot boxes. With the votes finalized on Tuesday — and UTJ bumped up a seat, Likud down a seat, and New Right still outside the Knesset — Bennett’s party remained insistent that it was the victim of fraud in the vote-counting process, asserting discrepancies in 8% of ballot boxes. The Central Elections Committee dismissed the claim as unfounded.
Earlier this year, Hanan Melcer, the chairman of Israel’s Central Elections Committee and a veteran justice on the Supreme Court, summoned representatives from major U.S. social-media and technology companies for talks about the role he expected them to play in curbing online deception during the country’s election, which took place on Tuesday. Facebook and Google sent representatives to meet with Melcer in person. Twitter executives, who weren’t in the country, arranged for a conference call. “You say you’ve learned from 2016,” Melcer told them, according to a government official who was present. “Prove it!” When Melcer, two years ago, assumed his role overseeing the election, he expected that covert influence campaigns by foreign adversaries, similar to Russia’s alleged interference during the 2016 U.S. Presidential race, could be his biggest challenge. But, as Melcer and his colleagues looked more closely into the issues they could face, they realized that the problem was broader than foreign interference. Russia’s campaign in the United States demonstrated that fake personas on social media could influence events. In Israel and elsewhere, political parties and their allies realized that they could use similar techniques to spread anonymous messages on the Internet and on social media to promote their candidates and undermine their rivals. The use of fake online personas has a long history in Israel. In the mid-two-thousands, an Israeli company called Terrogence used them to infiltrate suspected jihadi chat rooms. Later, Terrogence experimented with covertly influencing the jihadis they targeted. More recently, companies in Israel and elsewhere started using fake personas to spread messages on behalf of political parties and their allies.
While the 2019 Knesset elections had some unprecedented cyber issues, future elections will have even more, cyber expert and founder and editor-in-chief of Cybertech Magazine Amir Rapaport says. Speaking to The Jerusalem Post on Wednesday, Rapaport divided the impact of cyber on the elections into three spheres. He said that Israel’s Central Elections Committee, in coordination with the Israel National Cyber Directorate (INCD) and other agencies (the Shin Bet Israel Security Agency is known to have a heavy role), seem to have succeeded in protecting from actual hacking of physical election systems. To that extent, no one has called into question the voter totals produced by the committee based on accusations of a cyber attack. (There are some minor controversies, but not related to the cyber sphere.) Further, some of the dark scenarios to prevent voters from reaching the polling stations, including the hacking of trains and other public transit, did not transpire.
A group of Israel based hackers claimed that just a few days prior to the parliamentary election, they conducted a cyber-attack into the database of Israeli voters. But the officials have dismissed the claims. Israel’s parliamentary election or Knesset election will take place on Tuesday, April 9. But, on Saturday, April 6 the hacking group claimed that they have stolen important information of on millions of Israelis as they successfully broke into the voter registry. Later, the Central Elections Committee of Israel stated that they had no evidence of any cyber breach. As per a Hebrew-language daily newspaper, Hamodia, the authority has dismissed the hackers’ claims and mentioned that the accessed data was from another data leak in 2006. The report also added that there are thousands of hackers around the world and they aim regularly to attack Israel-based web sites.
There has been one theme running through this election almost from the day it was called: Cybersecurity. The past few months have been colored with stories of online influence campaigns, hacking, bots and Internet trolls. It began in November, when the Knesset hadn’t been dissolved yet but election fever was in the air, and The Jerusalem Post uncovered Twitter accounts sending links to falsified websites with outlandish news stories about Israeli politicians. The Foreign Ministry reported some incidents to Twitter and got some of the accounts shut down, but it also sent a warning to journalists, a top target for these scams: “The modes of action to influence the political discourse in Israel are similar to those that were seen in the elections in the United States, the vote on Brexit in the United Kingdom and the elections in France. Their preferred network is Twitter, which is seen as a social media of influencers and opinion leaders.” In January, less than two weeks after the Knesset made the elections official, Shin Bet (Israel Security Agency) chief Nadav Argaman warned about foreign intervention in the election using cyber capabilities, though he did not say which country was interfering and to what end. Many in the political field assumed he was referring to Russia, based on the aforementioned precedents, but Argaman has yet to make a follow-up statement nor has there been any serious evidence of a Russian effort.
As Israel prepares to hold a national election next week, experts say it is vulnerable to the kind of foreign hacks and cyber campaigns that have disrupted the political process in other countries. Prime Minister Benjamin Netanyahu says there is “no country better prepared” to combat election interference. But despite Israel’s thriving tech sector and vaunted security capabilities, experts say its laws are outdated and that Netanyahu’s government hasn’t made cyber threats a priority. Campaigning had just started to ramp up in January when the director of the Shin Bet, Israel’s internal security agency, told a closed audience that a world power had tried to disrupt the April 9 vote. Suspicion fell on Russian operatives, now infamous for their alleged cyber meddling in America’s 2016 presidential race and the Brexit referendum. Soon after, news erupted that Iranian agents had hacked the cellphone of Benny Gantz, a former general who is the main challenger to Netanyahu. Although the breach occurred months before Gantz joined the race, the scandal threatened to derail his campaign, which is largely based on his security credentials.
The discovery of Israel election bots designed to give the illusion of support for prime minister Benjamin Netanyahu ahead of elections next week is the latest example of how cybersecurity has crossed over into the political realm, according to one cybersecurity expert. The Israel election bots, which were uncovered by cyber watchdog the Big Bots Project, identified hundreds of fake Twitter accounts responsible for over 130,000 tweets said to be spreading disinformation about Netanyahu’s opponents. It is, according to Corin Imai, senior security advisor at DomainTools, the latest example of how cybersecurity concerns are posing a threat to democracy. “This campaign is yet the latest demonstration of how the political game has changed,” she said. “Cybersecurity is no longer a matter of protecting enterprises’ digital assets and data, but a responsibility towards the preservation of the democratic process.
Israel: Cybersecurity researchers find security flaws in Likud, Labor party Android apps | The Times of Israel
Researchers at Israeli cybersecurity firm Check Point Software Technologies Ltd. said Wednesday that they had found “serious security breaches” granting access to “highly sensitive personal information” in the Android phone apps of the Likud and Labor parties. “There has been much talk of impact attacks on social networks and we learn more and more about the offensive capabilities of various countries and entities in cyberspace. But we often ignore the factor that allows these attacks — access to sensitive information we share, sometimes without any intention of doing so,” Check Point said in a emailed statement. “Sensitive information such as political opinion, social contacts, demographic data, telephone numbers, and addresses of us and those close to us can be of great help to the various elements operating in cyberspace,” the statement said.
In June 2017, the Knesset Science and Technology Committee devoted a hearing to the cyber threat against Israel’s elections. Experts assured lawmakers that ballots are not under threat because the Central Elections Committee has an independent, closed-circuit system that cannot be hacked. “We decided not to go over to computerized voting, mostly because of what happened in the US presidential election,” an Israeli source close to the elections committee told Al-Monitor. “We would rather count the votes [by hand] at a slower pace, and ascertain that there is no possible infiltration of a computerized system by external elements.”
Israel: Election law ‘screams out’ for update to thwart online abuse, judge warns | The Times of Israel
The chairman of the Central Elections Committee on Thursday appealed to the Israeli media to help protect the April 9 national elections from illicit foreign interference by, among other precautions, refusing to report news from anonymous sources. Supreme Court Judge Hanan Melcer said current election law, which does not extend to digital media the basic transparency requirements that have long been applied to traditional media, “screams out” to be updated. But in the absence of such a change, local media needed to take additional care, Melcer said, to prevent the spread of stories that were unsubstantiated and possibly malicious and false. (The ruling Likud party has to date been preventing the necessary unanimous agreement among existing Knesset parties to extend those requirements voluntarily.) Addressing a press conference at the Knesset called one day before the onset of the 60 day period during which, according to law, the media is banned from facilitating election propaganda, Melcer said journalists should employ their instincts and common sense when it came to any material, notably including survey results, that looked odd.
Israel: Facebook Introduces Election Protection Features to Israel’s Central Elections Committee | CTech
Two months ahead of Israel’s general election, Facebook’s global politics and government outreach director Katie Harbath met Sunday with Israel’s Central Elections Committee, the committee announced Monday. The meeting took place following correspondence between the committee and Facebook concerning the ways in which the social media company is planning to increase transparency ahead of the Israeli election process. In the meeting, Facebook representatives reiterated the company’s plans to launch special features in Israel in March, including the association of political ads with the advertising page, and the launch of a political ad archive. Facebook will also prevent users from posting political ads from outside the country.
Amy Spiro is one of many Israeli journalists who recently received a direct message on her Twitter account linking to a sensational news story. The sender, using the Jewish-sounding name “Bina Melamed”, directed her to a fake story falsely alleging former Israeli defence minister Avigdor Lieberman was a Russian spy. “I just ignored it until I saw a lot of other people were talking about it,” said Spiro, who works for the Jerusalem Post. She avoided falling victim to the ruse, but four Israeli journalists — hoodwinked by the article appearing on a rogue but convincing duplicate of Harvard University’s website — spread the story, before it was exposed.
Israel: Coalition of diplomats, programmers working to beat election cyber bots | The Times of Israel
Numerous Israeli journalists recently received direct messages on their Twitter accounts linking to a sensational news story. The sender, using the Jewish-sounding name “Bina Melamed,” directed them to a fake story falsely alleging former Israeli defense minister Avigdor Lieberman was a Russian spy. Four Israeli journalists — hoodwinked by the article appearing on a rogue but convincing duplicate of Harvard University’s website — spread the story, before it was exposed. Bina Melamed, which turned out to be a fake account operating from Turkey, has become a cause celebre of attempts to propagate fake news in Israel through bots. And cases of cyber sabotage are rising, ahead of April elections.
Twitter suspended 61 accounts linked to foreign fake news manipulation campaigns aimed at the Israeli public, ahead of the April 9 election. The move brings to 343 the number of accounts suspended by Twitter since election was announced last month, Elad Ratson of Israel’s Foreign Affairs Ministry tweeted on Monday. Ratson is the ministry’s director of research and development. The new group of 61 accounts had a total of more than 28,000 followers, and most of them were in English. Meanwhile, Facebook announced in a statement on Monday that it would launch in various countries, including Israel, “additional tools to help prevent foreign interference and make political and issue advertising on Facebook more transparent.” Advertisers will need to be authorized to purchase political ads; Facebook will give people more information about ads related to politics and issues; and it will create a publicly searchable library of these ads for up to seven years, the statement said.
Governments around the world must join forces to detect the sources of foreign cyberattacks aimed at impacting elections and prevent such intervention in the future, Israel Democracy Institute and Hebrew University researchers said Sunday. They spoke after Russian cyberattacks reportedly impacted elections in the US, France and Germany and in the British referendum on exiting the European Union. The researchers from IDI and the Law and Cyber Program at the Federman Center for Cyber Studies at the Hebrew University of Jerusalem spoke at IDI on the subject of cyberattacks and foreign intervention in the April 9 election. They issued recommendations for implementing policies and regulating the chain of command between law enforcement agencies on this issue. The ability of hackers to attack has improved, and it is easier than ever for them to obtain their tools, which makes them even more dangerous,” said former Shin Bet (Israel Security Agency) technological division head Ron Shamir.
As Israeli elections approach, the country’s cyber-security watchdogs are warning about attempts by foreign actors to disrupt and manipulate this essential democratic process. The issue came to the fore earlier in January, when the head of the Shin Bet domestic intelligence agency, Nadav Argaman, reportedly told a closed-door conference that a “foreign state is planning to intervene in the elections. I don’t know at this stage in favor of whom or at whose detriment,” the intelligence chief said, adding, “I know what I’m talking about.” Thought Argaman did not mention it by name, Russia responded days later through a Kremlin spokesman, who stated that Moscow does not intervene in the elections of other countries and even advised others to refrain “from reading the Israeli media.”
Israel: Likud refuses to back rules to block online voter manipulation in elections | The Times of Israel
Days after it was revealed that the Shin Bet security agency has intelligence proving that a foreign country intends to influence the April election via online meddling, the Likud party said on Tuesday that it would block proposed measures to prevent such voter manipulation and similar attempts by Israeli internet operatives. Responding to a plea from the Central Elections Committee chairman, Supreme Court Judge Hanan Melcer, Likud party pushed back against all efforts to apply at least basic transparency standards on online campaigning. That rejection, charged an Israeli expert on internet legislation and election manipulation, appears to signal that Prime Minister Benjamin Netanyahu’s party plans to make use of dubious methods that gained prominence in the 2016 US presidential elections.
Israel: Months before Shin Bet warning, Israeli cyber chief cautioned of election interferene | Haaretz
Israel’s National Cyber Directorate warned that cyber attacks could influence the outcome of the upcoming Israeli election last October, nearly three months prior to a similar statement made by the head of the Shin Bet security service. The threat is the stream of assaults on state facilities, Yigal Unna said at a conference on high tech at the Sha’arei Mishpat Academic Center of Law and Science in Hod Hasharon, which was also attended by Education Minister Naftali Bennett and Israel Defense Forces’ outgoing Chief of Staff Lt. Gen. Gadi Eisenkot.
Israel: Tel Aviv Spy Agency Claims Russia Trying To Interfere In Coming Israeli Elections | Eurasia Review
Despite Russia’s denial of any involvement in the upcoming Israeli elections, with a senior Moscow official saying that people should not read the Israeli media, intelligence sources in Tel Aviv announced there were several indications for such intervention, adding that Israel’s cyber army fended off several attacks. Director of the Shin Bet domestic security service Nadav Argaman discussed the issue, saying security forces were concerned about foreign interference that could affect the Knesset elections’ outcome. Speaking at a Friends of Tel Aviv University conference, Argaman said that a foreign country intended to launch cyber attacks in order to influence Israel’s general elections. The issue is considered an internal matter, however, several journalists attending the conference reported the news, which prompted the military censorship to issue an order banning the publication of Argaman’s statement. The military gag was later lifted when reporters threatened of filing a lawsuit, though the naming of the country in question is still prohibited.
Israel: Admitting flaws, election committee ‘devising plan’ to thwart foreign meddling | The Times of Israel
Israel’s Central Elections Committee said Wednesday that it is devising a detailed plan of action to thwart attempts by foreign countries to meddle in the April 9 Knesset elections, following a reported alert from the head of the Shin Bet security agency that such attempts are being made by a country that cannot be named by orders from the military censor. “Together with security bodies, we learned what happened in other countries and we are devising a plan of action,” the body in charge of organizing the national ballot said in a statement. The statement came a day after reports that Shin Bet chief Nadav Argamon had warned a foreign state “intends to intervene” through cyberattacks in Israel’s elections. The name of the state was gagged by the military censor.
Israel’s Shin Bet security service assured the public Wednesday it was well prepared to thwart any foreign intervention in the country’s upcoming elections, after its director warned a world power was making such efforts. The statement followed reports that Shin Bet chief Nadav Argaman recently told a closed audience that a foreign country was trying to intervene in the April elections and that operatives were trying to meddle via hackers and cyber technology. “The Shin Bet would like to make clear that the state of Israel and the intelligence community have the tools and capabilities to identify, monitor and thwart foreign influence efforts, should there be any,” it said. “The Israeli defense apparatus is able to guarantee democratic and free elections are held in Israel.” Argaman did not say for whose benefit the alleged meddling was being done. Initial reports about his comments were placed under a military gag order that was later lifted, though the naming of the country is question is still prohibited.
It’s Election Day April 9 and you’re told when you come to cast your ballot, “Sorry, you don’t appear on the voter rolls – you can’t vote.” Before that you’ve been deluged by text messages from a candidate, but they’ve been sent by his rivals in the hope you’ll protest the annoyance by voting against. The next day, the Central Elections Committee says it’s having trouble collecting the results. These things may not happen when Israelis go to the polls, but the odds are growing that at least some of them will. More than at any time in the past, Israel’s election system is exposed to a cybersecurity risk during the campaigning, including the process of vote counting. The Israeli cybersecurity company Check Point Software Technologies has crafted a study noting the likely threats based on the experience of other countries’ elections in recent years and suggests steps Israel can take to prevent them.