Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Privacy Software Politics

Personal Data of All 6.5 Million Israeli Voters Is Exposed (nytimes.com) 28

A software flaw exposed the personal data of every eligible voter in Israel -- including full names, addresses and identity card numbers for 6.5 million people -- raising concerns about identity theft and electoral manipulation, three weeks before the country's national election. The New York Times reports: The security lapse was tied to a mobile app used by Prime Minister Benjamin Netanyahu and his Likud party to communicate with voters, offering news and information about the March 2 election. Until it was fixed, the flaw made it possible, without advanced technical skills, to view and download the government's entire voter registry, though it was unclear how many people did so. How the breach occurred remains uncertain, but Israel's Privacy Protection Authority, a unit of the Justice Ministry, said it was looking into the matter -- though it stopped short of announcing a full-fledged investigation. The app's maker, in a statement, played down the potential consequences, describing the leak as a "one-off incident that was immediately dealt with" and saying it had since bolstered the site's security. "Ran Bar-Zik, the programmer who revealed the breach, explained that visitors to the Elector app's website could right-click to 'view source,' an action that reveals the code behind a web page," the report adds.

"That page of code included the user names and passwords of site administrators with access to the voter registry, and using those credentials would allow anyone to view and download the information. Mr. Bar-Zik, a software developer for Verizon Media who wrote the Sunday article in Haaretz, said he chose the name and password of the Likud party administrator and logged in."

The flaw was first reported on Sunday by the newspaper Haaretz.
This discussion has been archived. No new comments can be posted.

Personal Data of All 6.5 Million Israeli Voters Is Exposed

Comments Filter:
  • Paper forever. (Score:5, Interesting)

    by TigerPlish ( 174064 ) on Monday February 10, 2020 @07:28PM (#59713956)

    Jesus fucking christ, none of this can be trusted. Paper! NOW!

    Usually I go "Cockup before conspiracy" but this one's just too fucking much. This is straight-up criminal, if not conspiratorial.

    I'm starting to get the feeling that we are at the rim of a great precipice, and are about to fall down.

    I'm ready. Are you?

    • You're late. We've been in freefall for over a decade.

      • You're late. We've been in freefall for over a decade.

        What can I say, I"m the kind that will pick up on that imperceptible *wrrwrrwrrwrr* of a failing bearing, but will totally *not* see the most obvious of obvious.

        So yea, it's like the boiling frogs thing, only this frog felt the water getting hot about 5 years ago and by last year jumped out of the pot.

    • Depends, are these identity card numbers pretty sensitive, like US Social Security numbers? Because otherwise, name + address is what we used to call a "phone book." (Actually it had phone numbers, too!)
  • by mschaffer ( 97223 ) on Monday February 10, 2020 @07:58PM (#59714048)

    2020 is really shaping up to be the year of the voting app debacle.
    Maybe 2021 can be the year of the Linux desktop.

  • Didn't we just see this article?!?! .....oh, those were Danish, not Israelis. Sorry, I'll just show myself to the door.
    • by Sun ( 104778 )

      Sorry, I'll just show myself to the door

      Confusing Israel with Denmark I can forgive. It's misspelling "Dup" that did it in for me :-)

  • by RhettLivingston ( 544140 ) on Monday February 10, 2020 @11:13PM (#59714524) Journal

    In Florida, "Once filed, with few exceptions, all voter registration information is public record including your name, address, date of birth, party affiliation, phone number and email address." There are many sites that allow you to quickly look up this info on anyone in the state. The full database can also be found and downloaded with just a bit of searching.

    You can also easily go online and find whether someone owns their home, still has a loan, or is renting; all of the construction permits; floor plans; and lots of other info. Our county sheriff's office will gladly perform a record check on anyone for you for free. Records are publicly available on nearly all government meetings. Almost all court proceedings are online for all to see. Etc.

    I've not heard that people have been hurt by this loss of privacy that is due to very strong sunshine laws.

    • Now add social security number / person ID or whatever it is called in your country. I think you have more than enough data to impersonate anyone you like.
    • I'm not Israeli, nor am I Jewish (as three quarters of Israelis are), but I'm told the Jewish are particularly touchy about ways they may be identified, singled out or discriminated against. Can't think why now, but it's definitely a thing - that's why this in particular is news.

      FWIW, voter data is available in my country too - although why you'd put political affiliation on it is beyond me. That seems like too much of a target for abuse. Likewise anything about your finances. Sure we have registers of thos

      • Florida's Jewish population is quite large including many that migrated here from New York. I guess most know what they are getting into before they come, so perhaps that filters out people who care about the issue.

        Personally, I'm against all of the public information. I just don't note it being used for serious crimes very often. I'd guess the most common use is nosy, gossipy neighbors poking their noses into each other's business. I have heard of people being run out of HOA communities by efforts partly i

  • hard to believe that it actually happens in the 21st century.
  • It also includes the result of a poll by the Likud party, asking Likud members to tell their and THEIR FRIENDS' political opinion. This can be an efficient way to discriminate people in the future (although ofcourse, most people are stupid enough to write their political opinion under their real name online).

  • by gibatronic ( 6600532 ) on Tuesday February 11, 2020 @07:19AM (#59715062)
    The security researcher, Ran Bar-Zik, published details on how it happened:
    The ruling party in Israel in primaries election security blunder [linkedin.com]
    • by nt8d09 ( 3638509 )
      THIS needs to go to the top of the thread!! the NY Times article, and initial post are WAY off. This Linkedin writeup is MUCH more damaging.
  • Another hack was discovered, this time containing metadata like "A senile woman, just put a note in her hand" or "An undercover from the other party, ban from all groups".

Only great masters of style can succeed in being obtuse. -- Oscar Wilde Most UNIX programmers are great masters of style. -- The Unnamed Usenetter

Working...