Personal Data of All 6.5 Million Israeli Voters Is Exposed

A software flaw exposed the personal data of every eligible voter in Israel -- including full names, addresses and identity card numbers for 6.5 million people -- raising concerns about identity theft and electoral manipulation, three weeks before the country's national election. The New York Times reports: The security lapse was tied to a mobile app used by Prime Minister Benjamin Netanyahu and his Likud party to communicate with voters, offering news and information about the March 2 election. Until it was fixed, the flaw made it possible, without advanced technical skills, to view and download the government's entire voter registry, though it was unclear how many people did so. How the breach occurred remains uncertain, but Israel's Privacy Protection Authority, a unit of the Justice Ministry, said it was looking into the matter -- though it stopped short of announcing a full-fledged investigation. The app's maker, in a statement, played down the potential consequences, describing the leak as a "one-off incident that was immediately dealt with" and saying it had since bolstered the site's security. "Ran Bar-Zik, the programmer who revealed the breach, explained that visitors to the Elector app's website could right-click to 'view source,' an action that reveals the code behind a web page," the report adds.

"That page of code included the user names and passwords of site administrators with access to the voter registry, and using those credentials would allow anyone to view and download the information. Mr. Bar-Zik, a software developer for Verizon Media who wrote the Sunday article in Haaretz, said he chose the name and password of the Likud party administrator and logged in."

The flaw was first reported on Sunday by the newspaper Haaretz.

Re:

[iggymanz]

72% would be Jewish, 17% muslim, 2% Druze, 2% Christian....

Paper forever.

[TigerPlish]

Jesus fucking christ, none of this can be trusted. Paper! NOW!

Usually I go "Cockup before conspiracy" but this one's just too fucking much. This is straight-up criminal, if not conspiratorial.

I'm starting to get the feeling that we are at the rim of a great precipice, and are about to fall down.

I'm ready. Are you?

Re:

[TigerPlish]

Are you saying there's only a certain level of incompetence you can believe in, and beyond that it must be a conspiracy?

Yea. That's the gist of it. Yep, I'm aware of true eye-poppingly bad tech / engineering / architecture, and stuff like this, especially anywhere near the subject of elections, reeks of shenanigans.

Even with paper... lemme tell ya a little story: It's the people that count, that count. 1980, Puerto Rico, general elections.. the incumbent - a real rat that had bodies to his name - was down, the challenger (who was guv the term before this one) was up. Then a power outage! The signature move of shenanig

Re:

[Narcocide]

I don't follow your logic. Are you implying that incompetence and conspiracy are somehow polarizing forces, or self-segregating categories of opposites? I've always known conspiracy and incompetence to go hand-in-hand.

Re:

[Narcocide]

Mabye you should double-check that Occam's Razor actually applies here... you seem to be of the minority opinion here currently, at least.

Conspiracy / incompenetnce logic

[Errol backfiring]

Well yes. At some points making so many mistakes working together can no longer be a coincidence. Keeping all these non-necessary data together (any sensible program would only need a disconnected, possibly regularly updated, subset) AND then leaking that data could easily smell of malice.

Re:

[Narcocide]

You're late. We've been in freefall for over a decade.

Re:

[TigerPlish]

You're late. We've been in freefall for over a decade.

What can I say, I"m the kind that will pick up on that imperceptible *wrrwrrwrrwrr* of a failing bearing, but will totally *not* see the most obvious of obvious.

So yea, it's like the boiling frogs thing, only this frog felt the water getting hot about 5 years ago and by last year jumped out of the pot.

Re:

[timeOday]

Depends, are these identity card numbers pretty sensitive, like US Social Security numbers? Because otherwise, name + address is what we used to call a "phone book." (Actually it had phone numbers, too!)

2020: year of the voting app debacle

[mschaffer]

2020 is really shaping up to be the year of the voting app debacle.
Maybe 2021 can be the year of the Linux desktop.

Dupe!

[kenai_alpenglow]

Didn't we just see this article?!?! .....oh, those were Danish, not Israelis. Sorry, I'll just show myself to the door.

Re:

[Sun]

Sorry, I'll just show myself to the door

Confusing Israel with Denmark I can forgive. It's misspelling "Dup" that did it in for me :-)

In Florida, this info is public

[RhettLivingston]

In Florida, "Once filed, with few exceptions, all voter registration information is public record including your name, address, date of birth, party affiliation, phone number and email address." There are many sites that allow you to quickly look up this info on anyone in the state. The full database can also be found and downloaded with just a bit of searching.

You can also easily go online and find whether someone owns their home, still has a loan, or is renting; all of the construction permits; floor plans; and lots of other info. Our county sheriff's office will gladly perform a record check on anyone for you for free. Records are publicly available on nearly all government meetings. Almost all court proceedings are online for all to see. Etc.

I've not heard that people have been hurt by this loss of privacy that is due to very strong sunshine laws.

Re:

[Errol backfiring]

Now add social security number / person ID or whatever it is called in your country. I think you have more than enough data to impersonate anyone you like.

Re:

[coofercat]

I'm not Israeli, nor am I Jewish (as three quarters of Israelis are), but I'm told the Jewish are particularly touchy about ways they may be identified, singled out or discriminated against. Can't think why now, but it's definitely a thing - that's why this in particular is news.

FWIW, voter data is available in my country too - although why you'd put political affiliation on it is beyond me. That seems like too much of a target for abuse. Likewise anything about your finances. Sure we have registers of thos

Re:

[RhettLivingston]

Florida's Jewish population is quite large including many that migrated here from New York. I guess most know what they are getting into before they come, so perhaps that filters out people who care about the issue.

Personally, I'm against all of the public information. I just don't note it being used for serious crimes very often. I'd guess the most common use is nosy, gossipy neighbors poking their noses into each other's business. I have heard of people being run out of HOA communities by efforts partly i

why?

[drinksturtle]

hard to believe that it actually happens in the 21st century.

Actually worse

[lucasnate1]

It also includes the result of a poll by the Likud party, asking Likud members to tell their and THEIR FRIENDS' political opinion. This can be an efficient way to discriminate people in the future (although ofcourse, most people are stupid enough to write their political opinion under their real name online).

More technical information

[gibatronic]

The security researcher, Ran Bar-Zik, published details on how it happened:
The ruling party in Israel in primaries election security blunder [linkedin.com]

Re:

[nt8d09]

THIS needs to go to the top of the thread!! the NY Times article, and initial post are WAY off. This Linkedin writeup is MUCH more damaging.

Just happened again, one week later.

[lucasnate1]

Another hack was discovered, this time containing metadata like "A senile woman, just put a note in her hand" or "An undercover from the other party, ban from all groups".