Israeli officials are investigating a recent cyber-attack that resulted in the theft and exposure of thousands of credit card numbers belonging to Israeli citizens.
The attack was a “breach of sovereignty comparable to a terrorist operation, and must be treated as such,” deputy foreign minister Danny Ayalon told BBC.
An individual using the name 0xOmar leaked details of thousands of credit card numbers online, according to a Jan. 2 statement on PasteBay. 0xOmar claimed to be affiliated with Group-xp, a known hacking group based in Saudi Arabia. Israel’s data protection agency is investigating the incident and is considering asking Interpol for assistance, Yoram Hacohen, head of Israel’s data protection agency, told the Associated Press Jan. 6.
The stolen information came from multiple Israeli sites and supposedly contained names, addresses, Israeli ID numbers, phone numbers and credit card information, including expiration dates and three-digit security codes. Furthermore, 0xOmar claimed to have collected information on almost 1 million people and said he would publish it all.
“Israel has active capabilities for striking at those who are trying to harm it, and no agency or hacker will be immune from retaliatory action,” Ayalon told BBC.
National governments have been considering ways to retaliate against those who commit cyber-attacks. Early last week, reports emerged that the Japanese government had contracted with Fujitsu to develop what was described as a “good virus” that was capable of seeking out computers behind a cyber-attack and disabling them from conducting further attacks.
In November, the United States Department of Defense explicitly stated that it has the right to retaliate with military force and launch a physical attack in the event of a cyber-attack against defense systems. The threat of military action would deter people who think they can carry out “significant cyber-attacks directed against the U.S. economy, government or military,” the Pentagon wrote in a 12-page report to Congress.
The House and Senate agreed, giving the U.S. military the power to conduct “offensive” strikes online, including clandestine attacks, according to a provision in the military’s 2012 funding bill. Both houses have already passed their versions of the funding bill and are expected to approve the “conference” bill, which reconciles the two versions into a single bill.
“Congress affirms that the Department of Defense has the capability, and upon direction by the president may conduct offensive operations in cyber-space to defend our nation, allies and interests,” according to the reconciled bill.
The United Kingdom also discussed improving its military’s defense capabilities without actually committing to use military force in its Cyber-Security Strategy released in November.
While 0xOmar claimed to have disclosed information belonging to about 400,000 Israelis, the Bank of Israel’s banking supervision department said Jan. 3 that only 15,000 active accounts had been exposed. Another 11,000 credit card numbers were dumped online Jan. 5, but credit card companies claimed only about 6,000 of those accounts were active.
“The credit card companies reported that they have identified the cards of the customers whose details were exposed on the Internet, and the cards have been blocked for use in Internet purchases and telephone purchases,” according to the Bank of Israel statement.
There are reports that 0xOmar is a 19-year-old person who is currently in Mexico.