Yet another vulnerability in Israel’s ruling Likud party’s digital system has leaked the country’s voter registry for the third time in just two weeks. The breach was fixed after Likud was approached by Calcalist.
In the two previous occasions in which the registry was leaked since February 10, the breach
originated from a campaign management app used by Likud and developed by Elector Software Ltd. This time, the breach was detected in Likud’s own website and is unrelated to Elector.
The breach, reported by an anonymous source to CyberCyber, a data security podcast hosted by Ido Kenan and activist hacker Noam Rotem, allowed anyone to type a URL belonging to Likud’s servers and add the ID number of any Israeli citizen with a right to vote to gain access to their personal information. A hacker effectively only needed a simple algorithm to systematically input possible ID number combinations and gain access to the private information of 6.5 million voters.
With such a series of failures catastrophically compromising the privacy of all of Israel’s citizens, it is now clear that there is no state body willing to stand up to the ruling party and make it stop negligently giving away citizens’ private data to anyone with a browser, Rotem said in an interview with Calcalist.
Responding to Calcalist’s request for comment, a spokesperson for Likud initially suggested contacting Elector. Once Calcalist explained it was a breach unrelated to Elector, the party refused to comment. Likud sent a later statement saying the party’s websites are being systematically targeted by criminals looking to hurt Likud and the election process. “Likud has filed another complaint with the police and is looking forward to its swift action to apprehend the criminals,” the spokesperson said.