7 months after Iran-backed cyberattack, temporary fix puts state archives back online

In November, hackers perpetrated a ‘sophisticated and destructive’ assault and stole user data, putting protected materials at risk; more secure website planned for later this year

Gavriel Fiske is a reporter at The Times of Israel

Illustrative photo of documents stored at the Israel State Archives in Jerusalem. (Yonatan Sindel/Flash90)
Illustrative photo of documents stored at the Israel State Archives in Jerusalem. (Yonatan Sindel/Flash90)

Seven months after its website was breached and taken offline by a cyberattack in November, the Israel State Archives last week implemented a “temporary site” that enables users to once again search for and view archived materials.

A new and more robust website is planned to go online by the end of 2024, archive officials told The Times of Israel this week.

The cyberattack, claimed by the pro-Palestinian, Iranian-backed hacker group Cyber Toufan, targeted multiple Israeli government sites, including a web hosting company used by the archive, and saw the personal details of thousands of archive users stolen.

The Jerusalem-based archive houses the official documents of Israel’s governments, ministries, the IDF and security forces. It contains over 400 million items, including sensitive documents not yet released to the public.

In March, National Cyber Directorate acting director Nir Bar Yosef, speaking at a Knesset committee meeting on the archive website, said the November attack had been a “very sophisticated and destructive” assault that, due to the outdated infrastructure of the old archive website, put “all protected materials” on the site at risk, Haaretz reported.

Established in 1949, the archive contains photographs, videos, audio recordings, maps, stamps and other historical items, in addition to documents. The archive began digitizing its contents in 2004.

However, in a statement to The Times of Israel, archive officials said that because “the archive’s digital content is managed on an internal network” and the website contained only copies of the original digitized files, the site contents were “not in danger as a result of the hack.”

Workers seen at the Israel State Archives in Jerusalem on September 3, 2012. (Yonatan Sindel/Flash90)

The physical records themselves were not at all endangered by the episode, the archive statement said.

The temporary site, which is available only in Hebrew and does not yet work on mobile devices, has “almost complete” functionality. In the meantime, the archive is receiving tenders to find a supplier to build a completely new site with enhanced security features, the archive said.

“Phase A will be completed by the end of the year, and will contain everything available on the previous site. Phase B is expected to be completed by the end of Q2/2025, and will include additions,” the statement said.

One of these additions is the implementation of a “personal area,” where users will log into the site with a username and password. Previously, queries and requests to the archive were handled through a simple, open web form. It was this database of queries that was accessed by Cyber Toufan to steal personal information about the site’s users.

Instead of a third-party website host, the new archive website will use “Nimbus infrastructure,” a government-run cloud project, and will have “additional, advanced protections,” the archive statement said.

Working towards a ‘cyber dome’

Following the November breach, Cyber Toufan said in a statement, “As we humiliated your government, intelligence and army on October the 7th, today we humiliate you in the domain of cyber… We have completely destroyed over 1,000 of your servers and critical databases, after spending weeks exfiltrating all of the data and distributing it to our Mujahideen for their upcoming operations.”

October 7 saw thousands of Hamas terrorists break through Israel’s security around the Gaza Strip and rampage through southern Israel, butchering some 1,200 people, mostly civilians, and taking over 250 as hostages back to Gaza. The subsequent Israel-Hamas conflict has been ongoing and has caused a marked increase in cyberattacks against Israeli targets.

In April, National Cyber Directorate head Gaby Portnoy, speaking at a conference in Tel Aviv, said that attacks by Iranian and Hezbollah-linked groups had tripled since the beginning of the war but had failed to cause significant damage.

Portnoy disclosed that the Islamic Republic’s Intelligence Ministry has civilian proxies conducting cyberattacks against Israeli targets under the guise of a tech company, working from an office building in the heart of Tehran. The civilian hacking squad affiliated with the Iranian Intelligence Ministry and the Hezbollah-linked group, Lebanese Cedar, was behind a cyberattack on Ziv Medical Center in the northern Israeli city of Safed, also in November.

Brig.-Gen. (ret.) Gaby Portnoy, Director General of the Israel National Cyber Directorate holds a press conference with Israeli Minister of Communications Yoaz Hendel (unseen) in Tel Aviv, May 2, 2022. (Avshalom Sassoni/Flash90)

The cyberattack failed to disrupt the hospital’s operations, but the hacking group managed to extract sensitive medical information.

In May, it was announced that the government was building what it called a “cyber dome,” a play on the Iron Dome missile defense, to better defend the country against online attacks.

Israel and Iran have engaged in various forms of cyber warfare for many years, with both countries maintaining a policy of ambiguity about the issue.

People wait at a gas station in Tehran on December 18, 2023, as fuel distribution across 70 percent of Iran’s gas stations was disrupted due to a ‘possible sabotage,’ state media reported. (Atta Kenare/AFP)

Iran has seen a series of cyber attacks against various government infrastructures in recent years, and the US and Israel were allegedly behind the Stuxnet virus, which disrupted Iran’s nuclear facilities beginning in 2010.

In December of last year, Iran’s petrol stations were hit by a cyber attack allegedly launched from Israel, which temporarily shut down up to 70 percent of Iran’s gas stations.

The group that claimed responsibility for that attack, and others against targets in Iran, is believed to be linked to the Israeli Military Intelligence Directorate, and said at the time that the attack was a “response to the aggression of the Islamic Republic and its proxies in the region.”

Sharon Wrobel and ToI Staff contributed to this report.

Most Popular
read more: