'I'll be destroyed if my family sees my intimate messages'

Hackers demand $1 million to halt their leak of user info from Israeli LGBT site

Black Shadow group, believed to be criminally motivated Iranians, demands digital ransom within 48 hours; HIV status of some users of dating site already posted online

Illustrative -- The annual Pride parade in central Jerusalem on August 3, 2017 (Nati Shohat/Flash90)
Illustrative -- The annual Pride parade in central Jerusalem on August 3, 2017 (Nati Shohat/Flash90)

Hackers believed to be linked to Iran demanded on Sunday a ransom payment of $1 million in digital currency to stop the online leak of personal information from an Israeli LGBT site.

The Black Shadow hacking group said in a statement released through the Telegram messaging app that it was “looking for money” and would not leak further information if the ransom was paid within 48 hours.

The group said the database of the Atraf website, a geo-located dating service and nightlife index whose app and website are popular in the Israeli LGBT community, contained information on some one million people.

“If we have $1 million in our [digital] wallet in the next 48 hours, we will not leak this information and also we will not sell it to anybody. This is the best thing we can do,” the hacking group said, noting it was in possession of users’ chat content, as well as event ticket and purchasing information.

The hackers said that they had not been contacted by anybody in the Israeli government or Cyberserve, the Israeli internet hosting company they breached on Friday, taking down several of its sites including Atraf.

The hackers said the lack of contact showed it was “obvious [the hack] is not an important problem for them.”

Participants fly an Israeli and pride flag at demonstration in Tel Aviv on July 22, 2018 (AFP PHOTO / JACK GUEZ)

The names of some Atraf users and their locations have already been posted online, as well as the HIV status that some users had put on their profiles.

The Israel AIDS task force told the Walla news site in a statement that they were deeply concerned by the news.

“The thought that a person’s HIV positive status can be revealed not by their choice worries us very much,” the task force said.

“For many people this is sensitive information, that, if exposed, could raise concerns and cause anxiety,” the organization said, calling on the public not to further disseminate any personal information revealed in the leak.

In this June 19, 2017, file photo, a person types on a laptop keyboard (AP Photo/Elise Amendola, File)

The data leak has also worried those who have not publicly disclosed their sexual orientation or gender identification.

One person, named only as “A,” told Walla that it would “destroy” them if intimate information and photos were to leak online.

“Ever since I heard about this hack, I can’t stop thinking about it. I have intimate pictures and sexual correspondence on there, and it would destroy me if they ever reached my family,” they said. “I surf the site and buy party tickets from there also, so as well as the disturbing part about being [outed], there is also the matter of my credit card and identity details. It’s just scary.”

The hackers said the information leaked online so far represented just 1 percent of the data acquired in the breach.

The cyberattack also hit websites including of Israeli public transportation companies Dan and Kavim, a children’s museum and public radio online blog, with the sites still available to users by midday Sunday. The attack also targeted the tourism company Pegasus, and Doctor Ticket, a service that could have sensitive medical data, according to Hebrew media.

This Feb 23, 2019, file photo shows the inside of a computer (AP Photo/Jenny Kane, File)

Black Shadow claimed responsibility for the attack and published what it said was client data, including the names, email addresses and phone numbers of Kavim clients, on the Telegram messaging app.

Hours later, the group said it had not been contacted by authorities or Cyberserve, so it released another trove of information, including what it said was data pertaining to clients of the Dan transportation company and a travel agency.

Israeli media said Black Shadow is a group of Iran-linked hackers who use cyberattacks for criminal ends.

The group breached Israel’s Shirbit insurance firm in December last year, stealing data. It demanded a $1 million ransom and began leaking the information when the firm refused to pay.

The new attack comes after an unprecedented, unclaimed cyberattack wrought havoc on Iran’s gas distribution system this week, which Tehran officials have blamed on Israel and the United States.

Iran and Israel have been engaged in a so-called “shadow war,” including several reported attacks on Israeli and Iranian ships that the two have blamed on each other, as well as cyberattacks.

In 2010 the Stuxnet virus — believed to have been engineered by Israel and its ally the US — infected Iran’s nuclear program, causing a series of breakdowns in centrifuges used to enrich uranium.

read more:
Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed