A group of hackers linked to Iran started leaking Tuesday what they claimed are private messages and information from a popular gay dating app in Israel.
The hackers, known as Black Shadow, said they were posting personal information from users of the app Atraf because the $1 million digital-currency ransom demand they made on Sunday had gone unmet, according to The Jerusalem Post.
’48 hours ended! Nobody send us money,’ Black Shadow purportedly posted on Telegram. ‘This is not the end, we have more plan.’
The group initially hacked into CyberServe, the Israeli internet hosting company that hosts servers for Atraf and other sites.
The hackers posted purported screenshots showing a representative agreeing to pay $500,000 to the blackmailers, though CyberServe has denied negotiating with Black Shadow.
By Tuesday evening, Black Shadow had also leaked detailed medical records from an Israeli hospital.
Black Shadow, a hacker collective with links to Iran, has begun leaking personal information belonging to users of Atraf, a popular Israeli gay dating site. The leak started Tuesday after the cyber attackers’ $1 million wasn’t met
Atraf, Hebrew slang for ‘craziness,’ launched in 2002 as a Tel Aviv-based gay website and now includes an app that offers geolocation-based dating and a nightlife index.
It’s become something of the default dating site for gay Israelis: the company claims some 3 million messages are sent by 250,000 active users each day. Members can also purchase tickets to parties and other events.
As the ransom deadline passed on Tuesday, Black Shadow uploaded dating-app info, including chats and ticket purchases, and threatened to out closeted celebrities.
‘Atraf’s team did not contact us for any deal’s yet so we collected 50 famous Israeli that were surfing and we leak their videos,’ the hackers threatened on Telegram, according to The Times of Israel.
The Atraf app and website are down and developers did not immediately respond to inquiries from DailyMail.com.
The group initially hacked into CyberServe, the Israeli internet hosting company that hosts servers for Atraf and other sites, including two bus companies, a children’s museum and a tour-booking firm
Atraf claims some 3 million messages are sent by 250,000 active users each day on its app. Both the app and Atraf website are down as a result of the cyberattack
‘We still don’t know what they have,’ one user posted on Facebook. ‘Pictures? Correspondence? Credit details? Phone numbers? Mail and home addresses? What did they manage to take?’
While Israel is far more LGBTQ-friendly than its Middle Eastern neighbors, some Atraf members are worried family members and friends learning about their sexual orientation, kinks or even their HIV status.
‘It’s awful to break into my personal space and threaten to reveal my correspondence and pictures,’ One closeted twentysomething from Tel Aviv told Ynet News.
‘My family and friends know nothing [about my being gay],’ he added. ‘It’s very problematic for me, and I’m really helpless these days and do not know what to do.’
Black Shadow screenshots of what it said were negotiations over the ransom on Telegram, though its not clear who the hackers are interacting with. CyberServe has denied negotiating with Black Shadow
In an alleged Telegram conversation posted by Black Shadow, the hackers push back against a $500,000 ransom offer
As the ransom deadline passed on Tuesday, Black Shadow uploaded dating-app info, including chats and ticket purchases, and threatened to out closeted celebrities. Pictured: Revelers at Tel Aviv Pride in 2019
Yoram Hacohen, head of the Israel Internet Association, told Ynet it was ‘one of the most serious attacks on privacy that Israel has ever seen.’
This is terrorism in every sense and the focus now must be on minimizing the damage and suppressing the distribution of the information as much as possible,’ Hacohen said.
In a translated series of messages on Facebook, Atraf said it quickly contacted government authorities as soon as it was made aware of the blackmail plot.
‘We alerted the authorities in the state of Israel about the intention of the hackers to publish the records, and asked for the immediate removal of the Telegram accounts,’ it wrote.
‘The motive of the terrorist group is not economic but national, so we are following the directives of the [National Cyber Directorate].’
The company recommended users report any suspicious turn to law enforcement and avoid direct contact ‘with the Iranian attack group.’
‘Since this is a nationalist terrorist group that does not prevent a monetary motive, it is estimated that any details to them will be exploited for bad morals,’ the post read.
Hours after releasing the Atraf data, Black Shadow leaked detailed information on blood tests, CT scans, gynecology appointments, vaccinations and more for some 290,000 patients at Machon Mor medical institute in Bene Beraq
Hours after releasing the Atraf data, Black Shadow leaked detailed information on blood tests, CT scans, gynecology appointments, vaccinations and more for some 290,000 patients at Machon Mor medical institute in Bene Beraq, YNet reported.
WHAT IS RANSOMWARE?
Cybercriminals use ‘blockers’ to stop their victim accessing their device.
This may include a mesage telling them this is due to ‘illegal content’ such as porn being identified on their device.
Anyone who has accessed porn online is probably less likely to take the matter up with law enforcement.
Hackers then ask for money to be paid, often in the form of Bitcoins or other untraceable cryptocurrencies, for the block to be removed.
In May 2017, a massive ransomware virus attack called WannaCry spread to the computer systems of hundreds of private companies and public organisations across the globe.
The ransomware attack hit other CyberServe clients, according to The Jerusalem Post, including a children’s museum, a public broadcasting company, tour booker Pegasus, and Israeli bus companies Kavim and Dan — shutting down their sites and leaking data related to their clients.
At one point, claiming it had not been contacted by CyberServe or the Israeli government, Black Shadow said the silence meant it was ‘obvious [the hack] is not an important problem for them.’
Google has blocked sites related to Black Shadow, the Israeli Ministry of Justice said in a statement on Tuesday, and Telegram had also removed accounts related to the cyberattack gang.
Last week, the Iranian government blamed Israel and the US for a cyberattack that forced gas stations across the regime to shut down.
‘We are still unable to say forensically, but analytically I believe it was carried out by the Zionist regime, the Americans and their agents,’ Iran’s Civil Defense Organization leader, Gholamreza Jalali, told state TV.
In March, Black Shadow hacked the servers of KLS Capital, an Israeli car-financing firm, and demanded $570,000 in Bitcoin in return for not uploading customer data. (KLS did not meet their demands.)
Last December, the group took credit for infiltrating servers for Israel’s Shirbit insurance firm.
When the company refused to pay its million-dollar ransom, it began leaking client information, according to Haaretz.