Thursday, February 2nd | 12 Shevat 5783

November 10, 2021 9:07 am

Latest Iranian Cyber-Attack Shows the Growing Threat to Israel

× [contact-form-7 404 "Not Found"]

avatar by Doron Tamir


Iranian cybersecurity experts and members of Certfa Nariman Gharib (L) and Amin Sabeti check their messages as they work from their office in London, Britain January 7, 2020. Picture taken January 7, 2020. Photo: REUTERS/Raphael Satter.

The recent cyber-attack by the Black Shadow hacking group on Israeli websites — among them the LGBT dating application Atraf, which was subject to a ransom demand and then a leak of account usernames when that demand wasn’t met — could be part of a larger Iranian cyber attrition campaign.

It is important to clarify what precisely was targeted in this attack, and why the lack of an official cyber law in Israel is generating confusion over the division of labor regarding data protection in the vulnerable private sector.

In the cyber world, Internet service providers (ISPs) like NetVision, whose servers are used by the company that created Atraf’s website, are similar to a hotel or pizza franchise: The ISP “rents” out its servers, enabling others to host their websites on them to create a logistical communications infrastructure.

Next in the cyber chain are the companies that create websites and applications — in this case, a company called CyberServe.

Related coverage

February 2, 2023 11:36 am

UC Berkeley Should Stand Up for Jewish Students Like Me

Last November, two lawyers filed a civil rights inquiry against the UC Berkeley School of Law with the Federal government....

CyberServe was the target of Black Shadow’s attack. These types of companies build websites according to the tailored needs of clients, and host them on its servers.

Clients who request such websites — be they dating websites or motorcycle stores — often don’t understand the cyber world, and therefore turn to companies to outsource their online needs.

Black Shadow conducted a double infiltration in this incident: Firstly, of CyberServe’s servers; and secondly, of Atraf’s apps and websites (as well as other Israeli websites).

CyberServe provided the “structure” for Atraf, and it was CyberServe’s servers that were infiltrated, meaning that the Internet service provider, NetVision, is not responsible for the situation.

This highlights a real problem when it comes to cyber security in Israel. Despite Israel being the “start-up nation” and a world leader in cyber technology, the country’s private sector lacks clear directives on how to set up fortified cyber defenses.

Just as a doctor can’t legally obligate someone to be vaccinated, the same is true regarding private sector entities and cyber defense. When Israel set up its National Cyber Security Authority, it began supplying lots of advisory material to the private sector, but none of it was binding.

Similarly, the Justice Ministry’s Law, Information and Technology Authority, which even has the power to raid homes in connection with cyber-crime investigations, does not have enforcement capability when it comes to private cyber defenses.

Ultimately, this means that chaos characterizes private sector cyber defense in Israel — and only a cyber law can address this problem adequately.

In Israel, cyber security is more in oral law format than written law. As a result, it is not totally clear who is responsible for enforcing cyber security standards. The Israeli National Cyber Security Authority can define strategy, policy, budgets, objectives, and desirable levels of protection — but it cannot deal with each individual company or business organization. This creates gaps that can be exploited by malicious actors.

The ability to break into tens of thousands of private accounts on a dating site is a terrible breach of privacy. It does not require hugely sophisticated capabilities, but rather the ability to exploit standard weaknesses. Unlike the cyber-attack on Israel’s Hillel Yaffe hospital, which involved the encryption of the hospital’s website, this latest attack was much less sophisticated.

Attackers breached a company whose job is to defend its customers. Now CyberServe is facing collective legal action and its chances of winning in court are not high. Still, CyberServe could argue, based on the absence of a cyber security law, that the company is not legally responsible for security.

As for the perpetrators, it is reasonable to assume that Black Shadow is an Iranian cyber group, which, like other such groups, operates under Iranian supervision. This won’t lead to a collapse of the Jewish state, but it will disturb it. Such incidents also harm Israel’s image as a cyber power.

Now the most important mission is to track the incident back forensically and identify the attackers. This is a difficult process with its own operational doctrine. It is a major headache and one that not all companies have the ability to undertake.

Clear legislation is needed that will stipulate what web service providers must deliver for their clients. Not every company needs nuclear power plant-level cyber defenses, but between that and having no defense in place, there is a large spectrum of security solutions.

The question of how much each company is willing to pay for this capability boils down to a question of cost-benefit considerations. As time goes by, increasing numbers of companies will realize, as banks already have, that a percentage of their income must go to cyber security, because the cost of failure is far higher.

The latest attack on an LGBT dating application is not an attack that can bring down a state. But it is another “cut” in a wider Iranian strategy of “a thousand cuts” that is designed to harm Israel.

On the other hand, when compared to the cyber strike on gas stations around Iran — which some reports have attributed to Israel — it would seem that the two countries do not have equal cyber offensive capabilities and are not even in the same league.

Brig. Gen Doron Tamir (IDF, Ret.) is a publishing Expert at The MirYam Institute. Doron served for over two decades in the Intelligence Corps and special forces, and as the Chief Intelligence Officer in the Israeli military, where he commanded numerous military units in all aspects of the intelligence field.

The MirYam Institute is the leading international forum for Israel-focused discussion, dialogue, and debate, focused on campus presentations, engagement with international legislators, and gold-standard trips to the State of Israel. Follow their work at

The opinions presented by Algemeiner bloggers are solely theirs and do not represent those of The Algemeiner, its publishers or editors. If you would like to share your views with a blog post on The Algemeiner, please be in touch through our Contact page.

Share this Story: Share On Facebook Share On Twitter

Let your voice be heard!

Join the Algemeiner

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.