some more jewish humor, thoroughly unintended by them, ha ha

Security Flaw In Israeli Propaganda App Exposed User Emails
Mattathias Schwartz, Intercept, Jun 30 2017

“Starting today, you are going to tell the whole world the real truth about Israel”
– Israeli model Yityish Aynaw promoting Act.il

A propaganda app connected to the Israeli government failed to include basic privacy and security protections, putting the email addresses of at least 1,900 of the Israeli government’s most ardent supporters at risk. The vulnerabilities in the app, called Act.il, were discovered by an independent security researcher, who disclosed the flaws to the Intercept. Act.il has been touted for months by Israel’s Ministry of Strategic Affairs. It was funded by three non-profit partners: Maccabee Task Force, a pro-Israel campus group; the IAC (Sheldon Adelson again – RB); and IDC Herzliya. All three organizations receive substantial funding from Sheldon Adelson, who has poured money into right-wing pro-Israel causes and Donald Trump’s presidential campaign. The security researcher said:

I was shocked to find that email addresses for users were being shared across the Internet whenever a search is performed.

The researcher provided the Intercept with a list of email addresses gleaned from Act.il’s users as well as proof that anyone with rudimentary programming skills could obtain the same information by watching the app’s network traffic. The Intercept informed Rallyware, the app’s developer, of the vulnerability last week and provided additional details on Jun 25. On Jun 28, Rallyware acknowledged by email that they had changed the app in response to The Intercept’s inquiry. Rallyware wrote:

Due to the open community nature of the Act.il app, certain user information was shared among community members. As your initial question suggested an opportunity for abuse of that feature, we have since limited this functionality.

The security researcher who first discovered the vulnerability agreed that it had been “patched.” The security flaws allowed users to gain access to other users’ information. Anyone can see the names and avatars of Act.il users by creating an account and logging into the app. But user email addresses, which appear to be private, can be easily collected through the app’s public-facing interface. A somewhat similar vulnerability led to the exposure of email addresses of more than 100,000 early iPad buyers in 2010. Act.il is part of an attempt to muster a reliable corps of sayanim to spread pro-government messages. But not everyone on the app was a mere volunteer. A review by the Intercept of the email addresses that became available through the security flaws suggested that dozens of Act.il’s earliest users have email addresses connected to organizations that funded or developed the app. That means Act.il, which purports to be a grassroots campaign, was essentially seeded with paid activists. Available in both Hebrew and English, Act.il awards users badges and points for completing “missions,” otherwise tasks or assignments that involve spreading news stories and other messages through social media. Most promote positions taken by Netanyahu’s government and focus on pushing back against the BDS movement. According to another Haaretz report, Gilad Erdan has attempted to set up an internal government database to track Israeli supporters of the BDS movement. One recent Act.il mission required users to report to Facebook moderators an anti-Semitic caricature, a skull-faced woman with a Star of David on her chest, squatting on a globe and nursing the devil. Others told users to retweet specific reports. One assignment highlighted Israeli counter-terrorism cooperation with Britain. Another called on participants to promote a media story that Warren Buffett was going to push private investors to buy Israeli bonds. A skeptical report on the campaign from Haaretz pointed out that Act.il gave a slanted label to an in-depth al-Jazeera video on the “two-state solution,” calling it “demonization and incitement.” The security researcher told the Intercept that Act.il’s leakage of personal information reflects badly on the claim that the app’s claim to help protect the state of Israel.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s