The Israeli Law, Information and Technology Authority (ILITA), the country’s data protection authority, says it has cracked the case of who stole the country’s entire population registry in 2006.
The registry, which contains data including names and addresses, immigration details and family ties of 9 million Israeli was stolen in 2006 and was leaked onto the Internet.
A police investigation in 2008 failed to identify any culprits. ILITA launched its own ‘undercover’ investigation in 2009, and this week announced that it has "cracked the case".
The investigation found that a contractor working for the Ministry of Welfare and Social Services downloaded the registry to his home computer. The contractor passed the data onto a third party, and it fell into the hands of a software developer who built an application, named Agron 2006, for querying the database.
This application was then obtained by a hacker, who distributed it via peer-to-peer networks and even set up a website to promote its use. This hacker used "sophisticated means, such as proxy servers and purging of traces on his computer, to conceal his identity and try to evade Israeli jurisdiction".
Six people have been arrested following the investigation, including the contractor who originally downloaded the data and the hacker who disseminated it on the Internet.
"This was one of the most intricate and complex computer offences investigation ever conducted in Israel, and the first to exclusively deal with the use and disclosure of personal data," ILITA revealed this week. "The investigators used ILITA’s Forensic Lab to collect and analyze electronic evidence on various devices, such as hard disks, CDs, and cloud computing services."