17 April 2013
M. arrived at work last Friday morning in a city in the north of present-day Israel. As she walked in, one of her colleagues approached her with a look of concern and asked her to step outside. “Your name is on a list of Mossad agents,” M. recalls the colleague saying.
“ ‘Then congratulate me,’ I said, thinking this was all a strange joke,” M. recalls responding.
But then M. found that many other people at her workplace were talking about a list, a file obtained by hackers and circulated on social media purporting to contain the names of agents of Israel’s notorious spy and assassination agency Mossad.
The vast majority of names on the list are Hebrew names of Israelis.
“I looked at the list, it had my name on it, my ID number and other details. By the end of the day everyone knew about it and was talking about it.”
M., however, is a Palestinian, a citizen of Israel, with an Arabic name – although like all the other names on the list her name was written in the Hebrew alphabet. She was stunned.
The false accusation or suspicion of being an Israeli agent can be absolutely devastating for any Palestinian.
The Electronic Intifada was able to independently verify the identity of M. Because of the serious implications for her and her family, M. agreed to speak to The Electronic Intifada on condition that we not use her real name or initials or identify the city where she lives.
“After work I went home and started to google this list and I was horrified by what I found,” M. said. “It was everywhere.”
M. doesn’t know how she got on the list but looking at it she thinks that the information could come from the database of a store’s loyalty card program or an online commerce site that was hacked into. “I saw the names of many companies as well as individuals on the list, including shoe stores and baby clothing stores.”
M. is not the only one affected in the Palestinian community. “My dad’s cousin is on the list as well, among many other people I know,” she said.
The Electronic Intifada asked M. if she would help put us in touch with other Palestinians who had found their names on the list. She said, “When I tried to talk to them and see if they are willing to do anything about it, or at least talk to you, they were too scared to react.”
M. began to contact Arabic-language news sites that had posted the list, telling them that the list was a fraud and that it was putting many Palestinians like herself under suspicion. “I didn’t sleep for three nights,” M. said.
Several websites have now published retractions, apologies and explanations. ITP.net, a Dubai-based technology site, was the first to respond to M.’s plea and published a correction to its story stating that it had heard from numerous Palestinian citizens of Israel and it had learned that “the list is counterfeit and has no connection whatsoever to Mossad agents.” ITP.net assured readers that that it would not make such a mistake again.
After initially publishing the list, Panet, a website widely read by Palestinians in Israel, published a follow up warning its readers that the list was fake.
The website Arab.net published a story stating that there was no basis to claim that any of the names on the list are Mossad agents.
Another Arabic-language site, almnar.co.il, said that the list contained the names of “well-known personalities whom no one can accept could have any connection whatsoever with the Mossad or any other security agencies,” and that the list was nothing more than the names of customers stolen from a commercial website.
The website albaladfm.com’s headline was, “Victims of the hackers: What use is an apology when we’ve been accused of being Mossad agents?.”
Hoax “Mossad” list
After hearing M.’s disturbing story, The Electronic Intifada set out to discover as much as we could about the so-called “Mossad list” and this is what we found.
On Friday, 22 March 2013, the English-language account for The Red Hack, a group of Turkish activist hackers, announced that it would be releasing “a large file regarding Israel.”At quarter to the hour, an Anonymous account currently with almost one million followers announced the imminent release of documents allegedly exposing Israeli officials, military, police and politicians. Anonymous is a loosely associated group of hacktivists. Meanwhile, another group named Sector 404 was launching a denial of service attack on the Mossad’s public website.
The Red Hack already made incredible claims about the data — that it was personal information of 35,000 Israeli officials — but various Anonymous, bloggers and The Red Hack seemed to encourage each other to make more unlikely claims until finally they were 35,000 Mossad agents.
By the end of the weekend, the story of Anonymous and The Red Hack bringing down Mossad was reported in Russia Today and Al Akhbar. Israeli media reported denials that the Mossad had been hacked.
The Electronic Intifada reviewed multiple formats (XLSX and Google spreadsheet) of the data disseminated by The Red Hack on 22 March.
M. also provided us with a copy of the file where she found her name, which was a PDF file. We have made reasonable efforts to compare these files to find any differences but found none.
The data itself does not resemble anything that would normally interest the global public. There are approximately 35,000 rows of data. It is personal contact information, but it is very inconsistently formatted.
Thousands of rows are almost exact duplicates of an adjacent row. Near the end of the second file, there are 173 rows that show some evidence that the data was compromised with a tool like Web Vulnerability Scanner. The email addresses for those rows are all email@example.com.
The data does not resemble the contact database for a government intelligence service, and it is unlikely that the Mossad’s address book would be poached the way this data was acquired.
Origins in November
Some other peculiar features of this data led us to search harder for its origins. In one cell, a Hebrew phrase that translates to “the customer will update her shipping address at the end of the month” was found by Google on a page dated 20 November 2012 that identified “GaZa HaCHeR” as the source for “35.000 Israelis Personal Information.”Additional searches turned up references to a post on pastebin.com created on 15 November 2012 with the title “35.000 Israelis Personal Information.” The Electronic Intifada was able to acquire an archive of seven HTML files containing the same data that was claimed by The Red Hack to be a list of Mossad agents.
The link to this pastebin was shared widely during November 2012 when it was published on the vandalized pages of websites allegedly disrupted and taken over by activists aligned with #opIsrael.
On 19 November 2012, Forbes Magazine attributed the publication of the data to a persona named “Gaza Hacher”:
the hacked data was actually a much larger collection of 35,000 names, phone numbers, addresses and emails of Israeli citizens, taken from an unknown origin and posted to a collection of compromised domains Friday night by a hacker using the pseudonym “Gaza Hacher.”
The first mentions of the release The Electronic Intifada could find were by personas named Foxy and MR@T0RJAN. These names are linked to the Gaza Hacker Team and Gaza Security Team.
It is important to emphasize that when the list was first circulated in November, no one claimed that it was a “Mossad list.” That claim came only later when the same list re-emerged in March.
Why the hoax was believable to many
Rumors and false information have always been a fact of life, especially online. But there are some features about this hoax that might have made it seem more believable to some people.
First, the list appeared to come from hackers who have real abilities to disrupt certain websites through denial of service attacks. To lay observers, this ability may give credibility to claims that these hackers actually do have the ability to break into Mossad databases even when they don’t.
Second, all the names are in Hebrew, but are accompanied by email addresses and phone numbers in Latin characters giving it all an air of authenticity.
But people who don’t speak Hebrew – almost certainly the vast majority of people circulating the list – would not have noticed that many of the names were those of businesses or Palestinians or that there was other information that points to this being a list of customers and not a list of government personnel.
Finally, in its apology, ITP.net observed: “We all took pleasure in victory when the list was published.” In other words, people’s excitement about an achievement against Israel and its all-powerful Mossad made them set aside any skepticism about the claims that were made.
The damage done
It is clear that circulating this list was not harmless. It does real damage to real people like M. and the people she knows, Palestinian citizens of Israel, who are guilty of no greater crime than doing what many of us do with little thought every day: buying something online, or perhaps, filling in a form to get a coupon.
Don’t circulate sensational information that you can’t verify, or can’t be verified by a trusted news source. Websites and other publications that have disseminated this list must stop doing so and should post clear explanations that the list is a hoax.
With thanks to Benjamin Doherty for research and analysis.