Zionist Organization Negligent, Repeatedly Ransomed by Hackers, Report Says

Computers at the Jewish National Fund were not protected with an anti-virus, and the organization has fallen prey to five online ransom attacks in 2015

Shahar Ilan and Lilach Baumer 12:0931.10.17
In 2015, the Zionist non-profit organization the Jewish National Fund (JNF), also known as Keren Kayemeth LeIsrael, has fallen prey to five online ransom attacks, according to an October report by the comptroller of its parent organization, the World Zionist Organization (WZO). No investigations or reviews were made following each attack, and no report was made to JNF’s management, according to the report.


Founded in 1901, JNF was originally established to buy land in Ottoman Palestine for Jewish development. The organization was reorganized in the 1950s following the establishment of the state of Israel. Today the organization operates in domains including forestry, water management, education and community development. In 2016, JNF reported gross revenues of $520 million for its 2017 budget.


JNF's Chairman Daniel Atar JNF's Chairman Daniel Atar



The comptroller's report also describes information security practices in the organization that can be described as negligent. An August 2016 review by the comptroller found that 310 out of 791 (39%) workstations and servers were not connected to the antivirus server, and 38 out of 116 (33%) servers did not have an antivirus program installed. Furthermore, not all employees who left the fund were deleted from the remote access permissions list on JNF’s network.


The comptroller further said that for the fund's various websites, no designated systems had been implemented to monitor hacking attempts or to manage information security and cyber incidents. Also, the fund did not designate supervisors for its databases, as required by law.


According to the report, KKL-JNF accepted all recommendations in this chapter, barring one. Regarding the comptroller's recommendation to implement "attack identification and prevention measures and real-time security information and event management tools," the fund's IT Department replied that those domains are monitored by the organization's internet service provider.


"As in all other matters we handle, we will leave no stone unturned in our efforts to rectify all flaws identified in our IT activities," JNF's Chairman Daniel Atar said in response to the criticisms included in the report. “In the past eighteen months, the organization is undergoing a comprehensive, profound, and thorough effort to rectify flaws, which also pertains to the organization’s IT systems,” Mr. Atar added.


JNF is currently embroiled in a dispute with the Israeli Ministry of Finance over the transfer of funds from organization to state coffers.
Cancel Send
    To all comments