Leaks, Leaks, Leaks!

Any information presented in this article is for educational/documentation purposes ONLY.

A while back, way before I had anything to do with cybersecurity, I was an avid Minecraft player. I used an old (now "retired") email address my dad opened for me years before so he'd stop getting spam in his inbox from the malware-infested links I was browsing as an 8-year-old, trying desperately to find "The best Minecraft cheats and HAX of the CENTURY!!!!" (Totally legit, by the way).

I had a blast playing Minecraft with my friends. It was the start of something wonderful that has evolved through the years from gaming to PC building and led me to the path I'm currently on.

Fast forward 10 years, and I'm in the military, an APC gunner for the 84th brigade, a little less preoccupied with Minecraft (although looking back, with the sheer amount of dirt, trees, mud, and nights spent sleeping in strange places, I'd say they're pretty damn close).

As the date of my discharge from the military approached rapidly, I decided to take on some independent studies and watched a YouTube video about cyber threat analysis. During some OSINT exercises, after snooping around some sketchy websites, I came across a website that hosts information and data leaks. Needless to say, I (unsurprisingly) found my own old email address there, featured in a data leak from a Minecraft-related website I signed up for years ago.

I didn't really give it a second thought; the password was outdated, and regardless, the email was no longer in use. But I still frequented the website, monitoring my actually relevant email addresses and usernames.

In January 2024, amidst the Iron Swords war, I was finally discharged from the IDF. I've had a hard time finding purpose; I've lost friends, and amidst the fog of war, getting regular updates from my friends on the front lines, I struggled to find a task as invaluable and meaningful as fighting for my country was.

So I frequented forums and other online resources, getting further and further into the rabbit hole that is threat hunting and analysis, as I took a military-sponsored course in Cybersecurity as well. Two months of cyber (and actual) attacks go by, and I eventually come across the website again, this time using more advanced methodologies and scouting methods, the knowledge I gained fulfilling an important role. I gathered leak after leak, phone numbers, addresses, and IDs of over 25 high-value individuals across Israel.

I then contacted the victims, a task that proved to be grueling as they were not happy with their data being leaked, and more often than not, I found myself in the line of fire (pun intended) of their (albeit justified) anger and frustration. I assisted the victims with filing complaints with the Israeli police cyber warfare department and gained an extremely important (and depressing) understanding-

When your information is leaked, you're essentially stripped of the most important part of your internet presence: your anonymity. This revelation made me think about the very definition of anonymity, and how we, as people who work, consume content, and connect with our loved ones online, will all be (understandably) terrified if our data leaks on some shady darknet forum. Although there's a good chance, ladies and gentlemen, you've already uploaded some of it yourselves.

Be safe, and may our hostages return safely.