- Apr 24, 2013
- 1,200
When a cybersecurity firm discovered it had been hacked last year by a virus widely believed to be used by Israeli spies, it wanted to know who else was on the hit list.
The Moscow-based firm, Kaspersky Lab ZAO, checked millions of computers world-wide and three luxury European hotels popped up. The other hotels tested—thousands in all—were clean. Researchers at the firm weren’t sure what to make of the results. Then they realized what the three hotels had in common.
Each was infiltrated by the virus before hosting high-stakes negotiations between Iran and world powers over curtailing Tehran’s nuclear program.
The spyware, the firm has now concluded, was an improved version of Duqu, a virus first identified by cybersecurity experts in 2011, according to a Kaspersky report and outside security experts. Current and former U.S. officials and many cybersecurity experts say they believe Duqu was designed to carry out Israel’s most sensitive intelligence collection.
Senior U.S. officials learned Israel was spying on the nuclear talks in 2014, a finding first reported by The Wall Street Journal in March. Officials at the time offered few details about Israel’s tactics.
Kaspersky’s findings, disclosed publicly in a report on Wednesday, shed new light on the use of a stealthy virus in the spying efforts. The revelations also could provide what may be the first concrete evidence that the nuclear negotiations were targeted and by whom.
Israeli officials have denied spying on the U.S. or other allies, although they acknowledge conducting close surveillance on Iranians generally. Israeli officials declined to comment specifically on the allegations relating to the Duqu virus and the hotel intrusions.
But no intelligence-collection effort is a higher priority for Israel’s spy agencies than Iran, including the closed-door talks that have entered a final stage. Israeli leaders say the emerging deal could allow Iran to continue working toward building nuclear weapons, something Iran denies it is trying to do.
Kaspersky, in keeping with its policy, doesn’t identify Israel by name as the country responsible for the hacks. But researchers at the company indicate that they suspect an Israeli connection in subtle ways.
For example, the version of the company’s report viewed by the Journal before its release was titled “The Duqu Bet.” Bet is the second letter of the Hebrew alphabet. Kaspersky revised the title in the final version of the report released Wednesday, removing the “Bet” reference.
Kaspersky researchers acknowledge that many questions remain unanswered about how the virus was used and what information may have been stolen.
Costin Raiu, director of the global research and analysis team at Kaspersky, said the virus was packed with more than 100 discrete “modules” that would have enabled the attackers to commandeer infected computers.
One module was designed to compress video feeds, possibly from hotel surveillance cameras. Other modules targeted communications, from phones to Wi-Fi networks. The attackers would know who was connected to the infected systems, allowing them to eavesdrop on conversations and steal electronic files.
The virus could also enable them to operate two-way microphones in hotel elevators, computers and alarm systems. In addition, the hackers appeared to penetrate front-desk computers. That could have allowed them to figure out the room numbers of specific delegation members.
The virus also automatically deposited smaller reconnaissance files on the computers it passed through, ensuring the attackers can monitor them and exploit the contents of those computers at a later date.
The Federal Bureau of Investigation is reviewing the Kaspersky analysis and hasn’t independently confirmed the firm’s conclusions, according to people familiar with the discussions. U.S. officials, though, said they weren’t surprised to learn about the reported intrusions at the hotels used for the nuclear talks and took the findings seriously.
Read more: http://www.wsj.com/articles/spy-vir...hotels-used-for-iran-nuclear-talks-1433937601
The Moscow-based firm, Kaspersky Lab ZAO, checked millions of computers world-wide and three luxury European hotels popped up. The other hotels tested—thousands in all—were clean. Researchers at the firm weren’t sure what to make of the results. Then they realized what the three hotels had in common.
Each was infiltrated by the virus before hosting high-stakes negotiations between Iran and world powers over curtailing Tehran’s nuclear program.
The spyware, the firm has now concluded, was an improved version of Duqu, a virus first identified by cybersecurity experts in 2011, according to a Kaspersky report and outside security experts. Current and former U.S. officials and many cybersecurity experts say they believe Duqu was designed to carry out Israel’s most sensitive intelligence collection.
Senior U.S. officials learned Israel was spying on the nuclear talks in 2014, a finding first reported by The Wall Street Journal in March. Officials at the time offered few details about Israel’s tactics.
Kaspersky’s findings, disclosed publicly in a report on Wednesday, shed new light on the use of a stealthy virus in the spying efforts. The revelations also could provide what may be the first concrete evidence that the nuclear negotiations were targeted and by whom.
Israeli officials have denied spying on the U.S. or other allies, although they acknowledge conducting close surveillance on Iranians generally. Israeli officials declined to comment specifically on the allegations relating to the Duqu virus and the hotel intrusions.
But no intelligence-collection effort is a higher priority for Israel’s spy agencies than Iran, including the closed-door talks that have entered a final stage. Israeli leaders say the emerging deal could allow Iran to continue working toward building nuclear weapons, something Iran denies it is trying to do.
Kaspersky, in keeping with its policy, doesn’t identify Israel by name as the country responsible for the hacks. But researchers at the company indicate that they suspect an Israeli connection in subtle ways.
For example, the version of the company’s report viewed by the Journal before its release was titled “The Duqu Bet.” Bet is the second letter of the Hebrew alphabet. Kaspersky revised the title in the final version of the report released Wednesday, removing the “Bet” reference.
Kaspersky researchers acknowledge that many questions remain unanswered about how the virus was used and what information may have been stolen.
Costin Raiu, director of the global research and analysis team at Kaspersky, said the virus was packed with more than 100 discrete “modules” that would have enabled the attackers to commandeer infected computers.
One module was designed to compress video feeds, possibly from hotel surveillance cameras. Other modules targeted communications, from phones to Wi-Fi networks. The attackers would know who was connected to the infected systems, allowing them to eavesdrop on conversations and steal electronic files.
The virus could also enable them to operate two-way microphones in hotel elevators, computers and alarm systems. In addition, the hackers appeared to penetrate front-desk computers. That could have allowed them to figure out the room numbers of specific delegation members.
The virus also automatically deposited smaller reconnaissance files on the computers it passed through, ensuring the attackers can monitor them and exploit the contents of those computers at a later date.
The Federal Bureau of Investigation is reviewing the Kaspersky analysis and hasn’t independently confirmed the firm’s conclusions, according to people familiar with the discussions. U.S. officials, though, said they weren’t surprised to learn about the reported intrusions at the hotels used for the nuclear talks and took the findings seriously.
Read more: http://www.wsj.com/articles/spy-vir...hotels-used-for-iran-nuclear-talks-1433937601