Slashdot Mirror
Trojan Built for Industrial Espionage
xPertCodert writes "Some of the largest Israeli companies are involved in the major industral espionage case, in which private investigators implanted specially crafted Trojan horses on the computers at unsuspecting companies in a bid to obtain priviledged financial and technical data. Given the current state of Windows security and advances in spyware, probably any company has become a very easy target for such spy attack from competitors"
Did it involve an exploit?
maybe such incidents will start companies (and Microsoft in particular) to start taking spyware more seriously
how often that goes on here.
I would like to think it doesn't, really. But I'm sure it does.
Pretty Pictures!
spies are more likely to do industrial espionage compared to spying on gov'ts. it is apparently a lot easier to get info from companies about gov't plans (through contracts, ect) than trying to spy on the NSA or CIA
but then again, this is what i have read, so take it for what it is worth
This is why security products suich as firewalls, AV, and spyware scanners need to be open source .. now come on .. everyone knows Checkpoint is a great firewall .. if they open sourced it it would be more popular. I think some are skeptical because it may have had a remote exploit in the past (can someone confirm?) .. that the conspiracy nuts say was deliberate.
I am not a script, but why did I have to type "fkmafwi" to prove it?
Did any of their officers graduate from Stanford or Harvard Business School?
But...carefully worked out plans!!!
*puts on tinfoil hat*
I like the smooth transition from Industrial espionage to M$ bashing. Next up on /.. Mothra versus 50foot Bill Gates: Who'd win in a Tokyo downtown duel?
http://www.nsa.gov/selinux/ Security-Enhanced Linux!
By its verry nature, a trogen is a program that APPREARS to be good but has an evil payload. once again, the problem is gullible users and/or techs and/or admins. not windows per-se.
that this investigation will end up with no results, or blame some 'hostile' third party that had nothing to do with it.
(By the way, what's up with the unreadable "show you're not a script" images? Give us an 'I can't read this' option...)
I thought that Trojans were programs that pretended to be something legit but weren't. Other than finding them and putting them in a list of programs to delete in a virus scanner, is there a way to be "secure" with these?
If the company you are tailoring these trojans to runs Linux, aren't you, as the evil terrorist hacker, going to tailor the trojan to run on Linux?
Send 90% of the CEOs out there an email that says 'click here for a free iPod!' and we all know what they're going to do, whether they run Windows, Linux, or OS X.
Pulp Audio Weekly - Geek News and Reviews
>Given the current state of Windows security and
/. consumption!
>advances in spyware, probably any company has
>become a very easy target for such spy attack
>from competitors.
Oh, and I almost missed the point!
Yes, Windows sucks!
It is truly pathetic how these, sometimes interesting, articles nearly always descend to the lowest common denominator suitable for mass
Goddamn trolls.
What has the Windows OS have to do with that?
Unless you've got a firewall to detect or block outgoing connections (there are many good firewall utilities for Windows clients, BTW), you'd probably end up the same way with any client infested with spyware or Trojans.
Did they name it Project 2501? And was it secretly created by the Ministry of Foreign Affairs?
So the mods are mothra fanboys eh? How about something non-partisan like Giant Squid versus Bill "Aquaman" Gates: Who gets the key to Davy Jones Locker.
Smart people shouldn't have that kind of data on a computer that could be attacked by spyware. Keep it on a network segregated from the internet and you keep it to an insider-only problem.
Microsoft sees spyware as an opportunity for profit.
The dangers of knowledge trigger emotional distress in human beings.
Mod down he's just pointed out /. groupthink!
A dissenter hisssss!
Anyone on this thread who points out that the article was heavily biased should be modded down!
After all the article was flamebait in itself!
I'm sure glad I don't rely on closed source products for my security needs. :)
spies are more likely to do industrial espionage compared to spying on gov'ts ... easier to get info from companies about gov't plans
That's actually fairly insightful, I think.
But that view led me directly to this conclusion. --> Since "the citizens" work for the companies that have the government contracts, in principle this means that AT LEAST PART of the citizenry can see the machinations of government despite the veil of secrecy.
Well, if some of the citizens can see the facts, shouldn't all? Ie. perhaps this is halfway towards properly open government?
The usual objection of "but then the baddies will see what we do" holds no real water in a world that is, for all intents and purposes, ruled in very large part by one superpower.
If the entire scandal was percipitated by Bezek (the reigning ILEC/MaBell of Israel). Bezek was complacent about the coming of the cell phone in the early '90s and was so late to the game that it's practically a non-player.
To the contrary, Pele-Phone trademark name actually became Israeli "xerox" - every cell phone is called a "pelephone" in the vernacular. So if Bezek wanted to hurt the ungrateful competitors' market share, the trojan scandal would do nicely.
Any fool can criticize... And many do.
... for companies to take seriously apple and some GNU/Linux flavours ...
I have to face dozens of infected pc's every day in my university, all having services like RPC Helper, or Workstation Security Manager etc. And don't start there are ways to avoid this. There are, but they are impractical to admins and users!
On the other hand there are more benefits in apple platform than drawbacks IMHO so I suspect a serious rise in market share could come. This can happen only if people act reasonably = low chances in this management driven world :(
the doc
To quote a poster when the above is pointed out. "According to your logic, it doesn't matter if you store millions of dollars in cash under the bed, since a safe is also vulnerable to break-ins."
Ignoring the facts that security is a process, not an absolute, and technical solutions to social problems are hard. Ultimately all solutions can be twarfted, given enough time and resources. The goal however is to make whatever they want difficult enough to get, that when they do get it, it'll be worth nothing.
Were this technology to be used against the USA, would it be considered terrorism by the Bush administration? Indeed, it is well-known that the the current regime will not prosecute Israelis for crimes, and if anything, is willing to participate jointly in such acts (ie. the illegal massacre and rape of Iraq).
Cyric Zndovzny at your service.
just like uplink
I've dealt with Linux security enough to know security is work for any OS, especially when you are not just running servers for developers or apps. When you get into linux desktop users, security takes a lot of work and attention.
Mine is Good
He's a troll, he posts in every story and posts that same link, whether it's relevant or not.
I.E.
Exploitation of individual weakness among those with access to information.
Be it as simple as hanging out at the right bars and chatting up the right people, or as complex as hooking these people on the high life, gambling, prostitutes, golf, etc. to the point that they are willing to 'accidently' leak information in exchange for maintaining realtionship with ones circle of 'new friends', it's a hell of a lot more fun, with less risk of prosecution, than outright spying or extortion. Equally enjoyable is exploiting holes in strategic information containment. This can be done by chatting with suppliers and contractors about how their business is going...
Methods such as this are routinely used by government agencies involved in information gathering and analysis. They are also perfectly legal.
Firewall won't block the trojan connection... the trojan will inject itself in browser or other utility that can pass the firewall... only way to have a secure network is to keep it off the internet...
"... [The authorities] found dozens of FTP servers in Israel and overseas, including the US. Haephrati is suspected of transferring stolen material from other computers to these FTP servers. The police realized the extent of the affair when they examined some of the files..."
If there was ever a time to be using encrypted volumes to store files, that was one of them.
The guy has fileservers full of self-incriminating evidence, but he can't even get his act together enough to strongly encrypt the thing? That's pretty damn sloppy.
If you did it right, all the cops would have was a bunch of bits, not stuff to put you away for a long time. This tells me the guy wasn't really trying hard enough. He needs to do it again, with feeling.
http://www.thebricktestament.com/the_law/when_to_
That doesn't surprise me, they also have troyanized the government in almost all major countries...
At least they have now an own(?) country, I hope they just stay there.
Yep. But there are ways to reduce the potential there.
#1. The email client should NOT under ANY circumstances automatically run scripts or executables. This was a MAJOR problem with previous versions of Outlook.
#2. The regular user should NOT under ANY circumstances be able to run a program from his user directory/temp directory.
Now, since Linux does not have any equivalent to Outlook in example #1, that means that Linux machines are far more difficult to infect. But not impossible.
Once you've implemented example #2, then the ONLY way for a trojan to get onto a system is if the user has the root password AND goes through the regular install process.
Now, each step that the user must perform is another chance for the trojan to fail.
If, on Linux, the end user has to go through half a dozen steps or so, then Linux is going be resistant to all but the most dedicated of idiots.
And remember, the infection rate has to be higher than the removal rate otherwise the trojan dies, like any virus or worm would.
Linux can be less than 100% perfectly secure, yet still have no live trojans, viruses or worms in the wild.
"Wow some of you mods are really going to work here modding down dissenters. The article is biased, like the parent and others have said, yet you are modding them down because they point it out? I'm glad you guys like to quote the book 1984 all the time cause some of you mods and posters represent a microcosm of Orwells world."
Hey don't you know? It's OK to do so. After all there's obviously a silent unselected majority that counters the appearance of bias, and double-talking.
Given the current state of Windows security and advances in spyware, probably any company has become a very easy target for such spy attack from competitors
Yeah - like, someone who gains access to any other machine couldn't install something that the user wouldn't notice...riiiight....Gotta love slashdot idiot OPs
I know this sounds almost like cussing, but could one obfuscate so efficiently a source code, to hide a trojan inside it?
That would be diabolic because it would give the false feeling of security (after all, it's "open" source, right?) and therefore be even more devastating to unsuspecting users.
Sigged!
"Security" is being treated by most vendors and companies as a pest-control business. "How many threats did we detect today?" "What are the top 10 threats this week?" "How fast can we get the virus definitions updated?" But those aren't the real threats. It's the quiet, narrowly targeted attacks that cost companies real money.
Military security people make that distinction. They're trained to view kids throwing rocks over the fence as a minor threat, while focusing on a phony cleaning guy sneaking in and getting a peek at the good stuff. Computer security people don't get this. Yet.
Look at, say, the Symantec web site. It's entirely oriented toward protecting against pest-type threats. And "pest removal". If there's a serious attack, by the time you get to "virus removal", the crucial information has long since been stolen.
In Israel, workstations in all large corporate networks are very well protected.
;-)
It's much cheaper to find a dirty sysadmin that will push a small MSI to all AD clients then actually writing a full blown Trojan that should first of all plant itself on the target computer, taking the risk of being discovered by some techy user.
So keep MS bashing for another article
The issue is not whether there ARE flaws, but how SERIOUS those flaws are, how quickly the are patches are released and how easy it is to install those patches.And walking to the corner store is "work" and running a marathon is "work". Just because they are both "work" does not mean that they are equivalent.
Here's a good example. If you install the Windows on a box, but choose not to install all of the components, then you patch it with the latest service pack and all, it should be fully patched.
Then you go back and install one of the components you didn't install initially.
Is it still fully patched? Will Microsoft's BaseLine scanner find any flaws?
No and no.
But with a Debian system (or any derivatives), you will know that your system is fully patched because installing is done from the network.It depends upon what you mean by "a lot". It takes less than 1/10th the effort of a comparable Windows installation.
That is because it is easy to setup the users without the ability to run executables that have not been setup by the root account. Which pretty much kills the trojans and viruses.
But... but... Freedom! The Iraqis are free! Why do you hate freedom? Why do you hate America?
Great Bush, Lead us to Victory! Amen.
God bless you all!! God Bless America!1
(The Lameness Filter doesn't like my ASCII flag)
Well ive never gained privileged financial and technical data from that? Am I missing something?
This comment does not represent the views or opinions of the user.
MS is used in Nuke plants, Banks, Navy ships, and even medical equipment. How many know about the insecurities of MS esp. when compared to *nix? Every last coder on this planet. And yet, some idiot up top decided to force MS into this space. It will be that way for quite some time.
IMHO, it will take successful law suits against companies that sell Windows into high security space before the PHBs change their habits. Once they are personally threatened, then they will change.
I prefer the "u" in honour as it seems to be missing these days.
And a double standard apparently also applies for Israelis and Retarded New Zealanders.
2 362,00.html
http://www.guardian.co.uk/israel/Story/0,2763,126
Well, it seems there is more than one problem. You're right about the platform-independent nature of getting users to install trojan horse software. UNIX based systems can't help that problem much, although they can limit the resulting damage in some cases.
The plague of adware and spyware infecting some significant percentage of pc systems is a separate issue that pretty clearly affects Windows, but not Mac OS X or Linux. FireFox users on Windows seem to receive some protection from this plague, too, so perhaps this issue is also platform independent, but vendor dependent.
If you mod me down, I shall become more powerful than you could possibly imagine.
I'm halfway towards reporting this side and many of the posters to the Anti Defamation League.
oh my god now i'm really scared!
Yep, I'll feed the f*ckin troll.
/. had "classic" cases of anti semitism. Perhaps "classic" cases of "...in Japan", and "....in Soviet Russia". Maybe we need a "...in the Zionist Homeland....."
...apparently we are not allowed to maintain our national security.
This is yet another classic case of anti-Semitism on Slashdot.
I didn't know that
Keep in mind, economic security is a part of national security.
Ummm, did you RTF? Guess not, you must be one of those excitable types where as if Israel is not looked upon, and remarked of fondly, then it is somehow thinly veiled anti semitism.
I did not know that corporate espionage was a freedom employed by national governments, or a right of soverienty. How riled up do you get when you hear about corporate espionage in the US?
I really must say that I'm sorry the holocaust ever happened; it gives Jews the freedom to take every criticsm as anti semitic. In the future, try not to be such an exclusive group, and maybe you won't draw the ire of others.
Is this really news. The US has been doing this for a long time. The difference is, the US has been able to stay under the radar and not get caught. Heck, the US take spying more hardcore than most other countries. Why do you think the military budget is so huge? The only thing funny is the Isreal spies aren't being too careful. They need to try harder and pump billions and billions into spying like the US.
Six Million Jews died at the hands of anti-semites. SIX MILLION. No time in human history has any culture suffered a extermination more massive than The Holocaust. It was people like you who did this. People like you who turned their backs when innocent Jews were demonized in the media (Slashdot is the equivalent of the J Goebbels' newsletters of that day.) It was people like you and the liberal media whining about freedom of speech who want another slaughter of Jews. People like you who are ready to pounce on any Jew trying to compete, whether in academia or in industry. You may joke about the ADL, but they are the only ones who have stepped up to defend the right of our people to live and function and compete as all other cultures do. You could have posted your story without the word "Israel" but you deliberately used the word Israel -- to demonzie our people. Because hatred oozes from your racist pores.
Yeah, right! Anti-Semitism... Israel has done something awful, there is proof for it, and talking about it is... Anti-Semitism!
What makes you think that if it was USA, UK or China commiting the same crimes we wouldn't be posting? The only double standar I see with the Jews is exactly that - they immediatly proclaim something anti-Semitic, even if it is true! You are a live proof for my claim...
the doc
Please put a lid on your conspiracy theories. If Israelis were really supplying weapons to China it would be all over the news. I watch CNN/FOX/etc all the time and have not once heard about this "alliance" you speak of.
It is alleged that the trojans were implanted by giving the victims CDROMs with labels of well known software companies on them. So take care people!
This is not purely a Windows issue--although it was enabled by the wrong users having administrator rights.
The story is really about criminal conspiracy. Simply put, a clever programmer wrote trojan horse spyware and found three private investigative companies to backdoor the trojan into major company systems, collect information, and market it. Private investigative companies play a very big role in the Israeli economy because there are so many retired intelligence agents who market their skills to businesses for many purposes.
The Trojan was set up by sending target company managers in "demo" disks of software purportedly for sale. The "demo", run by a manager, would install the spyware. The investigative companies then cherry-picked valuable information (sales reports, competitive assessments, etc.) and they simply picked companies in each business category to take on as clients--one cellular phone company got another's inside information, one cable company got another's inside information, one auto importer got another's info, etc. etc.
The private investigators simply sold to the highest bidder. The really interesting thing is that it's not clear whether there are laws on the books in Israel strong enough to convict the PIs! This may just be more of what is referred to in Israel as Israel-bluff.
All laptops are without hard drives. Boot into a portible distro, unencrypt messages, type reply, encrypt, send. Want to do some work? Take super disk, unencrypt, type (spreadsheet or document), print/ encrypt, save to superdisk.
All servers are mac.
Still havn't had a single problem.
From reading the article, I did not notice the name microsoft in there. Who is to say that these trojans ran on Microsoft software? Perhaps these trojan-infected machines were running GNU-hurd or OsX? The writeup says "given the current state of Windows security", but I don't have enough information to conclude that this was a compromise of Microsoft software.
Many of the discussions on this topic seem to presume this was in fact a trojan that ran on Windows, but even though my gut tells me most trojans target Windows, there is no reason (from the news sources) to believe that this wasn't an engineered alternative OS compromise. Check news.google.com, none of the reports seems to shed any light on the OS of the compromised systems. An ftp server is mentioned, but that's about it. Why do people assume that this was a Microsoft compromise? Is this a fair assumption?
If this is a fair assumption, why don't any of the articles mention Microsoft?
Firstly there is a worse extermination going on every day. Animals are killed in their millions just for our pleasure. People are starving all around the world everyday. I think all these things are bad.
Including the word 'Israel' does not mean it is anti-sematic. It just means that the article was taking part in something called 'journalism'. You present the facts - people read them and make up their own minds. If this had taken place in Britain, it would say 'Britain', America likewise.
Just because something references a country doesn't mean it is 'demonising' a race, religion or anyone - except those people involved.
I am not racist, in fact I take part in many anti-racism protests and also animal rights and human rights protests - so many in fact that I am being persecuted within my own country. I will not however say that my country is bad and become a racist against the entire population, instead I will just oppose those that are perpetuating the persecution.
MBSA is not perfect but I've never seen it ignore a product just because you didn't install it during the initial install.
But I admit that I'm nitpicking a bit here as I've learned not to trust it as the only check on what a system needs. Often times MBSA is just plain wrong. I have found that Windows Update, MBSA, and even GFI's tool will disagree on what is installed or what patches are available for your system. It is a convoluted mess.
I use Suse myself not Debian but the approach is basically the same. Offer updated packages that are prepatched so if you decide you need to run Apache you get the latest version not a buggy one that you have to add patches too.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
Has anyone considered that this has already been a major issue? Recall the whole Half Life 2 source code fiasco?
that this type of attack has most probably been going on for years, without being detected.
More sophisticated worms and trojans will happen. Think of a virus that stealthily hides on computers, moving across the network till it finds itself on a machine in domain xyz.com. Once there it promulgates quietly, doing no damage, until one of its copies finds files of the variety xxxxx.xls. Then slowly searching those files, sending bits of it back to a server on the internet disguised as mail from the user of that machine.
It gets even scarier. Imagine that virus looking for your company's cvs server?
The only thing that I can think of to combat it is to ensure that all applications are checked before being run, and that they have certification by company security infrastructure. This might prevent joe bloggs from working at home and bringing the trojan to work with him.
It can be done if the program is executed by the user without verification of certification etc.
To totally lock down your network will become very difficult in the future. Commercial antivirus vendors will have to work very closely with OS groups to actually create a secure computing environment.... and user's will not like the efforts they have to go through to participate in that secure environment.
The current efforts by software vendors and groups will not even come close to stopping such spyware programs.
Well, that's how I see it anyway... who knows for sure.
Support NYCountryLawyer RIAA vs People
"Mossad has frequently been accused of using fake passports to launch its operations. A 1997 incident in which Mossad agents used fake Canadian passports in an attempt to assassinate the Hamas leader, Sheikh Khaled Mashal, caused the Israeli ambassador to be ordered out of Canada until Tel Aviv promised to cease the practice."
This kind of blatant disregard for international law has been a long tradition of Israel. The nearky $3 Billion American tax-payers' money that Israel receives every year goes a long way to cause all sorts of disturbances in the middle east and apparently, around the world.
A lot of the supposed loss that results from espionage is mitigated by the fact that the stolen data simply goes from one inept corporate bureaucracy to another. As much as they'd like to, most lame, ossified organizations can't do much to improve their own position regardless of the strategic worth of stolen competitor's data.
It's just 'Spy vs. Spy'; an endless expensive game that changes very little in the real world.
And regarding the use of social engineering to break into secure systems and procure passwords, it too has exagerated importance. The old fashioned tried-and-true methods of blackmail, bribery, kidnapping, and extortion work as well if not better in modern corporate and military environments as they have for hundreds of years. The stricter the corporate punishment for transgressions, the more inflexible the rules, the harder the no-tolerance policy... the cheaper and easier it is to use blackmail and bribery on the target employees. This is why the Americans can't destroy 'the base' (whose Arabic name triggers the NSA internet evesdropping software). They can't be blackmailed, bribed, or persuaded with. Hell, they can't even be found.
You want a secure corporate environment? Trust your people, pay your people reasonably, don't assume that you can judge their moral character by the molecular structure of their urine. In other words, don't act like a stupid paranoid American.
How open are banks to this kind of attack ? Or Credit Companys or anyone of the other 1000's of companys that we give our personal data to.
Jeez, where's the "-100 racist" mod option?
when this is modded lower than the original which was a major troll, then something is wrong.
This is because Windows does not have a package management system. But it likes to pretend that it does.
So, a service pack is applied, then you add a component that the service pack would have patched, but all the various tools do is to check whether that service pack is listed as being applied.
The biggest annoyance I've seen with that was the Welchia worm. Even after applying their patch, your machine would still be infected.And that's the problem. If you cannot trust the system, you cannot trust the system.
With Debian, it is easy for me to verify each and every file on that system. Here, I'll go through this.
Each file either is a user data file and should only be in those directories
-or-
It is a file installed by a package that was installed by root.
So, I go through each directory and verify that every file in there belongs to a package. Then I go through and verify that every file belonging to each package has the correct MD5 checksum. Then I verify those package checksums against the versions on the websites.Yep. And because it is such a mess, it is VERY difficult to verify that it is fully patched.Yep. Any Linux system (or other system) that uses a package management system is FAR easier to patch, verify that it is patched and keep patched than a Windows system.
Seeing it happens in Israel a small but very well technological developed country, the question is what is happening in places and big economic regions like US, EU, Asia? May be they are not as fast and developed as Israel finding trojans. And it's very common to silence this things in private rooms, a common practice when a Bank hacking happen.
More information at: IWS The Information Warfare Site
#1. Because Linux no longer uses bitkeeper does not mean that it has more security problems than before. (nor less)
#2. And, again, no one is saying that Linux has never had a security issue. Just that because of Linux's security model, those issues have been less critical and fixed faster than with Windows.
#3. You do not see articles here very often deriding Linux about its security failures
That was someone sniffing passwords. That isn't a Linux security issue.
#4. You're quoting an article quoting mi2g's "research". You should do a bit more research on them before attempting to use it to support your position.
No. "All OSes" do NOT have "huge security issues to deal with".
You are wrong. No OS is 100% secure, but that does not mean that they all have "huge security issues".
If you need confirmation on that, just look at OpenBSD.
Need another? Look into SELinux.
I would hope that you would be also sorry about the holocaust ever happening for reasons other than that it provides an "the freedom to take every criticism as anit semetic". Do you have any feelings of sorrow about the six-million people were brutally murdered?
The Holocaust sucked for homosexuals, travellers, anyone who was physically or mentally disabled and religious and cultural minorities, as well as for anyone who disagreed with Hitler.
This in no way gives the current government of a country consisting largely of members of one of those categories the moral high ground if it chooses to play silly buggers with foreign companies.
For the love of God, please learn to spell "ridiculous"!!!
The new Tiger OS now allows a Widget designer to design a widget and place it on a web site. Apple's "AutoInstall" of widgets are now going to open up a huge opportunity for spyware for us Mac users who are more then complacent about their own security.
/. a few weeks ago.
I say SHAME SHAME on Apple for allowing this setting by "Default"... As a ADC (Developer) member, I made a big stink about it, and sure plan to bend a few ears at WWDC next week.
I think this was actually mentioned on
Most people who find that their computer has become slow buy another computer, so Microsoft sells another copy of the operating system. As the OpenBSD team has shown, it is not impossible to make an OS with very, very few vulnerabilities. But the vulnerabilities make money, so apparently that's why Microsoft leaves them in, or takes a long time to fix them.
So anti-spyware software would reduce Microsoft's profits.
Six Million Jews died at the hands of anti-semites. SIX MILLION. No time in human history has any culture suffered a extermination more massive than The Holocaust.
14million russian soldiers and 20million russian civilians died in world war2
ever hear them complain about being anti-russian?
Six Million Jews died at the hands of anti-semites. SIX MILLION. No time in human history has any culture suffered a extermination more massive than The Holocaust.
Sure there has. Let's look at the massacare of the American Indians by the early settelers. I think its great that most people overlook this ethnic group when talking about mass extermination! At any rate, not to detract from your statement because I feel you are perfectly entitled to defend against the anti-semetic remarks made in this open forum.
The above is a typical /. post with two spelling errors in bold.
I, for one, welcome our new Israeli overlords provided they can correct the errant spelling habits of the /. crowd.
(not all Israelis agree w/ the govt and not all Israelis are Jews and not all Israelis live in Israel, so I'm not sure who "them" is here.)
Why are you shocked? Slashdot has reached the sort of critical mass that if any X Slashdotters hate "them", then however small X is, at any given time at least one member of X must have mod permissions, which means that some of this shit is eventually gonna get modded up. There are enough other people w/ mod & metamod access to mod them back down, so it's not that big a deal.
Refer to that "why do smart people defend stupid ideas" story, I guess.
[o]_O
This is one of the most pathetic parts of the relationship between the US and Israel. In the US, we suffer and bleed for Israel, and they screw us in the back in every way they can. They are one of the countries that spies the most on the US, and do things behind our backs all the time. They have sold things we have sold or given to them to other countries that we don't do business with for security reasons. They have had and still have the largest number of spies within our government. Don't take my word for this, just look at the history of spies caught from Israel. Yet, thanks for people in Congress, they get anything they want from us.
Well, yes, that too. But it's the current circumstance that I have to deal with that gains my attention.
During the investigation, the police remembered that a few years ago, the same suspects offered the police virus-based technology for legitimate uses, but the technology was unsuited to the police's requirements. The police had held intermittent negotiations lately, during which they examined the software's applications...
Israel Police National Fraud Unit head, Chief Superintendent Arie Edelman, said the virus was unique because, "It not only penetrated the computer and sent material to wherever you wanted, but it also enabled you to completely control it, to change or erase files, for example. It also enabled you to see what was being typed in real time." He said the extent of those involved in the affair, and the program's capabilities were "exceptional".
The police suspect that Haephrati adapted the virus for his clients' needs. He charged his clients 2,000 (NIS 17,000) per computer per month, including support.
Since the virus was adapted for each client's purposes, it was not detected by information security systems. Edelman said, "This is not a common software that anti-virus software makers have had to fix."
I'm wondering if there wasn't somebody else behind this - perhaps Mossad. And it would be interesting if somebody in the US press would follow up on the Fox News report that the U.S. Federal law enforcement wiretapping facilities have been built by an Israeli company which is likely a front for the Mossad.
The Israelies are very good at this sort of thing, which is why a lot of encryption algorithms come from Israel.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
This exploit has nothing to do with windows, firewalls or anti spyware software.
If you run a piece of software on your computer by someone - what can you expect?
This guy wrote a simple trojan, and was foolish enough to use it against the parents of his former wife...
he posted some of their personal data on the web in order to hurt them, leading to his discovery and the exposure of the who deal.
Not very clever...
People with very little technical skills were hurt from his attacks - let's face it - almost everyone falls into that category.
it's a new age, attacks like these are carried out all the time, most of the time undiscovered.
People should learn how to live with it.
paying for expensive security will not help.
Linux or mac will not salvage anyone either.
I love burekas in the morning
also are there stats on the mod up to mod down ratios? I know tend to mod up much more than down
Historically this has been the only thing that gets them to act. I don't think this time is any different.
Words of pisdom for sure. No mention of Microsoft was made in the article I read, but you and I both know that was what caused the problem. Just the same, I feel all dirty and cheap when I make fun of a $30,000,000,000 company that can't get it's act together but has such good intentions for everyone else's money.
As you probably know, Linux has its own security issues ... [and more bullshit about how hard Linux security is].
Find me a free software mail client that you can 0wn the way Outlook (also not mentioned) was 0wned. As you saw, there's a market for such skill, worth about $4,000 per infection. You'll either make up pictures and documents to send to the dumb-ass who hires you, or you will go hungry. Oh dear, so much experience and so little learned.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
How did you ever cash your paycheck?
Did it say "nameless company" on it or was it a payroll check with a blank spot where the company name would be?
Had to say it...
Gush Katif (Jewish Gaza)
Bush supports Hamas
Bush pushes Israel to "Auschwitz borders"
Pay attention.
No more posts needed you damn troll, I've seen your post count so far, your lack of insite it what kills slashdot.
Israel's been pumping trojans on the world's computer networks since the late 70's, all with a wink from the US.
OS security doesn't matter much if you're doing your daily routine as admin/root. People who configure Windows machines tend to solve problems of "software not running" by giving the user admin priviledges. Then any stupid email attachment can install anything. You'd have the same problem if a Unix sysadmin decides to save time solving a user's problem by giving the user root privileges. And if Linux becomes more common you'd see much more of this kind of "problem solving" ("fumble with things until they work, then don't touch anything. Don't try to solve tomorrow's problem. You're paid only to solve the current problem". Of course it works and you cease to touch it when it has to many permissions...)
The way this story was revealed was that the stupid guy who planted these trojans published publicly excerpts from his ex-wife's father (or mother's husband?) that existed only on the guy's PC. Probably that PC was a private PC that was configured exactly as shipped (i.e., single admin account). Security of the OS doesn't really matter in this setting. I think the real story here was that so many big companies (telecom, sattlite TV etc.) bought services from a guy so unprofessional as to host their stuff on the same servers that he uses for revenge against his ex-wife's parent, and then to reveal enough info so that the police can get to him! Obviously he's not a pro. Any pro would have known to use separate destinations for different trojans, and not to reveal info that leads to a single source...
This is yet another classic case of anti-Semitism on Slashdot
It must be nice to have a built in excuse for anything and everything done by any Jewish individual on earth. If you criticize it, you are an Anti-Semite. You ever think that you are not being labeled because you are Jewish, and just because your an asshole?
These snide attempts to degrade the right to live of Jews in Israel are disghusting
I find it really disgusting (notice the proper spelling), that for some reason Jewish people seem to be able to create a binding land claim, based on a story from 3000 years ago. Natives in North America can't get binding land claims from 100 years ago. Hell, there are original SIGNED documents for those claims, and nothing gets settled. The Jews have a VERSION of the Old Testament, and yet it is the basis for a nation state? News flash, if you walk away from your land, you don't get to come back 3000 years later and say "I'm back".
Oh, shit. looky here. I just found a book that is 6000 years old (well, its not original, but rather a re-written version of the original), it says I am the original inhabitant of the area claimed by Isreal. Well, get packing, because I am headed home tommorrow, and I want all you filthy squatters gone by the time I arrive. Its worth a try, it worked for Isreal.
It just goes to show how a double standard is applied to Jews
Very true. If the FBI was busy catching Chinese spys inside the pentagon, rather than Israeli ones, they would be much more likely to be shot, the Israeli ones get to go home. So I firmly agree, no more double standard. The next Isreali spy caught operating in the US, gets shot, in public. Also, starting tomorrow morning, the US will start shipping 3 billion a year to the Palistinians for weapon purchases. You still think you are on the wrong end of the double standard?
I'm halfway towards reporting this side and many of the posters to the Anti Defamation League.
Well, feel free to do what ever you would like. We already know what their position will be. There is an anti-semite under every bed, Jews have been suffering for thousands of years (because the rest of humanity never suffered, not once, it was only the Jews. In fact, were there ANY casualties in WWII that were not Jewish? You would never guess listening to your local Rabbi, that the Soviets lost TWENTY SEVEN MILLION people alone), you can't criticize us, blah, blah blah.
...FOLLOW THE MONEY!
By this I mean that I assume industrial espionage is much more lucrative than governmental information, and therefore companies are much more likely to be a target.
As for which is easier, forget the boundaries and roadblocks, if the payoff is high enough someone will find a way around it.
When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
I used to be an EKG tech (back in 1980). About 6 months I was following a set of links that lead me to a homebuilt EKG machine (IIRC, @Utah State). I seem to recall that they were had a nice linux program for interfacing with it. You may wish to look for it and see if there is not something that you can use. Not quite a polygraph, but similar data that is interpreted in different ways.
But yeah, ppl do not like change.
I prefer the "u" in honour as it seems to be missing these days.
It wasn't Isreal that did anything bad, it was a bunch of companies in Isreal. The government caught the people who did it and now the bad guys are going to be put on trial. The point about some Jews claiming anything negative is anti-Semetic even if true is a good one though.
all these trojan horses that the article talked about were installed by either tricking the computer user into installing them via e-mail or cd, or by a trusted individual that the computer user knew. The same thing could have happened with linux or mac os x.
My Gawd WTF...