Trojan Built for Industrial Espionage

xPertCodert writes "Some of the largest Israeli companies are involved in the major industral espionage case, in which private investigators implanted specially crafted Trojan horses on the computers at unsuspecting companies in a bid to obtain priviledged financial and technical data. Given the current state of Windows security and advances in spyware, probably any company has become a very easy target for such spy attack from competitors"

Good

maybe such incidents will start companies (and Microsoft in particular) to start taking spyware more seriously

Re:Good

[Leroy_Brown242]

HAH!

Learning from other mistakes? I think you give the industry too much credit. :)

Re:Good

[pv2b]

As I said in another thread, the problem isn't computer insecurity, but the fact that people will install anything given enough social engineering. Even if you use an operating system like Mac OS X or Linux or something else similar, where the users aren't typically logged in as root, you can still spy on the user whose account you've infected, which is enough damage right there.

Re:Good

[Dwonis]

Linux probably does not have "just about as many security flaws as Windows", because its design is simpler and there are fewer places for things to go wrong, among other reasons. You are obviously making statements that about things you know hardly anything about, so I put you in my foes list to remind me of that.

However, you've touched on an important point about computer security: to an attacker, the number of security holes in a system is almost totally irrelevant. If I were an attacker, I'd be more concerned about the types of security holes in a system, than the absolute number of them. For example, if I run a malicious webserver, and my goal is to install a key-logging driver into the kernel of a Linux machine that accesses my webserver, I need two types of security flaws: one in the web browser that lets me execute arbitrary code, and one in the OS so I can get root privileges to install the driver.

This where people get confused. Having 2 or 2000 local root holes doesn't help me if I can't execute arbitrary code on the computer, and having 2 or 2000 arbitrary code execution holes doesn't help me if I can't get root privileges. I need exactly one hole of each type for my attack to be successful. Beyond that, it makes little difference.

So, if you create two categories, "secure" and "not secure", Linux and Windows fall into the same category: "not secure". Most systems fall into that category. If you're a decision-maker, and you're forced to use some of these systems, even though you know that they are all "not secure", which ones do you choose?

You choose the ones that are going to minimize your risk. If that means choosing Linux, or some heterogeneous mix of systems, simply because that arrangement is less popular and therefore less likely to be exploited, then so be it. It's still a sound decision, given the circumstances.

Regarding people demonizing Microsoft, don't you find it the least bit pathetic that a loosely-knit group of poorly-organized hobbyists working on their spare time can be even remotely competitive against the industry leader, a company that can spend billions of dollars per year on software development?

What about all the people over the last decade who trusted Microsoft with their data, only to find out that (until recently) Microsoft didn't care about keeping it secure? Should they not be angry?

What about Microsoft's idea of "ease of use": menus that are never in the same place, and word processors that mangle your data because "it looks like you're writing a letter"? Or how about the general Microsoft "we know better" attitude? Software that makes your computer not do what it's told (DRM)? Product keys? EULAs? Software patents? Mandatory file locks (sharing violation)? The Win32 API? Broken CSS support? Horrible context-switching performance? mikerowesoft.com? "Best Viewed with Internet Explorer"? The need to use defrag.exe? The DR-DOS error messages? Abandoning OS/2? "Abort/Retry/Ignore/Fail"? Direct3D? ActiveX? DLL Hell? "There are no significant bugs in our released software that any significant number of users want fixed"? The way the MSN website seemed to deliberately break itself when people used Opera to view it?

Microsoft is a leader that's doing a crappy job, on top of its selfish motivations. People don't like that. You may not see Microsoft as being evil, but you shouldn't be surprised or disgusted that others do.

Everyone is volnerable

[a_greer2005]

In a big company that has a lot of enemies, somewithin its own gates no doubt, this could happen to any system that is not set up perfectly, a rootkit could be introduced on a *nix system the same way 99% of trojen horses get into win boxes, social engenering.

By its verry nature, a trogen is a program that APPREARS to be good but has an evil payload. once again, the problem is gullible users and/or techs and/or admins. not windows per-se.

Re:Spyware

[Karzz1]

Not to mention their new anti-virus business (a subscription service which couples MS anti-virus with their anti-spyware). Am I the only one that sees the conflict of interests here?

Cheap Shots

[The_Quinn]

It is cheap to poke your security knife at microsoft. As you probably know, Linux has its own security issues

I've dealt with Linux security enough to know security is work for any OS, especially when you are not just running servers for developers or apps. When you get into linux desktop users, security takes a lot of work and attention.

Re:The answer to these problems ...

[Jeff+DeMaagd]

Trojans are about social engineering. The only way to stop trojans is to prevent the people that might fall for them from ever being able to execute unauthorized programs.

Try It Again, With Strong Encryption!

[putko]

"... [The authorities] found dozens of FTP servers in Israel and overseas, including the US. Haephrati is suspected of transferring stolen material from other computers to these FTP servers. The police realized the extent of the affair when they examined some of the files..."

If there was ever a time to be using encrypted volumes to store files, that was one of them.

The guy has fileservers full of self-incriminating evidence, but he can't even get his act together enough to strongly encrypt the thing? That's pretty damn sloppy.

If you did it right, all the cops would have was a bunch of bits, not stuff to put you away for a long time. This tells me the guy wasn't really trying hard enough. He needs to do it again, with feeling.

The reality is....

[zappepcs]

that this type of attack has most probably been going on for years, without being detected.

More sophisticated worms and trojans will happen. Think of a virus that stealthily hides on computers, moving across the network till it finds itself on a machine in domain xyz.com. Once there it promulgates quietly, doing no damage, until one of its copies finds files of the variety xxxxx.xls. Then slowly searching those files, sending bits of it back to a server on the internet disguised as mail from the user of that machine.

It gets even scarier. Imagine that virus looking for your company's cvs server?

The only thing that I can think of to combat it is to ensure that all applications are checked before being run, and that they have certification by company security infrastructure. This might prevent joe bloggs from working at home and bringing the trojan to work with him.

It can be done if the program is executed by the user without verification of certification etc.

To totally lock down your network will become very difficult in the future. Commercial antivirus vendors will have to work very closely with OS groups to actually create a secure computing environment.... and user's will not like the efforts they have to go through to participate in that secure environment.

The current efforts by software vendors and groups will not even come close to stopping such spyware programs.

Well, that's how I see it anyway... who knows for sure.

A lot of this spy stuff just cancels out

[Simonetta]

A lot of the supposed loss that results from espionage is mitigated by the fact that the stolen data simply goes from one inept corporate bureaucracy to another. As much as they'd like to, most lame, ossified organizations can't do much to improve their own position regardless of the strategic worth of stolen competitor's data.
It's just 'Spy vs. Spy'; an endless expensive game that changes very little in the real world.

And regarding the use of social engineering to break into secure systems and procure passwords, it too has exagerated importance. The old fashioned tried-and-true methods of blackmail, bribery, kidnapping, and extortion work as well if not better in modern corporate and military environments as they have for hundreds of years. The stricter the corporate punishment for transgressions, the more inflexible the rules, the harder the no-tolerance policy... the cheaper and easier it is to use blackmail and bribery on the target employees. This is why the Americans can't destroy 'the base' (whose Arabic name triggers the NSA internet evesdropping software). They can't be blackmailed, bribed, or persuaded with. Hell, they can't even be found.
You want a secure corporate environment? Trust your people, pay your people reasonably, don't assume that you can judge their moral character by the molecular structure of their urine. In other words, don't act like a stupid paranoid American.

Re:They had insiders, politicians helping them ste

[S3D]

I think Israel is the reason for all the problems in the world. All muslims hate them for good reason.

I'm not surprised such kind of post appear on the slashdot, but I'm shocked it moderated "insigtful"