Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan Built for Industrial Espionage

Posted by CmdrTaco on from the cloak-dagger-and-the-almighty-buck dept.

xPertCodert writes "Some of the largest Israeli companies are involved in the major industral espionage case, in which private investigators implanted specially crafted Trojan horses on the computers at unsuspecting companies in a bid to obtain priviledged financial and technical data. Given the current state of Windows security and advances in spyware, probably any company has become a very easy target for such spy attack from competitors"

10 of 232 comments (clear)

  1. From what i understand by hsmith · · Score: 4, Interesting

    spies are more likely to do industrial espionage compared to spying on gov'ts. it is apparently a lot easier to get info from companies about gov't plans (through contracts, ect) than trying to spy on the NSA or CIA

    but then again, this is what i have read, so take it for what it is worth

    1. Re:From what i understand by Anonymous Coward · · Score: 1, Interesting

      Yes, it is considerably harder to get classified information from the government than it is to get important data from corporations.

      For one, physical security is a lot more stringent than it is in the industrial sector. Classified machines are never left "lying about", nor are classified LAN lines easily accessable.

      Plus, the networks themselves are seperate. You'll never be able to get to Google from a classified workstation. The networks are always airgapped (and the distance is specified in regulations), or tunneled via NSA type 1 encryption devices (imagine VPN on steroids).

      Some corporations have begun doing this, however, it's not very popular because it's also very inconvienient. No developer wants a KVM switch to go between his development box and the box he can use to access the Internet.

      On the other hand, in environments where employees almost exclusively use classified workstations, it can be a boon to productivity. The computers at their desk can't e-mail the Internet, or surf public websites. :)

  2. Re:Trojans != Security Failure by mc6809e · · Score: 2, Interesting

    Excellent point.

    I guess the lesson is that, whenever you install someone elses software on you system, you're essentially letting them use that system.

    Can you always trust them to do the right thing? Not in this case, apparently.

  3. Personally I prefer the chase aspects of old time by Anonymous Coward · · Score: 1, Interesting

    I.E.

    Exploitation of individual weakness among those with access to information.

    Be it as simple as hanging out at the right bars and chatting up the right people, or as complex as hooking these people on the high life, gambling, prostitutes, golf, etc. to the point that they are willing to 'accidently' leak information in exchange for maintaining realtionship with ones circle of 'new friends', it's a hell of a lot more fun, with less risk of prosecution, than outright spying or extortion. Equally enjoyable is exploiting holes in strategic information containment. This can be done by chatting with suppliers and contractors about how their business is going...

    Methods such as this are routinely used by government agencies involved in information gathering and analysis. They are also perfectly legal.

  4. Opensource trojans? by haggar · · Score: 2, Interesting

    I know this sounds almost like cussing, but could one obfuscate so efficiently a source code, to hide a trojan inside it?

    That would be diabolic because it would give the false feeling of security (after all, it's "open" source, right?) and therefore be even more devastating to unsuspecting users.

    --
    Sigged!
  5. Re:Everyone is volnerable by Soul-Burn666 · · Score: 2, Interesting

    That's actually a very good analogy.

    Putting the cash in the safe instead of under the bed will stop random small thieves.
    But if those behind the theft are a big, organized group, then they will break in whether it's under the bed or in the safe.
    They'll send a technician to plant a camera in your bedroom and record you entering the code (keylogger) or simply crack it professionally in 15-30 minutes.

    --
    ^_^
  6. Re:The answer to these problems ... by TheRagingTowel · · Score: 2, Interesting

    Not quite. In linux, for example, you got permissions for every file/directory/whatever, so the trojan has limited access to files. In windows it's not quite so trivial.
    btw, as I heard over hear, the spyware was installed by Autoplay. It was disguised as a "promotional cd".

    --
    4Z5TX
  7. Re:I wouldn't be too surprised... by eranb · · Score: 2, Interesting

    Actually, Bezek owns a large portion of Pele-Phone and Mirs, both large players in the israeli cellular market.

  8. Re:Check (point) your VPN/Firewall by DerekLyons · · Score: 2, Interesting
    He didn't claim FOSS security was guaranteed as your entire post assumes.
    No, but he sure as heck implied it that it was somehow 'better' than closed source.
    He claimed it was a better alternative than a company with an obvious vested interest.
    And you know that an OSS team/developer doesn't have a vested interest how? Or that having an unobvious vested interest is better?
    Zealot.
    Hardly. I'm a cynic and a skeptic - quite the opposite of a zealot.
    Commercial software bigots - a dying breed.
    Hmm... I didn't throw names or accusations - I asked questions that you shy from answering.

    It's folks like you who are the biggest danger to OSS - because you are unable or unwilling to discuss it's pro's and con's honestly, preferring name calling to facts. The zealot and the bigot in this conversation isn't me.

  9. Re:Good by pv2b · · Score: 2, Interesting

    sh evilscript.sh

    The execution then is of "sh", which reads evilscript.sh as a file containing commands. evilscript.sh doesn't need to be +x for this to work.