Slashdot Mirror
Trojan Built for Industrial Espionage
xPertCodert writes "Some of the largest Israeli companies are involved in the major industral espionage case, in which private investigators implanted specially crafted Trojan horses on the computers at unsuspecting companies in a bid to obtain priviledged financial and technical data. Given the current state of Windows security and advances in spyware, probably any company has become a very easy target for such spy attack from competitors"
maybe such incidents will start companies (and Microsoft in particular) to start taking spyware more seriously
how often that goes on here.
I would like to think it doesn't, really. But I'm sure it does.
Pretty Pictures!
spies are more likely to do industrial espionage compared to spying on gov'ts. it is apparently a lot easier to get info from companies about gov't plans (through contracts, ect) than trying to spy on the NSA or CIA
but then again, this is what i have read, so take it for what it is worth
Did any of their officers graduate from Stanford or Harvard Business School?
http://www.nsa.gov/selinux/ Security-Enhanced Linux!
By its verry nature, a trogen is a program that APPREARS to be good but has an evil payload. once again, the problem is gullible users and/or techs and/or admins. not windows per-se.
that this investigation will end up with no results, or blame some 'hostile' third party that had nothing to do with it.
(By the way, what's up with the unreadable "show you're not a script" images? Give us an 'I can't read this' option...)
I thought that Trojans were programs that pretended to be something legit but weren't. Other than finding them and putting them in a list of programs to delete in a virus scanner, is there a way to be "secure" with these?
If the company you are tailoring these trojans to runs Linux, aren't you, as the evil terrorist hacker, going to tailor the trojan to run on Linux?
Send 90% of the CEOs out there an email that says 'click here for a free iPod!' and we all know what they're going to do, whether they run Windows, Linux, or OS X.
Pulp Audio Weekly - Geek News and Reviews
Did they name it Project 2501? And was it secretly created by the Ministry of Foreign Affairs?
Smart people shouldn't have that kind of data on a computer that could be attacked by spyware. Keep it on a network segregated from the internet and you keep it to an insider-only problem.
Microsoft sees spyware as an opportunity for profit.
The dangers of knowledge trigger emotional distress in human beings.
I'm sure glad I don't rely on closed source products for my security needs. :)
If the entire scandal was percipitated by Bezek (the reigning ILEC/MaBell of Israel). Bezek was complacent about the coming of the cell phone in the early '90s and was so late to the game that it's practically a non-player.
To the contrary, Pele-Phone trademark name actually became Israeli "xerox" - every cell phone is called a "pelephone" in the vernacular. So if Bezek wanted to hurt the ungrateful competitors' market share, the trojan scandal would do nicely.
Any fool can criticize... And many do.
... for companies to take seriously apple and some GNU/Linux flavours ...
I have to face dozens of infected pc's every day in my university, all having services like RPC Helper, or Workstation Security Manager etc. And don't start there are ways to avoid this. There are, but they are impractical to admins and users!
On the other hand there are more benefits in apple platform than drawbacks IMHO so I suspect a serious rise in market share could come. This can happen only if people act reasonably = low chances in this management driven world :(
the doc
To quote a poster when the above is pointed out. "According to your logic, it doesn't matter if you store millions of dollars in cash under the bed, since a safe is also vulnerable to break-ins."
Ignoring the facts that security is a process, not an absolute, and technical solutions to social problems are hard. Ultimately all solutions can be twarfted, given enough time and resources. The goal however is to make whatever they want difficult enough to get, that when they do get it, it'll be worth nothing.
I've dealt with Linux security enough to know security is work for any OS, especially when you are not just running servers for developers or apps. When you get into linux desktop users, security takes a lot of work and attention.
Mine is Good
I.E.
Exploitation of individual weakness among those with access to information.
Be it as simple as hanging out at the right bars and chatting up the right people, or as complex as hooking these people on the high life, gambling, prostitutes, golf, etc. to the point that they are willing to 'accidently' leak information in exchange for maintaining realtionship with ones circle of 'new friends', it's a hell of a lot more fun, with less risk of prosecution, than outright spying or extortion. Equally enjoyable is exploiting holes in strategic information containment. This can be done by chatting with suppliers and contractors about how their business is going...
Methods such as this are routinely used by government agencies involved in information gathering and analysis. They are also perfectly legal.
Firewall won't block the trojan connection... the trojan will inject itself in browser or other utility that can pass the firewall... only way to have a secure network is to keep it off the internet...
"... [The authorities] found dozens of FTP servers in Israel and overseas, including the US. Haephrati is suspected of transferring stolen material from other computers to these FTP servers. The police realized the extent of the affair when they examined some of the files..."
If there was ever a time to be using encrypted volumes to store files, that was one of them.
The guy has fileservers full of self-incriminating evidence, but he can't even get his act together enough to strongly encrypt the thing? That's pretty damn sloppy.
If you did it right, all the cops would have was a bunch of bits, not stuff to put you away for a long time. This tells me the guy wasn't really trying hard enough. He needs to do it again, with feeling.
http://www.thebricktestament.com/the_law/when_to_
Yep. But there are ways to reduce the potential there.
#1. The email client should NOT under ANY circumstances automatically run scripts or executables. This was a MAJOR problem with previous versions of Outlook.
#2. The regular user should NOT under ANY circumstances be able to run a program from his user directory/temp directory.
Now, since Linux does not have any equivalent to Outlook in example #1, that means that Linux machines are far more difficult to infect. But not impossible.
Once you've implemented example #2, then the ONLY way for a trojan to get onto a system is if the user has the root password AND goes through the regular install process.
Now, each step that the user must perform is another chance for the trojan to fail.
If, on Linux, the end user has to go through half a dozen steps or so, then Linux is going be resistant to all but the most dedicated of idiots.
And remember, the infection rate has to be higher than the removal rate otherwise the trojan dies, like any virus or worm would.
Linux can be less than 100% perfectly secure, yet still have no live trojans, viruses or worms in the wild.
I know this sounds almost like cussing, but could one obfuscate so efficiently a source code, to hide a trojan inside it?
That would be diabolic because it would give the false feeling of security (after all, it's "open" source, right?) and therefore be even more devastating to unsuspecting users.
Sigged!
"Security" is being treated by most vendors and companies as a pest-control business. "How many threats did we detect today?" "What are the top 10 threats this week?" "How fast can we get the virus definitions updated?" But those aren't the real threats. It's the quiet, narrowly targeted attacks that cost companies real money.
Military security people make that distinction. They're trained to view kids throwing rocks over the fence as a minor threat, while focusing on a phony cleaning guy sneaking in and getting a peek at the good stuff. Computer security people don't get this. Yet.
Look at, say, the Symantec web site. It's entirely oriented toward protecting against pest-type threats. And "pest removal". If there's a serious attack, by the time you get to "virus removal", the crucial information has long since been stolen.
In Israel, workstations in all large corporate networks are very well protected.
;-)
It's much cheaper to find a dirty sysadmin that will push a small MSI to all AD clients then actually writing a full blown Trojan that should first of all plant itself on the target computer, taking the risk of being discovered by some techy user.
So keep MS bashing for another article
The issue is not whether there ARE flaws, but how SERIOUS those flaws are, how quickly the are patches are released and how easy it is to install those patches.And walking to the corner store is "work" and running a marathon is "work". Just because they are both "work" does not mean that they are equivalent.
Here's a good example. If you install the Windows on a box, but choose not to install all of the components, then you patch it with the latest service pack and all, it should be fully patched.
Then you go back and install one of the components you didn't install initially.
Is it still fully patched? Will Microsoft's BaseLine scanner find any flaws?
No and no.
But with a Debian system (or any derivatives), you will know that your system is fully patched because installing is done from the network.It depends upon what you mean by "a lot". It takes less than 1/10th the effort of a comparable Windows installation.
That is because it is easy to setup the users without the ability to run executables that have not been setup by the root account. Which pretty much kills the trojans and viruses.
Well ive never gained privileged financial and technical data from that? Am I missing something?
This comment does not represent the views or opinions of the user.
Did it involve an exploit?
Yep, although not a buffer overflow it is an exploit on the system design that allows executing and installation of programs without the users specific consent. Not much unlike the days when you could email an Active-X control to people and it would automatically execute just by viewing the message.
Users are led to believe these files are safe to open. When in fact they should be viewed as are they safe to execute.
So the bad guys exploited the misperception that (Microsoft) document files are data files safe to "open".
MS is used in Nuke plants, Banks, Navy ships, and even medical equipment. How many know about the insecurities of MS esp. when compared to *nix? Every last coder on this planet. And yet, some idiot up top decided to force MS into this space. It will be that way for quite some time.
IMHO, it will take successful law suits against companies that sell Windows into high security space before the PHBs change their habits. Once they are personally threatened, then they will change.
I prefer the "u" in honour as it seems to be missing these days.
The usual objection of "but then the baddies will see what we do" holds no real water in a world that is, for all intents and purposes, ruled in very large part by one superpower.
Not if you would prefer that the superpower in question maintained that position.
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Well, it seems there is more than one problem. You're right about the platform-independent nature of getting users to install trojan horse software. UNIX based systems can't help that problem much, although they can limit the resulting damage in some cases.
The plague of adware and spyware infecting some significant percentage of pc systems is a separate issue that pretty clearly affects Windows, but not Mac OS X or Linux. FireFox users on Windows seem to receive some protection from this plague, too, so perhaps this issue is also platform independent, but vendor dependent.
If you mod me down, I shall become more powerful than you could possibly imagine.
Because it is the only OS I know of where people routinely get trojaned simply
by visiting a web page or opening an email.
It is alleged that the trojans were implanted by giving the victims CDROMs with labels of well known software companies on them. So take care people!
This is not purely a Windows issue--although it was enabled by the wrong users having administrator rights.
The story is really about criminal conspiracy. Simply put, a clever programmer wrote trojan horse spyware and found three private investigative companies to backdoor the trojan into major company systems, collect information, and market it. Private investigative companies play a very big role in the Israeli economy because there are so many retired intelligence agents who market their skills to businesses for many purposes.
The Trojan was set up by sending target company managers in "demo" disks of software purportedly for sale. The "demo", run by a manager, would install the spyware. The investigative companies then cherry-picked valuable information (sales reports, competitive assessments, etc.) and they simply picked companies in each business category to take on as clients--one cellular phone company got another's inside information, one cable company got another's inside information, one auto importer got another's info, etc. etc.
The private investigators simply sold to the highest bidder. The really interesting thing is that it's not clear whether there are laws on the books in Israel strong enough to convict the PIs! This may just be more of what is referred to in Israel as Israel-bluff.
From reading the article, I did not notice the name microsoft in there. Who is to say that these trojans ran on Microsoft software? Perhaps these trojan-infected machines were running GNU-hurd or OsX? The writeup says "given the current state of Windows security", but I don't have enough information to conclude that this was a compromise of Microsoft software.
Many of the discussions on this topic seem to presume this was in fact a trojan that ran on Windows, but even though my gut tells me most trojans target Windows, there is no reason (from the news sources) to believe that this wasn't an engineered alternative OS compromise. Check news.google.com, none of the reports seems to shed any light on the OS of the compromised systems. An ftp server is mentioned, but that's about it. Why do people assume that this was a Microsoft compromise? Is this a fair assumption?
If this is a fair assumption, why don't any of the articles mention Microsoft?
MBSA is not perfect but I've never seen it ignore a product just because you didn't install it during the initial install.
But I admit that I'm nitpicking a bit here as I've learned not to trust it as the only check on what a system needs. Often times MBSA is just plain wrong. I have found that Windows Update, MBSA, and even GFI's tool will disagree on what is installed or what patches are available for your system. It is a convoluted mess.
I use Suse myself not Debian but the approach is basically the same. Offer updated packages that are prepatched so if you decide you need to run Apache you get the latest version not a buggy one that you have to add patches too.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
oh please, why is it always a conspiracy theory just because you don't know about it personally? I'll even give you some Newsmax sources,
"The Chinese air force is equipped with the Harpy medium-range anti-radar missile acquired from Israel, and its new Chengdu J-10 strike fighter uses technology obtained from the canceled Israeli Lavi program. link
Here we go from the Asian Times, " Israel has also been a long-standing supplier of advanced military technologies to China. According to the findings of a past US congressional committee chaired by Representative Christopher Cox (Republican-California), Israel has "offered significant technology cooperation to the People's Republic of China, especially in aircraft and missile development", including helping China build its current F-10 fighter jet." LINK
Here's a nice article from the Jerusalem Post about the u.s. suspending cooperative development on the arrow-2 missile defence system with Israel. quote, "A source quoted by MENL explained the rationale for the encroaching US boycott: "It's all about China." As the report explained, "The Pentagon, with full support of the administration, does not want to deal with Israeli products or technology that could be sent to China."
There's plenty more information available from all your favourite right-wing sources about the chinese-israeli love affair that's been going on for 20 years. You just have to look because FoxNews & CNN are not interested in telling you about it.
The Windows OS has everything to do with the current state of affairs in Trojan-land. If there hadn't been literally hundreds of exploits over the past 5 years that allowed companies to inject unwanted software into users' computers, two things would be different:
I'm afraid that all of Windows' past security flaws have raised the level of interest in such gray-area and outright illegal activities to a point that, even if the whole world did switch away from Windows tomorrow, there are enough people that have the requisite skill and experience to produce a credible threat to almost any platform.
Social Engineering on the part of the user is one thing, but if you look carefully at the proliferation of such garbage software, you'll realize that society, by supporting this specific software monoculture, has given rise to a population of predators -- If you force them to search for a new source of food, they will.
Jasin NataelTrue science means that when you re-evaluate the evidence, you re-evaluate your faith.
that this type of attack has most probably been going on for years, without being detected.
More sophisticated worms and trojans will happen. Think of a virus that stealthily hides on computers, moving across the network till it finds itself on a machine in domain xyz.com. Once there it promulgates quietly, doing no damage, until one of its copies finds files of the variety xxxxx.xls. Then slowly searching those files, sending bits of it back to a server on the internet disguised as mail from the user of that machine.
It gets even scarier. Imagine that virus looking for your company's cvs server?
The only thing that I can think of to combat it is to ensure that all applications are checked before being run, and that they have certification by company security infrastructure. This might prevent joe bloggs from working at home and bringing the trojan to work with him.
It can be done if the program is executed by the user without verification of certification etc.
To totally lock down your network will become very difficult in the future. Commercial antivirus vendors will have to work very closely with OS groups to actually create a secure computing environment.... and user's will not like the efforts they have to go through to participate in that secure environment.
The current efforts by software vendors and groups will not even come close to stopping such spyware programs.
Well, that's how I see it anyway... who knows for sure.
Support NYCountryLawyer RIAA vs People
A lot of the supposed loss that results from espionage is mitigated by the fact that the stolen data simply goes from one inept corporate bureaucracy to another. As much as they'd like to, most lame, ossified organizations can't do much to improve their own position regardless of the strategic worth of stolen competitor's data.
It's just 'Spy vs. Spy'; an endless expensive game that changes very little in the real world.
And regarding the use of social engineering to break into secure systems and procure passwords, it too has exagerated importance. The old fashioned tried-and-true methods of blackmail, bribery, kidnapping, and extortion work as well if not better in modern corporate and military environments as they have for hundreds of years. The stricter the corporate punishment for transgressions, the more inflexible the rules, the harder the no-tolerance policy... the cheaper and easier it is to use blackmail and bribery on the target employees. This is why the Americans can't destroy 'the base' (whose Arabic name triggers the NSA internet evesdropping software). They can't be blackmailed, bribed, or persuaded with. Hell, they can't even be found.
You want a secure corporate environment? Trust your people, pay your people reasonably, don't assume that you can judge their moral character by the molecular structure of their urine. In other words, don't act like a stupid paranoid American.
How open are banks to this kind of attack ? Or Credit Companys or anyone of the other 1000's of companys that we give our personal data to.
Jeez, where's the "-100 racist" mod option?
This is because Windows does not have a package management system. But it likes to pretend that it does.
So, a service pack is applied, then you add a component that the service pack would have patched, but all the various tools do is to check whether that service pack is listed as being applied.
The biggest annoyance I've seen with that was the Welchia worm. Even after applying their patch, your machine would still be infected.And that's the problem. If you cannot trust the system, you cannot trust the system.
With Debian, it is easy for me to verify each and every file on that system. Here, I'll go through this.
Each file either is a user data file and should only be in those directories
-or-
It is a file installed by a package that was installed by root.
So, I go through each directory and verify that every file in there belongs to a package. Then I go through and verify that every file belonging to each package has the correct MD5 checksum. Then I verify those package checksums against the versions on the websites.Yep. And because it is such a mess, it is VERY difficult to verify that it is fully patched.Yep. Any Linux system (or other system) that uses a package management system is FAR easier to patch, verify that it is patched and keep patched than a Windows system.
Seeing it happens in Israel a small but very well technological developed country, the question is what is happening in places and big economic regions like US, EU, Asia? May be they are not as fast and developed as Israel finding trojans. And it's very common to silence this things in private rooms, a common practice when a Bank hacking happen.
More information at: IWS The Information Warfare Site
#1. Because Linux no longer uses bitkeeper does not mean that it has more security problems than before. (nor less)
#2. And, again, no one is saying that Linux has never had a security issue. Just that because of Linux's security model, those issues have been less critical and fixed faster than with Windows.
#3. You do not see articles here very often deriding Linux about its security failures
That was someone sniffing passwords. That isn't a Linux security issue.
#4. You're quoting an article quoting mi2g's "research". You should do a bit more research on them before attempting to use it to support your position.
No. "All OSes" do NOT have "huge security issues to deal with".
You are wrong. No OS is 100% secure, but that does not mean that they all have "huge security issues".
If you need confirmation on that, just look at OpenBSD.
Need another? Look into SELinux.
I would hope that you would be also sorry about the holocaust ever happening for reasons other than that it provides an "the freedom to take every criticism as anit semetic". Do you have any feelings of sorrow about the six-million people were brutally murdered?
The Holocaust sucked for homosexuals, travellers, anyone who was physically or mentally disabled and religious and cultural minorities, as well as for anyone who disagreed with Hitler.
This in no way gives the current government of a country consisting largely of members of one of those categories the moral high ground if it chooses to play silly buggers with foreign companies.
For the love of God, please learn to spell "ridiculous"!!!
As a submitter of the original news, I specifically pointed out Windows. As a security developer, I worked with Israeli goverment and it's suppliers and large companies mentioned in the article. They, almost universally, are using windows both on desktops and servers, and with an exception of military and security forces, are very vunerable. Most employers are uneducated about security, viruses and trojans and the current state of Windows (in)security allows for a very easy penetration
Most people who find that their computer has become slow buy another computer, so Microsoft sells another copy of the operating system. As the OpenBSD team has shown, it is not impossible to make an OS with very, very few vulnerabilities. But the vulnerabilities make money, so apparently that's why Microsoft leaves them in, or takes a long time to fix them.
So anti-spyware software would reduce Microsoft's profits.
(not all Israelis agree w/ the govt and not all Israelis are Jews and not all Israelis live in Israel, so I'm not sure who "them" is here.)
Why are you shocked? Slashdot has reached the sort of critical mass that if any X Slashdotters hate "them", then however small X is, at any given time at least one member of X must have mod permissions, which means that some of this shit is eventually gonna get modded up. There are enough other people w/ mod & metamod access to mod them back down, so it's not that big a deal.
Refer to that "why do smart people defend stupid ideas" story, I guess.
[o]_O
During the investigation, the police remembered that a few years ago, the same suspects offered the police virus-based technology for legitimate uses, but the technology was unsuited to the police's requirements. The police had held intermittent negotiations lately, during which they examined the software's applications...
Israel Police National Fraud Unit head, Chief Superintendent Arie Edelman, said the virus was unique because, "It not only penetrated the computer and sent material to wherever you wanted, but it also enabled you to completely control it, to change or erase files, for example. It also enabled you to see what was being typed in real time." He said the extent of those involved in the affair, and the program's capabilities were "exceptional".
The police suspect that Haephrati adapted the virus for his clients' needs. He charged his clients 2,000 (NIS 17,000) per computer per month, including support.
Since the virus was adapted for each client's purposes, it was not detected by information security systems. Edelman said, "This is not a common software that anti-virus software makers have had to fix."
I'm wondering if there wasn't somebody else behind this - perhaps Mossad. And it would be interesting if somebody in the US press would follow up on the Fox News report that the U.S. Federal law enforcement wiretapping facilities have been built by an Israeli company which is likely a front for the Mossad.
The Israelies are very good at this sort of thing, which is why a lot of encryption algorithms come from Israel.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
This exploit has nothing to do with windows, firewalls or anti spyware software.
If you run a piece of software on your computer by someone - what can you expect?
This guy wrote a simple trojan, and was foolish enough to use it against the parents of his former wife...
he posted some of their personal data on the web in order to hurt them, leading to his discovery and the exposure of the who deal.
Not very clever...
People with very little technical skills were hurt from his attacks - let's face it - almost everyone falls into that category.
it's a new age, attacks like these are carried out all the time, most of the time undiscovered.
People should learn how to live with it.
paying for expensive security will not help.
Linux or mac will not salvage anyone either.
I love burekas in the morning
also are there stats on the mod up to mod down ratios? I know tend to mod up much more than down
Historically this has been the only thing that gets them to act. I don't think this time is any different.
Words of pisdom for sure. No mention of Microsoft was made in the article I read, but you and I both know that was what caused the problem. Just the same, I feel all dirty and cheap when I make fun of a $30,000,000,000 company that can't get it's act together but has such good intentions for everyone else's money.
As you probably know, Linux has its own security issues ... [and more bullshit about how hard Linux security is].
Find me a free software mail client that you can 0wn the way Outlook (also not mentioned) was 0wned. As you saw, there's a market for such skill, worth about $4,000 per infection. You'll either make up pictures and documents to send to the dumb-ass who hires you, or you will go hungry. Oh dear, so much experience and so little learned.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
How did you ever cash your paycheck?
Did it say "nameless company" on it or was it a payroll check with a blank spot where the company name would be?
Had to say it...
Gush Katif (Jewish Gaza)
Bush supports Hamas
Bush pushes Israel to "Auschwitz borders"
Pay attention.
That's brillant!
1. Buy laptops without harddrives.
2. With the money you save, you can afford Mac servers!
3. ????
4. Profit!
Israel's been pumping trojans on the world's computer networks since the late 70's, all with a wink from the US.
OS security doesn't matter much if you're doing your daily routine as admin/root. People who configure Windows machines tend to solve problems of "software not running" by giving the user admin priviledges. Then any stupid email attachment can install anything. You'd have the same problem if a Unix sysadmin decides to save time solving a user's problem by giving the user root privileges. And if Linux becomes more common you'd see much more of this kind of "problem solving" ("fumble with things until they work, then don't touch anything. Don't try to solve tomorrow's problem. You're paid only to solve the current problem". Of course it works and you cease to touch it when it has to many permissions...)
The way this story was revealed was that the stupid guy who planted these trojans published publicly excerpts from his ex-wife's father (or mother's husband?) that existed only on the guy's PC. Probably that PC was a private PC that was configured exactly as shipped (i.e., single admin account). Security of the OS doesn't really matter in this setting. I think the real story here was that so many big companies (telecom, sattlite TV etc.) bought services from a guy so unprofessional as to host their stuff on the same servers that he uses for revenge against his ex-wife's parent, and then to reveal enough info so that the police can get to him! Obviously he's not a pro. Any pro would have known to use separate destinations for different trojans, and not to reveal info that leads to a single source...
...FOLLOW THE MONEY!
By this I mean that I assume industrial espionage is much more lucrative than governmental information, and therefore companies are much more likely to be a target.
As for which is easier, forget the boundaries and roadblocks, if the payoff is high enough someone will find a way around it.
When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
I used to be an EKG tech (back in 1980). About 6 months I was following a set of links that lead me to a homebuilt EKG machine (IIRC, @Utah State). I seem to recall that they were had a nice linux program for interfacing with it. You may wish to look for it and see if there is not something that you can use. Not quite a polygraph, but similar data that is interpreted in different ways.
But yeah, ppl do not like change.
I prefer the "u" in honour as it seems to be missing these days.
all these trojan horses that the article talked about were installed by either tricking the computer user into installing them via e-mail or cd, or by a trusted individual that the computer user knew. The same thing could have happened with linux or mac os x.
My Gawd WTF...