Slashdot Mirror

← Back to Stories (view on slashdot.org)

Trojan Built for Industrial Espionage

Posted by CmdrTaco on from the cloak-dagger-and-the-almighty-buck dept.

xPertCodert writes "Some of the largest Israeli companies are involved in the major industral espionage case, in which private investigators implanted specially crafted Trojan horses on the computers at unsuspecting companies in a bid to obtain priviledged financial and technical data. Given the current state of Windows security and advances in spyware, probably any company has become a very easy target for such spy attack from competitors"

40 of 232 comments (clear)

  1. Good by Anonymous Coward · · Score: 3, Insightful

    maybe such incidents will start companies (and Microsoft in particular) to start taking spyware more seriously

    1. Re:Good by Leroy_Brown242 · · Score: 4, Insightful

      HAH!

      Learning from other mistakes? I think you give the industry too much credit. :)

      --
      Pretty Pictures!
    2. Re:Good by pv2b · · Score: 3, Insightful

      As I said in another thread, the problem isn't computer insecurity, but the fact that people will install anything given enough social engineering. Even if you use an operating system like Mac OS X or Linux or something else similar, where the users aren't typically logged in as root, you can still spy on the user whose account you've infected, which is enough damage right there.

    3. Re:Good by pv2b · · Score: 2, Insightful

      Social engineering.

      1. E-mail the user a "Free Porn" program. This program is then set to launch every time the user logs in. (To make it more plausible, the program then launches a Safari window pointing at your favorite porn site.)

      2. The program is basically a glorified FTP server, allowing the attacker to log into it and retreive any files accessible from the account. To get past firewalls, it could evenly actively connect outward to another host to receive instructions, or even be controlled via e-mail.

      Voilà, corporate espionage on Mac OS X or Linux per social engineering.

      Not very subtle, but very effective.

    4. Re:Good by Dwonis · · Score: 4, Insightful
      Linux probably does not have "just about as many security flaws as Windows", because its design is simpler and there are fewer places for things to go wrong, among other reasons. You are obviously making statements that about things you know hardly anything about, so I put you in my foes list to remind me of that.

      However, you've touched on an important point about computer security: to an attacker, the number of security holes in a system is almost totally irrelevant. If I were an attacker, I'd be more concerned about the types of security holes in a system, than the absolute number of them. For example, if I run a malicious webserver, and my goal is to install a key-logging driver into the kernel of a Linux machine that accesses my webserver, I need two types of security flaws: one in the web browser that lets me execute arbitrary code, and one in the OS so I can get root privileges to install the driver.

      This where people get confused. Having 2 or 2000 local root holes doesn't help me if I can't execute arbitrary code on the computer, and having 2 or 2000 arbitrary code execution holes doesn't help me if I can't get root privileges. I need exactly one hole of each type for my attack to be successful. Beyond that, it makes little difference.

      So, if you create two categories, "secure" and "not secure", Linux and Windows fall into the same category: "not secure". Most systems fall into that category. If you're a decision-maker, and you're forced to use some of these systems, even though you know that they are all "not secure", which ones do you choose?

      You choose the ones that are going to minimize your risk. If that means choosing Linux, or some heterogeneous mix of systems, simply because that arrangement is less popular and therefore less likely to be exploited, then so be it. It's still a sound decision, given the circumstances.

      Regarding people demonizing Microsoft, don't you find it the least bit pathetic that a loosely-knit group of poorly-organized hobbyists working on their spare time can be even remotely competitive against the industry leader, a company that can spend billions of dollars per year on software development?

      What about all the people over the last decade who trusted Microsoft with their data, only to find out that (until recently) Microsoft didn't care about keeping it secure? Should they not be angry?

      What about Microsoft's idea of "ease of use": menus that are never in the same place, and word processors that mangle your data because "it looks like you're writing a letter"? Or how about the general Microsoft "we know better" attitude? Software that makes your computer not do what it's told (DRM)? Product keys? EULAs? Software patents? Mandatory file locks (sharing violation)? The Win32 API? Broken CSS support? Horrible context-switching performance? mikerowesoft.com? "Best Viewed with Internet Explorer"? The need to use defrag.exe? The DR-DOS error messages? Abandoning OS/2? "Abort/Retry/Ignore/Fail"? Direct3D? ActiveX? DLL Hell? "There are no significant bugs in our released software that any significant number of users want fixed"? The way the MSN website seemed to deliberately break itself when people used Opera to view it?

      Microsoft is a leader that's doing a crappy job, on top of its selfish motivations. People don't like that. You may not see Microsoft as being evil, but you shouldn't be surprised or disgusted that others do.

    5. Re:Good by pv2b · · Score: 2, Interesting

      sh evilscript.sh

      The execution then is of "sh", which reads evilscript.sh as a file containing commands. evilscript.sh doesn't need to be +x for this to work.

  2. From what i understand by hsmith · · Score: 4, Interesting

    spies are more likely to do industrial espionage compared to spying on gov'ts. it is apparently a lot easier to get info from companies about gov't plans (through contracts, ect) than trying to spy on the NSA or CIA

    but then again, this is what i have read, so take it for what it is worth

  3. Ethics & Business by Anonymous Coward · · Score: 2, Funny

    Did any of their officers graduate from Stanford or Harvard Business School?

    1. Re:Ethics & Business by Rob+Riggs · · Score: 2, Informative
      By propagating ideologically inspired amoral theories, business schools have actively freed their students from any sense of moral responsibility.

      But you should read the article in full. It presents the reader with a good deal of information about how business and ecomonics is taught, and how this affects corporate behavior and governance. This is an academic article and the writing style is typical of most academic writing, dry and constantly interrupted with references and citations. A more condensed version, edited for the for the lay person, would be most welcome. The fundamental ideas expressed within this article deserves a far greater audience.

      --
      the growth in cynicism and rebellion has not been without cause
  4. The answer to these problems ... by guyfromindia · · Score: 2, Informative

    http://www.nsa.gov/selinux/ Security-Enhanced Linux!

    1. Re:The answer to these problems ... by Jeff+DeMaagd · · Score: 3, Insightful

      Trojans are about social engineering. The only way to stop trojans is to prevent the people that might fall for them from ever being able to execute unauthorized programs.

    2. Re:The answer to these problems ... by TheRagingTowel · · Score: 2, Interesting

      Not quite. In linux, for example, you got permissions for every file/directory/whatever, so the trojan has limited access to files. In windows it's not quite so trivial.
      btw, as I heard over hear, the spyware was installed by Autoplay. It was disguised as a "promotional cd".

      --
      4Z5TX
  5. Everyone is volnerable by a_greer2005 · · Score: 3, Insightful
    In a big company that has a lot of enemies, somewithin its own gates no doubt, this could happen to any system that is not set up perfectly, a rootkit could be introduced on a *nix system the same way 99% of trojen horses get into win boxes, social engenering.

    By its verry nature, a trogen is a program that APPREARS to be good but has an evil payload. once again, the problem is gullible users and/or techs and/or admins. not windows per-se.

    1. Re:Everyone is volnerable by Rakshasa+Taisab · · Score: 2, Insightful

      I'm really not gonna comment on the spelling of the parent post... though...

      According to your logic, it doesn't matter if you store millions of dollars in cash under the bed, since a safe is also vulnerable to break-ins.

      --
      - These characters were randomly selected.
    2. Re:Everyone is volnerable by Soul-Burn666 · · Score: 2, Interesting

      That's actually a very good analogy.

      Putting the cash in the safe instead of under the bed will stop random small thieves.
      But if those behind the theft are a big, organized group, then they will break in whether it's under the bed or in the safe.
      They'll send a technician to plant a camera in your bedroom and record you entering the code (keylogger) or simply crack it professionally in 15-30 minutes.

      --
      ^_^
  6. Trojans != Security Failure by yotto · · Score: 2, Insightful

    I thought that Trojans were programs that pretended to be something legit but weren't. Other than finding them and putting them in a list of programs to delete in a virus scanner, is there a way to be "secure" with these?
    If the company you are tailoring these trojans to runs Linux, aren't you, as the evil terrorist hacker, going to tailor the trojan to run on Linux?
    Send 90% of the CEOs out there an email that says 'click here for a free iPod!' and we all know what they're going to do, whether they run Windows, Linux, or OS X.

    --
    Pulp Audio Weekly - Geek News and Reviews
    1. Re:Trojans != Security Failure by mc6809e · · Score: 2, Interesting

      Excellent point.

      I guess the lesson is that, whenever you install someone elses software on you system, you're essentially letting them use that system.

      Can you always trust them to do the right thing? Not in this case, apparently.

  7. Shouldn't be a problem... by Anonymous Coward · · Score: 2, Insightful

    Smart people shouldn't have that kind of data on a computer that could be attacked by spyware. Keep it on a network segregated from the internet and you keep it to an insider-only problem.

    1. Re:Shouldn't be a problem... by Lucractius · · Score: 2, Informative

      exactly. For the love of god. you know that anything attached to the internet is not ever going to be "completely" (heck most things will never even be marginaly) secured so if you want to keep the data safe no matter what kind of data that is. the only way is to keep the damn machines of the net.

      I belive some interesting research could be done into the six degrees of separation theory and large networks using gateways and subnets

      just how "off the net" is that deep rooted bank system running the ATMs when theres sysadmins that have access directly to it... and probably have access to the company net for conveneince... and that has a gateway... etc...

      ~~~~
      Whats with the To confirm your not a script. Its wasting my precious seconds
      ~~~~

      --
      XML - A clever joke would be here if /. didn't mangle tag brackets.
  8. I wouldn't be too surprised... by maksim2042 · · Score: 3, Informative

    If the entire scandal was percipitated by Bezek (the reigning ILEC/MaBell of Israel). Bezek was complacent about the coming of the cell phone in the early '90s and was so late to the game that it's practically a non-player.

    To the contrary, Pele-Phone trademark name actually became Israeli "xerox" - every cell phone is called a "pelephone" in the vernacular. So if Bezek wanted to hurt the ungrateful competitors' market share, the trojan scandal would do nicely.

    --
    Any fool can criticize... And many do.
    1. Re:I wouldn't be too surprised... by eranb · · Score: 2, Interesting

      Actually, Bezek owns a large portion of Pele-Phone and Mirs, both large players in the israeli cellular market.

  9. Re:Spyware by Karzz1 · · Score: 3, Insightful

    Not to mention their new anti-virus business (a subscription service which couples MS anti-virus with their anti-spyware). Am I the only one that sees the conflict of interests here?

    --
    Beware of he who would deny you access to information, for in his heart he dreams himself your master.
  10. Cheap Shots by The_Quinn · · Score: 4, Insightful
    It is cheap to poke your security knife at microsoft. As you probably know, Linux has its own security issues

    I've dealt with Linux security enough to know security is work for any OS, especially when you are not just running servers for developers or apps. When you get into linux desktop users, security takes a lot of work and attention.

    --
    Mine is Good
  11. Try It Again, With Strong Encryption! by putko · · Score: 3, Insightful

    "... [The authorities] found dozens of FTP servers in Israel and overseas, including the US. Haephrati is suspected of transferring stolen material from other computers to these FTP servers. The police realized the extent of the affair when they examined some of the files..."

    If there was ever a time to be using encrypted volumes to store files, that was one of them.

    The guy has fileservers full of self-incriminating evidence, but he can't even get his act together enough to strongly encrypt the thing? That's pretty damn sloppy.

    If you did it right, all the cops would have was a bunch of bits, not stuff to put you away for a long time. This tells me the guy wasn't really trying hard enough. He needs to do it again, with feeling.

    --
    http://www.thebricktestament.com/the_law/when_to_s tone_your_children/dt21_18a.html
  12. Most trojans are spread via unpatch Outlook. by khasim · · Score: 4, Funny
    Send 90% of the CEOs out there an email that says 'click here for a free iPod!' and we all know what they're going to do, whether they run Windows, Linux, or OS X.

    Yep. But there are ways to reduce the potential there.

    #1. The email client should NOT under ANY circumstances automatically run scripts or executables. This was a MAJOR problem with previous versions of Outlook.

    #2. The regular user should NOT under ANY circumstances be able to run a program from his user directory/temp directory.

    Now, since Linux does not have any equivalent to Outlook in example #1, that means that Linux machines are far more difficult to infect. But not impossible.

    Once you've implemented example #2, then the ONLY way for a trojan to get onto a system is if the user has the root password AND goes through the regular install process.

    Now, each step that the user must perform is another chance for the trojan to fail.

    If, on Linux, the end user has to go through half a dozen steps or so, then Linux is going be resistant to all but the most dedicated of idiots.

    And remember, the infection rate has to be higher than the removal rate otherwise the trojan dies, like any virus or worm would.

    Linux can be less than 100% perfectly secure, yet still have no live trojans, viruses or worms in the wild.
  13. Opensource trojans? by haggar · · Score: 2, Interesting

    I know this sounds almost like cussing, but could one obfuscate so efficiently a source code, to hide a trojan inside it?

    That would be diabolic because it would give the false feeling of security (after all, it's "open" source, right?) and therefore be even more devastating to unsuspecting users.

    --
    Sigged!
    1. Re:Opensource trojans? by greenrd · · Score: 2, Funny
      It occurs to me that the best language in which to do that kind of attack would be Perl. Great plausible deniability.

      "Why's that Perl code so obfuscated?"

      "Oh, that's just a Perl geek showing off - you'll get used to it."

      --
      Female Prison Rape in NY
  14. Cherche la sysadmin! by Begemot · · Score: 2, Informative

    In Israel, workstations in all large corporate networks are very well protected.

    It's much cheaper to find a dirty sysadmin that will push a small MSI to all AD clients then actually writing a full blown Trojan that should first of all plant itself on the target computer, taking the risk of being discovered by some techy user.

    So keep MS bashing for another article ;-)

  15. Re:Exploit? by canuck57 · · Score: 2, Informative

    Did it involve an exploit?

    Yep, although not a buffer overflow it is an exploit on the system design that allows executing and installation of programs without the users specific consent. Not much unlike the days when you could email an Active-X control to people and it would automatically execute just by viewing the message.

    Users are led to believe these files are safe to open. When in fact they should be viewed as are they safe to execute.

    So the bad guys exploited the misperception that (Microsoft) document files are data files safe to "open".

  16. Re:Check (point) your VPN/Firewall by Soul-Burn666 · · Score: 2, Insightful

    The best and strongest firewalls can't protect unsuspecting users from installing trojans by themselves.
    Hell, it doesn't even matter what operating system you use. If you run a trojan/keylogger, the data will leak. It doesn't matter if you're in user mode, all the information you can access can leak outside.

    Surely an easily exploitable system will generally be more prone to this, without user interaction.

    --
    ^_^
  17. Re:Conspiracy Theories by Adult+film+producer · · Score: 3, Informative

    oh please, why is it always a conspiracy theory just because you don't know about it personally? I'll even give you some Newsmax sources,

    "The Chinese air force is equipped with the Harpy medium-range anti-radar missile acquired from Israel, and its new Chengdu J-10 strike fighter uses technology obtained from the canceled Israeli Lavi program. link

    Here we go from the Asian Times, " Israel has also been a long-standing supplier of advanced military technologies to China. According to the findings of a past US congressional committee chaired by Representative Christopher Cox (Republican-California), Israel has "offered significant technology cooperation to the People's Republic of China, especially in aircraft and missile development", including helping China build its current F-10 fighter jet." LINK

    Here's a nice article from the Jerusalem Post about the u.s. suspending cooperative development on the arrow-2 missile defence system with Israel. quote, "A source quoted by MENL explained the rationale for the encroaching US boycott: "It's all about China." As the report explained, "The Pentagon, with full support of the administration, does not want to deal with Israeli products or technology that could be sent to China."

    There's plenty more information available from all your favourite right-wing sources about the chinese-israeli love affair that's been going on for 20 years. You just have to look because FoxNews & CNN are not interested in telling you about it.

  18. The reality is.... by zappepcs · · Score: 3, Insightful

    that this type of attack has most probably been going on for years, without being detected.

    More sophisticated worms and trojans will happen. Think of a virus that stealthily hides on computers, moving across the network till it finds itself on a machine in domain xyz.com. Once there it promulgates quietly, doing no damage, until one of its copies finds files of the variety xxxxx.xls. Then slowly searching those files, sending bits of it back to a server on the internet disguised as mail from the user of that machine.

    It gets even scarier. Imagine that virus looking for your company's cvs server?

    The only thing that I can think of to combat it is to ensure that all applications are checked before being run, and that they have certification by company security infrastructure. This might prevent joe bloggs from working at home and bringing the trojan to work with him.

    It can be done if the program is executed by the user without verification of certification etc.

    To totally lock down your network will become very difficult in the future. Commercial antivirus vendors will have to work very closely with OS groups to actually create a secure computing environment.... and user's will not like the efforts they have to go through to participate in that secure environment.

    The current efforts by software vendors and groups will not even come close to stopping such spyware programs.

    Well, that's how I see it anyway... who knows for sure.

    --
    Support NYCountryLawyer RIAA vs People
  19. Re:microsoft-bashing aside by SkinnyPapa · · Score: 2, Informative

    I live in Israel, and this topic was just on the evening news. They interviewed a secretary in one of the corporations whose computer was compromised and confidential documents were stolen from it. It was a Windows machine.
    But that doesn't mean all of the infected computers had Microsoft products on them.
    The media coverage is pretty thin on technical details, but it is known (and I believe is stated in TFA) that the trojan was written specifically for each corporation, by order of the competing company at a cost of about 2000 GBP. So it is possible that some trojans were written for OS systems.

  20. A lot of this spy stuff just cancels out by Simonetta · · Score: 3, Insightful

    A lot of the supposed loss that results from espionage is mitigated by the fact that the stolen data simply goes from one inept corporate bureaucracy to another. As much as they'd like to, most lame, ossified organizations can't do much to improve their own position regardless of the strategic worth of stolen competitor's data.
    It's just 'Spy vs. Spy'; an endless expensive game that changes very little in the real world.

    And regarding the use of social engineering to break into secure systems and procure passwords, it too has exagerated importance. The old fashioned tried-and-true methods of blackmail, bribery, kidnapping, and extortion work as well if not better in modern corporate and military environments as they have for hundreds of years. The stricter the corporate punishment for transgressions, the more inflexible the rules, the harder the no-tolerance policy... the cheaper and easier it is to use blackmail and bribery on the target employees. This is why the Americans can't destroy 'the base' (whose Arabic name triggers the NSA internet evesdropping software). They can't be blackmailed, bribed, or persuaded with. Hell, they can't even be found.
    You want a secure corporate environment? Trust your people, pay your people reasonably, don't assume that you can judge their moral character by the molecular structure of their urine. In other words, don't act like a stupid paranoid American.

  21. Cheap Shot. by DerekLyons · · Score: 2, Insightful
    Given the current state of Windows security and advances in spyware, probably any company has become a very easy target for such spy attack from competitors
    And of course *no* company knows anything about firewalls, or email scanners, or browser security.... I.E. the article submitter is doing nothing more than taking yet another cheap shot at Microsoft.
  22. Re:They had insiders, politicians helping them ste by S3D · · Score: 4, Insightful
    I think Israel is the reason for all the problems in the world. All muslims hate them for good reason.
    I'm not surprised such kind of post appear on the slashdot, but I'm shocked it moderated "insigtful"
  23. Re:Check (point) your VPN/Firewall by bit01 · · Score: 2, Insightful

    Zealot.

    He didn't claim FOSS security was guaranteed as your entire post assumes. He claimed it was a better alternative than a company with an obvious vested interest.

    ---

    Commercial software bigots - a dying breed.

  24. Re:What then is happening in other places? by Muhammar · · Score: 2, Insightful

    It is happening elsewhere. With less publicity.

    If you are not dumb, you do this kind of job only once or twice. You cover all tracks. And, holy Moses, you don't use your own company to send out e-mails and CDs with the malware.

    1.The author of these trojans tried to sell them to police (and was turned down because police found out that he was selling cracker stuff).
    2.He sold his trojan package to couple of "security" agencies who went ahead and stole data from several rich companies to re-sell them to the highest bidder.
    3. The trojan author also used his "expertise" to steal and publish a book from his ex-father-in law.

    Clearly, this guy must have been eager to get in jail. He was lucky - he could have got whacked instead.

    --
    I doubt that we will ever figure out - and I suspect that even if we did figure out we couldn't do much about it
  25. Re:Check (point) your VPN/Firewall by DerekLyons · · Score: 2, Interesting
    He didn't claim FOSS security was guaranteed as your entire post assumes.
    No, but he sure as heck implied it that it was somehow 'better' than closed source.
    He claimed it was a better alternative than a company with an obvious vested interest.
    And you know that an OSS team/developer doesn't have a vested interest how? Or that having an unobvious vested interest is better?
    Zealot.
    Hardly. I'm a cynic and a skeptic - quite the opposite of a zealot.
    Commercial software bigots - a dying breed.
    Hmm... I didn't throw names or accusations - I asked questions that you shy from answering.

    It's folks like you who are the biggest danger to OSS - because you are unable or unwilling to discuss it's pro's and con's honestly, preferring name calling to facts. The zealot and the bigot in this conversation isn't me.

  26. OS security doesn't matter much ... by hadaso · · Score: 2, Insightful

    OS security doesn't matter much if you're doing your daily routine as admin/root. People who configure Windows machines tend to solve problems of "software not running" by giving the user admin priviledges. Then any stupid email attachment can install anything. You'd have the same problem if a Unix sysadmin decides to save time solving a user's problem by giving the user root privileges. And if Linux becomes more common you'd see much more of this kind of "problem solving" ("fumble with things until they work, then don't touch anything. Don't try to solve tomorrow's problem. You're paid only to solve the current problem". Of course it works and you cease to touch it when it has to many permissions...)

    The way this story was revealed was that the stupid guy who planted these trojans published publicly excerpts from his ex-wife's father (or mother's husband?) that existed only on the guy's PC. Probably that PC was a private PC that was configured exactly as shipped (i.e., single admin account). Security of the OS doesn't really matter in this setting. I think the real story here was that so many big companies (telecom, sattlite TV etc.) bought services from a guy so unprofessional as to host their stuff on the same servers that he uses for revenge against his ex-wife's parent, and then to reveal enough info so that the police can get to him! Obviously he's not a pro. Any pro would have known to use separate destinations for different trojans, and not to reveal info that leads to a single source...