Trojan Built for Industrial Espionage 232
xPertCodert writes "Some of the largest Israeli companies are involved in the major industral espionage case, in which private investigators implanted specially crafted Trojan horses on the computers at unsuspecting companies in a bid to obtain priviledged financial and technical data. Given the current state of Windows security and advances in spyware, probably any company has become a very easy target for such spy attack from competitors"
Good (Score:3, Insightful)
Re:Good (Score:5, Insightful)
Learning from other mistakes? I think you give the industry too much credit.
Re:Good (Score:2)
Perhaps rather than companies taking even more measures to stop spyware, it's time for the users to take some responsibility too. If users can't be bothered to secure their own property, there's no reason why Microsoft or Symantec should be.
Re:Good (Score:4, Insightful)
Re:Good (Score:2)
Give an example.
I'm straining to think of one for either OSX or Linux where the person doesn't have root/administrator and pa
Re:Good (Score:2, Insightful)
1. E-mail the user a "Free Porn" program. This program is then set to launch every time the user logs in. (To make it more plausible, the program then launches a Safari window pointing at your favorite porn site.)
2. The program is basically a glorified FTP server, allowing the attacker to log into it and retreive any files accessible from the account. To get past firewalls, it could evenly actively connect outward to another host to receive instructions, or even be controlled via e-mail
Re:Good (Score:2)
I guess you could make it a 'free kittens and puppies background picture' program. I see alot of that crapware installed on people's machines (but not at work).
Re:Good (Score:2)
By the time you found out, it could easily be too late.
Re:Good (Score:2)
Privilege separation is a nice thing to have by default. Most Windows installs don't separate the Admin from the user. I know it's an option at any time during or post-install, but I'm going by defaults.
Re:Good (Score:2)
In theory. In practice, probably not [google.com].
Re:Good (Score:2)
Windows is insecure by design.
Re:Good (Score:2)
Re:Good (Score:2)
Probably a better choice would be an IRC client. It could log on to an IRC server and then onto a common channel.
You could also do the same with Jabber.
Re:Good (Score:3, Interesting)
The execution then is of "sh", which reads evilscript.sh as a file containing commands. evilscript.sh doesn't need to be +x for this to work.
Re:Good (Score:2)
Zero Chance (Score:2)
MS is used in Nuke plants, Banks, Navy ships, and even medical equipment. How many know about the insecurities of MS esp. when compared to *nix? Every last coder on this planet. And yet, some idiot up top decided to force MS into this space. It will be that way for quite some time.
IMHO, it will take successful law suits against companies that sell Windows into high security space before the PHBs change their habits. Once they are personally threatened, then they will change.
Re:Zero Chance (Score:2)
In many countries, the army network is completely seperated from the outside internet, the "ultimate firewall". However, it already happend that some high ranked officer connected his infected laptop to the system and *crash*, the whole network went flat in less than 10 hours.
No matter how strong your "firewall" is, social engineering breaks through it, into top secret networks.
Note that the really top secret documents are indeed protected.
Re:Zero Chance (Score:2)
For instance at work they use an old DOS data acquisition setup connected to an old analog Grass polygraph and then I have to copy the data table onto the floppy
Something for you to look at (Score:2)
But yeah, ppl do not like change.
Re:Something for you to look at (Score:2)
Microsoft will only respond to declining profits (Score:2)
Re:Spyware (Score:4, Insightful)
Re:Spyware (Score:2)
You must be, otherwise someone else would've mentioned it by now...
Re:Spyware (Score:2)
Vulnerabilities are very profitable for Microsoft. (Score:2)
Most people who find that their computer has become slow buy another computer, so Microsoft sells another copy of the operating system. As the OpenBSD team has shown, it is not impossible to make an OS with very, very few vulnerabilities. But the vulnerabilities make money, so apparently that's why Microsoft leaves them in, or takes a long time to fix them.
So anti-spyware software would reduce Microsoft's profits.
Re:Conspiracy Theories (Score:4, Informative)
"The Chinese air force is equipped with the Harpy medium-range anti-radar missile acquired from Israel, and its new Chengdu J-10 strike fighter uses technology obtained from the canceled Israeli Lavi program. link [newsmax.com]
Here we go from the Asian Times, " Israel has also been a long-standing supplier of advanced military technologies to China. According to the findings of a past US congressional committee chaired by Representative Christopher Cox (Republican-California), Israel has "offered significant technology cooperation to the People's Republic of China, especially in aircraft and missile development", including helping China build its current F-10 fighter jet." LINK [atimes.com]
Here's a nice article from the Jerusalem Post about the u.s. suspending [jpost.com] cooperative development on the arrow-2 missile defence system with Israel. quote, "A source quoted by MENL explained the rationale for the encroaching US boycott: "It's all about China." As the report explained, "The Pentagon, with full support of the administration, does not want to deal with Israeli products or technology that could be sent to China."
There's plenty more information available from all your favourite right-wing sources about the chinese-israeli love affair that's been going on for 20 years. You just have to look because FoxNews & CNN are not interested in telling you about it.
Re:microsoft-bashing aside (Score:2, Informative)
But that doesn't mean all of the infected computers had Microsoft products on them.
The media coverage is pretty thin on technical details, but it is known (and I believe is stated in TFA) that the trojan was written specifically for each corporation, by order of the competing company
Re:Good (Score:5, Insightful)
However, you've touched on an important point about computer security: to an attacker, the number of security holes in a system is almost totally irrelevant. If I were an attacker, I'd be more concerned about the types of security holes in a system, than the absolute number of them. For example, if I run a malicious webserver, and my goal is to install a key-logging driver into the kernel of a Linux machine that accesses my webserver, I need two types of security flaws: one in the web browser that lets me execute arbitrary code, and one in the OS so I can get root privileges to install the driver.
This where people get confused. Having 2 or 2000 local root holes doesn't help me if I can't execute arbitrary code on the computer, and having 2 or 2000 arbitrary code execution holes doesn't help me if I can't get root privileges. I need exactly one hole of each type for my attack to be successful. Beyond that, it makes little difference.
So, if you create two categories, "secure" and "not secure", Linux and Windows fall into the same category: "not secure". Most systems fall into that category. If you're a decision-maker, and you're forced to use some of these systems, even though you know that they are all "not secure", which ones do you choose?
You choose the ones that are going to minimize your risk. If that means choosing Linux, or some heterogeneous mix of systems, simply because that arrangement is less popular and therefore less likely to be exploited, then so be it. It's still a sound decision, given the circumstances.
Regarding people demonizing Microsoft, don't you find it the least bit pathetic that a loosely-knit group of poorly-organized hobbyists working on their spare time can be even remotely competitive against the industry leader, a company that can spend billions of dollars per year on software development?
What about all the people over the last decade who trusted Microsoft with their data, only to find out that (until recently) Microsoft didn't care about keeping it secure? Should they not be angry?
What about Microsoft's idea of "ease of use": menus that are never in the same place, and word processors that mangle your data because "it looks like you're writing a letter"? Or how about the general Microsoft "we know better" attitude? Software that makes your computer not do what it's told (DRM)? Product keys? EULAs? Software patents? Mandatory file locks (sharing violation)? The Win32 API? Broken CSS support? Horrible context-switching performance? mikerowesoft.com? "Best Viewed with Internet Explorer"? The need to use defrag.exe? The DR-DOS error messages? Abandoning OS/2? "Abort/Retry/Ignore/Fail"? Direct3D? ActiveX? DLL Hell? "There are no significant bugs in our released software that any significant number of users want fixed"? The way the MSN website seemed to deliberately break itself when people used Opera to view it?
Microsoft is a leader that's doing a crappy job, on top of its selfish motivations. People don't like that. You may not see Microsoft as being evil, but you shouldn't be surprised or disgusted that others do.
OS security doesn't matter much ... (Score:2, Insightful)
I wonder . . (Score:2)
I would like to think it doesn't, really. But I'm sure it does.
Re:I wonder . . (Score:2)
Sorry, my 'The US is the central of the universe' ideals leaked out for a minute.
Re:I wonder . . (Score:2)
Re:I wonder . . (Score:2)
Re:I wonder . . (Score:2)
Governments only get upset once private companies start to do the same, thus encroaching on their spying monopolies...
Re:Nameless Company? (Score:2)
From what i understand (Score:5, Interesting)
but then again, this is what i have read, so take it for what it is worth
My momma always said... (Score:2)
By this I mean that I assume industrial espionage is much more lucrative than governmental information, and therefore companies are much more likely to be a target.
As for which is easier, forget the boundaries and roadblocks, if the payoff is high enough someone will find a way around it.
Re:Maybe citizens should spy on their government (Score:2)
Not if you would prefer that the superpower in question maintained that position.
LK
Re:Check (point) your VPN/Firewall (Score:3, Insightful)
Hell, it doesn't even matter what operating system you use. If you run a trojan/keylogger, the data will leak. It doesn't matter if you're in user mode, all the information you can access can leak outside.
Surely an easily exploitable system will generally be more prone to this, without user interaction.
Re:Check (point) your VPN/Firewall (Score:2, Insightful)
And of course, you've read (and understood) every single line of code in the source and thus know for certain that your open source product is in fact 100% secure and trustworthy.
No? Well then, you are absolutely certain that a person well known to you and who you'd trust with unlimited acess to your computer has done so?
No? Then why exactly *do* you trust this code? Because a couple of dozen random strangers have pronounc
Re:Check (point) your VPN/Firewall (Score:3, Insightful)
Zealot.
He didn't claim FOSS security was guaranteed as your entire post assumes. He claimed it was a better alternative than a company with an obvious vested interest.
---
Commercial software bigots - a dying breed.
Re:Check (point) your VPN/Firewall (Score:2)
Re:Check (point) your VPN/Firewall (Score:3, Interesting)
No, but he sure as heck implied it that it was somehow 'better' than closed source.
And you know that an OSS team/developer doesn't have a vested interest how? Or that having an unobvious vested interest is better?
Hardly. I'm a cynic and a skeptic - quite the opposite of a zealot.
Hmm.
Re:They had insiders, politicians helping them ste (Score:5, Insightful)
Re:They had insiders, politicians helping them ste (Score:2)
Why are you shocked? Slashdot has reached the sort of critical mass that if any X Slashdotters hate "them", then however small X is, at any given time at least one member of X must have mod permissions, which means that some of this shit is eventually gonna get modded up. There are enough other people w/ mod & metamod access to mod them back down, so it's not that
Re:They had insiders, politicians helping them ste (Score:2)
Ethics & Business (Score:2, Funny)
Re:Ethics & Business (Score:2)
You joke, but Israel's business schools look more and more like American business schools every day. And that is a problem. Why? I invite you all to read the famous article by the late Sumantra Ghoshal: "Bad Management Theories Are Destroying Good Management Practices [pace.edu]".
Re:Ethics & Business (Score:3, Informative)
But you should read the article in full. It presents the reader with a good deal of information about how business and ecomonics is taught, and how this affects corporate behavior and governance. This is an academic article and the writing style is typical of most academic writing, dry and constantly interrupted with references and citations. A more condensed
The answer to these problems ... (Score:2, Informative)
Re:The answer to these problems ... (Score:4, Insightful)
Re:The answer to these problems ... (Score:2, Interesting)
btw, as I heard over hear, the spyware was installed by Autoplay. It was disguised as a "promotional cd".
Everyone is volnerable (Score:3, Insightful)
By its verry nature, a trogen is a program that APPREARS to be good but has an evil payload. once again, the problem is gullible users and/or techs and/or admins. not windows per-se.
Re:Everyone is volnerable (Score:3, Insightful)
According to your logic, it doesn't matter if you store millions of dollars in cash under the bed, since a safe is also vulnerable to break-ins.
Re:Everyone is volnerable (Score:3, Interesting)
Putting the cash in the safe instead of under the bed will stop random small thieves.
But if those behind the theft are a big, organized group, then they will break in whether it's under the bed or in the safe.
They'll send a technician to plant a camera in your bedroom and record you entering the code (keylogger) or simply crack it professionally in 15-30 minutes.
Re:Everyone is volnerable (Score:2)
Re:Everyone is volnerable (Score:2)
It is true that you could gull an individual and have them mail out their own
documents. You could put in a cron job that runs on their workstation, and
have it execute a script.
To do anything more far-reaching, perhaps something that sets the ne
Trojans != Security Failure (Score:3, Insightful)
If the company you are tailoring these trojans to runs Linux, aren't you, as the evil terrorist hacker, going to tailor the trojan to run on Linux?
Send 90% of the CEOs out there an email that says 'click here for a free iPod!' and we all know what they're going to do, whether they run Windows, Linux, or OS X.
Re:Trojans != Security Failure (Score:2, Interesting)
I guess the lesson is that, whenever you install someone elses software on you system, you're essentially letting them use that system.
Can you always trust them to do the right thing? Not in this case, apparently.
Re:Trojans != Security Failure (Score:2)
We, the non-Microsoft users, shouldn't lull ourselves into a false sense of security against spyware and trojan threats just like this one, just because we happen to be non-Microsoft users, or even because we tend not to be logged in as root when we do our work.
Are trojans stoppable? Well, you can try. You can filter out executable types from getting through your e-mail, you can disallow downloading of executable files through your
Most trojans are spread via unpatch Outlook. (Score:5, Funny)
Yep. But there are ways to reduce the potential there.
#1. The email client should NOT under ANY circumstances automatically run scripts or executables. This was a MAJOR problem with previous versions of Outlook.
#2. The regular user should NOT under ANY circumstances be able to run a program from his user directory/temp directory.
Now, since Linux does not have any equivalent to Outlook in example #1, that means that Linux machines are far more difficult to infect. But not impossible.
Once you've implemented example #2, then the ONLY way for a trojan to get onto a system is if the user has the root password AND goes through the regular install process.
Now, each step that the user must perform is another chance for the trojan to fail.
If, on Linux, the end user has to go through half a dozen steps or so, then Linux is going be resistant to all but the most dedicated of idiots.
And remember, the infection rate has to be higher than the removal rate otherwise the trojan dies, like any virus or worm would.
Linux can be less than 100% perfectly secure, yet still have no live trojans, viruses or worms in the wild.
Re:Most trojans are spread via unpatch Outlook. (Score:2)
#2 can also be achieved in windows, Windows has always had a better ACL support than linux. All people had to do remove execute priviledges on the home directory, and I have implemented it.
So basically any modern OS can be secured from user as well, but most admins are not up to it.
Re:Most trojans are spread via unpatch Outlook. (Score:2)
Re:Most trojans are spread via unpatch Outlook. (Score:2)
P.S. The "confirm you're not a script" box is insane...
Re:Most trojans are spread via unpatch Outlook. (Score:2)
Not entirely correct, since you can still run thi
Re:Most trojans are spread via unpatch Outlook. (Score:2)
But what does that accomplish? (other then breaking legitimate executables?) The above examples with
Project 2501 (Score:2)
Shouldn't be a problem... (Score:2, Insightful)
Re:Shouldn't be a problem... (Score:2, Informative)
I belive some interesting research could be done into the six degrees of separation theory and large networks using gateways and subnets
just how "off the net" is that deep rooted bank system running the ATMs when
I wouldn't be too surprised... (Score:3, Informative)
To the contrary, Pele-Phone trademark name actually became Israeli "xerox" - every cell phone is called a "pelephone" in the vernacular. So if Bezek wanted to hurt the ungrateful competitors' market share, the trojan scandal would do nicely.
Re:I wouldn't be too surprised... (Score:2)
Bezek? Do something imoral? unprofessional? Never!
Never mind all the other problems in the ME, we need to get rid of Bezek first (you hear this BB?). There embeded so deep in the legal system that it's illegal to offer long distance (even VOIP) with out giving them a tithing.
I decided to use Netvision & HOT for my internet just to avoid Bezek, found out latter that HOT is nothing but a reseller of their bandwidth.
"We don't care, we don't have to, were the phone company!"
Re:I wouldn't be too surprised... (Score:2, Interesting)
Cheap Shots (Score:4, Insightful)
I've dealt with Linux security enough to know security is work for any OS, especially when you are not just running servers for developers or apps. When you get into linux desktop users, security takes a lot of work and attention.
You need to learn a bit more. (Score:2)
And who says that it does not? Hmmmmm?
The issue is not whether there ARE flaws, but how SERIOUS those flaws are, how quickly the are patches are released and how easy it is to install those patches.
And walking to the corner store is "work" and run
Mostly agree but you have a slight troll.. (Score:2)
MBSA is not perfect but I've never seen it ignore a product just because you didn't install it during the initial install.
But I admit th
I didn't say that, did I? (Score:2)
I didn't say that it would IGNORE it. I said that it would not detect that it was not fully patched.
This is because Windows does not have a package management system. But it likes to pretend that it does.
So, a service pack is applied, then you add a component that the service pack would have patched, but all the various tools do is to check whether that service pack is listed as be
You are wrong, again. (Score:2)
#1. Because Linux no longer uses bitkeeper does not mean that it has more security problems than before. (nor less)
#2. And, again, no one is saying that Linux has never had a security issue. Just that because of Linux's security model, those issues have been less critical and fixed faster than with Windows.
#3. You do not see articles here very often deriding Linux about its security failures
That was someone sniffing passwords. That isn't a Linux security issue.
#4. You're quoting
Re:Cheap Shots (Score:2)
No doubt. Many of the default behaviors, thankfully, are sane under most Unix/unix-like systems including Linux. Because of that, the amount of work to discover holes and plug them across multiple systems is much less when compared to Windows.
After all, we get this type of security for a common Linux distribution [secunia.com] and these [secunia.com] two [secunia.com]examples from Microsoft's flagship desktop OS.
(Note: I am definately NOT saying that secur
But we both know, don't we? (Score:2)
Words of pisdom for sure. No mention of Microsoft was made in the article I read, but you and I both know that was what caused the problem. Just the same, I feel all dirty and cheap when I make fun of a $30,000,000,000 company that can't get it's act together but has such good intentions for everyone else's money.
As you probably know, Linux has its own security issues ... [and more bullshit about how hard Linux security is].
Find me a free software
Try It Again, With Strong Encryption! (Score:4, Insightful)
If there was ever a time to be using encrypted volumes to store files, that was one of them.
The guy has fileservers full of self-incriminating evidence, but he can't even get his act together enough to strongly encrypt the thing? That's pretty damn sloppy.
If you did it right, all the cops would have was a bunch of bits, not stuff to put you away for a long time. This tells me the guy wasn't really trying hard enough. He needs to do it again, with feeling.
Opensource trojans? (Score:3, Interesting)
That would be diabolic because it would give the false feeling of security (after all, it's "open" source, right?) and therefore be even more devastating to unsuspecting users.
Re:Opensource trojans? (Score:2)
But hey, we all know that could never happen.
Re:Opensource trojans? (Score:3, Funny)
"Why's that Perl code so obfuscated?"
"Oh, that's just a Perl geek showing off - you'll get used to it."
Re:Opensource trojans? (Score:2)
Re:Opensource trojans? (Score:2)
Yes - the trick would be to keep it hidden for long enough to do whatever it's meant to before discovery. I would think that this rules out the most active packages, so that would leave us with obscure packages or quick 'emergency' patches. The point being that I think it'd become less of an issue where it is in the source and more of an issue of which package you choose to attack.
So if you know your intended victim us
These are the real threats. Pay more attention (Score:2)
"Security" is being treated by most vendors and companies as a pest-control business. "How many threats did we detect today?" "What are the top 10 threats this week?" "How fast can we get the virus definitions updated?" But those aren't the real threats. It's the quiet, narrowly targeted attacks that cost companies real money.
Military security people make that distinction. They're trained to view kids throwing rocks over the fence as a minor threat, wh
Cherche la sysadmin! (Score:2, Informative)
It's much cheaper to find a dirty sysadmin that will push a small MSI to all AD clients then actually writing a full blown Trojan that should first of all plant itself on the target computer, taking the risk of being discovered by some techy user.
So keep MS bashing for another article
The reality is.... (Score:4, Insightful)
More sophisticated worms and trojans will happen. Think of a virus that stealthily hides on computers, moving across the network till it finds itself on a machine in domain xyz.com. Once there it promulgates quietly, doing no damage, until one of its copies finds files of the variety xxxxx.xls. Then slowly searching those files, sending bits of it back to a server on the internet disguised as mail from the user of that machine.
It gets even scarier. Imagine that virus looking for your company's cvs server?
The only thing that I can think of to combat it is to ensure that all applications are checked before being run, and that they have certification by company security infrastructure. This might prevent joe bloggs from working at home and bringing the trojan to work with him.
It can be done if the program is executed by the user without verification of certification etc.
To totally lock down your network will become very difficult in the future. Commercial antivirus vendors will have to work very closely with OS groups to actually create a secure computing environment.... and user's will not like the efforts they have to go through to participate in that secure environment.
The current efforts by software vendors and groups will not even come close to stopping such spyware programs.
Well, that's how I see it anyway... who knows for sure.
A lot of this spy stuff just cancels out (Score:4, Insightful)
It's just 'Spy vs. Spy'; an endless expensive game that changes very little in the real world.
And regarding the use of social engineering to break into secure systems and procure passwords, it too has exagerated importance. The old fashioned tried-and-true methods of blackmail, bribery, kidnapping, and extortion work as well if not better in modern corporate and military environments as they have for hundreds of years. The stricter the corporate punishment for transgressions, the more inflexible the rules, the harder the no-tolerance policy... the cheaper and easier it is to use blackmail and bribery on the target employees. This is why the Americans can't destroy 'the base' (whose Arabic name triggers the NSA internet evesdropping software). They can't be blackmailed, bribed, or persuaded with. Hell, they can't even be found.
You want a secure corporate environment? Trust your people, pay your people reasonably, don't assume that you can judge their moral character by the molecular structure of their urine. In other words, don't act like a stupid paranoid American.
Cheap Shot. (Score:3, Insightful)
This part is interesting (Score:2)
Israel Police National Fraud Unit head, Chief Superintendent Arie Edelman, said the virus was unique because, "It not only penetrated the computer and sent material to wherever you wanted
Re:Exploit? (Score:3, Informative)
Did it involve an exploit?
Yep, although not a buffer overflow it is an exploit on the system design that allows executing and installation of programs without the users specific consent. Not much unlike the days when you could email an Active-X control to people and it would automatically execute just by viewing the message.
Users are led to believe these files are safe to open. When in fact they should be viewed as are they safe to execute.
So the bad guys exploited the misperception that (Microsof
Re:Yeah, we get it - Windows is sucks. (Score:2)
Because it is the only OS I know of where people routinely get trojaned simply
by visiting a web page or opening an email.
Re:Yeah, we get it - Windows is sucks. (Score:2)
The Windows OS has everything to do with the current state of affairs in Trojan-land. If there hadn't been literally hundreds of exploits over the past 5 years that allowed companies to inject unwanted software into users' computers, two things would be different:
Re:Firewall won't do crap... (Score:2)
Re:Anti-Semitism on Slashdot (Score:2)
The Holocaust sucked for homosexuals, travellers, anyone who was physically or mentally disabled and religious and cultural minorities, as well as for anyone who disagreed with Hitler.
This in no way gives the current government of a country co
Bush is not pro-Israel (Score:2)
Gush Katif (Jewish Gaza) [savegushkatif.org]
Bush supports Hamas [israelnationalnews.com]
Bush pushes Israel to "Auschwitz borders" [israelnationalnews.com]
Pay attention. [dailyalert.org]
So, remember the Promis Affair. (Score:2)
Re:Well, you could do what my company does: (Score:2)
1. Buy laptops without harddrives.
2. With the money you save, you can afford Mac servers!
3. ????
4. Profit!
Re:What then is happening in other places? (Score:3, Insightful)
If you are not dumb, you do this kind of job only once or twice. You cover all tracks. And, holy Moses, you don't use your own company to send out e-mails and CDs with the malware.
1.The author of these trojans tried to sell them to police (and was turned down because police found out that he was selling cracker stuff).
2.He sold his trojan package to couple of "security" agencies who went ahead and stole data from several rich companies to re-sell them to the