Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security

Trojan Built for Industrial Espionage 232

xPertCodert writes "Some of the largest Israeli companies are involved in the major industral espionage case, in which private investigators implanted specially crafted Trojan horses on the computers at unsuspecting companies in a bid to obtain priviledged financial and technical data. Given the current state of Windows security and advances in spyware, probably any company has become a very easy target for such spy attack from competitors"
This discussion has been archived. No new comments can be posted.

Trojan Built for Industrial Espionage

Comments Filter:
  • Good (Score:3, Insightful)

    by Anonymous Coward on Sunday May 29, 2005 @10:07AM (#12669907)
    maybe such incidents will start companies (and Microsoft in particular) to start taking spyware more seriously
    • Re:Good (Score:5, Insightful)

      by Leroy_Brown242 ( 683141 ) on Sunday May 29, 2005 @10:12AM (#12669937) Homepage Journal
      HAH!

      Learning from other mistakes? I think you give the industry too much credit. :)
    • And how do you suppose they do that? With extra monitoring of your system? With more processes and stuff locked down? With the removal of ActiveX perhaps?

      Perhaps rather than companies taking even more measures to stop spyware, it's time for the users to take some responsibility too. If users can't be bothered to secure their own property, there's no reason why Microsoft or Symantec should be.
    • Re:Good (Score:4, Insightful)

      by pv2b ( 231846 ) on Sunday May 29, 2005 @10:48AM (#12670124)
      As I said in another thread, [slashdot.org] the problem isn't computer insecurity, but the fact that people will install anything given enough social engineering. Even if you use an operating system like Mac OS X or Linux or something else similar, where the users aren't typically logged in as root, you can still spy on the user whose account you've infected, which is enough damage right there.
      • As I said in another thread, the problem isn't computer insecurity, but the fact that people will install anything given enough social engineering. Even if you use an operating system like Mac OS X or Linux or something else similar, where the users aren't typically logged in as root, you can still spy on the user whose account you've infected, which is enough damage right there.

        Give an example.

        I'm straining to think of one for either OSX or Linux where the person doesn't have root/administrator and pa

        • Re:Good (Score:2, Insightful)

          by pv2b ( 231846 )
          Social engineering.

          1. E-mail the user a "Free Porn" program. This program is then set to launch every time the user logs in. (To make it more plausible, the program then launches a Safari window pointing at your favorite porn site.)

          2. The program is basically a glorified FTP server, allowing the attacker to log into it and retreive any files accessible from the account. To get past firewalls, it could evenly actively connect outward to another host to receive instructions, or even be controlled via e-mail
          • If I found out my users were installing Free Porn programs on their work machines, I'd make sure they were fired on the spot. No second guesses _at all_.

            I guess you could make it a 'free kittens and puppies background picture' program. I see alot of that crapware installed on people's machines (but not at work).
            • If I found out my users were installing Free Porn programs on their work machines, I'd make sure they were fired on the spot.

              By the time you found out, it could easily be too late.

              • Depends on the OS really. If it's a Windows environment, the spyware would probably 'root' the boxen and hose whatever it could. OTOH, in a Linux or MacOSX environment, the worst that would happen is that the user's settings get lost or wiped.

                Privilege separation is a nice thing to have by default. Most Windows installs don't separate the Admin from the user. I know it's an option at any time during or post-install, but I'm going by defaults.
                • OTOH, in a Linux or MacOSX environment, the worst that would happen is that the user's settings get lost or wiped.

                  In theory. In practice, probably not [google.com].

                • Most Windows installs don't separate the Admin from the user. I know it's an option at any time during or post-install, but I'm going by defaults.
                  It's not an option: many essential pieces of software (older but perfectly good versions of Office) and hardware (scanners) simply will not work unless the user has Administrator privileges.

                  Windows is insecure by design.

                  • I just threw that in there for all of the Windows apologists/defenders that would bring up the opposing argument. Lately they've been coming out of the woodwork. I wholeheartedly agree with your assessment.
          • "The program is basically a glorified FTP server, allowing the attacker to log into it and retrieve any files accessible from the account. To get past firewalls, it could evenly actively connect outward to another host to receive instructions, or even be controlled via e-mail."

            Probably a better choice would be an IRC client. It could log on to an IRC server and then onto a common channel.
            You could also do the same with Jabber.

    • MS is used in Nuke plants, Banks, Navy ships, and even medical equipment. How many know about the insecurities of MS esp. when compared to *nix? Every last coder on this planet. And yet, some idiot up top decided to force MS into this space. It will be that way for quite some time.

      IMHO, it will take successful law suits against companies that sell Windows into high security space before the PHBs change their habits. Once they are personally threatened, then they will change.

      • An even more anecdotal example.
        In many countries, the army network is completely seperated from the outside internet, the "ultimate firewall". However, it already happend that some high ranked officer connected his infected laptop to the system and *crash*, the whole network went flat in less than 10 hours.

        No matter how strong your "firewall" is, social engineering breaks through it, into top secret networks.

        Note that the really top secret documents are indeed protected.
      • Yes but not the high quality and the smart designed systems. I know there is medical equipment that runs on various modified windows OSs but the important and most critical machines still use some *nix variant. I know of a couple of CAT scan machines that use UNIX but you'd be surprized how many of other machines out there still run on top of DOS.

        For instance at work they use an old DOS data acquisition setup connected to an old analog Grass polygraph and then I have to copy the data table onto the floppy

        • I used to be an EKG tech (back in 1980). About 6 months I was following a set of links that lead me to a homebuilt EKG machine (IIRC, @Utah State). I seem to recall that they were had a nice linux program for interfacing with it. You may wish to look for it and see if there is not something that you can use. Not quite a polygraph, but similar data that is interpreted in different ways.

          But yeah, ppl do not like change.
    • Historically this has been the only thing that gets them to act. I don't think this time is any different.
  • how often that goes on here.

    I would like to think it doesn't, really. But I'm sure it does.
  • by hsmith ( 818216 ) on Sunday May 29, 2005 @10:07AM (#12669909)
    spies are more likely to do industrial espionage compared to spying on gov'ts. it is apparently a lot easier to get info from companies about gov't plans (through contracts, ect) than trying to spy on the NSA or CIA

    but then again, this is what i have read, so take it for what it is worth
    • ...FOLLOW THE MONEY!

      By this I mean that I assume industrial espionage is much more lucrative than governmental information, and therefore companies are much more likely to be a target.

      As for which is easier, forget the boundaries and roadblocks, if the payoff is high enough someone will find a way around it.

  • by Anonymous Coward
    Did any of their officers graduate from Stanford or Harvard Business School?
    • Did any of their officers graduate from Stanford or Harvard Business School?

      You joke, but Israel's business schools look more and more like American business schools every day. And that is a problem. Why? I invite you all to read the famous article by the late Sumantra Ghoshal: "Bad Management Theories Are Destroying Good Management Practices [pace.edu]".

  • http://www.nsa.gov/selinux/ [nsa.gov] Security-Enhanced Linux!
  • by a_greer2005 ( 863926 ) on Sunday May 29, 2005 @10:13AM (#12669943)
    In a big company that has a lot of enemies, somewithin its own gates no doubt, this could happen to any system that is not set up perfectly, a rootkit could be introduced on a *nix system the same way 99% of trojen horses get into win boxes, social engenering.

    By its verry nature, a trogen is a program that APPREARS to be good but has an evil payload. once again, the problem is gullible users and/or techs and/or admins. not windows per-se.

    • I'm really not gonna comment on the spelling of the parent post... though...

      According to your logic, it doesn't matter if you store millions of dollars in cash under the bed, since a safe is also vulnerable to break-ins.
      • That's actually a very good analogy.

        Putting the cash in the safe instead of under the bed will stop random small thieves.
        But if those behind the theft are a big, organized group, then they will break in whether it's under the bed or in the safe.
        They'll send a technician to plant a camera in your bedroom and record you entering the code (keylogger) or simply crack it professionally in 15-30 minutes.

    • In a big company that has a lot of enemies, somewithin its own gates no doubt, this could happen to any system that is not set up perfectly, a rootkit could be introduced on a *nix system the same way 99% of trojen horses get into win boxes, social engenering.

      It is true that you could gull an individual and have them mail out their own
      documents. You could put in a cron job that runs on their workstation, and
      have it execute a script.

      To do anything more far-reaching, perhaps something that sets the ne

  • by yotto ( 590067 ) on Sunday May 29, 2005 @10:14AM (#12669949) Homepage
    I thought that Trojans were programs that pretended to be something legit but weren't. Other than finding them and putting them in a list of programs to delete in a virus scanner, is there a way to be "secure" with these?
    If the company you are tailoring these trojans to runs Linux, aren't you, as the evil terrorist hacker, going to tailor the trojan to run on Linux?
    Send 90% of the CEOs out there an email that says 'click here for a free iPod!' and we all know what they're going to do, whether they run Windows, Linux, or OS X.
    • Excellent point.

      I guess the lesson is that, whenever you install someone elses software on you system, you're essentially letting them use that system.

      Can you always trust them to do the right thing? Not in this case, apparently.

    • This is so correct. I've been saying the same thing over at another thread [slashdot.org].

      We, the non-Microsoft users, shouldn't lull ourselves into a false sense of security against spyware and trojan threats just like this one, just because we happen to be non-Microsoft users, or even because we tend not to be logged in as root when we do our work.

      Are trojans stoppable? Well, you can try. You can filter out executable types from getting through your e-mail, you can disallow downloading of executable files through your
    • Send 90% of the CEOs out there an email that says 'click here for a free iPod!' and we all know what they're going to do, whether they run Windows, Linux, or OS X.

      Yep. But there are ways to reduce the potential there.

      #1. The email client should NOT under ANY circumstances automatically run scripts or executables. This was a MAJOR problem with previous versions of Outlook.

      #2. The regular user should NOT under ANY circumstances be able to run a program from his user directory/temp directory.

      Now, since Linux does not have any equivalent to Outlook in example #1, that means that Linux machines are far more difficult to infect. But not impossible.

      Once you've implemented example #2, then the ONLY way for a trojan to get onto a system is if the user has the root password AND goes through the regular install process.

      Now, each step that the user must perform is another chance for the trojan to fail.

      If, on Linux, the end user has to go through half a dozen steps or so, then Linux is going be resistant to all but the most dedicated of idiots.

      And remember, the infection rate has to be higher than the removal rate otherwise the trojan dies, like any virus or worm would.

      Linux can be less than 100% perfectly secure, yet still have no live trojans, viruses or worms in the wild.
      • 1) Outlook never automatically ran attachments. It would run it when morons double clicked on it. Still a problem with a user than MS suffered for. (There were vulnerabilities that allowed remote execution i think)

        #2 can also be achieved in windows, Windows has always had a better ACL support than linux. All people had to do remove execute priviledges on the home directory, and I have implemented it.

        So basically any modern OS can be secured from user as well, but most admins are not up to it.
      • So basically what you're saying is, "make it impossible for users to run arbritrary files". Not only does this reduce the usefulness of a computer greatly, but IS possible under windows. The easiest way to reduce risk from trojans? Educate the users!

        P.S. The "confirm you're not a script" box is insane...
  • Did they name it Project 2501? And was it secretly created by the Ministry of Foreign Affairs?
  • by Anonymous Coward
    Smart people shouldn't have that kind of data on a computer that could be attacked by spyware. Keep it on a network segregated from the internet and you keep it to an insider-only problem.
    • exactly. For the love of god. you know that anything attached to the internet is not ever going to be "completely" (heck most things will never even be marginaly) secured so if you want to keep the data safe no matter what kind of data that is. the only way is to keep the damn machines of the net.

      I belive some interesting research could be done into the six degrees of separation theory and large networks using gateways and subnets

      just how "off the net" is that deep rooted bank system running the ATMs when
  • by maksim2042 ( 467480 ) on Sunday May 29, 2005 @10:25AM (#12670003) Homepage
    If the entire scandal was percipitated by Bezek (the reigning ILEC/MaBell of Israel). Bezek was complacent about the coming of the cell phone in the early '90s and was so late to the game that it's practically a non-player.

    To the contrary, Pele-Phone trademark name actually became Israeli "xerox" - every cell phone is called a "pelephone" in the vernacular. So if Bezek wanted to hurt the ungrateful competitors' market share, the trojan scandal would do nicely.

    • Bezek? Do something imoral? unprofessional? Never!

      Never mind all the other problems in the ME, we need to get rid of Bezek first (you hear this BB?). There embeded so deep in the legal system that it's illegal to offer long distance (even VOIP) with out giving them a tithing.

      I decided to use Netvision & HOT for my internet just to avoid Bezek, found out latter that HOT is nothing but a reseller of their bandwidth.

      "We don't care, we don't have to, were the phone company!"
    • Actually, Bezek owns a large portion of Pele-Phone and Mirs, both large players in the israeli cellular market.
  • Cheap Shots (Score:4, Insightful)

    by The_Quinn ( 748261 ) on Sunday May 29, 2005 @10:43AM (#12670087) Homepage
    It is cheap to poke your security knife at microsoft. As you probably know, Linux has its own security issues [lwn.net]

    I've dealt with Linux security enough to know security is work for any OS, especially when you are not just running servers for developers or apps. When you get into linux desktop users, security takes a lot of work and attention.

    • It is cheap to poke your security knife at microsoft. As you probably know, Linux has its own security issues

      And who says that it does not? Hmmmmm?

      The issue is not whether there ARE flaws, but how SERIOUS those flaws are, how quickly the are patches are released and how easy it is to install those patches.

      I've dealt with Linux security enough to know security is work for any OS, especially when you are not just running servers for developers or apps.

      And walking to the corner store is "work" and run

      • ... in your post.

        Here's a good example. If you install the Windows on a box, but choose not to install all of the components, then you patch it with the latest service pack and all, it should be fully patched.

        Then you go back and install one of the components you didn't install initially.

        Is it still fully patched? Will Microsoft's BaseLine scanner find any flaws?

        MBSA is not perfect but I've never seen it ignore a product just because you didn't install it during the initial install.

        But I admit th

        • MBSA is not perfect but I've never seen it ignore a product just because you didn't install it during the initial install.

          I didn't say that it would IGNORE it. I said that it would not detect that it was not fully patched.

          This is because Windows does not have a package management system. But it likes to pretend that it does.

          So, a service pack is applied, then you add a component that the service pack would have patched, but all the various tools do is to check whether that service pack is listed as be

    • When you get into linux desktop users, security takes a lot of work and attention.

      No doubt. Many of the default behaviors, thankfully, are sane under most Unix/unix-like systems including Linux. Because of that, the amount of work to discover holes and plug them across multiple systems is much less when compared to Windows.

      After all, we get this type of security for a common Linux distribution [secunia.com] and these [secunia.com] two [secunia.com]examples from Microsoft's flagship desktop OS.

      (Note: I am definately NOT saying that secur

    • It is cheap to poke your security knife at microsoft.

      Words of pisdom for sure. No mention of Microsoft was made in the article I read, but you and I both know that was what caused the problem. Just the same, I feel all dirty and cheap when I make fun of a $30,000,000,000 company that can't get it's act together but has such good intentions for everyone else's money.

      As you probably know, Linux has its own security issues ... [and more bullshit about how hard Linux security is].

      Find me a free software

  • by putko ( 753330 ) on Sunday May 29, 2005 @10:58AM (#12670177) Homepage Journal
    "... [The authorities] found dozens of FTP servers in Israel and overseas, including the US. Haephrati is suspected of transferring stolen material from other computers to these FTP servers. The police realized the extent of the affair when they examined some of the files..."

    If there was ever a time to be using encrypted volumes to store files, that was one of them.

    The guy has fileservers full of self-incriminating evidence, but he can't even get his act together enough to strongly encrypt the thing? That's pretty damn sloppy.

    If you did it right, all the cops would have was a bunch of bits, not stuff to put you away for a long time. This tells me the guy wasn't really trying hard enough. He needs to do it again, with feeling.
  • Opensource trojans? (Score:3, Interesting)

    by haggar ( 72771 ) on Sunday May 29, 2005 @11:09AM (#12670224) Homepage Journal
    I know this sounds almost like cussing, but could one obfuscate so efficiently a source code, to hide a trojan inside it?

    That would be diabolic because it would give the false feeling of security (after all, it's "open" source, right?) and therefore be even more devastating to unsuspecting users.
    • It would be far easier to break into MS, crawl around for months, and change a few lines of code there. If you are real smart, you will leave some semi-obvious openings on the way in so that if you are caught, it will look like the opening was spotted. In the mean time, you still have your opening. Then modify various pieces of code as the development procedes.

      But hey, we all know that could never happen.
    • It occurs to me that the best language in which to do that kind of attack would be Perl. Great plausible deniability.

      "Why's that Perl code so obfuscated?"

      "Oh, that's just a Perl geek showing off - you'll get used to it."

    • Possibly, but there are far far easier ways. Get it embedded into the compiler, so it doesn't show up in any source (read "Reflections on trusting trust"). Or plonk it in a bit of inlined assembly, since there's about 12 people in the world who would actually try and read and modify someone else's assembly.
    • ...but could one obfuscate so efficiently a source code, to hide a trojan inside it?

      Yes - the trick would be to keep it hidden for long enough to do whatever it's meant to before discovery. I would think that this rules out the most active packages, so that would leave us with obscure packages or quick 'emergency' patches. The point being that I think it'd become less of an issue where it is in the source and more of an issue of which package you choose to attack.

      So if you know your intended victim us

  • Targeted attacks like this are the real ones.

    "Security" is being treated by most vendors and companies as a pest-control business. "How many threats did we detect today?" "What are the top 10 threats this week?" "How fast can we get the virus definitions updated?" But those aren't the real threats. It's the quiet, narrowly targeted attacks that cost companies real money.

    Military security people make that distinction. They're trained to view kids throwing rocks over the fence as a minor threat, wh

  • Cherche la sysadmin! (Score:2, Informative)

    by Begemot ( 38841 )
    In Israel, workstations in all large corporate networks are very well protected.

    It's much cheaper to find a dirty sysadmin that will push a small MSI to all AD clients then actually writing a full blown Trojan that should first of all plant itself on the target computer, taking the risk of being discovered by some techy user.

    So keep MS bashing for another article ;-)
  • The reality is.... (Score:4, Insightful)

    by zappepcs ( 820751 ) on Sunday May 29, 2005 @12:59PM (#12670855) Journal
    that this type of attack has most probably been going on for years, without being detected.

    More sophisticated worms and trojans will happen. Think of a virus that stealthily hides on computers, moving across the network till it finds itself on a machine in domain xyz.com. Once there it promulgates quietly, doing no damage, until one of its copies finds files of the variety xxxxx.xls. Then slowly searching those files, sending bits of it back to a server on the internet disguised as mail from the user of that machine.

    It gets even scarier. Imagine that virus looking for your company's cvs server?

    The only thing that I can think of to combat it is to ensure that all applications are checked before being run, and that they have certification by company security infrastructure. This might prevent joe bloggs from working at home and bringing the trojan to work with him.

    It can be done if the program is executed by the user without verification of certification etc.

    To totally lock down your network will become very difficult in the future. Commercial antivirus vendors will have to work very closely with OS groups to actually create a secure computing environment.... and user's will not like the efforts they have to go through to participate in that secure environment.

    The current efforts by software vendors and groups will not even come close to stopping such spyware programs.

    Well, that's how I see it anyway... who knows for sure.
  • by Simonetta ( 207550 ) on Sunday May 29, 2005 @01:07PM (#12670898)
    A lot of the supposed loss that results from espionage is mitigated by the fact that the stolen data simply goes from one inept corporate bureaucracy to another. As much as they'd like to, most lame, ossified organizations can't do much to improve their own position regardless of the strategic worth of stolen competitor's data.
    It's just 'Spy vs. Spy'; an endless expensive game that changes very little in the real world.

    And regarding the use of social engineering to break into secure systems and procure passwords, it too has exagerated importance. The old fashioned tried-and-true methods of blackmail, bribery, kidnapping, and extortion work as well if not better in modern corporate and military environments as they have for hundreds of years. The stricter the corporate punishment for transgressions, the more inflexible the rules, the harder the no-tolerance policy... the cheaper and easier it is to use blackmail and bribery on the target employees. This is why the Americans can't destroy 'the base' (whose Arabic name triggers the NSA internet evesdropping software). They can't be blackmailed, bribed, or persuaded with. Hell, they can't even be found.
    You want a secure corporate environment? Trust your people, pay your people reasonably, don't assume that you can judge their moral character by the molecular structure of their urine. In other words, don't act like a stupid paranoid American.
  • Cheap Shot. (Score:3, Insightful)

    by DerekLyons ( 302214 ) <fairwater@gmail . c om> on Sunday May 29, 2005 @01:30PM (#12671019) Homepage
    Given the current state of Windows security and advances in spyware, probably any company has become a very easy target for such spy attack from competitors
    And of course *no* company knows anything about firewalls, or email scanners, or browser security.... I.E. the article submitter is doing nothing more than taking yet another cheap shot at Microsoft.
  • During the investigation, the police remembered that a few years ago, the same suspects offered the police virus-based technology for legitimate uses, but the technology was unsuited to the police's requirements. The police had held intermittent negotiations lately, during which they examined the software's applications...

    Israel Police National Fraud Unit head, Chief Superintendent Arie Edelman, said the virus was unique because, "It not only penetrated the computer and sent material to wherever you wanted

Truth has always been found to promote the best interests of mankind... - Percy Bysshe Shelley

Working...