Cyber Monday Deal: Up to 60% off InvestingProCLAIM SALE

Security firm says new spy software in 10 countries came from Lebanon

Published 31/03/2015, 14:04
Security firm says new spy software in 10 countries came from Lebanon
CHKP
-

By Joseph Menn

SAN FRANCISCO (Reuters) - A security company has discovered a computer spying campaign that it said "likely" originated with a government agency or political group in Lebanon, underscoring how far the capability for sophisticated computer espionage is spreading beyond the world's top powers.

Israeli-based computer security firm Check Point Software Technologies (NASDAQ:CHKP) said its researchers ruled out any financial motive for the effort that targeted telecommunications and networking companies, military contractors, media organizations and other institutions in Lebanon, Israel, Turkey and seven other countries. Researchers also found computers infected with spyware in the United States, United Kingdom and Canada.  

The campaign, which Check Point dubbed Volatile Cedar, dates back at least three years and deploys hand-crafted software with some of the hallmarks of state-sponsored computer espionage. Twice, after software elements were detected as malicious by anti-virus programs, the campaign paused and then began distributing newer versions that escaped scrutiny, said Check Point researcher Shahar Tal.

While the chief aims of the software were to steal data and spread, the programs could also delete files and take other actions at the direction of control computers elsewhere.

The distributors relied on an unusual method for installation, Tal said. Instead of emailing tainted links or infected attachments, the people behind Volatile Cedar broke down the front door, hacking into public-facing websites and then moving from those host computers to others in the organization that contained more valuable information.

"They are not `script kiddies,'" as low-skill hackers are called, Tal said. "But we have to say in terms of technical advancement, this is not NSA-grade. They are not replacing hard-drive firmware," as did a nearly undetectable strain of spy software found recently by Kaspersky Lab.

Tal declined to say what sort of data had been stolen but said he found the successful infiltration of a defense contractor to be "alarming."

He said Check Point had notified authorities in all 10 countries where the hundreds of infections had been detected. The company also passed along technical information to other security companies so that their anti-virus programs would find more instances. 

Tal said he was not aware of any other major spying campaign attributed to the Lebanese government or major factions. Researchers consider the United States, China and Russia to be the most advanced and prolific electronic spies, while other major cyber-espionage efforts have been traced to Israel, the United Kingdom, France and Spain.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.