Lebanon groups behind spying software

Written by on April 1, 2015 in News with 0 Comments

Security cameras, laptop and earth globe on white backgroundSAN FRANCISCO (Reuters) – A security company has discovered a computer spying campaign that it said “likely” originated with a government agency or political group in Lebanon, underscoring how far the capability for sophisticated computer espionage is spreading beyond the world’s top powers.

Israeli-based computer security firm Check Point Software Technologies said its researchers ruled out any financial motive for the effort that targeted telecommunications and networking companies, military contractors, media organizations and other institutions in Lebanon, Israel, Turkey and seven other countries. Researchers also found computers infected with spyware in the United States, United Kingdom and Canada.

The campaign, which Check Point dubbed Volatile Cedar, dates back at least three years and deploys hand-crafted software with some of the hallmarks of state-sponsored computer espionage. Twice, after software elements were detected as malicious by anti-virus programs, the campaign paused and then began distributing newer versions that escaped scrutiny, said Check Point researcher Shahar Tal.

While the chief aims of the software were to steal data and spread, the programs could also delete files and take other actions at the direction of control computers elsewhere.

The distributors relied on an unusual method for installation, Tal said. Instead of emailing tainted links or infected attachments, the people behind Volatile Cedar broke down the front door, hacking into public-facing websites and then moving from those host computers to others in the organization that contained more valuable information.

“They are not `script kiddies,’” as low-skill hackers are called, Tal said. “But we have to say in terms of technical advancement, this is not NSA-grade. They are not replacing hard-drive firmware,” as did a nearly undetectable strain of spy software found recently by Kaspersky Lab.

Tal declined to say what sort of data had been stolen but said he found the successful infiltration of a defense contractor to be “alarming.”

He said Check Point had notified authorities in all 10 countries where the hundreds of infections had been detected. The company also passed along technical information to other security companies so that their anti-virus programs would find more instances.

Tal said he was not aware of any other major spying campaign attributed to the Lebanese government or major factions. Researchers consider the United States, China and Russia to be the most advanced and prolific electronic spies, while other major cyber-espionage efforts have been traced to Israel, the United Kingdom, France and Spain.

Reporting By Joseph Menn; Editing by Ken Wills

Tags:

About the Author

About the Author: From our press centre we select the top industry news stories from the leading online publications and wire services and bring them straight to you. .

Subscribe

If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top