Kaspersky Lab ZAO, one of the top anti-virus firms in the world, claims to have discovered a virus favored by Israeli intelligence in the computer systems of three luxury hotels used for nuclear negotiations with Iran. If this discovery is verified and definitively linked to Israel’s intelligence apparatus, it would represent the first concrete evidence that Israel was spying on the negotiations, as everyone informally assumes they were doing.
As the Wall Street Journal tells it, Kaspersky was penetrated by an upgraded version of the virus known as “Duqu” last year. “Current and former U.S. officials and many cybersecurity experts believe Duqu was designed to carry out Israel’s most sensitive intelligence-collection operations,” the Journal explains.
Kaspersky took advantage of the database compiled by its anti-virus products to find out what other systems were infected by the spyware, and discovered it lurking in the computer systems of those three European hotels, and not a single other hotel using Kaspersky software in the world. Two of these hotels were reportedly infected by the virus only a few weeks before negotiations began; the third appears to have been compromised last year, with the extraordinarily stealthy spyware lying dormant for months.
“Kaspersky, in keeping with its policy, doesn’t identify Israel by name as the country responsible for the hacks,” the Journal reports. “But researchers at the company indicate that they suspect an Israeli connection in subtle ways. For example, the company’s report is titled ‘The Duqu Bet.’ Bet is the second letter of the Hebrew alphabet.”
Based on their own experience battling the infection in their systems, Kaspersky technicians describe this strain of Duqu as an instrument too sophisticated, expensive, and delicate for rogue hackers to develop and deploy.
Notably, they are convinced creating this enhanced version of Duqu would have required access to the original source code – which, in turn, is believed by Kaspersky to share some electronic DNA with the Stuxnet virus, a joint U.S.-Israeli project, as Business Insider reports. Chris Weber of Casaba Security is quoted by BI describing Duqu 2.0 as an “extremely advanced malware platform with delivery mechanisms on part with Stuxnet.” Weber went on to more pithily describe the new Duqu strain as “bad-ass.”
It is not clear exactly what the Duqu spyware did while it was in the hotel systems. “Among the possibilities, the researchers say, the intruders might have been able to eavesdrop on conversations and steal electronic files by commandeering the hotel systems that connect to computers, phones, elevators and alarms, allowing them to turn them on and off at will to collect information,” the WSJ writes.
In fact, the virus deposits separate modules to complete these and other tasks, so it is possible that whoever was controlling the software could have done them all. Duqu 2.0 is also good at hiding itself, vacating systems without leaving intrusion footprints, and installing little back doors it can use to return to compromised systems in the future.
Everyone else involved is very gingerly stepping around the question of where that virus came from. The Israelis acknowledge keeping the Iranians under surveillance, deny spying on the United States, and chose not to comment on the Duqu situation. U.S. intelligence and law-enforcement agencies are quick to explain how they’re not jumping to the conclusions everyone knows they already hold.
The management of potentially affected hotels did not wish to discuss the possibility of hacker penetration, citing internal privacy policies. There were actually six hotels used in Switzerland, Austria, and Germany during the talks, but Kaspersky has declined to identify which three were penetrated by Duqu.
“After intercepting communications between Israeli officials early last year, the White House suspected that Israel had been spying on the negotiations to gather sensitive information that it could then reveal to Congress in hopes of sinking the deal,” Business Insider recalls. “The Administration did not elaborate on the tactics used, however, saying only that Israeli officials couldn’t have possibly known certain details surrounding the talks without actually being in the room.”
No matter where you stand on the Iran nuclear negotiations, or Israel’s position with regard to those discussions, you have to admit it is unnerving to learn hackers can take control of a large hotel’s safety and security systems so thoroughly. Such is life on the shadowy, ever-shifting, and sometimes nicely-appointed front lines of the First Cyber War, where the trenches have five-star room service and a minibar.