·:[ Arik’s blog ]:·
• • • • •

The press calls it ‘The Trojan Horses Scandal’. I’ll include a few links to Israeli press below.

To make long stories short, I’ve summarized the information I got from the press and my personal insights, sort of blended in. My information came mainly from the press, and I’ve extrapolated in places, so don’t take anything for granted:

• A list of very prominent Israeli companies were infected by a trojan. Foreign companies may have been victims as well, but names of those were not provided.
• The trojan was targeted specifically at those companies by the perpetrator, and more specifically at key people in those companies and PR companies working for those companies.
• The trojan was targeted at Windows machines.
• The attack vector was social engineering, using e-mail and CD-ROMs sent to the victims as ‘a business proposal’.
• Data proliferated from some of the infected machines includes (but is not limited to) the ‘My Documents’ folder and screen captures.
• The stolen data was sent to “FTP servers” both out and inside Israel. The protocol used for the actual transfer was not disclosed.
• The trojan was never detected within the infiltrated companies until the police looked for it.

• The first lead into the case came from a writer, Amnon Jacquont, whose pre-published book was found on the net.
• The writer has been the target of identity theft in the past months, by someone who apparently wanted to cause him harm. Activities included posting to various forums with his identity, using his network account and writing disparaging entries in the Hebrew branch of Wikipedia and forums of Israeli book stores.
• The writer’s wife, a known Israeli radio personality, finally talked him into filing a complaint with the police. When asked by the police if they have a suspect, the couple pointed a finger at their ex-son-in-law, Michael Haefrati. The divorce was ugly and involved a lawsuit that Michael has lost.
• The police computer crime unit inspected Amnon’s computer, and located a trojan. They traced the data to an “FTP server”.
• Upon inspection of the data on the server, the investigators discovered internal documents belonging to the aforementioned prominent companies.

• After around 6 months of investigation, the police has a comprehensive list of victim companies and of the companies that benefited from the information.
• The deals were brokered by three private investigation firm, and Michael was the technical contact that executed the attacks in person.
• Come Sunday the 29th (today), a large police force accompanied by computer experts confiscated a large amount of equipment from a comprehensive list of companies and private residences. A few suspects have been arrested.
• As expected, the suspect companies blame the investigation companies for any illegal act, and Michael (who was apprehended in the UK) claims his software was not meant to be used illegally. Investigators are sure, however, that Michael has made target-specific adaptations to the software.

My take on this:

• It was bound to happen sooner or later. I know I’m a pessimist, but I suspect this is currently going on unchecked on a very large scale worldwide.
• Being computer-smart is not enough. If you want to be a successful and free cracker, you have to be real-world smart too: Michael was caught because he used his software to execute a personal vendetta against his ex-father-in-law. Had he not done that, these activities could have remained hidden to this day.
• Moreover, from what I gather (although it is not stated specifically) the reason the investigators cought up with his commercial enterprise is because he has left the Jacquont files on the same server as files from his other activities.
• This is not the last we are going to hear about this type of attacks.

Stay safe.

Some media links:

Haaretz: Top Israeli execs held in industrial espionage case
Haaretz: Haephrati’s arrest “was like music to our ears,” says couple who sparked probe
Haaretz: Analysis / Trojan horse violates more than one law
Globes: YES, Pele-Phone, Cellcom execs arrested for computer espionage
YNetNews: Scandal shocks business world
IsraelInsider: Trojangate: Top Israeli execs arrested for using virus to spy on each other
DEBKAfile: Two Suspected Israeli Computer Hackers Face Extradition from London
Boaz Gutman’s site

Too much comment spam made me cancel comments for this post.