RSS Feed

Israel trojan horse roundup

May 30, 2005 by Saar Drimer

Here are the main developments in this drama:

  • Police operation codename “Horse Race” (how original!)
  • The fiasco is now called “the largest-ever industrial espionage case” and “the Yom Kippur of the Israeli financial market.”
  • Cellcom (largest cell phone provider company) CEO name was found with confidential Bezeq (national telco) documents. Since there is no evidence that these documents have been obtained using the TH, he is not being interrogated yet.
  • Some of the seized material is encrypted and the police is still trying to break the passwords; once they do a list of further companies involved will be published.
  • Ruth Ha’efrati (wife of TH author) broke into the police’s computers and noticed evidence of a secret investigation involving their “software’s” customers and attempted (perhaps successfully) to sell this info back to them.
  • The trojan horse used was Trojan.Hotword. Symantec categorized it as “medium damage.” However, the code was custom modified per victim by the author, so these are variants. The modifications made the use very easy for the attacker; all they needed to do is logon to a server and retrieve the data. Each custom code cost ~$4000.
  • The TH was also found in a government contracting firm; classified materials are suspected to have been compromised.
  • 11 private investigators were arrested (the operators of the TH and the ones who were hired by the aggressors) all proclaiming “we did not know this was illegal.
  • Ha’efrati offered the sale of his code to the police who in turn refused due to suspicions of criminal use of this SW by him.
  • Sources (most of the info is from Hebrew content):

  • Police struggle to identify who commissioned espionage (globes)
  • Defense-related info found on PI server (jpost; bugmenot)
  • YNET portal (Hebrew)
  • Ha’aretz portal (Hebrew)
  • See also Arik’s roundup from yesterday.


    No Comments »

    No comments yet.

    Leave a Reply

    Your email address will not be published.

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>