Security firm says new spy software in 10 countries came from Lebanon

Tue Mar 31, 2015 9:00am EDT
 
Email This Article |
Share This Article
  • Facebook
  • LinkedIn
  • Twitter
| Print This Article
[-] Text [+]

By Joseph Menn

SAN FRANCISCO, March 31 (Reuters) - A security company has discovered a computer spying campaign that it said "likely" originated with a government agency or political group in Lebanon, underscoring how far the capability for sophisticated computer espionage is spreading beyond the world's top powers.

Israeli-based computer security firm Check Point Software Technologies said its researchers ruled out any financial motive for the effort that targeted telecommunications and networking companies, military contractors, media organizations and other institutions in Lebanon, Israel, Turkey and seven other countries. Researchers also found computers infected with spyware in the United States, United Kingdom and Canada.

The campaign, which Check Point dubbed Volatile Cedar, dates back at least three years and deploys hand-crafted software with some of the hallmarks of state-sponsored computer espionage. Twice, after software elements were detected as malicious by anti-virus programs, the campaign paused and then began distributing newer versions that escaped scrutiny, said Check Point researcher Shahar Tal.

While the chief aims of the software were to steal data and spread, the programs could also delete files and take other actions at the direction of control computers elsewhere.

The distributors relied on an unusual method for installation, Tal said. Instead of emailing tainted links or infected attachments, the people behind Volatile Cedar broke down the front door, hacking into public-facing websites and then moving from those host computers to others in the organization that contained more valuable information.

"They are not `script kiddies,'" as low-skill hackers are called, Tal said. "But we have to say in terms of technical advancement, this is not NSA-grade. They are not replacing hard-drive firmware," as did a nearly undetectable strain of spy software found recently by Kaspersky Lab.

Tal declined to say what sort of data had been stolen but said he found the successful infiltration of a defense contractor to be "alarming."

He said Check Point had notified authorities in all 10 countries where the hundreds of infections had been detected. The company also passed along technical information to other security companies so that their anti-virus programs would find more instances.

Tal said he was not aware of any other major spying campaign attributed to the Lebanese government or major factions. Researchers consider the United States, China and Russia to be the most advanced and prolific electronic spies, while other major cyber-espionage efforts have been traced to Israel, the United Kingdom, France and Spain. (Reporting By Joseph Menn; Editing by Ken Wills)