Hezbollah likely behind malware that attacked Israeli servers

Malware program codeBy JOSEPH FITSANAKIS | intelNews.org
A report by a major Israeli computer security firm claims that “a Lebanese entity”, possibly Hezbollah, was behind a cyberespionage operation that targeted companies connected to the Israeli military. In late March, Israeli computer security experts announced they had uncovered an extensive cyberespionage operation that targeted computers in Israel, and to a lesser extent in the United States, Britain, Turkey and Canada. The cyberespionage operation, dubbed VOLATILE CEDAR by Israeli computer security experts, was allegedly launched in 2012. It employed a sophisticated malicious software, also known as malware, codenamed EXPLOSIVE. One Israeli security expert, Yaniv Balmas, said the malware was not particularly sophisticated, but it was advanced enough to perform its mission undetected for over three years.

It is worth noting that, during the period of operation, the EXPLOSIVE malware kept surreptitiously updating itself with at least four different versions, which periodically supplemented the original malware code. Additionally, once the discovery of the malware was publicized in the media, security experts recorded several incoming messages sent to the installed malware asking it to self-destruct. These clues point to a level of programming and operational sophistication that exceeds those usually found in criminal cyberattacks.

According to Israeli computer security firm CheckPoint, there is little doubt that the source of the malware was in Lebanon, while a number of programming clues point to Lebanese Shiite group Hezbollah as “a major player” in the operation. In a report published this week, CheckPoint reveals that most of the Israeli targets infected with the malware belong to data-storage and communications firms that provide services to the Israel Defense Forces. According to one expert in the firm, the malware designers took great care to avoid “a frontal attack on the IDF network”, preferring instead to target private entities that are connected to the Israeli military. More specifically, the web shells used to control compromised servers after successful penetration attempts were of Iranian origin. Additionally, the initial command and control servers that handled EXPLOSIVE appear to belong to a Lebanese company.

The head of CheckPoint’s security and vulnerability research unit, Shahar Tal, told Ha’aretz newspaper: “We are not experts on international relations and do not pretend to analyze the geopolitical situation in Lebanon”. But these attacks originated from there, and were specifically designed to infiltrate “systems that are connected to the IDF”, he added.

News you may have missed #891

Edward SnowdenBy IAN ALLEN | intelNews.org
►►Sophisticated malware found in 10 countries ‘came from Lebanon’. An Israeli-based computer security firm has discovered a computer spying campaign that it said “likely” originated with a government agency or political group in Lebanon, underscoring how far the capability for sophisticated computer espionage is spreading beyond the world’s top powers. Researchers ruled out any financial motive for the effort that targeted telecommunications and networking companies, military contractors, media organizations and other institutions in Lebanon, Israel, Turkey and seven other countries. The campaign dates back at least three years and allegedly deploys hand-crafted software with some of the hallmarks of state-sponsored computer espionage.
►►Canada’s spy watchdog struggles to keep tabs on agencies. The Security Intelligence Review Committee (SIRC), which monitors Canada’s intelligence agencies, said continued vacancies on its board, the inability to investigate spy operations with other agencies, and delays in intelligence agencies providing required information are “key risks” to its mandate. As a result, SIRC said it can review only a “small number” of intelligence operations each year.
►►Analysis: After Snowden NSA faces recruitment challenge. This year, the NSA needs to find 1,600 recruits. Hundreds of them must come from highly specialized fields like computer science and mathematics. So far the agency has been successful. But with its popularity down, and pay from wealthy Silicon Valley companies way up, Agency officials concede that recruitment is a worry.