By YOSSI MELMAN in Tel Aviv
The Russian internet security company Kaspersky Lab – which is often first to identify hacking efforts and cyber-crises around the world – says someone used an innovative computer virus to spy on the Iran nuclear talks.
Kaspersky and the American anti-virus company Symantec both say the virus resembles Duqu – malware that’s been called a “stepchild” of Stuxnet, the program that’s known to have been created as a joint project of U.S. and Israeli government agencies.
We don’t have to let the Russian software experts knock us off our chairs with surprise. Founded and still led by Eugene Kaspersky, a product of former KGB technical training schools, the Lab publishes its findings on viruses and computer worms around the world.
The Lab has a financial motive. Every burst of publicity brings it new, paying clients – especially in Western nations.
The revelations from Kaspersky always point to Western governments (including Israel) or corporations as the villains. He would not dare point a finger of blame at Vladimir Putin’s government in Russia. Everyone knows what usually happens to open critics and foes of Putin.
Thus the motivations are not only financial – but also political-ideological. With a dash of self-preservation.
We also shouldn’t be very surprised that The Wall Street Journal cites officials as saying that the malware that’s spying on nuclear negotiators – dubbed “Duqu 2” – originated with an Israeli intelligence agency.
Eugene Kaspersky is quoted as giving huge praise to Duqu 2 as “a generation ahead of anything we’d seen earlier” – and it’s reported that whoever invented it used it to penetrate Kaspersky Lab’s own systems.
It has become crystal clear that cyber-war is the war of the future: penetrations of government or corporate computer systems by using “Trojan horses” or other sophisticated software, viruses, or worms. Who is able to do it? Governments, corporations, terrorist groups, and individual hackers.
The future is now.
The almost mythically powerful malware might be named Stuxnet, and then a similar one is called Flame, and now we hear of two versions of Duqu. The goal is the same: to intrude into the computers of a rival or enemy: to infect the databases with an overload of nonsense, to pluck out any valuable data, to eavesdrop on conversations whether written or oral, to record and transmit every word typed into the computers, and even to photograph the target facilities.
As the now fabled Stuxnet story shows, the malware can also make industrial control systems go haywire – damaging equipment such as the centrifuges that Iran used to enrich uranium.
Cyber-war is certainly the next big thing in espionage. The leaders in the field are the United States, China, Russia, Great Britain, and Israel, with Iran showing significant leaps in capability.
In a way, this is old wine in new bottles. It is still espionage. Field agents used to find a way to get into a target facility; they secretly took photographs and used bugging devices to record conversations.
For years now, it’s been reported – and assumed – that every international conference is a target for collecting intelligence information. Espionage agencies gather whatever they can about participants, especially the ones who travel from country to country, as they can be monitored or recruited as spies.
Meetings that involve traveling Iranians are certainly of high interest – and not only to Israel – especially if the subjects include Iran’s nuclear program.
The U.S., Britain, France, Russia, China, and the local security agency in whatever country is hosting the conference are likely to be just as interested as Israel’s Mossad might be.
Now there’s no need physically to break into a hotel room, embassy, or office. Electronic penetrations can be aimed at the laptop computer systems, networks set up for temporary offices, or the computer and wi-fi facilities of hotels. It does not seem to be very hard for an intelligence agency to insert viruses and worms.
The published American report says a “Duqu” virus was injected into computers in three different hotels where the Iran nuclear talks have taken place in recent years: the talks that face a deadline for success on June 30.
There is a double problem. The targets of offensive cyber-warfare – in this case Iran – know about the possibility and use every countermeasure they can. Thus the developers of malware find they have to raise their game even more: inventing what are, in effect, poisonous software creations.
Somewhat similar to traditional, physical warfare, there is collateral damage. Computer systems that were not intentionally targeted are also being affected, and that has often led the anti-virus experts such as Kaspersky to find the malware. E-mail and programs are constantly on the move, so it is hard for cyber-attackers to limit the impact of what they have created.
That is apparently why Kaspersky Lab found the latest poisonous program in its own computers. It is even possible, however, that Israeli intelligence was trying to penetrate Kaspersky to find out what that company knows.
[Yossi Melman is co-author of the best seller Every Spy a Prince and other books including the new history of Israel’s intelligence and security agencies: Spies Against Armageddon.]