Dei'ah veDibur - Information & Insight
  

A Window into the Chareidi World

23 Iyar 5765 - June 1, 2005 | Mordecai Plaut, director Published Weekly
NEWS

OPINION
& COMMENT

OBSERVATIONS

HOME
& FAMILY

IN-DEPTH
FEATURES

VAAD HORABBONIM HAOLAMI LEINYONEI GIYUR

TOPICS IN THE NEWS

POPULAR EDITORIALS

HOMEPAGE

 

Produced and housed by
Shema Yisrael Torah Network
Shema Yisrael Torah Network

 

 

 

 

 

 

 

 

 

 

NEWS
Huge Hostile Penetration of Commercial Computers in Israel

by Mordecai Plaut and Yated Ne'eman Staff

After a six month investigation, Israeli police announced on Sunday that dozens of leading Israeli companies and leading private investigators were suspects in a massive industrial espionage case. Eleven private investigators from prominent agencies were arrested in addition to some eight senior executives that allegedly hired the investigators. The companies of the executives included Cellcom, YES, Pelephone, Mayer Car Imports and the Tami-4 mineral water retailer. The private investigators arrested included former Shin Bet officials and former senior police officers.

Some observers cautioned that Israeli police have a history of splashy announcements that turn out to be less than they seem. The executives all denied that they had done anything wrong, and insisted that their contracts with the investigation firms included an explicit stipulation that no illegal actions be taken. Police argued that when they were given their rivals' most closely guarded internal documents, they could hardly have failed to realize that the documents were obtained illegally.

The private intelligence firms are suspected of having planted a malicious computer program ("malware") in the computers of competitors of their clients, which they then used to extract business secrets. The type of computer program is also known as a "Trojan horse," after a huge wooden horse that was used by Greek soldiers to sneak into the city of Troy to which they had been laying siege for ten years without success. The huge horse appeared to be a gift, but it really contained a squad of enemy soldiers inside.

The investigation is still continuing and the full extent of the break-ins, and the value of the information stolen, is not yet known.

The companies suspected of commissioning the espionage include the satellite television company Yes, which is suspected of spying on cable television company HOT; cell phone companies Pelephone and Cellcom, suspected of spying on Partner; and Mayer, which imports Volvos and Hondas to Israel, is suspected of spying on Champion Motors, importer of Audis and Volkswagens. Tami-4 is suspected of spying on the Mei Eden mineral water supplier. Spy programs were also located that targeted Strauss-Elite, Shekem Electric, ACE Marketing Chains (ACE Israel), Zoglowek, the Malam Group, Zilumatik, and the business daily Globes.

More companies may be involved as victims or as criminals. Police have not yet read and analyzed all the material that they have confiscated, and they do not know who was spying on these latter companies. In some cases the material is encoded and police have not yet managed to break the code.

Israeli investigators also think that some foreign commercial companies were targets of the Trojan Horse spyware, as well.

The investigation began last November when author Amnon Jacont and his wife Varda complained to the Tel Aviv police that someone had stolen information from their computer. They complained after finding personal documents and parts of a book that Jacont was writing on the Internet. They had not given or sent the information to anyone. Police came down and examined their computer and found that it had been infected with a Trojan horse program.

Police investigators eventually determined that the program had been written by Michael Haephrati, 41, a former son-in- law of Mrs. Jacont. Haephrati, an Israeli citizen, currently lives in Germany and England and has no previous police record. He and his current wife were arrested in England last week.

With the help of Interpol and London's Metropolitan Police, Israeli investigators found that Haephrati had sold his program to three private investigation agencies in Israel: Modi'in Ezrachi, Zvika Krochmal and Pilosof-Balali. All three agencies are licensed by the Israel Justice Ministry and had enjoyed excellent reputations.

The virus, police suspect, was sent hidden inside a promotional CD to companies. Thinking that it was part of normal business advertising, employees would view the CDs on their computers, but the CDs secretly deposited the Trojan horse onto the computer system. Sometimes the virus was sent as an attachment to emails sent to the various companies.

Once the programs were inside, Haephrati would send his clients special codes to access the malware. Then they could basically take off whatever they wanted, monitor the computers in real time, and fully control the system.

Police investigators succeeded in locating several computer servers in Israel, Germany and the US, on which the stolen files were stored before they were passed on to the companies that ordered them. They discovered tens of thousands of documents there that belonged to major Israeli companies, including many files labeled "internal" and "secret." Police have been examining these documents to determine which companies have been victimized.

The Trojan horse, police said, was undetectable. Two things made those virus programs particularly difficult to detect. One is that they entered the computer in an unusual way, from the innocent looking CDs. Common defense programs screen email and similar sources of programs coming from "outside" the company, but not CDs which are used "inside." The second point is that each program was customized by Haephrati for each particular invasion. Anti-virus programs are set up to look for previously known viruses, and would not recognize a custom program as suspicious. Experts noted that a private computer user is unlikely to be the target of a custom- written virus.

For each customized program the agencies reportedly paid Haephrati about NIS 16,000 per computer per month, including support. This included planting the virus in the target computer.

Police assessed that the investigation would eventually reach the various companies CEOs and even owners. Investigators said that the theft of the information caused the victims to lose competitive bids and thousands of customers as a result of the espionage.

"Luckily, my company's most classified information has always been stored outside of the computer system," noted one of the victims. However, "if it was up to me," he commented, "the guilty parties would get the gallows."

At a hearing last Wednesday, police told the court that the investigators are suspected of: penetrating a computer for the purpose of committing a crime, making and propagating a computer virus, violating the Protection of Privacy Law, conspiring to commit a crime, wiretapping and fraud. Police said that any direct interception of computer files and documents is considered illegal wiretapping. Police also suspect the three agencies of cooperating with each other to perpetrate their industrial espionage.

The private investigators all denied that they had knowingly done anything illegal.

The individual companies also said that they had not broken any laws and that they were confident that none of their officers had done anything illegal. They all pledged to cooperate fully in the investigation.

The type of software that stole information from computers at some of Israel's biggest and best-known companies, would "be nearly impossible to implant in an IDF computer," an IDF source told the Jerusalem Post. This is because the army makes sure that all of its sensitive material is on systems that are not connected to the Internet, which can be accessed from anywhere in the world. Many IDF computers cannot copy material onto disks and it is forbidden to take out magnetic media from IDF computers.

The IDF also constantly monitors activity on its computers, and it has many experts whose main task is to ensure the integrity of its information.

The experts agreed that the main security factor is ensuring that nothing is exposed to the Internet.

 

All material on this site is copyrighted and its use is restricted.
Click here for conditions of use.